OIM 11g R2 Beta Customization

Hi
In OIM 11g R2.
I want to disable some Menu Option for Non-Admin users in Identity Console. I don't see any option to create Authorization Policy in R2 .
How can I achieve this.
Regards,
Abhi
Edited by: 918619 on Jul 26, 2012 3:18 AM

for implementing auth policy you have to use APM UI . Which is nothing but UI of OES. OES internally integrated with OIM R2.
For enabling this URL: During the installation of OIM you can use(select) APM as well for the installation(from the wizard)
do the below steps
You need search the user-management policies and then update the deniedAttributeObligation in those policies and add all the attributes that you don’t want to be displayed for the user(as per the oes-policy application role.).
However, I don't know how feasble for you to do this.
--nayan                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

Similar Messages

  • OIM 11g Web Console Customization

    Hello All IDMers,
    I need your guidance to perform two tasks related OIM 11G web console customization:
    1) My client has employee id as userid in user table. So while processing approval, the user id of the person requested approval is displayed in the approval table when i log in to admin console as an Approver. Is there a way I can customize the web console to display the full name or display name from the user table instead of user id in table that holds the list of all person who have req for approval.
    2) when i login admin console, on the top right corner next to sign out my user id iis siplayed, instead i want to change it to <First Name> <Last Name>.
    pls. help me with this.
    Thank u all.
    Regards,
    ~VSN

    Hello all,
    I guess we got to make changes to the ADF framework in 11 G.
    Any ideas on how to go about it?
    Issue Summary : Approval Request Table -> display fullname of approval requestor instead of user id
    Admin console login -> when logged in -> show <first Name> <last name> instead of User Id next to SIGN OUT button.
    Thanks.
    Regards,
    ~VSN

  • OIM 11g R2 Beta: Display default search results while displaying Catalog

    All,
    We are trying to achieve displaying a default search results automatically (based on any criteria) while displaying the Catalog screen. By OOTB feature, the Catalog search is empty and there won't be any results displayed while displaying the Catalog screen. Please provide any directions or inputs for achieving this functionality if anyone is aware of how to achieve this functionality.
    Thanks in advance.
    Regards
    Kishore.

    In Search box enter any search item and click "Add to Cart" and then click "Checkout". Now in the same catalog screen at the right side of list of Cart Items you can see button as "Save As Profile". Give any name to this Profile and save the profile. Now if you click Catalog again, you can see the created profile under catalog search.

  • Customize the look and feel of OIM 11g R2 selfsevice page

    Hi All,
    we need to customize the self service UI as per the styles used by client, for eg the background colors, fonts, tab colors, fontcolor etc, I tried doing by configuring skin but the docs say place it in admin.war and cannot find admin.war anywhere.
    Can anyone please help me out? Where to place the trinidad files and my custom css. Also, what will be the high level style classes that I need to override.
    Thanks

    refer the section 30.3 "*Skin Customization in Oracle Identity Manager*" in OIM 11g R2 Developer guide.
    HTH

  • OIM 11g R1 - Request Type Description Customization (Translation)

    Hello Experts,
    I'd like a little help to know if it is possible to customizate the following:
    OIM is using Browser locale to change the language on Web Console.
    Does any one know how to change the translation to the Request Type description (the list from where we need to choose) when we are creating a Request?
    Example:
    Self-Request Resource = Recurso de Auto-Solicitação (in Brasilian Portuguese - we'd like to change it)
    Self De-Provision Resource = Autocancelar Provisionamento de Recurso (in Brasilian Portuguese - we'd like to change it)
    We work with OIM 11g R1.
    Thanks.

    Excellent! Thank you very much!
    Edited by: 958794 on May 22, 2013 10:37 AM

  • OIM 11g GUI customization

    In OIM 11g when we create a request of type Modify provision Resource I can see "Description" filed under Request Details -> Requested Resources tab. Please let me know how to hide this description field for all users?
    Thanks in advance

    Thanks Karthik.
    As you suggested I have created the model and view controller projects, configured everything for the workflow with managed bean.
    I have added the action listener and redeployed ear file as well. After all when I click on menu item it saying method not found as mentioned below.
    ++<Nov 30, 2012 7:58:53 AM CST> <Error> <oracle.adfinternal.view.faces.config.rich.RegistrationConfigurator> <BEA-000000> <ADF_FACES-60096:Server Exception during PPR, #27++
    ++javax.servlet.ServletException: Method not found: [email protected]onsorRenewals(javax.faces.event.ActionEvent)++
    Below is the code for managed bean and menu item configuration, any suggestions it would be helpful.
    public class ManageSponsorship extends BaseMB {
    public void navigateSponsorRenewals(ActionEvent event) {
    FacesUtils.launchTaskFlow("sponsorship-renewals", "/WEB-INF/tfs/sponsorship-renewals-tf.xml#sponsorship-renewals-tf","Sponsorship Renewal", "/images/home.png",
    null, "Sponsorship Renewal", false, new HashMap<String, Object>());
    <af:commandImageLink xmlns:af="http://xmlns.oracle.com/adf/faces/rich" id="e510512175" icon="/images/users.png" text="Sponsorship Renewals" actionListener="#{manageSponsorship.navigateSponsorRenewals}"/>
    Thanks in advance.
    Edited by: 973327 on Dec 6, 2012 11:00 AM

