Export OIM 11g Resource object with dependencies
Hi All,
I am looking for sample code that will export all OIM 11g Resource objects along with dependencies into XML format. Can somebody help?
I am using the below code to retreive all resource objects but don't have dependencies.
FileWriter fstream = new FileWriter("OIMResources.xml");
BufferedWriter out = new BufferedWriter(fstream);
tcExportOperationsIntf moExportUtility = (tcExportOperationsIntf) ioUtilityFactory
.getUtility("Thor.API.Operations.tcExportOperationsIntf");
Collection lstObjects = moExportUtility.findObjects(export_object, "*");
String s = moExportUtility.getExportXML(lstObjects, "*");
out.write(s);
Thanks
Mahendra.
Hi Vladimir,
I am using the below code snippet to do the export of Resources.
public Boolean export() {
Boolean result = true;
//String export_object = Util.config.getProperty(Constants.EXPORT_PATH);
String export_object="Resource";
/*if (export_object != null && !export_object.endsWith(File.separator)) {
export_object = export_object.concat(File.separator);
//String export_object_path = export_object.concat(xmlFile);
try {
FileWriter fstream = new FileWriter("OIMResources.xml");
BufferedWriter out = new BufferedWriter(fstream);
tcExportOperationsIntf moExportUtility = (tcExportOperationsIntf) ioUtilityFactory.getUtility("Thor.API.Operations.tcExportOperationsIntf");
Collection<RootObject> lstObjects = moExportUtility.findObjects(export_object, "*");
System.out.println(lstObjects);
lstObjects.addAll(moExportUtility.getDependencies(lstObjects));
lstObjects.addAll(moExportUtility.retrieveChildren(lstObjects));
lstObjects.addAll(moExportUtility.retrieveDependencyTree(lstObjects));
String s = moExportUtility.getExportXML(lstObjects, "*");
out.write(s);
LOG.info(Resource + " Objects are successfully exported --------------->");
out.close();
} catch (Exception e) {
LOG.log(Level.SEVERE, "Exception occured while exporting OIM object - " + Resource, e);
return result;
I am not getting its dependent objects as I was getting through OIM Deployment manager console. If I export the details through OIM console, the file size is around 3 MB. If I exported through above java code, file size is 300 KB only.
Please let me know if I am missing anything.
Edited by: Mahendra K on Jun 19, 2012 10:19 AM
Similar Messages
-
OIM 11g - Email Notification with direct link to Approval Task Details
Hi,
We wanted to send email notifications to approver with direct link to the approval task details screen from which the user can either approve or reject the request. In OIM 11g OOTB Notification templates such as Request Creation contains the direct link to Request Detail screen which is something like
http://localhost:14000/oim/faces/pages/Self.jspx?OP_TYPE=LOOKUP;E_TYPE=MY_REQUEST&T_ID=65
Wondering if there is something similar for Approval Task Details screen as well.
Any kind of help or suggestion is greatly appreciated.
Thanks,
DeepaIf at all you cannot get the direct link for approve/reject then try the actionable email from SOA. Once you have that configured the emails gets approver/reject links so that approvers can directly approve/reject the task from email. If that works for you then you can look at the format of those links in the email and deduce what you need the url as.
HTH,
BB -
OIM 11g create user with API - double resources
Hello.
We have a custom web client for creating a user in OIM. When we create a user with the OOTB web app (formerly xlWebApp), it creates the user and the Access Policies work correctly to give the user one of each resource.
When we create the user with the API from our custom web app, it tries to assign 2 of each resource to the new user. Has anyone seen this behavior before? Thank you.Bump Thanks.
-
OIM 11g R1. Issue with parallel participant type approval workflow.
Hi All,
I have a request level approval with the human task assignment participant type set to parallel. There will be two participants in the workflow with approve and reject having outcome value as 50 each. When i submit a request, i can see the both the request is properly allocated to both the users. But when i log in with the individual users and search the approval tasks in the self service page, i cant see it properly assigned.
In the approval tasks table, i cant see the values for the following columns request ID, request type, beneficiary, request target. Whereas i can see the value for the requester as "Anonymour user" and it is assigned to a proper user. When i try to approve, i get the following error in the console.
