Bulk requests in OIM 11gR2

Similar Messages

• Pre-populate Organization to the self registration request in OIM 11gR2 PS1

  Hi All
  I want to know if there is a way to pre-populate Organization to the self registration request in OIM 11gR2 PS1.
  I am trying to configure auto approval and for that I need to add org to the request.
  Thanks

  Hi,
  you can look into the following post : https://forums.oracle.com/message/10830661
  Thanks

• How to raise create role request in OIM 11gR2?

  How can I let a user to raise a create role request in OIM 11gR2?
  If I assigned the Role Viewer or Role Authorizer admin role to the user, the create button for role is disabled.
  If I assign the user as Role Administrator, the role will be directly created without raising any request.
  If I assign the user as SPML Admin, the create button is enabled, but after filling the form and clicking the "save" button, an exception will be thrown saying "IAM-3054100 : The logged-in user AA10127 does not have createRole permission on Role entity."

  Hi,
  i have changed identity page logo by using customize option, But in sysadmin page there no such option, is it possible to change image same as identity console.

• OIM 11gR2- Approved Requests remain in Operation Initiated Status

  Hi,
  We are using OIM 11gR2 and we are seeing the following behaviour whenver we request for Application Instance
  1) End User logs in and requests for Application Instance.
  2) The request is created and assigned to the manager for approval.
  3) Manager logs in and approves the request.
  4) The Requested resource is assigned to the user and the status of the resource is Provisioned. All the tasks in the Resource History are in Completed status.
  5) If we see the status of the request, it remains in Operation Initiated status.
  We expect the status of the Request to be Request Completed and not remain in Operation Initiated. We are sending a mail notification to the manager once resource is provisioned.
  If we remove the notification part, the status of the Request is coming as Request Completed as expected. However with notification getting triggered we are getting problem.
  Please suggest a solution.
  Thanks and Regards,
  Mayuri
  Edited by: 943112 on Mar 11, 2013 7:09 AM

  Usually after the request is approved and if there is any pending task in provisioning it goes to 'Post Operation Processing Initiated' status. If 'Task to Object Status' mapping is not done properly the request stays in the same status even though all the tasks are completed.
  check this link for various request status
  http://docs.oracle.com/cd/E27559_01/user.1112/e27151/req_mangmnt_user.htm#BGBGIIDH
  In your case it is going to 'Operation Initiated' status when notification is attached. Can you tell where have you triggered notification? In SOA approval task or in Provisioning process? If it is in SOA check whether proper status is returned to the callback webservice after that. Else if it is in provisioning check for task object status mapping.

• Request dataset in OIM 11gr2

  Hi Experts,
  I have integrated OIM 11gR2 with Siebel and able to provision by xelsysadm. My requirement is End User will be raising request for siebel resource and approval workflow associated with is triggered.
  1. End user raising the request is able to view the process form, I need to restrict few attributes i.e. position and responsiblity should not be visible to end user
  2. Position and Responsibility should be provided by approver (this is specified in request data set of provision resource)
  3. As per Oracle document there is no request data set for PROVISION and MODIFY resource. What is the replacement for this?
  4. After Request is raised it has been assgined to xelsysadm, how do i control the approval ?
  Regards
  A Abhinay

  1. End user raising the request is able to view the process form, I need to restrict few attributes i.e. position and responsiblity should not be visible to end userEnd user will see Application Instance Form and you can customize the UI to hide attributes
  2. Position and Responsibility should be provided by approver (this is specified in request data set of provision resource)
  Make your Java Code/Beans/Expression to show/hide attributes conditionally.
  3. As per Oracle document there is no request data set for PROVISION and MODIFY resource. What is the replacement for this?Application Instance Form
  4. After Request is raised it has been assgined to xelsysadm, how do i control the approval ?Approval Policies