  • Customize Self Service Page in OIM 11g

    Hi All,
    How can i add some functionality of Profile tab in to another custom tab like(i have to add resource tab(Self Service Page-->My Profile-->Resource) in to a custom tab) because i have to hide Profile tab and add Proxy and Resource tab of Profile tab in to another custom tab so that user can see only these two tab instead of whole profile tab .
    please give me any idea how to do it.
    thanks
    Edited by: 902535 on Apr 10, 2013 10:53 PM

    Duplicate Post:
    Adding Custom Tab in OIM 11g  Self Service Page

  • OIM 11g High Availability Deployment

    Hi Experts,
    I'm deploying OIM 11g in High Available schema, following Oracle docs: http://download.oracle.com/docs/cd/E14571_01/core.1111/e10106/imha.htm#CDEFECJF, I have succesfully installed and configured OIM & SOA in weblogic domain on 'OIMHOST1', trying to propagate the configuration from 'OIMHOST1' to 'OIMHOST2' I have packed (using pack.sh) the domain on 'OIMHOST1' and unpacked (using unpack.sh) it to 'OIMHOST2' so I have updated the NodeManager executing setNMProps.sh and finally Ihave started the NodeManager. In order to Test everything is fine and following the documentation I'm traying to perform the following steps, but I'm not succeed
    I'M MUST TO SAY THAT I'M RUNNING ON SINGLE STANDARD EDITION DB INSTANCE AND NOT RAC AS MENTIONED IN ORACLE DOCS, PLEASE CLARIFY IF RAC IS REQUIRED, FOR NOW I'M IN DEVELOPMENT ENVIRONMENT, SO I THINK RAC IS NOT REQUIRED FOR NOW, PLEASE CLARIFY
    8.9.3.8.3 Start the WLS_SOA2 and WLS_OIM2 Managed Servers on OIMHOST2
    Follow these steps to start the WLS_SOA2 and WLS_OIM2 managed servers on OIMHOST2:
    Stop the WebLogic Administration Server on OIMHOST2. Use the WebLogic Administration Console to stop the Administration Server.
    Start the WebLogic Administration Server on OIMHOST2 using the startWebLogic.sh script under the $DOMAIN_HOME/bin directory. For example:
    /u01/app/oracle/admin/OIM/bin/startWebLogic.sh > /tmp/admin.out 2>1&
    Validate that the WebLogic Administration Server started up successfully by bringing up the WebLogic Administration Console.
    Here its not possible start AdminServer on OIMHOST2, first of all, it looks like boot.properties file under WLS_OIM_DOMAIN_HOME/servers/AdminSever/security is not valid, the first time I try to execute startWeblogic.sh script, it ask for username/password, I have updated boot.properties (vi boot.properties) and manually set clear username and password, this time startWeblogic.sh script passed this stage, but fails:
    <Error> <util.install.help.BuildMasterHelpSet> <BEA-000000> <IOException ioe java.io.IOException: No such file or directory>
    <Error> <oracle.adf.share.config.ADFMDSConfig> <BEA-000000> <MDSConfigurationException encountered in parseADFConfigurationMDS-01330: unable to load MDS configuration document
    MDS-01329: unable to load element "persistence-config"
    MDS-01370: MetadataStore configuration for metadata-store-usage "writeable" is invalid.
    MDS-00503: The metadata path "/u01/app/oracle/product/Middleware/user_projects/domains/IDMDomain/sysman/mds" does not contain any valid directories.
    I have verified that this directory "mds" does not exists, as reported by the IOException, in OIMHOST2, but it exists in OIMHOST1. from here its not possible for me following Oracle's documentation, I test this starting Adminserver in OIMHOST1, and starting WLS_SOA2 and WLS_OIM2 managed servers from OIMHOST1 AdminServer console, I have tested 2 ways:
    1.- All managed servers in OIHOST1 are shutdown, for this, managed servers in OIMHOST2 works as expected
    2.- All managed servers in OIMHOST1 are RUNNING, for this, first I have started SOA2 managed server, after that, I have fired OIM2 managed server, when it finish boot process the following message appears in server's output:
    <Warning> <org.quartz.impl.jdbcjobstore.JobStoreCMT> <BEA-000000> <This scheduler instance (servername.domainname1304128390936) is still active but was recovered by another instance in the cluster. This may cause inconsistent behavior.>
    Start the WLS_SOA2 managed server using the WebLogic Administration Console.
    Start the WLS_OIM2 managed server using the WebLogic Administration Console. The WLS_OIM2 managed server must be started after the WLS_SOA2 managed server is started.
    8.9.3.9 Validate the Oracle Identity Manager Instance on OIMHOST2
    Validate the Oracle Identity Manager Server instance on OIMHOST2 by bringing up the Oracle Identity Manager Console using a web browser.
    The URL for the Oracle Identity Manager Console is:
    http://oimvhn2.mycompany.com:14000/oim
    Log in using the xelsysadm password.
    Your help is highly apprecciated
    Regards
    Juan