========================================================================================================================
<25 Nov, 2012 1:49:09 PM IST> <Warning> <oracle.adfinternal.view.faces.renderkit
.rich.NavigationPaneRenderer> <BEA-000000> <ILLEGAL_COMPONENT_HIERARCHY : A chil
d component that is not a commandNavigationItem (or a separator when hint=choice
) was found.>
<25 Nov, 2012 2:22:57 PM IST> <Error> <oracle.iam.request.impl> <IAM-2050076> <N
o request found with the request ID .>
<25 Nov, 2012 2:22:57 PM IST> <Error> <oracle.iam.tasklist.agentry.task> <IAM-20
60009> <Error occurred while approving task from BPEL>
<25 Nov, 2012 2:22:57 PM IST> <Error> <oracle.iam.tasklist.agentry.task> <IAM-20
60013> <Exception thrown:
oracle.iam.request.exception.RequestServiceException: IAM-2050076:No request fou
nd with the request ID .
at oracle.iam.request.repository.RequestRepository.getRequestClone(Reque
stRepository.java:891)
at oracle.iam.request.impl.RequestEngine.getBasicRequestDetails(RequestE
ngine.java:3877)
at oracle.iam.request.impl.RequestServiceImpl.getBasicRequestData(Reques
tServiceImpl.java:94)
at oracle.iam.request.api.RequestServiceEJB.getBasicRequestDatax(Unknown
Source)
at sun.reflect.GeneratedMethodAccessor1000.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJo
inpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMetho
dInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMetho
dInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntrodu
ctionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntrodu
ctionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMetho
dInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisit
orImpl.visit(MethodInvocationVisitorImpl.java:37)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.c
allback(EnvironmentInterceptorCallbackImpl.java:54)
at com.bea.core.repackaged.springframework.jee.spi.EnvironmentIntercepto
r.invoke(EnvironmentInterceptor.java:50)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMetho
dInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocat
ionInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMetho
dInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntrodu
ctionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntrodu
ctionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMetho
dInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopPr
oxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy337.getBasicRequestDatax(Unknown Source)
at oracle.iam.request.api.RequestService_dnwrzl_RequestServiceRemoteImpl
.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(Ses
sionRemoteMethodInvoker.java:40)
at oracle.iam.request.api.RequestService_dnwrzl_RequestServiceRemoteImpl
.getBasicRequestDatax(Unknown Source)
at sun.reflect.GeneratedMethodAccessor999.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(Remote
BusinessIntfProxy.java:85)
at $Proxy170.getBasicRequestDatax(Unknown Source)
at sun.reflect.GeneratedMethodAccessor998.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflecti
on(AopUtils.java:307)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynami
cAopProxy.java:198)
at $Proxy336.getBasicRequestDatax(Unknown Source)
at oracle.iam.request.api.RequestServiceDelegate.getBasicRequestData(Unk
nown Source)
at oracle.iam.tasklist.agentry.task.ApproveActor.perform(ApproveActor.ja
va:106)
at oracle.iam.consoles.faces.mvc.canonic.Model.perform(Model.java:565)
at oracle.iam.consoles.faces.mvc.self.Model.perform(Model.java:178)
at oracle.iam.consoles.faces.mvc.canonic.Model.prepare(Model.java:460)
at oracle.iam.consoles.faces.mvc.self.Model.prepare(Model.java:173)
at oracle.iam.consoles.faces.mvc.canonic.Controller.doPrepare(Controller
.java:225)
at oracle.iam.consoles.faces.mvc.canonic.Controller.doSelectOperationNav
igation(Controller.java:88)
at oracle.iam.consoles.faces.render.canonic.UIEntrypod$CommandToolbarBut
tonActionListener.processAction(UIEntrypod.java:677)
at javax.faces.event.ActionEvent.processListener(ActionEvent.java:88)
at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcast(UIXC
omponentBase.java:675)
at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand
.java:179)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.r
un(ContextSwitchingComponent.java:92)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._pr
ocessPhase(ContextSwitchingComponent.java:361)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.bro
adcast(ContextSwitchingComponent.java:96)
at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclu
de.java:102)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.r
un(ContextSwitchingComponent.java:92)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._pr
ocessPhase(ContextSwitchingComponent.java:361)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.bro
adcast(ContextSwitchingComponent.java:96)
at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclu
de.java:96)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.broadcastEvents
(LifecycleImpl.java:902)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(L
ifecycleImpl.java:313)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(Lifecyc
leImpl.java:186)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run
(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecuri
tyHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.jav
a:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
va:56)
at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
va:56)
at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.j
ava:205)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
va:56)
at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter
(RegistrationFilter.java:106)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterL
istChain.doFilter(TrinidadFilterImpl.java:446)
at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter
.java:60)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterL
istChain.doFilter(TrinidadFilterImpl.java:446)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilt
erImpl(TrinidadFilterImpl.java:271)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilte
r(TrinidadFilterImpl.java:177)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFi
lter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
va:56)
at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmt
NavigationFilter.java:121)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
va:56)
at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthCon
textFilter.java:107)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
va:56)
at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:1
75)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
va:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:31
3)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUt
il.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.jav
a:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:1
61)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
va:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:13
6)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
va:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsF
ilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
va:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio
n.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio
n.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
dSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppS
ervletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletC
ontext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.j
ava:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
========================================================================================================================
Please share any thoughts on this.
