Change password url in OIM

Similar Messages

• OIM 11.1.1.5: Post Process Event Handler, change password notification

  Hi,
  Products
  OIM 11.1.1.5 BP02
  OAM 11.1.1.5
  OID 11.1.1.5
  Problem
  I have written a post-process event handler which fires when a role is assigned to a user. The event handler calls a plugin which uses the UserManager API to generate and change the user's password.
  I've tested this by assigning a role to the user via the OIM web console. I can see my log messages indicating that the event handler has fired and that the password has been changed.
  However, I expected that when UserManager.changePassword completed, a notification email would then be sent to the user informing them of the new password, but no notification email has been sent.
  The email notifications have been set up correctly, because I have changed the same user's password via the OIM web console and successfully received a Reset Password email.
  So, my questions are:
  1) Am I right in thinking that when you call UserManager.changePassword(), an out-of-the-box ResetPassword email notification should be sent to the user?
  2) Has anyone got this working in 11.1.1.5?
  Some more detailed info
  In my plugin class I'm calling the following from both execute methods (EventResult and BulkEventResult):
  char newpasswd[] = new RandomPasswordGeneratorImpl().generatePassword(user);
  getUserManager().changePassword(userKey, newpasswd, false, null, true);
  logger.info(("Successfully changed password"));
  plugin.xml
       <oimplugins xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
       <plugins pluginpoint="oracle.iam.platform.kernel.spi.EventHandler">
       <plugin
       pluginclass="oracle.iam.PostInsertPlugin"
       version="1.0"
       name="PostInsertPlugin">
       </plugin>
       </plugins>
       </oimplugins>
  $OIM_HOME/server/bin/weblogic.properties
            wls_servername = oim_server1
            app = OIMMetadata
            metadata_from_loc=/home/oracle/eventhandlers
            metadata_file=/metadata/roleuser/custom/EventHandlers.xml
  /home/oracle/eventhandlers/import/metadata/roleuser/custom/EventHandlers.xml
  <?xml version='1.0' encoding='utf-8'?>
  <eventhandlers
  xmlns="http://www.oracle.com/schema/oim/platform/kernel"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.oracle.com/schema/oim/platform/kernel orchestration-handlers.xsd">
  <action-handler
  class="oracle.iam.PostInsertPlugin"
  entity-type="RoleUser"
  operation="CREATE"
  name="PostInsertPlugin"
  stage="postprocess"
  order="1002"
  sync="TRUE"/>
  </eventhandlers>
  There are no errors in the OIM out and diagnostic logs apart from the following which occur at OIM startup:
  [2013-01-07T16:29:23.425+00:00] [oim_server1] [ERROR] [IAM-0080075] [oracle.iam.platform.kernel.impl] [tid: [ACTIVE].ExecuteThread: '13' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 2e903d7ef060ab65:66b2de91:13c15d6d9ce:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] XML schema validation failed for XML /metadata/iam-features-OIMMigration/EventHandlers.xml and it will not be loaded by kernel.
  [2013-01-07T16:29:24.267+00:00] [oim_server1] [ERROR] [IAM-0080075] [oracle.iam.platform.kernel.impl] [tid: [ACTIVE].ExecuteThread: '13' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 2e903d7ef060ab65:66b2de91:13c15d6d9ce:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] XML schema validation failed for XML /metadata/iam-features-callbacks/event_configuration/EventHandlers.xml and it will not be loaded by kernel.
  Thanks
  dty
  Edited by: oim_user on Jan 7, 2013 5:37 PM

  No notification will be sent if you changepassword using the method from usermanager api.
  You have to trigger the resetpassword event manullay in your code.
  Here is a sample code to create an event for reset password. Once you create event, invoke it from notification service - notify method.
  NotificationEvent event = new NotificationEvent();
  String[] receiverUserIds= {userLogin};
  event.setUserIds(receiverUserIds);
  event.setTemplateName("ResetPasswordNotification");
  event.setSender(null);
  HashMap<String, Object> resolvedData = new HashMap<String, Object>();
  resolvedData.put("userLoginId", userLogin);
  event.setParams(resolvedData);