    Hi Vaasu,
    I have succeeded deploying OIM in HA, just now my customer and I are working on the installation of webtier. Now I have a better understand about HA concepts and the way weblogic works -really nice, but little tricky-
    All the magic about HA is configuring properly the network interfaces in each Linux boxes (our case) so, first of all you need to create 2 new floating IP's on each Linux boxes (google: how to create virtual Ip in linux, if you don't know) clone and modify your 'eth0' network script to create the virtual IPs
    Follow the procudere in the HA guide: http://download.oracle.com/docs/cd/E14571_01/core.1111/e10106/imha.htm#CDEFECJF
    create DB schemas with RCU
    install weblogic
    install SOA
    patch SOA
    install IAM
    ---if you are working on a virtual machine is good idea to take a snapshot here---
    Create and configure the weblogic domain (special attentention whe configuring the cluster), see step 13 of 8.9.3.2 Creating and Configuring the WebLogic Domain for OIM and SOA on OIMHOST1, here you need to cofigure:
    For the oim_server1 entry, change the entry to the following values:
    Name: WLS_OIM1
    Listen Address: the IP that is confured in eth0:1 of Linux box1
    Listen Port: 14000
    For the soa_server1 entry, change the entry to the following values:
    Name: WLS_SOA1
    Listen Address: the IP configure on eth0:2 of Linux box1
    Listen Port: 8001
    For the second OIM Server, click Add and supply the following information:
    Name: WLS_OIM2
    Listen Address: the IP configured on eth0:1 of Linux box2
    Listen Port: 14000
    For the second SOA Server, click Add and supply the following information:
    Name: WLS_SOA2
    Listen Address: the IP configured on eth0:2 of Linux box2
    Listen Port: 8001
    Click Next.
    On Step 16 ensure you are using the UNIX tab to configure the machines, also ensure that for machine1 you use the IP configured on the eth0 interface of Linux box1, the same for machine2
    please confirm you have performered 8.9.3.3.2 Update Node Manager on OIMHOST1
    if everything is ok you must be able to start the AdminServer as described in the guide.
    configure OIM: 8.9.3.4.2 Running the Oracle Identity Management Configuration Wizard, in my case I don't need LDAPsync, I have skipped this section, if you configure properly OIM, then you mus perform 8.9.3.5 Post-Configuration Steps for the Managed Servers
    resrtar AdminServer then from the weblogic console, start OIM and SOA if node manager is properly configured SOA and OIM must run properly, update deployment mode and coherence as described in the guide and verify that OIM run perfectly in Linux box1.
    Propagate OIM from Linux box1 to Linux box2 as described in the guide, using pack and unpack (you MUST use the same filesystem directory structure on both Linux boxes)
    Update and start NodeManager as described in the guide
    VERY IMPORTAN OBSERVATION
    the guide say:
    8.9.3.8.3 Start the WLS_SOA2 and WLS_OIM2 Managed Servers on OIMHOST2
    Follow these steps to start the WLS_SOA2 and WLS_OIM2 managed servers on OIMHOST2:
    Stop the WebLogic Administration Server on OIMHOST2. Use the WebLogic Administration Console to stop the Administration Server.
    JUAN OBSERVATION:
    IS NOT POSSIBLE TO START OR STOP ADMINSERVER ON HOST2 SINCE ADMIN SERVER WERE CONFIGURED TO LISTEN ON THE IP ADDRES OF eth0 INTERFACE ON HOST1, SO, ITS NOT POSSIBLE TO PLAY IT ON HOST2, I THINK AND ADDITIONAL PROCEDURE SHOULD BE FOLLOWED TO CONFIGURE ADMINSERVER IN HA IN A ACTIVE-PASSIVE MODE
    Start the WebLogic Administration Server on OIMHOST2 using the startWebLogic.sh script under the $DOMAIN_HOME/bin directory. For example:
    /u01/app/oracle/admin/OIM/bin/startWebLogic.sh > /tmp/admin.out 2>1& -----NOT APPLICABLE
    Validate that the WebLogic Administration Server started up successfully by bringing up the WebLogic Administration Console. -----NOT APPLICABLE
    Start the WLS_SOA2 managed server using the WebLogic Administration Console. ----START SOA2 FROM THE CONSOLE RUNNING ON HOST1, IT DOESN'T MATTER
    Start the WLS_OIM2 managed server using the WebLogic Administration Console. The WLS_OIM2 managed server must be started after the WLS_SOA2 managed server is started. ------ START OIM2 FROM THE CONSOLE RUNNING ON HOST1
    HERE YOU MUST BE ABLE TO LOGIN TO OIM2 SERVER AS DESCRIBED IN THE GUIDE, YOU DON'T NEED TO EXECUTE config.sh SCRIPT THIS SHOULD WORK AS DESCRIBED.
    Server migration should work straight-forward if you have configured the floating IPs as described, I have not configured the persistence yet since my customer does not have the skills to share a storage.
    I hope this helps, and feel free to comment or complement.
    By the way, did you know how to set up a valid SSL certificate in Windows 2003 server??? I need it to test and Exchange 2007 I'm tryin to integrate
    Regards
    Juan