Thanks,
SriniHi Kevin,
Thanks a lot for the response. But, when i deployed the composite SAR in to the server from Jdeveloper, i checked the option to "Overwrite any existing composite with same revision ID". SO, i used the same revision ID (Say 1.0), will this also need to be disabled?
Thanks,
Srini -
Special character issue with Resource Object in OIM 11g
Hello
While creating Resource Object with special character '/' in OIM 11g, it's not allowing me.
For ex: Peoplesoft Finance/Reporting
Do we have any other workaround without changing the Resource Object name??
Thanks for your help.Nothing is there in system configuration related to special character.
-
How to create clone of exsiting Resource Object in OIM
Hi..I need a help here.
I have already one Resource object in OIM with all required mapping for Object reconciliation and Action rule.
I want to create clone of the same resource object with diffrent name and keep same Object reconciliation and reconciliation Action mapping in OIM.
How can i do that
Thanks !!Take the export of this Resource Object.
Do changes in the XML like resource Object Name, Form Names, Process Defintion, Email Template (if required)
Save it and import it back into OIM.
Note: Take export of independent Lookups or any configuration which you are using in existing Resource Object. -
Trusted Reconciliation in OIM 11g
Hi
I have written custom scheduler task in OIM 11g which will retrieve values from database and call recon API's to create users in OIM.
Database Table contains the following sample values
FIRSTNAME:RECON
LASTNAME:USER1
USERLOGIN:RUSER1
ORGANIZATION:Xellerate Users
EMPLOYEE-TYPE:Full-Time
I created Resource Object with the above recon attributes and mapped these attributes to OIM User Attributes and made userlogin as key attribute.
I created Recon Rule as USER LOGIN equals userlogin and action rule as No Matches Found -> Create User
Now I ran the job from UI and status is showing as Data Recieved only. It is not creating users.
Below are the logs for the same.
*<Jul 20, 2011 7:47:55 AM EDT> <Error> <oracle.iam.reconciliation.impl> <IAM-5010000> <Generic Error/Information: {0}*
oracle.iam.platform.utils.SuperRuntimeException: java.sql.SQLIntegrityConstraintViolationException: ORA-02291: integrity constraint (OIM11GDB.FK_RECON_EVENTS_USR) violated - parent key not found
ORA-06512: at "OIM11GDB.OIM_SP_RECONBLKUSERCRUD", line 759
ORA-06512: at "OIM11GDB.OIM_SP_RECONBLKUSRMLSWRAPPER", line 71
ORA-06512: at line 1
at oracle.iam.reconciliation.dao.DBCall.execute(DBCall.java:24)
at oracle.iam.reconciliation.dao.ReconActionDao.processSPCall(ReconActionDao.java:1316)
at oracle.iam.reconciliation.dao.ReconActionDao.executeBulkUserMatchCRUD(ReconActionDao.java:686)
at oracle.iam.reconciliation.impl.UserHandler.executeBulkCUD(UserHandler.java:568)
at oracle.iam.reconciliation.impl.BaseEntityTypeHandler.process(BaseEntityTypeHandler.java:34)
at oracle.iam.reconciliation.impl.ActionEngine.processBatch(ActionEngine.java:129)
at oracle.iam.reconciliation.impl.ActionEngine.execute(ActionEngine.java:90)
at oracle.iam.reconciliation.impl.ActionTask.execute(ActionTask.java:73)
at oracle.iam.platform.async.impl.TaskExecutor.executeUnmanagedTask(TaskExecutor.java:100)
at oracle.iam.platform.async.impl.TaskExecutor.execute(TaskExecutor.java:70)
at oracle.iam.platform.async.messaging.MessageReceiver.onMessage(MessageReceiver.java:68)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy364.onMessage(Unknown Source)
at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:466)
at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:371)
at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:328)
at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4659)
at weblogic.jms.client.JMSSession.execute(JMSSession.java:4345)
at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3822)
at weblogic.jms.client.JMSSession.access$000(JMSSession.java:115)
at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5170)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Pls Help.Hi Rajiv,
Please see my comments below.