• OIM 11gR2 Request Validator Plugin and Axis based Web Service Client

  Hi,
  I am trying call a web service client generated using axis2 from a request validator plugin in OIM 11gR2 and I have all the axis related jar files under the plugin lib folder but it fails due to the axis reference issues.
  I tried putting the jar files under different locations like thirdparty folder, server lib etc. But it is giving issues every where. Please let me know if you have some solution.
  Thanks in advance,

  Haven't worked on this, but have you tried by putting the axis libraries inside the plugin lib folder when you are building up the plugin? Also you need to check asix2 compatibility with weblogic version with R2.
  -Bikash

• OIM 11gR2 - bulk import of it-resources

  Hi,
  I'm new at OIM 11gR2! Whats is the best way to import a huge number of it-resources/application instances?
  In my case, I have to import about 1000 unix servers and 800 databases.
  At the moment all connection parameters are stored in an excel/csv file.
  Is it true, that there is no "out of the box" feature for this?
  Thank you for your help!
  BR,
  Michael

  Hi!
  You posted in my thread regarding SUDO for OIM. Fix is to search for bug: 16168239 in support site and download the patch
  Thanks!
  Regards,
  Jeff

• Creation of a Request in OIM 11G using API's

  Hi Friends,
  I am trying to create a request using OIM 11g API's.
  I am trying to do this for EBS Responsibility resource and this resource has a request dataset has EBS-IT-Resource-Instance, application name, responsibility name, start date and security group. Please note application name, responsibility name, start date and security group are in child form.
  I am trying to populate the request dataset using the below code.
  List<RequestBeneficiaryEntityAttribute> entityAttrList;
  RequestBeneficiaryEntity entity = null;
  entityAttrList = new ArrayList<RequestBeneficiaryEntityAttribute>();
  entity = new RequestBeneficiaryEntity();
  tcITResourceInstanceOperationsIntf tcITResourceIntf = Platform.getService(tcITResourceInstanceOperationsIntf.class);
  HashMap searchcriteria = new HashMap<String, String>();
  searchcriteria.put("IT Resources.Name", "EBSHF-APPS12");
  tcResultSet resultSet = tcITResourceIntf.findITResourceInstances(searchcriteria);
  long itResourceKey=resultSet.getLongValue("IT Resources.Key");
  entityAttrList.add(this.getAttrLong("eBusiness Suite Instance Name",itResourceKey));
  entityAttrList.add(this.getAttr("Application Name","3~300"));
  entityAttrList.add(this.getAttr("Responsibility Name", "3~300~52281"));
  entityAttrList.add(this.getAttr("Security Group", "3~0"));
  entity.setEntityKey(getResourceKey("Oracle eBusiness Responsibility"));
  entity.setEntityType(RequestConstants.RESOURCE);
  entity.setEntitySubType("Oracle eBusiness Responsibility");
  entity.setEntityData(entityAttrList);
  private RequestBeneficiaryEntityAttribute getAttr(String name, String value)
  RequestBeneficiaryEntityAttribute attr = null;
  attr = new RequestBeneficiaryEntityAttribute(name, value, RequestBeneficiaryEntityAttribute.TYPE.String);
  return attr;
  private RequestBeneficiaryEntityAttribute getAttrLong(String name, long value)
  RequestBeneficiaryEntityAttribute attr = null;
  attr = new RequestBeneficiaryEntityAttribute(name, value, RequestBeneficiaryEntityAttribute.TYPE.Long);
  return attr;
  My code is working fine and a request is getting created. But when I try to open the request dataset(object form) for the newly created request, I am getting null exceptions.
  If I did not populate the fields that are in the child form application name, responsibility name and security group which are highlighted above, then I am able to view the form with the correct IT-Resource-Instance name after request creation.
  So, I am thinking I am doing something wrong while populating child form data in the request dataset.
  Can you please provide me some code snippet to populate the child using 11G API'S?

