Auto Provision OIM AD

Iam trying to have users request for the Active directory resource. Once they submit the request the request can go to the requesters' administrator.
I have created a pre-populate adapter which will fill up all the reqd fields.
So, as soon as a User selects atypr of resource that they want be proviosned they should be proviosned without going thru the steps of Viewing the screens where process data is provided, and process data is verified.

Yes it is pretty staright forward:
You will create a resource say "AD" and not have any object form associated with it, since all the data you need is being pre populated in your process form. So when the user requests this resource he will simply select the resource and hit submit request. No forms will be shown to him.
Once the request is submitted, if you have an approval workflow in place that approval workflow will get kicked off and after approvals are completed the resource provisioning will start.
This is assuming you are using the ootb request model.

Similar Messages

  • Exchange 2003 Auto Provision: OIM

    I'm trying to provision a user to exchange 2003. I'm using Windows 2003. I can create an exchange account successfully via OIM if I provision it manually.
    I've created 2 Access Policies, one for AD and one for Exchange (Priority 1 and 2). They are both supposed to automatically provision a user in AD/Exchange once the account is created in OIM. AD account gets provisioned successfully.
    However, Exchange 2003 account gets a status of Rejected on Check AD User Process. So I tried setting the Depends On value in Exchange Resource Object to AD User via the console. Now it gives me a status of Waiting and never actually creates the mailbox.
    Help!!!

    Yes, turns out it's a bug. Found it on metalink, Doc ID 786449.1

  • OIM - OID (11g) auto-provision thru ldap sync

    Hi,
    I have configured ldap sync. I have following questions
    1. We have created custom attributes in OID and referred to custom object class. Now when I try to create user in OIM, user is auto-provisioned to OID. But the custom attributes in OIM are not getting provisioned to OID (unable to see the custom attributes in user object of OID, unless we refer manually the custom object class). Can any one let me know how to auto-provision the custom attribtues into OID?
    2. When user is auto-provisioned to OID, it is not showing any resource profile details of OID in OIM? Is it the expected behavior? But create, udpate, delete are happening as expected.
    Please let me know if any one know the solution.

    Hi,
    Where you able to achieve this?? i have similar requirment where, i have added 5 custom attributes in both OIM and OID, when i create the users these attributes doesnot get updated on OID....should i add these UDF in any objectclass which OIM understands??please suggest
    Thanks in advance

  • OIM - AD  auto provisioning

    Hi,
    I have configured AD connector. I am able to do direct provisioning with out any errror.
    But, when i am trying to do through an access policy, the following exception occurs. Can someone let me know the cause.
    Target Class = com.thortech.xl.util.adapters.tcUtilStringOperations
    java.lang.ClassCastException: java.lang.String cannot be cast to java.lang.Boolean
    at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADCSCREATEUSER.implementation(adpADCSCREATEUSER.java:68)
    Regards
    Vicky