Where is Design Console Access attributes ?I think no need to set value for this attribute as the default value will be End-User only. Correct me if I am wrong.
Have you created Recon Rule properly ?yes
Have you created Reconciliation Profile ?yes
Call teh API porcessReconciliationEvent after createReconciliationEvent API.Is it mandatory to call processReconciliationEvent after createReconciliationEvent? The reason why I am asking is when I wrote scheduler for target recon I didn't used processReconciliationEvent.
Thanks -
OIM 11g requestDataset not reflected
All,
I am using OIM 11g. I want to provide resouce attr details during provision request. I have created a dummy resource object with field name employeeid. firstname,lastname,Created a dataset as ProvisionDummyResouceDataSet.xml
Dataset -->
<?xml version="1.0" encoding="UTF-8"?>
<request-data-set xmlns="http://www.oracle.com/schema/oim/request"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.oracle.com/schema/oim/request"
name="ProvisionDummyResourceDataset" entity="DummyResource" operation="PROVISION">
<AttributeReference name="EmployeeID" attr-ref="EmployeeID" type="String" length="50" widget="text" required="true" available-in-bulk="false"/>
<AttributeReference name="First Name" attr-ref="First Name" type="String" length="50" widget="text" required="false" available-in-bulk="false"/>
<AttributeReference name="Last Name" attr-ref="Last Name" type="String" length="50" widget="text" required="false" available-in-bulk="false"/>
</request-data-set>
I have modified the weblogic properties file as below,
wls_servername=oim_server1
application_name=OIMMetadata
metadata_from_loc=D:/Oracle/Middleware/Oracle_IDM1/temp/import
When i run the weblogicImportMetaData.bat import is succesful and i am also able to see the entry in MDS database in the table MDS_PATHS. . However I am not seeing the above attributes usename while I am raising request for Dummy resource. Is there any other configuration required which i have missed? Any help is appreciated.
Thanks in Advance,
Swati PandeyHi,
I created the below ProvisionResourceICFADDataset.xml and did an import. However, when I try to create a request template for provisioning the resource, there is no information about the attribute "Roles". I even tried rasing a request but it does not ask me to enter value for "Roles". Is there anything that I am missing
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<request-data-set xmlns = "http://www.oracle.com/schema/oim/request"
xmlns:xsi = "http://www.w3.org/2001/XMLSchema-instance"
operation = "PROVISION"
entity = "ICFAD Resource"
name = "ProvisionResourceICFAD Resource"
xsi:schemaLocation = "http://www.oracle.com/schema/oim/request">
<AttributeReference
name="Roles" attr-ref="Roles" type="String"
length="30" widget="lookup" required="false" available-in-bulk="true"
lookup-code="Lookup.ICFAD.Roles"/>
</request-data-set> -
[OIM] Automate AD provisioning with multiple custom rules.
I am working on setting up provisioning automation and I'm very confused about the best way to do it.
I need to have OIM do the following when creating an Active Directory Account
If the user is an employee put them in container X
if they are a contractor put them in container Y
If they are a warehouse worker, do not give them an account
If they are in NY, give them an account with group A
if they are in Denver, give them group B
and so on
So I need to have multiple rules checked and for certain fields to get certain things based on which rules are true. Do I need separate groups and Access policies for each rule?
Is there a way to make one collection of rules with multiple outcomes leading to multiple mappings?
rkimbal45
Edited by: rkimball on Jul 27, 2010 4:19 PMGreat question but unfortunately there is no straight answer.