  • OIM 11g using too much memory and not releasing it when shutting down

    Hello,
    we have a problem with OIM 11g using too much memory (about 5gb) and it's not releasing it at shutdown (4gb still used).
    We are using a VM with RedHat Linux 5.6. Originally we had 4gb RAM + 2gb swap file. We installed Admin Server, OAM, OIM and SOA on that machine but quickly realised we couldn't run all 4 programs at once in 6gb. AdminServer could run with 2 other products, but it was a tight fit in memory.
    So we increased the RAM to 8gb (still 2gb swap file). But then our problem occured : I start the Admin Server (2.7gb total memory used), then OAM (4.6gb total memory used) and then OIM. After it started the server is now using 9.6gb of memory (~300mb of free memory) ! The problem gets even better : after I shut down everything (OIM, OAM, admin server) the "top" command show that there is still 4gb of memory used even tho nothing else is running on the server ! There is absolutely no other process (other than root stuff) running and no other users connected to the machine. After a reboot, it shows 400mb of memory used. I tried restarting the programs and it did the same thing.
    Our intuition is that there might be a memory leak or some bug in OIM that might use up almost all the free memory and it's not releasing it upon shutdown. It might have been there before we increased the memory but have not noticed it since memory was already tight.
    Anyone encountered the same problem ? Any idea ? Any suggestion to narrow down the problem ?
    Thank you

    You can adjust the memory settings for WLS by editing the setSOADomainEnv.sh file that can be found in your /middleware/user_projects/domains/<domain>/bin/ folder. There is an argument called PORT_MEM_ARGS which is used to set your Java memory arguments. This way you can decrease/increase the amount of memory used by each managed server.
    I usually type "ps -ef | grep oracle" to see what processes are running by the oracle user. This way the output doesn't get cluttered with root processes.
    Sunny Tsang

  • Approval process in OIM 11g

    Hi All,
    I am newbie to OIM. I have a requirement with 2 levels of approvals in OIM 11g.
    *1st level:* In the first level the Approver will be selected by the user(self service) from the drop down present in the custom UI.
    *2nd level:* For the 2nd level Approval the 1st level appover should have the ability to select the next approver from a drop down list. The 2nd level approvers belong to a particular group.
    All the approvers should be stored in a lookup table in OIM. When a user raises a request the custom application should get the values from the lookup table and populate the drop down for 1st level approvers. 2nd level approvers sholud be populated in the drop down during the 1st level approval process.
    can any one suggest me the steps to achieve this.
    Thanks

    Task assignment in SOA are done via human task assignment i.e. the .task component in BPEL. Now this task assignment can use various features to compute whom to assign the task to.
    1. Static: This is when you specify the group name or the user name directly into the task.
    2. Dynamic : This is when you assign the approver to be a variable and in your SOA workflow before task assignment you assign value to this variable.
    3. External Routing: This is when you assign a java code inside the .task to do all the assignment and escalations. When using this you can have complex implementations done.
    What I meant by looping is that you will need to call this .task two times, first time of the first approver and second time (if the first approves it) for the second approver. Thus when you are inside the loop you need to get the appropriate value from the payload (payload is sent from OIM to SOA when you submit/approve the request) and set it into the appropriate variable so that .task reads that variable and assigns the task to that person.
    I would recommend going through the BPEL developers guide for better understanding. Start with a simple process and see how it behaves when it runs and then pile on top of it.
    -Bikash