  Hi Bikash,
  After referring your code, i made changes in mine. Here is my updated code.
  RequestBeneficiaryEntityAttribute parantAttr=null;
  List<RequestBeneficiaryEntityAttribute> entityAttrList;
  RequestBeneficiaryEntity entity = null;
  entity = new RequestBeneficiaryEntity();
  parantAttr=this.getAttrLong("eBusiness Suite Instance Name", itResourceKey);
  RequestBeneficiaryEntityAttribute mid1 = new RequestBeneficiaryEntityAttribute();
  List <RequestBeneficiaryEntityAttribute> childAttributesList = new ArrayList<RequestBeneficiaryEntityAttribute>();
  childAttributesList.add(this.getAttr("Application Name", "3~555"));
  childAttributesList.add(this.getAttr("Responsibility Name", "3~555~22862"));
  childAttributesList.add(this.getAttr("Security Group", "3~0"));
  mid1.setChildAttributes(childAttributesList);
  mid1.setAction(RequestBeneficiaryEntityAttribute.ACTION.Add);
  entityAttrList = new ArrayList<RequestBeneficiaryEntityAttribute>();
  entityAttrList.add(parantAttr);
  entityAttrList.add(mid1);
  But when I try to run this, it is getting failed saying "RequestServiceException: IAM-2050033:Invalid attribute name null. No corresponding reference was found in the data set ProvisionResourceOracle eBusiness Responsibility".
  Here is my request data set for your reference.
  <AttributeReference name="eBusiness Suite Instance Name" attr-ref="eBusiness Suite Instance Name" type="Long" length="50" widget="itresource-lookup" required="true" available-in-bulk="true" itresource-type="eBusiness Suite UM"/>
  <AttributeReference available-in-bulk="true" length="10" widget="text" type="String" attr-ref="UD_EBH_RSCP" name="EBS HR Foundation User Responsibilities">
  <AttributeReference name="Application Name" attr-ref="Application Name" type="String" length="256" widget="lookup-query" available-in-bulk="true" required="true">
  <lookupQuery lookup-query="select lkv_encoded as Value,lkv_decoded as Description from lkv lkv, lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and lkv_encoded like concat('$Form data.eBusiness Suite Instance Name', '~%')" display-field="Description" save-field="Value"/>
  </AttributeReference>
  <AttributeReference name="Responsibility Name" attr-ref="Responsibility Name" type="String" length="256" widget="lookup-query" available-in-bulk="true" required="true" primary="true">
  <lookupQuery lookup-query="select lkv_encoded as Value,lkv_decoded as Description from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Responsibility' and lkv_encoded like concat('$Form data.Application Name','~%')" display-field="Description" save-field="Value"/>
  </AttributeReference>
  <AttributeReference name="Security Group" attr-ref="Security Group" type="String" length="256" widget="lookup-query" available-in-bulk="true" required="true">
  <lookupQuery lookup-query="select lkv_encoded as Value,lkv_decoded as Description from lkv lkv, lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.SecurityGroup' and lkv_encoded like concat('$Form data.eBusiness Suite Instance Name', '~%')" display-field="Description" save-field="Value"/>
  </AttributeReference>
  I am not sure why it is not referencing to the attribute. In your blog, it is saying your code is to set process form. But i am trying to create a request using API's. so, I need some code snippet to populate request dataset. Do you think, this will serve both?
  Thanks for your help.

• Webservice Client is not working in OIM 11gR2

  Hi,
  We have created a web client using Axis 1.6.2 and using it in OIM 11gR2 for Request Validator Plugin. But we are getting issue that org.apache.axiom.om.OMAbstractFactory. getOMFactory() is not found. When we checked the JARs in class path we found that OIM Already has lower version of axiom1.2.5 in its class path under oim.ear which doesn't contain this method however Axis1.6.2 contains the newer version which contain this method. Does anybody has any idea how to override OIM default classpath JAR file and force it to read the library files available under plugin?

