Access Policy provisioning resources multiple times...

Hi All
I have AD User and Exchange provisioning using an Access Policy upon trusted reconciliation. Suddenly after creating a user through trusted recon it started provisioning AD user multiple times.This behavior is inconsistent.
I have checked all the roles, rules and access policies.
However, if I create the user manually, it works fine and as expected i.e it provisions only one resource.
Please let me know if someone has observed this weird behavior.
Regards
user12841694

I'm having the same problem:
The first policy must create a resource.
And the following policies should create childs on the resource.
The problem here is that when policies will add the childs, the resource is not provisioned yet.
And then each one will create a resource.
When the resource is already provisioned, the policies update this resource.
How can I fix this?
tks

Similar Messages

  • Provision same resource multiple times

    All,
    I have a scenario to provision same resource multiple times for the same user.
    How to make a resource to allow provisioning multiple times in OIM 11gR2. I am not seeing th option "allow multiple" in resource object in the design console.
    Please help.

    In OIM 11g R2 you can assign same resource multiple time.
    The account which gets assigned first time will be marked as primary and the rest others will be marked as "other"
    HTH

  • Problem with Access policy Provisioning on AD

    Hi,
    I have created an access policy, which will trigger the provisioning the user to AD when the user is added to group 'abc'.
    Its without approval.
    We have object form and process form. Process form is autosave.
    But, the problem is, as soon as the user is added to the group 'abc'.
    It triggers the provisioning flow. But the provisioning will be in ready state only.
    When we go and save the resource form only the provisioning flow triggers.
    If we make the object as auto save, it will work. But in our case we cannot make the object autosave as it has a resource form to be filled by user in other flow.
    Is there any approach to solve the issue?
    Regards,
    SK

    Hi Rajiv,
    So, there is no way we can implement this?
    My requirement is same as this,
    OIM: Question about "Auto Save" option on Resource Object
    I have a Resource Object that needs to be provisioned at least two ways:
    1) thru an access policy by group membership
    2) thru user self-request, who is not already in that group membership
    The problem is if I don't check the "Auto Save" check box the automatic assignment thru access policy is not completing and If I do check the check box then user request is not letting the user to enter values into the resource form. Instead it is directly going to submit request. Looks like these are mutually exclusive.
    Is there a way to make both work on the same Resource Object?
    Thanks
    SK

  • Access Policy and Resources -11gR2

    Hi all,
    I have create an Access policy in 11gR2, its working fine and as per requirement the Resource is getting provisioned / revoked properly.
    In *11gR1* resources provisioned through the Access policy were used to be displayed / listed in the User's Resources tab, In *11gR2* the resources provisioned by Access Policy are not being displayed / listed in under the Accounts tab. is it the default behavior of 11gR2? or some bug? or I need to make any configurations to have it displayed here?
    Regards

    nothing special has to do for showing under Accounts tab. Have you created *'Application Instance'* for the Resource. You have to create Application Instance and run the "catalog sync' job. and once Application Instance is provisioned to user. It will be available under Accounts tab.
    Follow 11gr2 doc for creating application instance
    http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/resmgt.htm#CBBFAIEC

  • What would cause Firefox to request a resource multiple times after a long running script?

    I'm noticing some unusual behavior in Firefox when I include an image directly after a call to an external script which is long-running.
    For example:
    <pre><nowiki> <html>
    <body>
    <script type="text/javascript" src='external.js'></script>
    <img src="/test.gif" BORDER=0 WIDTH=1 HEIGHT=1 >
    </body>
    </html>
    </nowiki></pre>
    <br />
    Contents of external.js:
    <pre><nowiki> for(i=0; i<999999; i++){ ; }
    </nowiki></pre>
    <br />
    I notice that when a request to test.gif results in a 404 or 302, Firefox makes another request for that same resource immediately after the script has completed.
    127.0.0.1 - - [29/Apr/2011:16:22:22 -0400] "GET /test.gif HTTP/1.1" 404 507
    127.0.0.1 - - [29/Apr/2011:16:22:22 -0400] "GET /test.gif HTTP/1.1" 404 507
    This behavior doesn't occur for inline javascript, and I have pipelining turned off, so I'm fairly certain it's not related to that. Seems like odd behavior, or I'm just missing something not-so-obvious. Any ideas?