• OIM AD Integration - 'User must change password at next logon'

  Hi,
  These are the issues in OIM AD integration that we are stuck up on:
  Issue:
  1. When OIM Admin resets the password for User1 in OIM, the password is propagated to AD but the ‘User must change password at next logon’ attribute is not updated in AD. As a result, if the User1 logs into AD account (i.e. computer), there is no prompt to change the password.
  2. When AD Admin resets the password for User1 in AD and checks the ‘User must change password at next logon’ flag, the password is propagated to OIM but the ‘obpasswordchangeflag’ attribute (of oblixPersonPwdPolicy class) is not updated in OID. As a result, if the User1 logs into OIM account, there is no prompt to change the password.
  Research:
  1. For case 1 above: When OIM Admin resets the password for User1, the ‘User must change password at next logon’ attribute on the AD process form itself is not getting updated. So the AD Connector doesn’t propagate the attribute to AD.
  2. For case 2 above: When the AD Admin resets the password for User1 in AD, the AD Password Sync connector only sends the password to OIM and not other attribute. So, there is no way to fetch the ‘User must change password at next logon’ attribute and then copy it into ‘obpasswordchangeflag’ attribute in OID.
  Environment Details:
  1. OIM-OAM-OAAM 11.1.1.5 BP02 integrated using OVD-OID 11.1.1.5
  2. AD on WIN 2008 R2.
  3. OIM AD Connector 9.1.1.7.2
  4. AD Password Sync Connector 9.1.1.5
  Any help would be highly appreciated!
  Thanks,
  Kulesh...

  Thanks for your reply again.
  I did not get you completely here. Can you please elaborate on the "process task on the AD Process which passes along the USR_PWD_MUST_CHANGE and immediately sets it to 0 this should work". How many total additional tasks would be needed here?
  what all targets are you provisioning the password to?
  - AD and OID (through LDAPSYNC)
  where are end users allowed to change their passwords on (OIM,AD....??)
  - Both OIM and AD.
  Where can admins change the passwords?
  - Currently they use ARS for such purposes but this is something we need to clearly define. The thing is, they use ARS for whole lot of purposes and we can't dictate/restrict them to use OIM only for password resets. So they may use ARS or OIM.
  What do you suggest?
  Edited by: Kulesh Kane on Nov 8, 2012 11:43 AM

• Reconciliation of "change password on next logon" from AD fails in OIM 11g

  Hello,
  We have a use case on our OIM 11g project where we create a user in Active Directory and check *"User must change password at next logon"* box in AD.
  We have setup AD as Trusted and Target resource (using connector 9.1.1.7), where users coming from AD will be created in OIM and password changes in OIM will be sent to AD. Also we use the password synchronization module (9.1.1.5) to synchronize the passwords from AD to OIM when they are changed in AD.
  What we noticed is the "User must change password at next logon" is synchronized to the "AD Resource", but unlike the regular attributes it is not accessible normally because it's a system attribute.
  What we expect is the user logging in to OIM will be prompted to change the password, but nothing happens when the newly reconciled user logs in (i.e. normal self-service page is shown). Same thing applies when we set the flag on an existing user also.
  Did anyone get this working properly?
  P.S. In a previous version it used to be the opposite where the user was constantly prompted for the password, even though it was changed in AD already, after changing the password using Alt+Crtl+Delete the user was still prompted to change when logging in to OIM. Oracle suggested we upgrade to 11.1.1.5.1 (most recent patch set) but now the reverse happens - we never get change password prompt now.
  Thanks,
  -JP
  Edited by: JacekP on Oct 17, 2011 8:10 AM

  Yeah, you're right, unfortunately we have dual authorative password model, where a user can change the password from OIM when he is accessing a OIM through a web interface or from his Windows machine through the domain controller. We need the use case to work fully both ways ideally.
  A plan-B solution is to use a directory synchronization mechanism outside of OIM that would connect OID and AD, but we would prefer not to.

• How to change password for  XELSYSADM user in OIM?

  Hello Gurus and Experts!
  How to change password for XELSYSADM user in OIM?
  Your help is appreciated.