    For the direct provisioning. .. this is going through and the task performed is "Running isADM" .. but for auto provisioning..it throws an exception at this point (RUNNING isADAM)
    14:56:10,343 INFO [STDOUT] Running CONCATFIRSTANDLAST
    14:56:10,343 INFO [STDOUT] Target Class = com.thortech.xl.util.adapters.tcUtilStringOperations
    14:56:10,406 ERROR [STDERR] java.lang.ClassCastException: java.lang.String cannot be cast to java.lang.Boolean
    14:56:10,406 ERROR [STDERR] at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADCSCREATEUSER.implementation(adpADCSCREATEUSER.java:68)
    14:56:10,406 ERROR [STDERR] at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
    14:56:10,406 ERROR [STDERR] at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
    14:56:10,406 ERROR [STDERR] at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(Unknown Source)
    14:56:10,406 ERROR [STDERR] at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(Unknown Source)
    14:56:10,406 ERROR [STDERR] at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
    14:56:10,406 ERROR [STDERR] at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
    14:56:10,406 ERROR [STDERR] at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(Unknown Source)
    14:56:10,406 ERROR [STDERR] at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(Unknown Source)
    14:56:10,406 ERROR [STDERR] at com.thortech.xl.dataobj.tcOrderItemInfo.completeCarrierBaseMilestone(Unknown Source)
    14:56:10,406 ERROR [STDERR] at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostInsert(Unknown Source)
    14:56:10,406 ERROR [STDERR] at com.thortech.xl.dataobj.tcUDProcess.eventPostInsert(Unknown Source)
    14:56:10,406 ERROR [STDERR] at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
    14:56:10,406 ERROR [STDERR] at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
    14:56:10,406 ERROR [STDERR] at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
    14:56:10,406 ERROR [STDERR] at com.thortech.xl.dataobj.tcORC.autoDOBSave(Unknown Source)
    14:56:10,406 ERROR [STDERR] at com.thortech.xl.dataobj.util.tcOrderPackages.createOrder(Unknown Source)
    14:56:10,406 ERROR [STDERR] at com.thortech.xl.dataobj.util.tcOrderPackages.orderPackageForUser(Unknown Source)
    14:56:10,406 ERROR [STDERR] at com.thortech.xl.dataobj.tcOIU.provision(Unknown Source)
    14:56:10,406 ERROR [STDERR] at com.thortech.xl.dataobj.tcOIU.eventPostInsert(Unknown Source)
    14:56:10,406 ERROR [STDERR] at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
    14:56:10,406 ERROR [STDERR] at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
    14:56:10,406 ERROR [STDERR] at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
    14:56:10,406 ERROR [STDERR] at com.thortech.xl.dataobj.tcUserProvisionObject.insertImplementation(Unknown Source)
    14:56:10,406 ERROR [STDERR] at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
    14:56:10,406 ERROR [STDERR] at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
    14:56:10,406 ERROR [STDERR] at com.thortech.xl.ejb.beansimpl.tcUserOperationsBean.provisionObject(Unknown Source)
    14:56:10,406 ERROR [STDERR] at com.thortech.xl.ejb.beans.tcUserOperationsSession.provisionObject(Unknown Source)
    14:56:10,406 ERROR [STDERR] at com.thortech.xl.ejb.beansimpl.tcUserOperationsBean.provisionObject(Unknown Source)
    14:56:10,406 ERROR [STDERR] at com.thortech.xl.ejb.beans.tcUserOperationsSession.provisionObject(Unknown Source)
    14:56:10,406 ERROR [STDERR] at sun.reflect.GeneratedMethodAccessor468.invoke(Unknown Source)
    14:56:10,406 ERROR [STDERR] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    14:56:10,406 ERROR [STDERR] at java.lang.reflect.Method.invoke(Method.java:597)

  • Auto provisioning for AD is not working in oim11gr2

    Hi All,
    I have current environment as OIM 11.1.2.0.7 and AD connector MSFT_AD_Base_11.1.1.5.0 with patch applied 14190610 and Connector_Server_111200
    I configured an auto provisioning to AD
    I created an access policy based on a role MSAD Users.
    i am expecting when i assign this role user should provisioned to AD automatically but it is not done. I also ran the Evaluate User policies scheduler which in enable state.
    i provisioned user manualy and its working fine. also i checked access policy with another target application R12 application it is also working fine.
    but i dont y it not working for AD . I filled all required fields in process form lyk organisation and AD Server.
    I ran in to same issue in DEV at that time i applied BP07 to oim and 14190610 patch to AD connector, after that it was worked
    Now my UAT is in same environment still it is not working
    Please suggest me some solution
    Regards
    $sid

    Hi All,
    I have current environment as OIM 11.1.2.0.7 and AD connector MSFT_AD_Base_11.1.1.5.0 with patch applied 14190610 and Connector_Server_111200
    I configured an auto provisioning to AD
    I created an access policy based on a role MSAD Users.
    i am expecting when i assign this role user should provisioned to AD automatically but it is not done. I also ran the Evaluate User policies scheduler which in enable state.
    i provisioned user manualy and its working fine. also i checked access policy with another target application R12 application it is also working fine.
    but i dont y it not working for AD . I filled all required fields in process form lyk organisation and AD Server.
    I ran in to same issue in DEV at that time i applied BP07 to oim and 14190610 patch to AD connector, after that it was worked
    Now my UAT is in same environment still it is not working
    Please suggest me some solution
    Regards
    $sid