  Hi
  I am facing similar issue but with Custom Adapter . I copied the axis jars under the JavaTasks folder but it does not help.
  I then copied them under the oim.ear/APP_INF/lib and restarted the OIM managed server but somehow even that does not help.
  I get following error.
  Caused by: java.lang.NoSuchMethodError: org/apache/axiom/om/OMAbstractFactory.getMetaFactory()Lorg/apache/axiom/om/OMMetaFactory;
          at org.apache.axiom.om.OMXMLBuilderFactory.createOMBuilder(OMXMLBuilderFactory.java:150)
          at org.apache.axiom.om.OMXMLBuilderFactory.createOMBuilder(OMXMLBuilderFactory.java:133)
          at org.apache.axiom.om.OMXMLBuilderFactory.createOMBuilder(OMXMLBuilderFactory.java:104)
          at org.apache.axis2.util.XMLUtils.toOM(XMLUtils.java:590)
          at org.apache.axis2.util.XMLUtils.toOM(XMLUtils.java:575)
          at org.apache.axis2.deployment.DescriptionBuilder.buildOM(DescriptionBuilder.java:97)
          at org.apache.axis2.deployment.AxisConfigBuilder.populateConfig(AxisConfigBuilder.java:90)
          at org.apache.axis2.deployment.DeploymentEngine.populateAxisConfiguration(DeploymentEngine.java:857)
          at org.apache.axis2.deployment.FileSystemConfigurator.getAxisConfiguration(FileSystemConfigurator.java:116)
          at org.apache.axis2.context.ConfigurationContextFactory.createConfigurationContext(ConfigurationContextFactory.java:64)
          at org.apache.axis2.context.ConfigurationContextFactory.createConfigurationContextFromFileSystem(ConfigurationContextFactory.java:210)
          at org.apache.axis2.client.ServiceClient.configureServiceClient(ServiceClient.java:151)
  Any pointer on how I can try to resolve it.
  Regards
  Abhinav

• OIM 11gR2 user not provisioning to Active Directory (11.1.1.5 connector)

  Hello all,
  I'm trying to set up an OIM 11gR2 instance to work with Active Directory with the Active Directory 11.1.1.5.0 connector. I've full installed both OIM and AD on separate servers, and I've installed the AD 11.1.1.5 connector on OIM. I have configured Active Directory properly (connector on OIM and the connector server on the AD server-side), and have set up the two IT Resources on OIM. I can run, for example, the Active Directory Organization Lookup Recon job and have it return results in the Lookup window.
  My problem is that I cannot get it to provision to a user. I've created an Application Instance and Form for Active Directory, attached the Form, associated them with the appropriate resources (AD User), and added them to the Catalog, and then gone through the process of adding an account to the user, selecting the Application Instance, adding it to the cart, checking out, filling out the fields (Password, User ID, UPN, First Name, Last Name, Common Name, and Organization Name), and then submitting the request. This is all done as the xelsysadm admin user, but it still results with the account stuck on "Provisioning" because the "Create User" task failed due to a Connector Error (the reason stated is just a repeat of "Create Object" failed).
  Anyone know what I'm missing here?
  Thank you!
  Edited by: 939908 on Nov 12, 2012 6:36 AM