Exactly what you can and should do varies depends on what tradeoffs you are ready to make in your configuration. It is very hard to give a condensed and straight answer that covers all possible configurations and gives you an overview of pros and cons.
I wrote up a paper on this a while ago that discusses this issue at quite some length. I am posting the excerpt that discusses this specific point below but it really helps if you have the rest of the context in the document.
Feel free to contact me through linked if you want a copy of the doc.
Hope this helps
/Martin
Role based group memberships
In some cases you have a requirement that users who fit a certain profile should be given a certain target system role. One common example would be that employees should be added to the employee group and contractors should be added to the contractor group. OIM supports this scenario through the rule, group and access policy system.
A rule lets you specify that a user that fits a certain profile (i.e. whose userType attribute on the user form is “employee”) should become a member of a certain group. The group membership in turn triggers execution of an access policy. The policy specifies that the user should be given a certain resource object with specific configuration of process form and child form. This in turn can trigger a target system group membership update.
This works great as long as the specifications for the rules are simple and doesn’t require usage of wildcards. If you have more advanced requirements, i.e. users with department 6200-6500 excluding 6345 should go in this group, you will end up with a lot of rules (299 to be exact). Likewise if you have more advanced requirements around what target system memberships should be given you end up with a lot of access policies. Even if you manage to implement this you can easily end up in a management nightmare with hundreds or even thousands of rules, groups and access policies.
Another weakness is that access policies can only be used to grant one instance of a specific resource object to a specific user. This is often a crippling limitation.
One way to escape the limitations of the rules is to use entity adapters attached on insert and update on the user form. This makes it possible to replace large number of explicit rules with a single logical expression. The downside is that the business logic is now defined in code rather than configuration. You could of course write code that loads configuration from a text file, a lookup table or an XML file but that only takes you so far.
Likewise you can replace the access policies with entity adapters that gives out ROs according to business rules defined in the code. Eliminates some of the limitations but makes the system harder to implement and manage. -
OIM 11g - Kerberos Authentication disable
Hi Experts,
We have OIM 11g set up with Kerberos SSO authentication enabled for OIM. We want this to be disabled. Can any one help where and how I can do this?
Thanks and Regards
Naveen
Edited by: user4537635 on May 16, 2013 5:52 AMdownload connetor doc from below location(RSA Authentication Manager )
http://docs.oracle.com/cd/E11223_01/index.htm
Else try to download the connector extract it and open the connector doc(RSA Authentication Manager 9.1.0.7.0 )
http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/connectors-101674.html -
API of Resource object managment - OIM 11g R2
Hi All,
I want to provision a resource (say 'AD User') from a post event handler (OIM 11g R2) during user creation.
Please tell me the API to be used.
In OIM 10g, we can use 'tcObjectOperationsIntf' interface to operate on resource objects. what API is its replace in OIM 11g R2?
Thanks in Advance.Create a role and add a rule membership to that role using your custom attribute.
Create an access policy to provision AD resource and use the role created above while creating access policy. There will be a schedule task with the name "Evaluate user access policies". Change its schedule to run for every 1 minute.
Now, create a user who satisfies the above role membership and make sure this user got the role membership. Immediately after a minute, this new user should be provisioned to AD resource automatically. -
OIM 11g issues with design console, creating resource
Hi All,
I have installed OIM 11g, OAM 11g.
I am facing issues while starting design console or creating a resouce.
<Sep 2, 2010 9:30:53 PM GMT+05:30> <Error> <XELLERATE.SCHEDULER.TASK> <BEA-0000
0> <Error while calling reissue on AUD_JMS messages
com.thortech.xl.dataaccess.tcClientDataAccessException:
at com.thortech.xl.dataaccess.tcDataBaseClient.getDatabaseProductName(t
DataBaseClient.java:944)
at com.thortech.xl.schedule.tasks.ReIssueAuditMessage.processAllByIdent
fier(ReIssueAuditMessage.java:87)
at com.thortech.xl.schedule.tasks.ReIssueAuditMessage.execute(ReIssueAu
itMessage.java:78)
at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.execute(SchedulerB
seTask.java:384)
at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:144)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl
java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcce
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:16
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.