    This forum focuses on end-user support. You can find more web development help on the [http://forums.mozillazine.org/viewforum.php?f=25 mozillaZine Web Development board]. Separate forum, separate registration. Please note the tips in the Sticky Post at the top of the forum before posting.

  • Linking resource accounts to access policy from a database

    As part of the seeding process, we assign roles to the users and then run the recon to assign resources to the user. We have an access policy which is supposed to assign AD resource when a User has an Employee role. After we seed all the existing users, we enable to policy to assign AD for the new users, but since we recon the user's instead of access policy, it doesn't link the access policy to resource account.
    How can I link those two in the database so next time when someone is removed from the Employee role, it will also remove the AD account. I tried setting the pol_key attribute in UD_ADUSER with the id of the policy found in table pol but that didn't help.
    Thanks

    As part of the seeding process, we assign roles to the users and then run the recon to assign resources to the user. We have an access policy which is supposed to assign AD resource when a User has an Employee role. After we seed all the existing users, we enable to policy to assign AD for the new users, but since we recon the user's instead of access policy, it doesn't link the access policy to resource account.
    How can I link those two in the database so next time when someone is removed from the Employee role, it will also remove the AD account. I tried setting the pol_key attribute in UD_ADUSER with the id of the policy found in table pol but that didn't help.
    Thanks

  • Security exception when provisioning using multiple access policies

    We have upgraded our eDirectory connector to version 9.0.4.12. When provisoning manually all process tasks work correctly. However, when provisioning through an access policy or multiple access policies, once the edirectory Create User task runs it creates a security exception and all other connectors fail to provision until retried. We have set the system config parameter of Access Policy Multiple Resource Enhancement to TRUE and we have set the account discirminator in the process form to Server. Why would it fail?

    I have the same problem. Have you solved your problem, if so please let me know what the solution is.
    Einar �rn

  • Provision to target system via access policy

    I am attempting to provision to Active Directory via an access policy and membership rule in OIM11gR2.  I have a couple different issues associated with this process. 
    First,  I have a membership rule that works fine.  All members of a certain organization are automatically assigned a certain role.  My access policy is set to provision an AD account to any member that is assigned the same role from the membership rule.  This access policy does not seem to get triggered.  The access policy is set to run with no approval, retrofit access policy is enabled, and it is set as priority 1 with "revoke if no longer applies" checked.  It is also assigned the Active Directory Users process form.  I cannot determine why this access policy is not being triggered to provision the role members to AD.  I have manually run the Evaluate Users Policies several times with no affect. 
    I believe this may be happening because the default prepopulate adapters are not working or are not configured correctly.   The 5 mandatory fields each have a prepopulate adapter assigned to them with the Default rule.  Correct me if I am wrong, but I believe the mandatory fields user id, first name, last name, common name, and user principal name?  The Org name and IT Resource are set as static values within the access policy.  Can anyone assist me in determining (1) why the access policy is not working and (2) why the prepopulate adapters such as ADIDC Populate Form Field for User ID and ADIDC Prepopulate UserPrincipalName for User Principal Name are not working?  Is there additional configuration that must take place with these out-of-the box adapters so they know which values to populate?

    Just verify whether following are check in AD prcess Defn:
    Auto Save Form
    This check box is used to designate whether Oracle Identity Manager should suppress display of the custom form associated with this provisioning process or display it and allow a user to supply it with data each time the process is instantiated.If you select this check box, it designates that Oracle Identity Manager should automatically save the data in the custom process form without first displaying the form. If you select this checkbox, you must supply either system-defined data or ensure that an adapter is configured to populate the form with the required data (since the user will not be able to access the form).If you clear this check box, it designates that Oracle Identity Manager should display the custom process form and allow users to enter data into its fields.
    Auto Pre-Populate
    This check box designates whether the fields of a custom form that:
    Are associated with the process
    Contain fields that have pre-populated adapters attached to them
    Also, while running "Evaluate User Policy" , clear the old time stamp and populate it with current time. Sometime I have seen people are doing mistake.
    ~J