  Hey 833249, thanks for your reply
  The organization field attribute is filled in correctly, in that the OU I selected exists in AD.
  These are the errors listed in the connector server log:
  +11/9/2012 9:07:07 PM <ERROR>: Class-> ActiveDirectoryUtils Method -> GetDirectoryEntry, Message -> Exception occured during the creation of directory entry.+
  +11/9/2012 9:07:07 PM <ERROR>: Class-> ActiveDirectoryUtils Method -> GetDirectoryEntry, Message -> Exception Message : Logon failure: unknown user name or bad password.+
  +11/9/2012 9:07:08 PM <ERROR>: Class-> ActiveDirectoryUtils Method -> GetDirectoryEntry, Message -> Exception Stack Trace : at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)+
  at System.DirectoryServices.DirectoryEntry.Bind()
  at System.DirectoryServices.DirectoryEntry.get_NativeObject()
  at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.GetDirectoryEntry(String path, ActiveDirectoryConfiguration configuration) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line 1423
  +11/9/2012 9:07:08 PM <ERROR>: Class-> ActiveDirectoryConnector Method -> Create, Message -> Encountered Excetion: Unable to get the Directory Entry+
  +11/9/2012 9:07:08 PM <ERROR>: Class-> ActiveDirectoryConnector Method -> Create, Message -> Stack Trace: at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.GetDirectoryEntry(String path, ActiveDirectoryConfiguration configuration) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line 1456+
  at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.DirectoryEntryExists(String path) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line 1512
  at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.Create(ObjectClass oclass, ICollection`1 attributes, OperationOptions options) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line 219
  ConnectorServer.exe Error: 0 : Org.IdentityConnectors.Framework.Common.Exceptions.ConnectorException: Unable to get the Directory Entry
  at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.Create(ObjectClass oclass, ICollection`1 attributes, OperationOptions options) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line 368
  at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.CreateImpl.Create(ObjectClass oclass, ICollection`1 attributes, OperationOptions options) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 388
  at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.ConnectorAPIOperationRunnerProxy.Invoke(Object proxy, MethodInfo method, Object[] args) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 244
  at ___proxy1.Create(ObjectClass , ICollection`1 , OperationOptions )
  at Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.ProcessOperationRequest(OperationRequest request) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\Server.cs:line 609
  I'm not sure why the username/password error could be occurring, as those fields in the AD IT Resource are correct (I've run AD recon jobs that have connected properly). Is there something I'm missing?

• Pre populate adapter in OIM 11gr2 not triggered in database

  Hello,
  Folowing is the steps for creation of pre populated adapter in OIM
  ** we have created one form in OIM which is provisioned to Database**
  Steps
  · Installed GTC connector for Database Web App 9.*
  · Created new user and Table in Database
  · Created IT resource for Database
  · Created Sandbox, App Instance and Form, published sandbox
  · Started catalog synchronization job scheduler
  · Created user and and request account to app instance.
  * select application instance to catalog and checkout.
  ** we have created adapter as per the following link
  http://idmrockstar.com/blog/2009/08/how-to-create-a-prepopulate-adapter-in-oim/
  create a pre populated adapter that will populate the firstname of user in email using java class
  source code:
  public class AdapterClass{
  public String email( String fname )
  return fname;
  Steps:
  1) In the design console I have open the Adapter Factory and create a new adapter name :firstname
  adapter type: pre-populate rule generator
  click on save
  2) select variable list tab:
  variable name:Firstname
  type:String
  Map to : Resolve at runtime
  click on save
  3) select Adapter Task tab
  * click add and select logical task
  * select SET VARIABLE and click continue
  * Operand Type:variable
  * Operand Qualifier : FIrstname
  click save and save the adapter
  4) compile the java class into jar file and move the jar file into OIM_HOME\server\JavaTasks
  5)Create a new Adapter with the following"
  Adapter name:Email
  Adapter type: Pre-populate rule Generator
  click save
  6) select variable list tab:
  variable name: var1
  Type:String
  Map to:Resolve at runtime and click save
  7) select Functional Task tab:"
  select java click continue
  select the following information:
  Task name:email
  Api source: JavataskJar:Adapterclass.jar( the jar file which you have create)
  application api: adapteclass
  click save
  8) In the Application method parameters,select the first input: String
  Cange Map to:Adapter variables
  Set the name to:var1 and click save
  9) select the output:STring
  change map to:Adapter variables
  set name to: return variable
  10) click save and save the adapter and click on Build
  Adapter is now build the next step isto join it to the form
  ** join the adapter to the form**
  Steps:
  1) click on form designer and search the related form which we have created
  2) In the respective form click on create a new version and create a new version
  3) and then click on Pre populate tab and click on ADD
  4)select adapter field to firstname
  Rule : default
  Adapter : Firstname
  and click on save
  5) In the adapter variable field click on firstname and fill the following
  map to: Process data
  Qualifier : firstname
  6) Repeat steps 3 to 5 to map the email adapter
  7) click on save.
  Now we have done with all the steps and now we have created one User submit the user
  we have click on request acounts ---> search the catalog and select the application instance (select the app instance "database provisioning") ---> add to cart ---> and check out ---> fill the form leaving email field --> ready to submit ---> submit
  now we have check this user in database but still pre populated fields are not reflected. since this not working so we have found the other three links
  Re: OIM 11gR2 - Prepopulate Field Empty Problem
  http://fusionsecurity.blogspot.in/2013/01/populating-request-attributes-in-oim.html
  http://identityandaccessmanager.blogspot.in/2011/07/prepopulate-adapter-in-oim-11g.html
  according to these links they mention to implements the prepopulationadapter interface into the java class and create the plugin.xml for the class which we have used in jar.
  so we prepared a plugin.xml
  <?xml version="1.0" encoding="UTF-8" ?>
  <oimplugins xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <plugins pluginpoint="oracle.iam.request.plugins.PrePopulationAdapter">
  <plugin pluginclass= "com.oracle.demo.iam.prepop.plugin.UserLoginPrePop" version="1.0" name="UserLoginPrePop">
  <metadata name="PrePopulationAdapater">
  <value> My_users::email</value>
  </metadata>
  </plugin>
  </plugins>
  </oimplugins>
  and the java class which implements "PrePopulationAdapter".
  they mention to put that jar into one directory named "lib"and paste the xml and lib folder into the OIM_HOME\server\plugin
  BUt we stuck on how to configure the adapter or what is the next steps for the above process. or there is something that we have missed in the process
  please do reply its urgent
  Regards,
  Tushar Palekar