  Follow the undermentioned steps to change the password:
  1) Change the password from oim Design Client as usual.
  2) Open xlconfig.xml present in <XL_HOME>\xellerate\config folder.
  3) This step is optional and should only be used if you have a <XLPassword encrypted> tag in the <Scheduler> section. In the scheduler section, change the encrypted="true" to encrypted="false" and replace existing encrypted password with new clear text password, as shown below:
  <Scheduler>
  <XLUserName>xelsysadm</XLUserName>
  <XLPassword encrypted="false">NEW_PASSWORD</XLPassword>
  </Scheduler>
  4) Restart server.
  Now login with the new password.

• LPM Custom URL for Force change password

  Hi All,
  I have configured LPM in OAM Identity Server, In the password policy i have given the custom URL of my application for the change password screen after resetting the password.
  The issue here is... When the user tries to login with the new password (resetted password) it is not redirecting to the force change password page...

  I am having a similar issue with getting this feature to work.
  I have the Force Change Password on Next Login checked, and I'm using (just for testing purposes) the amadmin account as the Bind DN.
  Then when I configure a secret question for a user account, and change the password, then log in with the new password, I go to the configured "Default Success URL", and I am never forced to change my password.
  Does anyone know what the expected functionality is when this does work?
  I'm working with Identity 6.1 on a Solaris box.
  Thanks for your time.
  chris

• Changing Lost Password URL

  Hi All,
  OAM 10g provides the user the possibility, if configured, to change his/her password. OAM provides an application for it that can be requested using an URL that looks something like /access/oblix/....lostpassword.cgi. Is it possible to change this URL so that it does not tell you that it is OAM/Oblix that we are using? The URL now provides valuable information that for security reasons we would not like to show or hide.
  How can we do this?
  Thanks in advance,
  Bart.

  Can someone respond please to this.

• Using Jackrabbit User Manager programmatically for changing passwords and getting user data.

  I am trying to do a change password request using the Jackrabbit User Manager with the REST URL /system/userManager/user/<username>.changePassword.json.  The problem I am having is that this request requires an oldPwd form param in the request.  The issue is that when I am trying to do this request it is in response to the user selecting "Forgot Password" so our logic has created a random password which we then email to the user so they can use that the next time they want to login.  We need to change that user's password in CRX so they can log in using it next time.  Since they haven't logged in there is no session, NOT the problem.  THE PROBLEMS, I don't know 1. how to use the userManager to get that user's old password, since /system/userManager/user/<username>.json doesn't appear to return the password and 2. if I could get the old password it most certainly will be encoded, some how, so I will need some decoding algorithm to pass it through in order to get the actual password to set as the oldPwd form param to my change password request.  Please let me know if you require any further explanation.  Any assistance would be greatly appreciated.  Thank you, in advance, for your assistance.
  Sincerely,
  Mike Sucena
  [email protected]

  Hi Mike,
  msucena wrote:
  Justin:
  Does your response mean that until version 2.1.2 of Jackrabbit User Manager is released I cannot change the password without knowing the old password?
  No. It means that this feature is not available in version 2.1.0 of the Sling Jackrabbit User Manager bundle. It was added after that release. You have a number of options:
  Build the bundle from source.
  Use one of the SNAPSHOT bundles available from the Apache Snapshots repository.
  Use the release which is being voted upon now (https://repository.apache.org/content/repositories/orgapachesling-175/org/apache/sling/org .apache.sling.jcr.jackrabbit.usermanager/2.2.0/). (Note - we decided to use 2.2.0 as the version number rather than 2.1.2 as originally planned due to the scope of this release).
  Write a different servlet which performs the same actions.
  Meaning that being able to use either the credentials of the "Admin" user or using the credentials of a member of the "UserAdmin" group is not supported in the current released version 2.1.0?
  Correct. It was added after the 2.1.0 release.
    If I currently need the old password is there any Sling REST - Jackrabbit API call I can use in order to get the old password since using /system/userManager/user/<username>.json doesn't appear to return the password?
  -Mike
  The plain text password is not stored. And this should be considered a good thing.
  If you have questions about the development process we follow in Sling (or at Apache as a whole), by all means ask on the Sling users mailing list. It is reasonably well-established and we love to talk about it.