  • [OIM 9.1.0.2] RESOURCE NOT REVOKED BY ACCESS POLICY WHEN USER DISABLED

    Hi Experts,
    OIM Build Number: 1866.62 ( BP15 )
    IHAC that faced an unexpected behavior on User disabling.
    Some users were associated to groups that had access policies applied.
    When those users were disabled, they didnt lose their associated groups and also the resource and permission associated thru access policy applied to those groups.
    I saw that there was a bug reported to that issue. So I performed the action plan and set up the XL.EvaluateMembershipForInactiveUser System Property as TRUE. Now after disabling the users are properly removed from groups.
    Customer problem: For those users, almost 1000, I did a recon just to estimule the identity, so the membership rule was applied and the groups were removed, but OIM didn't evaluate the access policies and didn't revoke the resources.
    I ran the Evaluate User Policies task, and it seems to be stuck. Should the Evaluate User Policies schedule task work for that scenario? Should the resource after running that task be revoked?
    Any help would be very appreciated.

    Hi Nishith,
    I ran the task, but it seems really stuck. It displays the RUNNING status, but any effect is observed. I have to change task status to INACTIVE in the Design Console.
    This task has 2 attributes: Batch Size= 500 and Number of Threads=20.
    But I have noticed this task in another environment (w/ BP 18 applied), it has 3 attributes: Batch Size= 500 ; Number of Threads=20 and Time Limit in mins=1.
    Is it any enhancement for this task in order to improve its performance, or something like that?
    What else I can check?
    Thanks in advance.

  • OIM 11g R2 - AD provisioning based on Role and Access Policy

    Hi, for Active Direcotry integration i used some prepopulation plugin for populationg resource form (based on http://fusionsecurity.blogspot.sk/2013/01/populating-request-attributes-in-oim.html).
    It's work fine - requested account was fully provisioned.
    Can i use this plugins for Role based provisioning?
    I try to create access policy and associated role but when attached the role to the user and run Evaluate User Policies Job, account can't be provisioned.
    In diagnostic.log i found.....
    [oracle.iam.platform.kernel.impl] [.....] [userId: oiminternal] [.....] [APP: oim#11.1.2.0.0] Immediate consequences are returned with event - InitiatePolicyEvaluationAndProvisioning
    [oracle.iam.platform.kernel.impl] [.....] [userId: oiminternal] [.....] [APP: oim#11.1.2.0.0] Next Waiting child process is ..........6380 sync = false
    [oracle.iam.platform.kernel.impl] [.....] [userId: oiminternal] [.....] [APP: oim#11.1.2.0.0] First Waiting child process is ..........6380
    [oracle.iam.platform.kernel.impl] [.....] [userId: oiminternal] [.....] [APP: oim#11.1.2.0.0] Kernel executing default validation with process id, event id, entity and operation 6,380.0.Resource.ACCESS_POLICY_BASED_PROVISION
    [oracle.iam.platform.kernel.impl] [.....] [userId: oiminternal] [.....] [APP: oim#11.1.2.0.0] Kernel completed the child orchestration - 6380.6379
    [oracle.iam.platform.kernel.dao] [.....] [userId: oiminternal] [.....] [APP: oim#11.1.2.0.0] Inserting records for orchestration cleanup
    [oracle.iam.platform.kernel.impl] [.....] [userId: oiminternal] [.....] [APP: oim#11.1.2.0.0] Completed orchestration with action result - 113

    Hi, all
    I try to fill Access policy Process Form. Account request was created and provisioned when field AD Server and Organization Name was filled in, but pre-population plugin doesn't fired
    The question is.... How can i use pre-population plugin for populating request dataset used with request generated by access policy....
    Is it possible to use plugins for requests generated based on access policy?
    a.