  • EBusiness Suite User "Auto-provisioning" and  "Self-Request" Problem

    I have two types of OIM User, Staff and Contingent
    Staff (Role = Full-Time)
    Contingent (Role = Contractor / Role = Consultant)
    Resource Object: eBusiness Suite User
    Here's my RO configuration:
    Auto Pre-populate: true
    Allow Multiple: true
    Self Request Allowed: true
    Allow All: true
    Auto-Launch: true
    EBS Connector, by default has two forms:
    UD_EBS_UO: Object Form
    UD_EBS_USER: Process Form
    I have requirement which will auto-provision eBusiness Suite User resource to Staff users.
    Originally, UD_EBS_OU is the table name used by the RO. For auto-provisioning to work, I have implemented it this way:
    First, I have defined a User Group for Staff and assign an Access Policy to it (for users with Role == Full-Time).
    Then, I have detached Object Form UD_EBS_UO from the RO. This way, when Staff user is created in OIM, it is automatically provisioned with eBusiness Suite User, though it won't have a Resource Form, only a Process Form. Process Form fields are automatically pre-populated with values (via my Pre-populate adapters).
    Now my problem is during Self-Request. Contingent user doesn't get auto-provisioned with EBS RO, but he can self-request for it. Problem is, since I detached the Object Form from the RO, user is not seeing any form during request. And I have a requirement that approver of the request should also be able to view/modify the details of the request form. But that is not possible now that Object Form does not exist for this RO.
    Is it possible that Self-Request and Auto-Provisioning works both ways under the same Resource Object? How do I configure that? Appreciate your quick response and help. :)
    Edited by: user10202544 on Feb 10, 2010 3:27 AM

    Yes I have set permissions to all users for the Object Form.
    It is required for me to have both Self Request and Auto-provisioning work for eBusiness Suite RO.
    During approval, however, the approver needs to see the Object Form (where he can view/modify its values before approving it). That's impossible for me since I detached the Object Form from the Resource Object. I need do to this for auto-provisioning to work.
    It seems that it doesn't work both ways. Any other suggestions?

  • EBusiness Suite User "Auto-provisioning" with Object Form

    eBusiness Suite User RO has two forms, 1 Object Form and 1 Process Form
    I want to configure access policies to auto-provision EBS RO to OIM users (particularly Staff/Full-time users).
    On the Resource Object configuration, I checked Auto-Save. This enables my Object Form to be automatically saved during auto-provisioning. I have pre-populate adapters attached to my Object form, such that during auto-provisioning the fields are pre-populated based from a user's profile in OIM.
    However, my problem is, my pre-populate adapters always get xelsysadm attributes and not the user's (whom the request is being created for).
    You may ask why I needed the Object Form?? I could have just discard my object form from the Resource Object, and directly populate values in the Process Form.
    However, I have a business requirement, that eBusiness Suite User can also be self-requested for certain users (contractor, contingent) which are not part of the auto-provisioning/access policy. This is why I still needed my Object Form.
    Is there a way that auto-provisioning and self-requests works both ways under one Resource Object?

    Well that's something crucial with OIM request model. AFAIK in such cases the information for requester is populated and since invocation of access policy is through sysadmin so the information of XELSYSADM is populated.
    Rather what I would suggest is that attach these pre-populate adapters to the process form and skip flow of the data from Object->Process form. So your request model remains intact and the information you want to pre-populate is also done. Hope this should work and is viable for you.
    Thanks
    Sunny

  • Using the JDE Connector to Auto Provision (11g)

    Looking for companies using OIM 11g who have recently setup auto provisioning using the JDE connector. Any insight (gotchas, etc.) you could post here would be appreciated.
    Edited by: user13686208 on Mar 23, 2011 12:02 PM