• How to implement approval on password reset from OIM 9.1

  I am having an requirement where i need to implement Manager Approval on user's every password reset from OIM 9.1.02.
  Please help me out with your suggestions.
  Thanks,
  Kanav

  The thread was help full rajiv but i am still having some issue in the approch to follow:
  As per the thread we cannot use the Entity Adapter because:
  If you are thinking of using Entity Adapter on User form then it is not possible because whenever you change any value on User form, that will be updated in USR table without any Approval.
  So, if we go with the below appoach:
  *Event Handler Way:*
  Create Event Handler.
  You'll get OLD and NEW Values of that field.
  Capture those values and raise request for thsi Dummy RO with your code
  And use Error Handler to show Custom Message to Administrator that "Request Has Been Initiated for User Profile Modification".
  but i am having below doubts:
  1. If we are not having the Entiry Adapter then where we will do the mapping of fields that have been taken n the adapter?
  2. And how can i get the old value of the filed?

• TMG 2010 publishing Exchange 2010 OWA cannot change password if user must change password at first logon is set

  Hi,
   I have an odd issue whereby if I set "user must change password" on an AD account, the end user cannot logon, they're simply taken back to the OWA login page as if their password is incorrect.
  My setup is as follows:
  outer TMG -- uses a listener for email.contoso.com and is configured for no authentication.This uses a publishing rule to publish the inner TMG server. This server is not a domain member.
  inner TMG - uses a listener for email.contoso.com and is configured for NLTM\kerberos negotiation with forms authentication (Windows Active Directory). This server is a domain member and use a publishing rule to publish the internal CAS. Allow users to change
  password is selected in the publishing rules.
  Exchange 2010 SP1 - uses integrated windows and basic authentication. Has the appropriate registry key configured to allow users to change their AD password on first logon.
  I've registered an snp for "http/email.contoso.com mailserver-dc1", all SSL certificates being used are valid and my configuration used to allow users to login and change their password with "user must change password on first login"
  set in AD.
  If I launch a web browser on an internal server and point it to email.contoso.com I'm immediately presented with a generic Windows authentication request (similar to what's seen in ADFS) rather than the standard OWA page. No matter what I do, I cannot login
  and change my password using the correct URL. However if I point my browser at
  http://192.168.4.10/owa I'm prompted to login and I can change my password using the sam credentials.
  The only recent changes made are:
  - Disabling SSL 3.0 and enabling TLS  (http://www.isaserver.org/articles-tutorials/configuration-security/improving-ssl-security-forefront-threat-management-gateway-tmg-2010-published-web-sites.html)
  - Replacing the TMG listener certificates so that they now use SHA2 rather than SHA2 (certificates are trusted on each TMG server)
  Looking on the outer TMG and the DC logs I can see schannel errors which I believe are related to the problem. TMG monitoring also shows "Failed connection attempt: 1907 The user'spassword must be changed before logging on for the first time"
  I've checked that my inner TMG and DC are using the same certificate for server authentication and gone through this guide:
  http://blogs.technet.com/b/keithab/archive/2012/02/29/setting-up-and-troubleshooting-ldaps-authentication-in-forefront-tmg-2010.aspx
  If I try to use ldp.exe on the inner TMG, I get the error in the pic below
  Thanks
  IT Support/Everything

  Hi,
  You could try to analyze the TMG tracing and try the troubleshoot steps in the blog below.
  TMG 2010 – FBA, troubleshooting the change password feature 
  http://blogs.technet.com/b/isablog/archive/2012/05/07/tmg-2010-fba-troubleshooting-the-change-password-feature.aspx
  Best Regards,
  Joyce