  hii i have followed all your steps regarding the pre populated adapter ,but no luck.
  java code :
  package com.oracle.demo.iam.prepop.plugin;
  import java.io.Serializable;
  import oracle.iam.request.plugins.PrePopulationAdapter;
  import oracle.iam.request.vo.RequestData;
  public class Userfname implements PrePopulationAdapter {
  public Serializable prepopulate(RequestData requestData){
  String fname = "xyz";
  System.out.println("Returning fname ==== " + fname );
  return fname ;
  2)i have create a jar for this code and paste it into lib folder.
  3) i have create a plugin.xml
  <?xml version="1.0" encoding="UTF-8" ?>
  <oimplugins xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <*plugins pluginpoint="oracle.iam.request.plugins.PrePopulationAdapter">*
  *<plugin pluginclass= "com.oracle.demo.iam.prepop.plugin.Userfname" version="1.0" name="Userfname">*
  *<metadata name="PrePopulationAdapater">*
  *<value>register::LAST_NAME</value>*
  *</metadata>*
  *</plugin>*
  *</plugins>*
  *</oimplugins>*
  4)i register the plugin using ant -f  pluginregistration.xml register
  5)i have restartthe oim server and then i create a user using the same app instatnce in which i have create the form(ie.register),and
  request acount-->select app instance ---> add to cart
  but the last name xyz as per the java code is not reflected in the dadbase table.
  please help
  tushar palekar