  • OIM 11g AD Connector Access Policy Based Provisioning Issue

    Hi,
    I created Approval Policy for Access Policy Based Provisioning request type for request level (autoapproval) and operational level (used standart beneficiaryManagerApproval process), but when the resource must assigned to User,- throws exception when running setAdDn adapter of Process Definition Form:
    Running ISADAM
    Target Class = java.lang.String
    Running Get Attribute Map
    Running AD Create User
    Running ISADAM
    Target Class = java.lang.String
    Running GETUSESSL
    Target Class = java.lang.String
    Running CheckUserStatus
    Running GETATTRIBUTEHASH
    Target Class = com.thortech.xl.util.adapters.tcUtilHashTableOperations
    Running Set User Attribute
    Running Set User Expiration Date
    Running ISADAM
    Target Class = java.lang.String
    Running CheckUserStatus
    Running GETPWDEXPIRESATTRIBUTEHASH
    Target Class = com.thortech.xl.util.adapters.tcUtilHashTableOperations
    Running Set Pwd Expires Attribute False
    Running GETATTRIBUTEHASH
    Target Class = com.thortech.xl.util.adapters.tcUtilHashTableOperations
    Running SETADDN
    [2012-07-19T16:15:52.281+03:00] [oim_server1] [ERROR] [] [XELLERATE.SERVER] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Class/Method: tcDataObj/save Error :Insertion of dataobject into database failed
    [2012-07-19T16:16:34.375+03:00] [oim_server1] [WARNING] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Exception while trying to get the connection count : 0
    [2012-07-19T16:16:55.422+03:00] [oim_server1] [WARNING] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Exception while trying to get the connection count : 1
    [2012-07-19T16:17:12.750+03:00] [oim_server1] [ERROR] [] [XELLERATE.APIS] [tid: OIMQuartzScheduler_Worker-10] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-0000000000000003,0] [APP: oim#11.1.1.3.0] Class/Method: tcLookupOperationsBean/getLookupValuesFilteredData encounter some problems: The LookupCode 'Lookup.ESSOMFONumbers' does not exist.
    [2012-07-19T16:17:14.703+03:00] [oim_server1] [ERROR] [] [XELLERATE.APIS] [tid: OIMQuartzScheduler_Worker-10] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-0000000000000003,0] [APP: oim#11.1.1.3.0] Class/Method: tcLookupOperationsBean/getLookupValuesFilteredData encounter some problems: The LookupCode 'Lookup.ESSOMFONumbers' does not exist.
    [2012-07-19T16:17:15.203+03:00] [oim_server1] [ERROR] [] [XELLERATE.APIS] [tid: OIMQuartzScheduler_Worker-10] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-0000000000000003,0] [APP: oim#11.1.1.3.0] Class/Method: tcLookupOperationsBean/getLookupValuesFilteredData encounter some problems: The LookupCode 'Lookup.ESSOMFONumbers' does not exist.
    [2012-07-19T16:17:15.703+03:00] [oim_server1] [ERROR] [] [XELLERATE.APIS] [tid: OIMQuartzScheduler_Worker-10] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-0000000000000003,0] [APP: oim#11.1.1.3.0] Class/Method: tcLookupOperationsBean/getLookupValuesFilteredData encounter some problems: The LookupCode 'Lookup.ESSOMFONumbers' does not exist.
    [2012-07-19T16:17:16.469+03:00] [oim_server1] [WARNING] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Exception while trying to get the connection count : 2
    [2012-07-19T16:17:37.516+03:00] [oim_server1] [WARNING] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Exception while trying to get the connection count : 3
    [2012-07-19T16:17:58.562+03:00] [oim_server1] [WARNING] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Exception while trying to get the connection count : 4
    [2012-07-19T16:17:58.562+03:00] [oim_server1] [ERROR] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Class/Method: DirectDB/getConnection encounter some problems: Error while retrieving database connection.Please check for the follwoing[[
    Database srever is running.
    Datasource configuration settings are correct. java.sql.SQLException: Unexpected exception while enlisting XAConnection java.sql.SQLException: Transaction rolled back: Event handler ApprovalInitiation is asynchronous but orchestration is configured as synchronous.
         at weblogic.jdbc.jta.DataSource.enlist(DataSource.java:1616)
         at weblogic.jdbc.jta.DataSource.refreshXAConnAndEnlist(DataSource.java:1503)
         at weblogic.jdbc.jta.DataSource.getConnection(DataSource.java:446)