• Change password at first login

  Hi all,
  In my JSF web app, if a user has his password reset by an admin, the new password is emailled to him, and as soon as he logs with the new password in he MUST change his password, before being allowed to use any other part of the site.
  How can I force the "change password" screen to appear?
  My current "hack" is to add this code to the beginning of every single JSF page:
  <%
       final boolean userMustChangePasswordAtNextLogin = ((Boolean) MyAbstractView.evaluateValueBinding("#{loggedInUser.userBean.mustChangePasswordAtNextLogin}")).booleanValue();
       if(userMustChangePasswordAtNextLogin) {
  %>
       <html>
            <head>
                 <META HTTP-EQUIV="Refresh" CONTENT="0; URL=ChangePassword.jsp">
            </head>
       </html>
  <% } else { %>
       [Regular JSP/JSF page content...]
  <% } %>Is there a graceful JSF way of doing this? I've investigated the NavigationHandler, but it doesn't get invoked until the user clicks on a CommandButton or such like. I've investigated ViewHandler as well, but cannot see how this would help.
  Any advice appreciated & many thanks in advance...
  - Adam.

  Thanks a lot SirG ....
  This is what I have done so far:
  package com.abc.send.controller.security;
  import javax.faces.component.UIViewRoot;
  import javax.faces.context.FacesContext;
  import javax.faces.event.PhaseEvent;
  import javax.faces.event.PhaseId;
  import javax.faces.event.PhaseListener;
  public class LoginPasswordPhaseListener implements PhaseListener
       public void afterPhase(final PhaseEvent phaseEvent)
            // Nothing to do
       public void beforePhase(final PhaseEvent phaseEvent)
            if(phaseEvent.getPhaseId().equals(PhaseId.RENDER_RESPONSE))
                 final FacesContext facesContext = phaseEvent.getFacesContext();
                 final String viewId = facesContext.getViewRoot().getViewId();
                 final boolean userMustChangePasswordAtNextLogin = true;
                 if((!viewId.equals("/logout.jsp")) && userMustChangePasswordAtNextLogin)
                      final UIViewRoot newRoot = facesContext.getApplication().getViewHandler().createView(facesContext,
                           "/restricted/changePassword.jsp");
                      facesContext.setViewRoot(newRoot);
       public PhaseId getPhaseId()
            // Seems that returning PhaseId.RESTORE_VIEW here doesn't work, so we
            // have to use an if expression in beforePhase(..)
            return PhaseId.ANY_PHASE;
  }Then in the faces-config.xml:
  <lifecycle>
      <phase-listener>com.abc.common.jsf.view.ViewScopePhaseListener</phase-listener>
      <phase-listener>com.abc.common.jsf.filter.secureserver.SecureServerPhaseListener</phase-listener>
      <phase-listener>com.abc.common.jsf.filter.browservalidation.BrowserValidationPhaseListener</phase-listener>
      <phase-listener>com.abc.common.jsf.filter.security.SecurityPhaseListener</phase-listener>
      <phase-listener>com.abc.common.jsf.filter.postback.PostBackValidationPhaseListener</phase-listener>
    <phase-listener>com.abc.send.controller.security.LoginPasswordPhaseListener</phase-listener>
    </lifecycle>So if final boolean userMustChangePasswordAtNextLogin = true; then on a successfull login currently I should be taken to the changePassword.jsp right ?

• Users changing passwords within LDAP authentication

  Hello all,
  I've noticed that if a user uses the 'Membership' authentication to access the portal, they are allowed to change their passwords within the 'user channel' edit section.
  If a user logs in throught the LDAP authentication, this password utility disapears.
  1 - Is there a way to use this password utility when using LADP authentication? Is it just a setting somewhere??
  2 - What are you using to change password if you are using LDAp authentication? i.e. did you create your own password tool??
  Thanks in advance,
  Jason

  Here's how I did it on 6.0:
  I created a bookmark with these properties:
  Bookmark Name: Change Personal Settings
  URL: /amconsole
  When the user clicks on the bookmark, they have to scroll all the way down to the bottom of the window to find the change password option. After changing the password, the user should close the amconsole window WITHOUT clicking on the logout button. Just kill the window.
  If they click "logout" it will log them out of the Portal Server while leaving the desktop window open. It will look like they are still logged in but they are not. They will have to re-login.