    Ranjini,
    By auto-provision, do you mean all users default gets an AD resource?
    To start off with,
    1)are you able to manually provision users to AD?
    If no, then ur problem is with the AD Connector parameters or Task Create User.
    If yes,
    2) do you have an access policy for provisioning?
    If no, you need to create a policy to provision the AD resource to the All User Group.
    If yes, need to check if the users are part of the group and also try retrofitting the policy.
    Rgds, Ajay

  • Error while trying to provision OIM user to Active Directory using SSL

    Hi All,
    I am able to see the users through LDAP browser using SSL but am getting the following error while trying to provision OIM users to AD using SSL.
    I am using Microsoft Active Directory connector type 9.11.
    Response: Connection Error encountered
    Response Description: Error encountered while connecting to target system
    I did some testing using "Diagnostic Dashboard" and the following are the results.
    Test Name: Target System SSL Trust Verification: Passed
    Test Name: Test Basic Connectivity: Failed
    Exceptions:
    ITResource information values are not correct. Enter the correct values.
    java.lang.reflect.InvocationTargetException
    javax.naming.CommunicationException: simple bind failed:
    unable to find valid certification path to requested target.Test Name: Test Provisioning:Failed
    Note: Without SLL all the above tests got Passed.
    Can anybody help me out from this issue.
    Thanks in advance.
    Pradeep Kumar.

    I am able to connect to AD using 636 port number from LDAP browser and as the following test got Passed i think that my certificatee should be correct.
    Test Name: Target System SSL Trust Verification.
    Input Parameters
    Target System: idm.orademo.com
    Port: 636 Certificate Store
    Location: /usr/java/jdk1.6.0_14/jre/lib/security/cacerts
    Result : Passed
    ITResource Values:
    ADAM LockoutThreshold Value     
    ADGroup LookUp Definition     Lookup.ADReconciliation.GroupLookup
    Admin FQDN     cn=Administrator,cn=Users,dc=orademo,dc=com
    Admin Password     *******
    Allow Password Provisioning     yes
    AtMap ADGroup     AtMap.ADGroup
    AtMap ADUser     AtMap.AD
    Invert Display Name     no
    Port Number     636
    Remote Manager Prov Lookup     AtMap.AD.RemoteScriptlookUp
    Remote Manager Prov Script Path     
    Root Context     dc=orademo,dc=com
    Server Address     idm.orademo.com
    Target Locale: TimeZone     GMT
    UPN Domain     orademo.com
    Use SSL     yes
    isADAM     no
    isLookupDN     no
    isUserDeleteLeafNode     no
    Thansk & Regards,
    Pradeep Kumar.

  • Problems while provisioning OIM user to AD

    Hello,
    My OIM version is 9.1.0.1 & AD version is 9.1.1.4
    I want to provision OIM user to AD,so before provisioning i ran AD Group Lookup Recon &
    AD Organization Lookup Recon .
    When i tried to provision AD User to OIM user ,status=provisioning where System Validation was
    completed & create user was rejected & there was no response description.
    Following is the error which i got on console : java.lang.reflect.InvocationTargetException
    Thanks & Regards
    Rahul Shah