         at weblogic.jdbc.jta.DataSource.connect(DataSource.java:403)
         at weblogic.jdbc.common.internal.RmiDataSource.getConnection(RmiDataSource.java:364)
         at oracle.iam.platform.utils.vo.OIMDataSource.getConnection(OIMDataSource.java:57)
         at com.thortech.xl.util.DirectDB.getConnection(DirectDB.java:200)
         at com.thortech.xl.util.DirectDB.getConnection(DirectDB.java:148)
         at com.thortech.xl.dataaccess.tcDataBase.getConnection(tcDataBase.java:3198)
         at com.thortech.xl.dataaccess.tcDataBase.readPartialStatement(tcDataBase.java:705)
         at com.thortech.xl.dataobj.tcDataBase.readPartialStatement(tcDataBase.java:271)
         at com.thortech.xl.dataobj.tcDataBase.readStatement(tcDataBase.java:221)
         at com.thortech.xl.dataobj.tcDataBase.getError(tcDataBase.java:700)
         at com.thortech.xl.dataobj.tcDataObj.handleError(tcDataObj.java:1197)
         at com.thortech.xl.dataobj.tcDataObj.handleError(tcDataObj.java:1140)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:487)
         at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(tcORC.java:844)
         at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(tcORC.java:1159)
         at com.thortech.xl.dataobj.tcOrderItemInfo.completeCarrierBaseMilestone(tcOrderItemInfo.java:735)
         at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostInsert(tcOrderItemInfo.java:171)
         at com.thortech.xl.dataobj.tcUDProcess.eventPostInsert(tcUDProcess.java:234)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2906)
         at com.thortech.xl.dataobj.tcORC.autoDOBSave(tcORC.java:2995)
         at com.thortech.xl.dataobj.util.tcOrderPackages.createOrder(tcOrderPackages.java:526)
         at com.thortech.xl.dataobj.util.tcOrderPackages.orderPackageForUser(tcOrderPackages.java:177)
         at com.thortech.xl.dataobj.tcOIU.provision(tcOIU.java:527)
         at com.thortech.xl.dataobj.tcOIU.eventPostInsert(tcOIU.java:303)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2906)
         at com.thortech.xl.dataobj.tcUserProvisionObject.insertImplementation(tcUserProvisionObject.java:283)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:591)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at oracle.iam.accesspolicy.impl.handlers.provisioning.ProvisionAccountActionHandler.execute(ProvisionAccountActionHandler.java:104)
         at oracle.iam.accesspolicy.impl.handlers.provisioning.ProvisionAccountActionHandler.execute(ProvisionAccountActionHandler.java:35)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at oracle.iam.platform.kernel.impl.EventHandlerDynamicProxy.invoke(EventHandlerDynamicProxy.java:30)
         at $Proxy250.execute(Unknown Source)
         at oracle.iam.platform.kernel.impl.OrchProcessData.runActionEvents(OrchProcessData.java:1035)
         at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:644)
         at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
         at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:669)
         at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:716)
         at oracle.iam.platform.kernel.impl.OrhestrationAsyncTask.execute(OrhestrationAsyncTask.java:108)
         at oracle.iam.platform.async.impl.TaskExecutor.executeUnmanagedTask(TaskExecutor.java:100)
         at oracle.iam.platform.async.impl.TaskExecutor.execute(TaskExecutor.java:70)
         at oracle.iam.platform.async.messaging.MessageReceiver.onMessage(MessageReceiver.java:68)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
         at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
         at $Proxy311.onMessage(Unknown Source)
         at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:574)
         at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:477)
         at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:379)
         at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4659)
         at weblogic.jms.client.JMSSession.execute(JMSSession.java:4345)
         at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3821)
         at weblogic.jms.client.JMSSession.access$000(JMSSession.java:115)
         at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5170)
         at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
         at weblogic.jdbc.jta.DataSource.refreshXAConnAndEnlist(DataSource.java:1522)
         at weblogic.jdbc.jta.DataSource.getConnection(DataSource.java:446)