• Problem with  ActiveDirectory Password Sync  in OIM 11gR2

  Hi,
  I installed active directory password sync connector successfully and i enabled SPML web-service also .but the problem is while changing password in AD it is not reflecting in OIM
  log info in 20120930082425511_adsi_debug file is
  Debug [09/30/12 08:24:25] CONFIG VALUE LENGTH
  Debug [09/30/12 08:24:25] 330
  Debug [09/30/12 08:24:25]
  Debug [09/30/12 08:24:25]
  Debug [09/30/12 08:24:25] Before adding configsync attributes
  Debug [09/30/12 08:24:25]
  sgslrgac instance
  Debug [09/30/12 08:24:25] User Name --->
  Debug [09/30/12 08:24:25] padmaja
  Debug [09/30/12 08:24:25]
  Debug [09/30/12 08:24:25] RelativeId:
  Debug [09/30/12 08:24:25] 1152
  Debug [09/30/12 08:24:25]
  Debug [09/30/12 08:24:25]
  sgsladac Instance
  Debug [09/30/12 08:24:25]
  LDAP Connected
  Debug [09/30/12 08:24:25] search string :
  Debug [09/30/12 08:24:25] (&(objectCategory=person)(objectClass=user)(sAMAccountName=padmaja))
  Debug [09/30/12 08:24:25]
  Debug [09/30/12 08:24:25] Connected to ADSI
  Debug [09/30/12 08:24:25] After Search
  Debug [09/30/12 08:24:25] SID::
  Debug [09/30/12 08:24:25] S-1-5-21-2856378657-228540474-388709823-1152
  Debug [09/30/12 08:24:25]
  Debug [09/30/12 08:24:25] DN::
  Debug [09/30/12 08:24:25] CN=padmaja,OU=Users1,DC=odc,DC=com
  Debug [09/30/12 08:24:25]
  Debug [09/30/12 08:24:25] GUID:::
  Debug [09/30/12 08:24:25] YzyFkltH9UqYuk/zbJiSuQ==
  Debug [09/30/12 08:24:25]
  Debug [09/30/12 08:24:25] after ladp search
  Debug [09/30/12 08:24:25] Success sgsldpap
  Debug [09/30/12 08:24:25]
  Passlen populated :
  Debug [09/30/12 08:24:25] 266
  Debug [09/30/12 08:24:25]
  Debug [09/30/12 08:24:25]
  Moving sgsloidi from asynchSystem
  Debug [09/30/12 08:24:25] Store Object populated
  Debug [09/30/12 08:24:25] [getObjectGuid=YzyFkltH9UqYuk/zbJiSuQ==
  getPasswordLen=266
  getUserDn=CN=padmaja,OU=Users1,DC=odc,DC=com
  getUserId=padmaja
  Debug [09/30/12 08:24:25]
  ***end of status
  Debug [09/30/12 08:24:25]
  Out of sgsloidi from asynchSystem
  Debug [09/30/12 08:24:25]
  Before Free
  Debug [09/30/12 08:24:25]
  After Free
  Thanks,