ava:529)
>
<Sep 2, 2010 9:30:53 PM GMT+05:30> <Error> <XELLERATE.DATABASE> <BEA-000000> <Cl
ass/Method: tcDataBaseClient/bindToInstance encounter some problems: java.lang.A
ssertionError: Can only export activatable objects
oracle.iam.platform.utils.ServiceInitializationException: java.lang.AssertionErr
or: Can only export activatable objects
at oracle.iam.platform.Platform.getService(Platform.java:264)
at oracle.iam.platform.OIMInternalClient.getService(OIMInternalClient.ja
va:152)
at com.thortech.xl.dataaccess.tcDataBaseClient.bindToInstance(tcDataBase
Client.java:151)
at com.thortech.xl.dataaccess.tcDataBaseClient.<init>(tcDataBaseClient.j
ava:75)
at com.thortech.xl.server.tcDataBaseClient.<init>(tcDataBaseClient.java:
33)
at com.thortech.xl.client.dataobj.tcDataBaseClient.<init>(tcDataBaseClie
nt.java:67)
Please helpYou need to copy the files from the linux box to a windows box and change the startup paramaters to meet that of a Windows machine.
I have the following files once moved to my windows machine:
basecp.bat:
>
set CLASSPATH=.;.\lib\oimclient.jar;.\lib\iam-platform-auth-client.jar;.\lib\iam-platform-pluginframework.jar;.\lib\iam-platform-utils.jar;.\lib\iam-platform-context.jar;.\lib\XellerateClient.jar;.\lib\xlAPI.jar;.\lib\xlLogger.jar;.\lib\xlVO.jar;.\lib\xlUtils.jar;.\lib\xlCrypto.jar;.\lib\xlAuthentication.jar;.\lib\xlDataObjectBeans.jar;.\ext\log4j-1.2.8.jar;.\ext\jhall.jar;
>
classpath.bat:
>
call basecp.bat
set CLASSPATH=%CLASSPATH%;.\ext\spring.jar;.\ext\security-api.jar;.\ext\commons-logging.jar;.\ext\logging-utils.jar;.\ext\jakarta-oro-2.0.8.jar;.\ext\bsh.jar;.\ext\mail.jar;.\ext\jboss-j2ee.jar;.\ext\jboss-jaas.jar;.\ext\jbosssx.jar;.\ext\jts.jar;.\ext\jbossall-client.jar;.\ext\concurrent.jar;.\ext\getopt.jar;.\ext\gnu-regexp.jar;.\ext\jacorb.jar;.\ext\jboss-client.jar;.\ext\jboss-common-client.jar;.\ext\jbosscx-client.jar;.\ext\jbossha-client.jar;.\ext\jboss-iiop-client.jar;.\ext\jbossjmx-ant.jar;.\ext\jboss-jsr77-client.jar;.\ext\jbossmq-client.jar;.\ext\jboss-net-client.jar;.\ext\jbosssx-client.jar;.\ext\jboss-system-client.jar;.\ext\jboss-transaction-client.jar;.\ext\jcert.jar;.\ext\jmx-connector-client-factory.jar;.\ext\jmx-ejb-connector-client.jar;.\ext\xdoclet-module-jboss-net.jar;.\ext\jsse.jar;.\ext\jnet.jar;.\ext\jmx-rmi-connector-client.jar;.\ext\jmx-invoker-adapter-client.jar;.\ext\jnp-client.jar;.\ext\wlfullclient.jar;.\ext\webserviceclient+ssl.jar;.\ext\sas.jar;.\ext\oc4jclient.jar;.\ext\ejb.jar;.\ext\oscache.jar;.\ext\commons-logging.jar;.\ext\javagroups-all.jar
>
xlclient.cmd:
>
@echo off
setlocal
call classpath
REM SET DEBUG_OPTS=-classic -Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5001 -DXL.RedirectSysOutErrToFile=TRUE -DXL.SysOutErrLogFile=.\logs\Client.System.Out.Err.log
REM Make sure to remove java.naming.provider.url and read it from the configuration
REM once the JNDI Profiles are implemented.