         at weblogic.jdbc.jta.DataSource.connect(DataSource.java:403)
         at weblogic.jdbc.common.internal.RmiDataSource.getConnection(RmiDataSource.java:364)
         at oracle.iam.platform.utils.vo.OIMDataSource.getConnection(OIMDataSource.java:57)
         at com.thortech.xl.util.DirectDB.getConnection(DirectDB.java:200)
         at com.thortech.xl.util.DirectDB.getConnection(DirectDB.java:148)
         at com.thortech.xl.dataaccess.tcDataBase.getConnection(tcDataBase.java:3198)
         at com.thortech.xl.dataaccess.tcDataBase.readPartialStatement(tcDataBase.java:705)
         at com.thortech.xl.dataobj.tcDataBase.readPartialStatement(tcDataBase.java:271)
         at com.thortech.xl.dataobj.tcDataBase.readStatement(tcDataBase.java:221)
         at com.thortech.xl.dataobj.tcDataBase.getError(tcDataBase.java:700)
         at com.thortech.xl.dataobj.tcDataObj.handleError(tcDataObj.java:1197)
         at com.thortech.xl.dataobj.tcDataObj.handleError(tcDataObj.java:1140)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:487)
         at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(tcORC.java:844)
         at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(tcORC.java:1159)
         at com.thortech.xl.dataobj.tcOrderItemInfo.completeCarrierBaseMilestone(tcOrderItemInfo.java:735)
         at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostInsert(tcOrderItemInfo.java:171)
         at com.thortech.xl.dataobj.tcUDProcess.eventPostInsert(tcUDProcess.java:234)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2906)
         at com.thortech.xl.dataobj.tcORC.autoDOBSave(tcORC.java:2995)
         at com.thortech.xl.dataobj.util.tcOrderPackages.createOrder(tcOrderPackages.java:526)
         at com.thortech.xl.dataobj.util.tcOrderPackages.orderPackageForUser(tcOrderPackages.java:177)
         at com.thortech.xl.dataobj.tcOIU.provision(tcOIU.java:527)
         at com.thortech.xl.dataobj.tcOIU.eventPostInsert(tcOIU.java:303)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2906)
         at com.thortech.xl.dataobj.tcUserProvisionObject.insertImplementation(tcUserProvisionObject.java:283)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:591)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at oracle.iam.accesspolicy.impl.handlers.provisioning.ProvisionAccountActionHandler.execute(ProvisionAccountActionHandler.java:104)
         at oracle.iam.accesspolicy.impl.handlers.provisioning.ProvisionAccountActionHandler.execute(ProvisionAccountActionHandler.java:35)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at oracle.iam.platform.kernel.impl.EventHandlerDynamicProxy.invoke(EventHandlerDynamicProxy.java:30)
         at $Proxy250.execute(Unknown Source)
         at oracle.iam.platform.kernel.impl.OrchProcessData.runActionEvents(OrchProcessData.java:1035)
         at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:644)
         at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
         at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:669)
         at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:716)
         at oracle.iam.platform.kernel.impl.OrhestrationAsyncTask.execute(OrhestrationAsyncTask.java:108)
         at oracle.iam.platform.async.impl.TaskExecutor.executeUnmanagedTask(TaskExecutor.java:100)
         at oracle.iam.platform.async.impl.TaskExecutor.execute(TaskExecutor.java:70)
         at oracle.iam.platform.async.messaging.MessageReceiver.onMessage(MessageReceiver.java:68)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
         at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
         at $Proxy311.onMessage(Unknown Source)
         at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:574)
         at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:477)
         at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:379)
         at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4659)
         at weblogic.jms.client.JMSSession.execute(JMSSession.java:4345)
         at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3821)
         at weblogic.jms.client.JMSSession.access$000(JMSSession.java:115)
         at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5170)
         at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
    But when I try to provision this Resource through Access Policy, but without approving it works fine!!!
    Please, Help.
    Edited by: user13830503 on 19/7/2012 6:39