  Hi,
  This is my Error in OIM Log file :
  Debug [10/01/12 02:11:17] Search result fetched
  Debug [10/01/12 02:11:17] 2:430 7 314 420 AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAShm+mp7fKU2Dv/gbeNNOrgAAAAAmAAAAUABhAHMAcwB3AG8AcgBkACAARQBuAGMAcgBwAHQAaQBvAG4AAAAQZgAAAAEAACAAAAB7L8K4A9Eylj2yszNBI3x8VxQPEE7sA4HxLJehzytXBgAAAAAOgAAAAAIAACAAAACNbZQoSKuTFqSE6kbzrRONowt74kZX2/BoFbZ8249xTUAAAAAVM3ikVDndtYiDqBaZL1t9K17ptPUm7XrpFMRiF0OiyR1cPGq/n/CIElmHiwH43eHRNVGv0jI5vPYveKudnkWBQAAAAIn4+NxxMGHP3SBAngDcKLDAhoMfzJpsfteiAIjPePW2mWodSRWOUZvmjRKmbv+A/Pa2Dzce5UNkjaVlvBz41lQ=
  Debug [10/01/12 02:11:17] --------------------&&&----------------
  Debug [10/01/12 02:11:17] Inside sgsladds::sgsladdsgetData NEW Look
  Debug [10/01/12 02:11:17] 2:430 7 314 420 AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAShm+mp7fKU2Dv/gbeNNOrgAAAAAmAAAAUABhAHMAcwB3AG8AcgBkACAARQBuAGMAcgBwAHQAaQBvAG4AAAAQZgAAAAEAACAAAAB7L8K4A9Eylj2yszNBI3x8VxQPEE7sA4HxLJehzytXBgAAAAAOgAAAAAIAACAAAACNbZQoSKuTFqSE6kbzrRONowt74kZX2/BoFbZ8249xTUAAAAAVM3ikVDndtYiDqBaZL1t9K17ptPUm7XrpFMRiF0OiyR1cPGq/n/CIElmHiwH43eHRNVGv0jI5vPYveKudnkWBQAAAAIn4+NxxMGHP3SBAngDcKLDAhoMfzJpsfteiAIjPePW2mWodSRWOUZvmjRKmbv+A/Pa2Dzce5UNkjaVlvBz41lQ=
  Debug [10/01/12 02:11:17] Encoded Data Extracted in sgsladdsgetData
  Debug [10/01/12 02:11:17] 430 7 314 420 AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAShm+mp7fKU2Dv/gbeNNOrgAAAAAmAAAAUABhAHMAcwB3AG8AcgBkACAARQBuAGMAcgBwAHQAaQBvAG4AAAAQZgAAAAEAACAAAAB7L8K4A9Eylj2yszNBI3x8VxQPEE7sA4HxLJehzytXBgAAAAAOgAAAAAIAACAAAACNbZQoSKuTFqSE6kbzrRONowt74kZX2/BoFbZ8249xTUAAAAAVM3ikVDndtYiDqBaZL1t9K17ptPUm7XrpFMRiF0OiyR1cPGq/n/CIElmHiwH43eHRNVGv0jI5vPYveKudnkWBQAAAAIn4+NxxMGHP3SBAngDcKLDAhoMfzJpsfteiAIjPePW2mWodSRWOUZvmjRKmbv+A/Pa2Dzce5UNkjaVlvBz41lQ=
  Debug [10/01/12 02:11:17] Moving out sgsladdsgetData
  Debug [10/01/12 02:11:17] Encoded Data Extracted
  Debug [10/01/12 02:11:17] 430 7 314 420 AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAShm+mp7fKU2Dv/gbeNNOrgAAAAAmAAAAUABhAHMAcwB3AG8AcgBkACAARQBuAGMAcgBwAHQAaQBvAG4AAAAQZgAAAAEAACAAAAB7L8K4A9Eylj2yszNBI3x8VxQPEE7sA4HxLJehzytXBgAAAAAOgAAAAAIAACAAAACNbZQoSKuTFqSE6kbzrRONowt74kZX2/BoFbZ8249xTUAAAAAVM3ikVDndtYiDqBaZL1t9K17ptPUm7XrpFMRiF0OiyR1cPGq/n/CIElmHiwH43eHRNVGv0jI5vPYveKudnkWBQAAAAIn4+NxxMGHP3SBAngDcKLDAhoMfzJpsfteiAIjPePW2mWodSRWOUZvmjRKmbv+A/Pa2Dzce5UNkjaVlvBz41lQ=
  Debug [10/01/12 02:11:17] Incrementing the MAX_RETRY LIMIT:
  Debug [10/01/12 02:11:17] 3
  Debug [10/01/12 02:11:17] numretries ======
  Debug [10/01/12 02:11:17] 3
  Debug [10/01/12 02:11:17] Inside sgslcodsupdateChild
  Debug [10/01/12 02:11:17] 3:430 7 314 420 AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAShm+mp7fKU2Dv/gbeNNOrgAAAAAmAAAAUABhAHMAcwB3AG8AcgBkACAARQBuAGMAcgBwAHQAaQBvAG4AAAAQZgAAAAEAACAAAAB7L8K4A9Eylj2yszNBI3x8VxQPEE7sA4HxLJehzytXBgAAAAAOgAAAAAIAACAAAACNbZQoSKuTFqSE6kbzrRONowt74kZX2/BoFbZ8249xTUAAAAAVM3ikVDndtYiDqBaZL1t9K17ptPUm7XrpFMRiF0OiyR1cPGq/n/CIElmHiwH43eHRNVGv0jI5vPYveKudnkWBQAAAAIn4+NxxMGHP3SBAngDcKLDAhoMfzJpsfteiAIjPePW2mWodSRWOUZvmjRKmbv+A/Pa2Dzce5UNkjaVlvBz41lQ=
  Debug [10/01/12 02:11:17]
  Encrypted record data updated successfully
  Debug [10/01/12 02:11:17] Inside sgsladac destructor
  Debug [10/01/12 02:11:17] End of sgsloidiOIMGeneralErrorHandler
  Debug [10/01/12 02:11:17] Password updation failed in child process
  Debug [10/01/12 02:11:17]
  Relaxing while processing records from datastore