  • OIM 11g LDAP Sync Features

    Folks,
    I`ve been researching the LDAP sync option in OIM 11g and I have some questions.
    1. Is it true that once enabled, the user does not exist in OIM DB but only in LDAP?
    2. Can we define rules such that only a certain set of users are in LDAP and some are only in OIM?
    3. Can we define rules for Roles that only certain roles in OIM exist in LDAP but not all? I`d like to keep the business roles only in OIM.
    4. I currently have 3 connectors for AD, eDir and OID with OIM 10g and I am researching the option to remove these connectors and use the LDAP sync with OVD. Can this be achieved? What would be the challenges if I were to replace the connectors with LDAP sync?
    Regards,
    AZ

    Well for the connectors in 10g I plan to export them and then import in 11g. The versions are certified.
    For LDAP sync with multiple directories, I've heard of using OVD. So the Directory Server IT Resource would point to OVD and multiple containers in OVD would be mapped to each of the individual directories. OVD adapters would define connection to these directories.
    I have to see if this is feasible keeping in mind the workflows that have been customized in 10g, I don't think every workflow customization can be done in LDAP sync as well. Plus we would lose track of which attributes are provisioned to which LDAP. This is a user-ldap entry mapping, there would be no accounts in resource profile.

  • OIM 11g R2 Exporting UDF without sandbox!

    Hi, I'm trying to export the UDFs att from a User Form, but I lost the sandbox whit i make the customizations.
    Is there any way to recover the Sandbox or export this att to another OIM 11g r2 Server??
    Regards!!

    If you create new sandbox and modify any UDF and export that sandbox before publishing.
    Once you publish sandbox of UDF and then you try to export sandbox in that case you will lost your UDF changes.
    For UDF's always export sandbox before publishing sandbox. so that you have exported sandbox which you can import into another environment.

  • Installing OIM 11g

    I am going for installation of OIM 11g 11.1.1.5.Kindly tell me that following components's versions will be compatible and if not kindly recommend the compatible one.
    Oracle Databae 10.1.3
    Oracle WebLogic server 10.3.3
    Oracle SOA suite 11.1.1.2.0

    Hi,
    your database version should be minimum 10.2.0.4. Older may cause some problem though only schema is important. Your weblogic and SOA are compatible, but it'll be better to go with Oracle WebLogic server 10.3.5 and install SOA 11.1.1.5 from OFM suite 11.1.1.5.
    For detailed information on certification matrix, refer sheets bewlo:
    http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html
    www.oracle.com/technetwork/middleware/id-mgmt/identity-accessmgmt-11gr1certmatrix-161244.xls
    regards,
    GP

  • OIM 11g Reporting with BIP

    Hi,
    Am looking for some document for reporting in OIM11g using BI Publisher. I couldn't get any doc on how the reports work and how to customize a report.
    Can any help me in getting a report documentation in OIM 11g.
    The only link i can search is
    http://download.oracle.com/docs/cd/E14571_01/doc.1111/e14309/understanding.htm#BABHJIEH
    http://download.oracle.com/docs/cd/E14571_01/doc.1111/e14316/workingrep.htm#CHDFBEFI
    Thanks in Advance

    Hi,
    I was able to deploy the default reports that are generated during installation.
    Am adding an extra attribute to the existing reports and trying to display the value in the output report. I can see the template to display is defined in .rtf file.
    But am unable to print the extra attribute value. How do I map this value in rtf file ?
    example: by default in a report I have Fname, Lname and Userid. Am adding extra attribute EmailID. But am unable to generate the value of emaild id in the report.
    How do I map it in rtf file ??

  • Questions against OIM 11g

    Hi All!
    Is it possible to add user photo to user profile in new OIM 11g? My second question is: there is possibility to add attachment to approvall form (like word doc), or digitally sign approval form?
    Any help will be nice
    Best
    mp

    MariuszP wrote:
    Hi All!
    Is it possible to add user photo to user profile in new OIM 11g? My second question is: there is possibility to add attachment to approvall form (like word doc), or digitally sign approval form?Without customization:
    No photo http://download.oracle.com/docs/cd/E14571_01/doc.1111/e14316/usr_mangmnt.htm#BGBGFJAH
    No digitally signed approval form
    No attachments

Maybe you are looking for