• Replicating the app functionality from OIM 10g to OIM 11gR2

  Hi,
  I have a resource object with an object form and a process form and approval, provisioning configured in OIM 10g design console. Provisioning is manual provisioning assigned to a particular group based on a task assignment adapter. For replicating the same in OIM 11gR2 i followed the following steps.
  1. Created a Resource object in Design console.
  2. Created a dummy IT Resource ( Since while creating app instance it is having IT Resource as Mandatory field. * Is there any way to skip this as i do not have any IT resource in my original app as it is going for manual provisioning?)*
  3. Created a process form in Design Console with the same fields as present in my 10g app process form.
  4. Now i need to Create an app instance and select the created resource object and IT resoource. Also i need to create a form associated with the app instance in which i will add the fields as present in the object form in my 10g app. ( Here i am not understanding how data will flow from object form to process form since there is no data flow mapping here)
  5. Other steps like creating the SOA composite with human tasks and deploying it and after that creating approval policies is pretty much clear.
  Please clarify whether the steps are correct and also the queries which i have posted in between. Thanks in advance.
  Regards,
  Durgaprasad
  Edited by: Durgaprasad on Jan 17, 2013 3:38 AM

  Thanks Gyanprakash. Wll disconnected resource trigger our custom approval process if we select the resource name properly in scope in operational level approval policy. Have you tried a disconnected resource with your custom approval process. Because i read the following lines in admin guide
  Oracle Identity Manager supports provisioning of disconnected resources by using the SOA worklist for manual provisioning of disconnected resources. After the role-based provisioning decision or SOA request approval is complete and the corresponding application instance is determined to be a disconnected application instance, a new SOA workflow is started. This new SOA workflow is assigned to the manual provisioning administrator.
  So i thought disconnected app instance will have its own approval process configured during the creation and it will route accordingly. So just wanted to clarify how to make disconnected app instance to trigger our approval. will approval policay take care of it as i am going to select the name of the disconnected app in the scope field.

• OIM 11gR2 provisioning with GTC

  Hello,
  We are curently implementing Oracle Identity Manager 11gR2, and we are having difficulties with the implementation of the provisioning from OIM to the Target Systems exposed through a webservice on Oracle Service Bus.
  We are using the Generic Technology Connectors as a basis of working. And initially we have created a GTC with only reconciliation Transport & Format Providers:
  Connector Name TargetSystem1
  Transport Provider (Provisioning):
  Format Provider (Provisioning):
  Transport Provider (Reconciliation): Database Application Tables Reconciliation
  Format Provider (Reconciliation): Database Application Tables Reconciliation
  We have configured the Process Definition of TargetSystem1 with all the operations (Create User, Update User, Enable User, Disable User, Delete User, etc.) connected with custom Java implementations, that are working just fine is we trigger them form Eclipse. The “Create User” task has only “Required for Completion”, “Allow Cancelation while Pending” and “Allow multiple instances” check boxes set to CHECKED; it also has all the fields in Integration TAB mapped, Responses mapped, but when we create a User in OIM and provision it with an account on the TargetSystem1_GTC Application Instance, the provisioning process in not accessing the “Create User” task to make the provisioning in the target system. The user that we are trying to provision has the account Status set to “Provisioning” and the Account Type set to “Unknown”. We have also checked the logs of OSB, but there is no activity there, because no request from OIM is being received.
  After we investigated more closely the Oracle documentation for the Generic Technology Connectors we discovered that if we do not select Transport & Format Providers during the GTC creation, then the corresponding steps are not performed and they are not initialized, thus the provisioning cannot be done. The documentation also states that if we need to create custom providers in order to make the Provisioning with the GTC, but unfortunately we have no knowledge or any examples on how to do such custom providers for the provisioning of Users from OIM on the target systems via the Oracle Service Bus.
  We have installed a second GTC with both provisioning and reconciliation Transport & Format Providers:
  Connector Name: TargetSystem2
  Transport Provider (Provisioning): Web Services
  Format Provider (Provisioning): SPML
  Transport Provider (Reconciliation): Database Application Tables Reconciliation
  Format Provider (Reconciliation): Database Application Tables Reconciliation
  The Web Services and SPML options were the only options that we could select from the out of the box connectors that are installed, and we did not find any other connectors in the download section of Oracle for this product, that can accommodate such communication. So, we configured the provisioning accordingly, and modified the “Create User” task from the TargetSystem2_GTC Process Definition, in order to use our custom adaptor instead of the adpTargetSystem2_GTC adapter that was preset when the TargetSystem2_GTC is created. But this does not help us, because the provisioning is not done, and the “Create User” task is not used. The user that we are trying to provision has the account Status set to “Provisioning” and the Account Type set to “Unknown”.
  Next we tried to see if the GTC can be used to communicate directly with the OSB, using the Web Services Transport Provider and SPML Format Provider, and we did not make any modifications to the after the normal installation of the TargetSystem2 GTC. In this case the we can see that the OSB is being accessed by OIM, but unfortunately this case does not help us also, because the operations implemented on the OSB webservice have a different structure then the one SPML expects as default:
  Caused by: com.thortech.xl.gc.exception.XSDValidationException: The SOAP response does not contain a valid SPML response type. Should be one of these -->addResponse modifyResponse deleteResponse resumeResponse suspendResponse setPasswordResponse
  Do you have any suggestion on how to make the provisioning process work?
  Edited by: user1717356 on 22.10.2012 03:22