    IT Resource Parameters :
    ADAM LockoutThreshold Value     5
    ADGroup LookUp Definition     Lookup.ADReconciliation.GroupLookup
    Admin FQDN     CN=Administrator,CN=Users,DC=proservdemo,DC=com
    Admin Password     *******
    Allow Password Provisioning     yes
    AtMap ADGroup     AtMap.ADGroup
    AtMap ADUser     AtMap.AD
    Invert Display Name     no
    Port Number     389
    Remote Manager Prov Lookup     AtMap.AD.RemoteScriptlookUp
    Remote Manager Prov Script Path     
    Root Context     DC=proservdemo,DC=com
    Server Address     IP Address
    Target Locale: TimeZone     GMT
    UPN Domain     proservdemo.com
    Use SSL     no
    isADAM     no
    isUserDeleteLeafNode     no
    & here is the exception which i see on console :
    Running GETINVERTDISPLAYNAMEVALUE
    Target Class = java.lang.String
    Running CONCATFIRSTANDLAST
    Target Class = com.thortech.xl.util.adapters.tcUtilStringOperations
    Running GETINVERTDISPLAYNAMEVALUE
    Target Class = java.lang.String
    Running CONCATFIRSTANDLAST
    Target Class = com.thortech.xl.util.adapters.tcUtilStringOperations
    Running CONCATDOMAIN
    Target Class = com.thortech.xl.util.adapters.tcUtilStringOperations
    Running CONCATUSERLOGINWITHDOMAIN
    Target Class = com.thortech.xl.util.adapters.tcUtilStringOperations
    MessageDateFieldBean, localName='messageDateField': oracle.cabo.image: Initializ
    ing image cache: D:\Oracle\OIM\xellerate\OIMApplications\WLXellerateFull.ear\xlW
    ebApp.war\cabo\images\cache\ ...
    MessageDateFieldBean, localName='messageDateField': oracle.cabo.image: Loading i
    mage 0 of 3 from image cache: D:\Oracle\OIM\xellerate\OIMApplications\WLXellerat
    eFull.ear\xlWebApp.war\cabo\images\cache\
    MessageDateFieldBean, localName='messageDateField': oracle.cabo.image: Finished
    initializing image cache: D:\Oracle\OIM\xellerate\OIMApplications\WLXellerateFul
    l.ear\xlWebApp.war\cabo\images\cache\
    Running ISADAM
    Target Class = java.lang.String
    Running Get Attribute Map
    Running AD Create User
    java.lang.reflect.InvocationTargetException
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADCSCREATEUSER.ADCREATEUSER(adpADCSCREATEUSER.java:224)
    at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADCSCREATEUSER.implementation(adpADCSCREATEUSER.java:91)
    at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
    at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
    at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(Unknown Source)
    at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(Unknown Source)
    at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
    at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
    at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(UnknownSource)
    at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(Unknown Source)
    at com.thortech.xl.dataobj.tcOrderItemInfo.completeCarrierBaseMilestone(Unknown Source)
    at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostInsert(Unknown Source)
    at com.thortech.xl.dataobj.tcUDProcess.eventPostInsert(Unknown Source)
    at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
    at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
    at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
    at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(Unknown Source)
    at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(Unknown Source)
    at com.thortech.xl.ejb.beans.tcFormInstanceOperationsSession.setProcessFormData(Unknown Source)
    at com.thortech.xl.ejb.beans.tcFormInstanceOperations_2j82mm_EOImpl.setProcessFormData(tcFormInstanceOperations_2j82mm_EOImpl.java:1245)
    at Thor.API.Operations.tcFormInstanceOperationsClient.setProcessFormData(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
    at weblogic.security.Security.runAs(Security.java:41)
    at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(Unknown Source)
    at Thor.API.Base.SecurityInvocationHandler.invoke(Unknown Source)
    at $Proxy68.setProcessFormData(Unknown Source)
    at com.thortech.xl.webclient.actions.DirectProvisionUserAction.handleVerifyProcessData(Unknown Source)
    at com.thortech.xl.webclient.actions.DirectProvisionUserAction.goNext(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:280)
    at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(Unknown Source)
    at com.thortech.xl.webclient.actions.tcActionBase.execute(Unknown Source)
    at com.thortech.xl.webclient.actions.tcAction.execute(Unknown Source)
    at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
    at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
    at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
    at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at com.thortech.xl.webclient.security.SecurityFilter.doFilter(Unknown Source)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3684)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    Caused by: java.lang.NullPointerException
    at com.thortech.xl.integration.ActiveDirectory.tcUtilADTasks.createUser(Unknown Source)
    ... 68 more
    com.thortech.xl.dataobj.util.tcAdapterTaskException
    at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADCSCREATEUSER.ADCREATEUSER(adpADCSCREATEUSER.java:230)
    at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADCSCREATEUSER.implementation(adpADCSCREATEUSER.java:91)
    at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
    at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
    at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(Unknown Source)
    at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(Unknown Source)
    at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
    at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
    at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(UnknownSource)
    at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(Unknown Source)
    at com.thortech.xl.dataobj.tcOrderItemInfo.completeCarrierBaseMilestone(Unknown Source)
    at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostInsert(Unknown Source)
    at com.thortech.xl.dataobj.tcUDProcess.eventPostInsert(Unknown Source)
    at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
    at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
    at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
    at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(Unknown Source)
    at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(Unknown Source)
    at com.thortech.xl.ejb.beans.tcFormInstanceOperationsSession.setProcessFormData(Unknown Source)
    at com.thortech.xl.ejb.beans.tcFormInstanceOperations_2j82mm_EOImpl.setProcessFormData(tcFormInstanceOperations_2j82mm_EOImpl.java:1245)
    at Thor.API.Operations.tcFormInstanceOperationsClient.setProcessFormData(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
    at weblogic.security.Security.runAs(Security.java:41)
    at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(Unknown Source)
    at Thor.API.Base.SecurityInvocationHandler.invoke(Unknown Source)
    at $Proxy68.setProcessFormData(Unknown Source)
    at com.thortech.xl.webclient.actions.DirectProvisionUserAction.handleVerifyProcessData(Unknown Source)
    at com.thortech.xl.webclient.actions.DirectProvisionUserAction.goNext(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:280)
    at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(Unknown Source)
    at com.thortech.xl.webclient.actions.tcActionBase.execute(Unknown Source)
    at com.thortech.xl.webclient.actions.tcAction.execute(Unknown Source)
    at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
    at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
    at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
    at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at com.thortech.xl.webclient.security.SecurityFilter.doFilter(Unknown Source)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3684)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    & is AD version 9.1.1.4 compatible with OIM 9.1.0.1
    Thanks & regards
    Rahul Shah