• Why is Change Password is bypassing my customization?

  Hi,
  I have a web service that will allow users to change their passwords.  I created an iView, which calls this web service and this iView is currently able to let users change passwords.  I would like to next customize my the change password screen from the logon.par, so that when an account's password expires and gets prompted with change password, my web service is called.  I know that the logon.par is using the SAPMLogonLogic class and there is a performChangePassword() method in the class.  I have customized the function, exported the class in the umelogonbase.jar, included the jar in my logon.par and deployed that par file.  However, when I tried to test this, I find that the change password is NOT calling my customized code.  It is somehow calling the original functionality, which is puzzling...
  I hope what I said is not confusing...but can anyone enlighten me on why this is happening?  Shouldn't the logon component be executing my customized code?  I customized the performResetPassword() method and the method is working fine..
  Thank You.

  I have just found out that the default changePasswordPage.jsp's action URL is not called when the submit button is clicked.  Very strange.

• Change Password Provisioning to AD fails

  OIM 9.0.3 is used for provisioning user data to AD. The OIM Administrative and User Console is customized to be a helpdesk UI for administrators and self-service UI for normal users. A user ID that is in a System Administrator User Group logins into the OIM Administrative and User Console, it is able to see all administrative tasks, e.g. user management, whereas a user ID that is in a All User Group logins into the same console, it can only see My Account->Change Password.
  Here are two Change Password processes that we want to have in our system.
  1. Administrator changes password by clicking the 'Change Password' button in the User Details' page. Password can be changed in the OIM database and the new password will be provisioned to AD, i.e. an AD attribute 'unicodepwd'. It works fine in this process.
  2. Normal user changes password by clicking the 'Change Password' in 'My Account'. The new password cannot be provisioned to AD successfully. Actually there is even no write operation in the AD, as the value of 'whenChanged' attribute is never changed if we try to change a user password in a self-service UI.
  This is quite strange, as we configured two special tasks in Process Definition in Design Console, i.e. 'Change User Password' and 'User Password Updated', we also added an entry in Lookup.USR_PROCESS_TRIGGERS as: CODE Key=USR_PASSWORD, Decode: Change User Password. Process 1 works, whereas process 2 does not.
  I found some other similar posts in the forum, but none of them had such a problem. Whenever there is an update in OIM, the change should be provisioned to the AD. I don't think it matters where the user's password is changed, correct? But it doesn't work! Anyone has ever met this issue before? Thanks!

  The transport of a changed password from the USR form to AD is a two step process.
  First you trigger a task that moves the new password from the USR form to the AD process form. This is done by Lookup.USR_PROCESS_TRIGGERS.
  In step two you move the password from the AD process form to AD. This process is triggered by a naming convention. Any task called "<LABEL> updated" will be triggered if the <LABEL> field on the process form is updated.
  If you change the name of your AD process form -> AD task to "Password Updated" it will trigger.
  The "cascading" part of the password change process is the same no matter how the password change was initiated.
  Best regards
  /M
  Message was edited by:
  Martin_Sandren
  The "X Updated" taskname should be written with a capital U.