    2e0e6e14:1389f3fa30b:-8000-0000000000000003,0] [APP: oim#11.1.1.3.0] Class/Method: tcLookupOperationsBean/getLookupValuesFilteredData encounter some problems: The LookupCode 'Lookup.ESSOMFONumbers' does not exist.
    Make sure the lookup table exists and is spelled correctly in your process task.

  • Unable to automatically provision users in AD via Access Policy

    Hello,
    I can connect to AD and provision a user manually to AD via OIM. Goes through just fine. However, if I use an Access Policy to do the same thing, it's stuck in the 'Provisioning' stage. All values are the same in the form.
    Any suggestions on why it works manually but not automatically? I have all values including AD server filled in my form. Is there additional configuration in the Access Policy that I'm missing?

    All fields are prepopulated.
    How do I enable autosave? It's doing the same thing with eDirectory too.
    If I go 'Edit' the task I see all values prepopulated. But they're not getting pushed out to the resource. So if I click 'View' all fields are blank.

  • Provision Entitlements using Access Policy in OIM & OIA

    Hi All,
    Access policies in OIM does not allow entitlements definition in it such as defining the AD Groups that needs to be attached to the account which would be provisioned on the target resource when the access policy gets triggered. These entitlements definition in OIM is taken care on the Process Form level, whereas in case of OIA the Provisioning polices allow entitlements definition according the resource type in the policy level. It would be of great help if you could help us in understanding how the import and export of access policy data between OIA and OIM would be feasible with these differences in place
    Appreciate any helpful pointer on this.
    Thanks,
    RPB
    Message was edited by: RPB25

    You can edit the Access Policy, select the Resource added-Provide more information, If it has a child table, you can add entitlement to it. you can also add entitlement while exporting OIA policies using accesspolicy api of OIM. But just chek after importing to OIM, the access policies order will be messed.
    sjit

  • Access Policy  Vs Self Service triggered provisioning

    Hello Everyone,
    I wanted to know if there is any way to differentiate at the process definition level whether the provisioning process is triggered by Access Policy/direct OIM user create or a Self Service Request??
    Thanks
    N

    There is a column in the table for the object instance database object that contains a link to the access policy object. You can break or create this link if you want or don't want resource to be revoked on "policy no longer applies".
    I don't remeber exactly what the tables are called (OIU?). Perhaps someone else has this info easily available.
    Best regards
    /Martin

  • OIM iPlanet Resource revoked using access policy

    Hi,
    I had created a group and access policy based upon which i tried to provisioned a iplanet resource to a user.
    For this I had created a UDF(say type with value C) and created a rule based on which user is assigned to group say business and also iPlanet resource is provisioned to user
    As I Edit the profile and clear UDF. User is removed from group and also iPlanet resource is revoked.(In Access Policy revoked if no longer applied)
    I am able to do this task Successfully But If iPlanet resource is already allocated to user and I update the UDF(value C) user is assigned to group and iplanet is already assigned to user(muliple resource UNTICK). and now if i again Updated the UDF(mean clear it) user is removed from the group but iPlanet resource is not revoked from the user......
    Can somebody tell me why it is happening??? wheather its a bug in OIM or I am missing something...
    Thanks
    Anil

    If I understand your requirement correctly, when you change the value in process form edit from C to other, iPlanet resource is getting revoked.
    But when you change the the same value from user profile edit, the iplanet is not getting revoked right?
    As per my knowledge I can say, when you update the value for UDF in user profile, you can use triggers USR.TRIGGERS which will update the process form. In this case your process form will gets updated by default.
    This in turn triggers access policy and revokes the resource.
    Hope this helps you

Maybe you are looking for

  • Iphoto 6 displays all folders as slideshows. How to get back to edit view?

    My Macbook Pro with Iphoto 6 just changed the default view of folders. Now all my named folders/albums in the sidebar display, when clicked, as slideshows. How can I get back to the default way, that shows albums in edit view? I know I can click on t

  • Have 2 computers, desktop(Win.7)

    Have 2 computers - desktop(Win.7) & laptop(win.Vista) .  After recent updates Error messages - APSDaemon.exe MSVRC80.dll missing Windows Error 126 & Microsoft Visual C++Runtime Library Error R6034 and more...!   Have uninstalled (2x) same errors pers

  • Patch for JSF1.0

    Does anyone know if Sun has any plans to release a patch for the current RI?

  • Document collaboration:  attach a written (not digital) signature

    Hello, hoping the community can give me some pointers to automate a process. I am currently part of a business process that requires me to receive a document, affix my written (not digital) signature to it along with a date, and pass it on to the nex

  • Exception while using XA driver for Oracle 9.0.1 with WL Integration 7.0

    java.sql.SQLException: ORA-06550: line 1, column 13: PLS-00201: identifier 'JAVA_XA.XA_START_NEW' must be declared ORA-06550: line 1, column 7: PL/SQL: Statement ignored at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:180) at oracle.jd