  • CUP Provisions user to SAP successfully but gives "Auto-Provisioning" error

    Hi All,
    I'm getting an "auto-provisioning" error in CUP when a "Change Account" workflow is approved. The strange thing is, CUP does successfully provision the change to the SAP backend. Yet, the "New Account" provisions successfully without the error.
    Here is an example of the audit trail log from Change Account:
    Request submitted for approval by Dylan Hack(HACKDY) on 06/28/2010 17:14 
    Approved By Dylan Hack(HACKDY) Path AE_AUTO_APPROV_ERROR and Stage AE_AUTOPROV_ERR on 06/28/2010 17:14 
       Approved FI_xxxxx-DEV role for Add action with validity dates 06/28/2010-12/31/9999
       Approved FI_xxxxx-DEV role for Add action with validity dates 06/28/2010-12/31/9999
       Approved FI_xxxxx-DEV role for Add action with validity dates 06/28/2010-12/31/9999
       Approved FI_xxxxx-DEV role for Add action with validity dates 06/28/2010-12/31/9999
    Auto provisioned for request on 06/28/2010 17:14 
       User Provisioning failed for System(s) : DEV. Error Message :
       Role: FI_xxxxx assigned to user: testngin in System(s): DEV.
       Role: FI_xxxxx assigned to user: testngin in System(s): DEV.
       Role: FI_xxxxx assigned to user: testngin in System(s): DEV.
       Role: FI_xxxxx assigned to user: testngin in System(s): DEV.
    Request submitted for reroute by system on 06/28/2010 17:14 due to auto provisioning failure 
       Rerouted in the Path : AE_AUTO_APPROV_ERROR and Stage : AE_AUTOPROV_ERR to Path : AE_AUTO_APPROV_ERROR and Stage : AE_AUTOPROV_ERR
    Note: the role names were replaced with "xxxxxxx."
    The system log gives an error, but it is very vague:
    2010-06-28 17:14:34,682 [SAPEngine_Application_Thread[impl:3]_33] ERROR com.virsa.ae.service.ServiceException
    com.virsa.ae.service.ServiceException
         at com.virsa.ae.service.sap.SAPProvisionDAO.intializeWithChangeUserInputParameters(SAPProvisionDAO.java:762)
         at com.virsa.ae.service.sap.SAPProvisionDAO.changeUser(SAPProvisionDAO.java:3457)
         at com.virsa.ae.service.sap.SAPProvisionDAO.changeUser(SAPProvisionDAO.java:3419)
    Any ideas or suggestions?
    Current software level AC5.3 SP12.
    -Dylan