  Hi,
  I think you need to put this check only for few attributes?
  If Yes, then lets suppose you want to have a check for Country Field in Database which once modified by target Admin, then OIM should know.
  1) Create one dummy field CountryDummy (Hidden) in OIM TargetProcess form and dont map it to any target attributes. This dummy field will only store values populated from OIM user profile to -> DB Connector Process Form.
  2) On success of "Reconcilation Update Recievced", Put a custom process task which does a comparison with "CountryDummy" & "Country" and inform Admin using email notifications that this mismatch has been found.
  HTH,
  ~J

• OIM 11gR2 - unable to suppress display of iPlanet process form

  OIM 11gR2 or 11.1.2
  SJSDS Connector 9.0.4
  I have configured the SJSDS connector, it resource, etc and am able to manually/directly provision iPlanet User to an OIM user through the identity interface.
  I have configured the process form to pre-populate all necessary fields.
  I have checked the Auto Save Form checkbox within the iPlanet User Process Definition.
  It is my expectation that when an administrator directly assigns the resource to a user they will not be presented with the process form. However, when we directly assign the resource, the process form is displayed causing the administrator to submit the form.
  I have double checked the documentation regarding Auto Save Form within the Developer's Guide for Oracle Identity Manager 11g Release 2 (11.1.2) - E27150-03 and the Oracle® Identity Manager Connector Guide for Sun Java System Directory Release 9.0.4 - E10446-12 and I believe my expectations are correct.
  1) Has anyone successfully suppressed the process form while direct or manually provisioning SJSDS through the identity interface?
  2) Could the Auto Save Form be only related to request-based provisioning?
  Thank you in advance.

  These are also good questions but I'll give details :-)
  1) Does that make the "Auto Save Form" checkbox useless? -
  NO, If you don't do this then your Provisioning will stuck into System Validation.
  2) Can you "Auto Save" the Application Instance form?
  NO, as per Oracle either hide these attributes or delete these attributes but there's no clean way to delete such things.
  Question For You:
  If you don't want to Auto Save your Application Instance Form then why did you create that.
  Workaround:
  If you don't want Application Instance then create one more Application Instance without any form

• OIM 11gr2 On-behalf removal of accounts/entitlements

  Hi,
  We have a requirement with our client where a user can request for removal of accounts/entitlements on behalf of other user.
  We understand add request process onbehalf of some user but not sure about onbehalf removal process.
  Please let me know if accounts/entitlement removal can be raised on behalf of other user. Is it supported out of box? If not is it possible doing some customization?
  Thanks

  But sir, the groups are listed under the Accounts tab. Is there any schedule job provided by OIM 11gR2 which results in the display of Groups assigned to the user as well under the Accounts tab ?
  Edited by: IDM_newbie on Jan 25, 2013 1:51 AM