    Hello Varun,
    Thanks for the thought on this. We don't use User Defaults for Change Account, but do for New Account. You question prompted me to do more testing with very interesting results.
    Results
    New Account with User Defaults configured:
    User provisioned successfully, no Auto-Provision error, Defaults NOT provisioned.
    New Account without User Defaults configured:
    User provisioned successfully, no Auto-Provision error.
    Change Account with User Defaults configured:
    User provisioned successfully, no Auto-Provision error, Defaults NOT provisioned.
    Change Account without User Defaults configured:
    User provisioned successfully, Auto-Provision ERROR, Defaults NOT provisioned.
    In both New and Change Account, the configured User Defaults are NOT provisioned even though the user is provisioned. AC5.3 is on SP12, the RTA is VIRSANH SP12 and VIRSAHR SP10.
    For the Change Account, the user is always provisioned regardless of User Defaults; however, when no User Default is configured, the Auto-Provisioning error occurs. The User Defaults NOT provisioning is a real problem, the CUP error message, I can work around for now.
    What about on your side? Am I the only guy using SP12 here?

  • WCS 5.0.56.2 Auto-Provisioning

    In WCS 5.0 Cisco introduces Auto provisioning of WLCs.
    Unfortunately there is not much documentation available, except for option explanation.
    If i understood this right, Auto-Provisioning takes care of the initial setup of an out-of-the-box WLC. A very handy solution for wide spread WAN environment.
    Has anyone here been working with this option, and can direct me into the right direction?
    I try to auto-provide initial setup parameters from my WCS 5.0.56.2 to a WLC 4402 running 4.0.128.0 on a factory default configuration.
    I hooked up the WLC with his glasfiber and his management port to our management vlan and also configured DHCP on one of the switches for our management vlan.
    WCS is also hooked up to this management vlan.
    I created filters, in WCS for either Serial No. and MAC-ADDRESS providing required parameters for initial setup.
    Those filters remain idle, and the WLC doesn't recieve an IP-address from the DHCP scope configured.
    Am i missing something? Do i like this function to do things it is not supposed to do?
    Please let me know if someone had better experience.
    Cheers,

    Hey Sebastian,
    Could you tell us a little more? I try to make it work too, but with little success.
    What I do is:
    - create a config group from my controller templates, do not add any controller to this config group, put in it all templates from my controller (including the local management user and WLANs).
    - Create an auto provisioning filter, using this config group and my controller Ip addresses and MAC address, enable the filter and make sure it is not set to monitor only.
    - I do see a file with my controller MAC address created at that instant, so I am close to being happy.
    - In my DHCP server, option 150 points to WCS.
    When I clear my controller config and reboot, it gets to autoinstall, receives an IP address from DHCP and the option 150 information. It then downloads the file with its MAC address... but no template is in there! I can't connect to my controller until I push a username and password to it, and none of my templates are there, no WLAN, nothing...
    Any quick idea on what you did that I do not do?
    thanks
    Jerome

  • Auto-provisioning new users with GRC 10.1

    There is some lack of clarity at my client on auto-provisioning new users into SAP systems with GRC 10.  Here's what they want and I'm telling them they need SAP IdM.
    The client will regularly have upwards of 500 new users on an on-going basis.  These users are approved and created in Active Directory.  The client believes that GRC 10 can now pick up these new users from Active Directory and then go ahead and provision them into ECC and CRM automatically, as soon as they're created, with no further approval required.
    To the best of my knowledge, the easiest way to do this would be for IdM to do this, and have IdM trigger GRC for certain users, and to provision users who fall into this group of 500 users.
    These users are different from regular users, who need to go through the approval workflows.  Regular users will have managers and roles that need approval.  These 500 or so users are approved to be created in the system and don't need to get caught up in the approval workflow.
    Am I wrong in saying that IdM 7.2 is the best way to do this, or am I missing something about what GRC 10 can do?
    Thanks for your help.  I really appreciate it.

    Hi Santosh,
    In AC 10.1, I created one brf plus initiator rule.Although I saved it in GRAC_ACCESS_REQUEST package.Transport button is not available(Not greyed).
    Dis you faced this issue..How to get this change in transport??
    PS:Application are activated.
    Thanks,
    Mamoon

  • CUP - Initiator for roles not requiring approval (i.e. auto provisioned)

    We recently upgraded to GRC 5.3, SP10 and started noticing that using CUP, for roles that should be automatically provisioned (i.e. no approval required), it is taking between 3 minutes 45 seconds to 5 minutes for the request to be successfully submitted and automatically approved with provisioning.   I was wondering if anyone is experiencing simlar system performance
    Our set-up for auto provisioned role requests is as follows:
    1.  Created initiator INI_NO_APPROVE using role for attribute
    2.  Created stage STG_NO_STAGE  with Approver Determinator = No Stage
    3.  Created path definition PATH_NO_APPROVE with number of stages =2 and initiator = INI_NO_APPROVE
    Thanks!

    F.Y.I.
    As per SAP's recommendation - we applied note:1423983 in all target provisioningn systems and this resolved the issue.

  • GRC 5.3 CUP auto provisioning of Mitigation Assignment in RAR

    Hello,
    Is there any other workflow that needs to be triggered for the auto provisioning of the Mitigation control id assignment to the userid in RAR system from CUP,  upon request completion?
    I created a request that after the final stage of sox approver, got auto provisioned roles assigned to the user id in the SAP system , but it also stated that auto provisioning failed and got re-routed to the detour path of the security admin as I configured in case of auto provisioning failure. When I look at the error log, it states:
    User Provisioning failed for System(s) : XYZ. Error Message : User type TE is unknown
       Role: ROLEA assigned to user: TESTER1 in System(s): XYZ.
    1). So, even though the approved role is being assigned to the user in the backend system, some other stuff is failing at auto provisioning. And I thought it might be the mitigation control assignment to the userid in RAR. I have the mitigation fields/objects active. But how do I ensure the auto-assignment of mitigation control ids also gets assigned on the same request upon sox approval?
    2). The other question is where is the value of the 'controller' stored when configuring a stage for workflow approver determinator in the sox approver stage? Where is this value picked up from? We don't want to use the RAR mitigation approvers or monitors, we want to use a custom approver id from CUP and then the control id to be assigned upon approval automatically to the userid in RAR via CUP request completion during auto provisioning. Is this possible? The only thing failing for us is trying to determine how to create the custom approver determinator for SOX approver in CUP since it asks for 'attribute' value for workflow type 'Compliant User Provisioning' which doesn't make sense for this.
    And then the above error even though the user role assignment is auto provisioning already but still giving the error as I listed above and re-routing to detour path instead of completing the request. Is it due to auto provisioning failure of mitigation control assignment in RAR?
    Thanks in advance,
    Alley
    Edited by: Alley1 on Sep 20, 2011 1:15 AM

    Hi Karell,
       Here is response to your questions:
    I can use the following CAD in an AE workflow: web service to fetch role approvers. I question this as it is merely a RE workflow service : No. As far as I know the web service is only for RE/ERM.
    Can the Risk Analysis be initiated in stage x automatically once stage (x-1) was completed. So no person involved, it is mandatory however, in my opinion there should be no extra person involved to actually press the button "Risk Analysis" : No. There is no way to automate the risk analysis part. Someone will have to click on the button to check for SoD violations. You can configure to run automatic risk analysis when the request is submitted but this is not 100% perfect. If someone adds or removes role during approval phase, it will invalidate the risk analysis which was run during request submission.
    Can somehow the Risk Owners defined in the RAR componed be asked to approve/reject risk that came out of the Risk Analysis described in my previous point. They should only be contacted when there is a risk indicated. : This is possible by following Babak's workflow.
    Regards,
    Alpesh

Maybe you are looking for