REM make sure you are using j2sdk1.4.2_05
"C:\jdk1.6.0_22\bin\java" %DEBUG_OPTS% ^
-DXL.ExtendedErrorOptions=TRUE -DXL.HomeDir=C:\oracle\oim1_11g\designconsole ^
-Djava.security.policy=config\xl.policy ^
-Dlog4j.configuration=config\log.properties ^
-Dweblogic.security.SSL.trustedCAKeyStore=%TRUSTSTORE_LOCATION% ^
-Djava.security.manager -Djava.security.auth.login.config=config\authwl.conf ^
com.thortech.xl.client.base.tcAppWindow -server server
endlocal
>
See if this works.
-Kevin -
Resource Object API in OIM 11g r2
Hi All,
I'm new to OIM 11.1.2 and I'm working on provisioning users(trusted source) to OIM using custom code.
In oim 9x ,tcObjectOperationsIntf is used to perform Resource object Operations.I would like to know about Resource Object api in 11g R2
Please help me on this.
Regards,
MadhuResource objects in OIM11GR2 are application instances. You can refer application instance service API:
http://docs.oracle.com/cd/E27559_01/apirefs.1112/e28159/oracle/iam/provisioning/api/ApplicationInstanceService.html
Also, you can refer oim service api for common operations:
http://docs.oracle.com/cd/E27559_01/apirefs.1112/e28159/oracle/iam/api/OIMService.html
regards,
GP -
Provision a Resource Object to Organization automatically in OIM 11g
Hi All,
How to provision a resource Object to Organizations automatically in OIM 11g.
Can we use Access Policy for this , if not , is there any other way to solve this.
Regards
Edited by: 903745 on 31 May, 2012 1:40 AMAre you referring to creating an resource object (e.g. group) on the Organization itself (as opposed to users in that Organization) ? If so this can be done from a post-process event handler on the Organization object.
-
Issue with deleting a group using Request APIs in OIM 11g R1
Hi,
I am facing an issue with Request Based provisioning in OIM 11g R1.
I am currently testing a scenario where i have imported a data set for 'Modify Provisioned Resource' and am able to add a group/entitlement to an already provisioned resource by using the following code :
RequestBeneficiaryEntityAttribute childEntityAttribute= new RequestBeneficiaryEntityAttribute();
childEntityAttribute.setName("AD User Group Details");
childEntityAttribute.setType(TYPE.String);
List<RequestBeneficiaryEntityAttribute> childEntityAttributeList=new ArrayList<RequestBeneficiaryEntityAttribute>();
RequestBeneficiaryEntityAttribute attr = new RequestBeneficiaryEntityAttribute("Group Name", <group>, RequestBeneficiaryEntityAttribute.TYPE.String);
childEntityAttributeList.add(attr);
childEntityAttribute.setChildAttributes(childEntityAttributeList);
childEntityAttribute.setAction(RequestBeneficiaryEntityAttribute.ACTION.Add);
beneficiaryEntityAttributeList = new ArrayList<RequestBeneficiaryEntityAttribute>();
beneficiaryEntityAttributeList.add(childEntityAttribute);
beneficiarytEntity.setEntityData(beneficiaryEntityAttributeList);
This works fine for adding a group but if i try to remove a group by changing the action to Delete in the same code, the request fails. The only change made is in the following line:
childEntityAttribute.setAction(RequestBeneficiaryEntityAttribute.ACTION.Delete);
Could you please suggest where can this possibly be wrong.
Thanks for your time and helpHi BB,
I am trying to follow up your response.
You are suggestng to use prepopulate adapter for to populate respource object name, that means We have to just use an sql query from obj tabke to get the resource object name. right ?? it could be like below, what should I have entity-type value here ??
<AttributeReference name="Field1" attr-ref="act_key"
available-in-bulk="false" type="Long" length="20" widget="ENTITY" required="true"
entity-type="????"/>
<PrePopulationAdapter name="prepopulateResurceObject"
classname="my.sample.package.prepopulateResurceObject" />
</AttributeReference>
<AttributeReference name="Field2" attr-ref="Field2" type="String" length="256" widget="lookup-query"
available-in-bulk="true" required="true">
<lookupQuery lookup-query="select lkv_encoded as Value,lkv_decoded as Description from lkv lkv,lku lku
where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.xxx.BO.Field2'
and instr(lkv_encoded,concat('$Form data.Field1', '~'))>0" display-field="Description" save-field="Value" />
</AttributeReference>
Then I need think about the 'Lookup.xxx.BO.Field2' format.
Could you please let me know if my understanding is correct?? What is the entity-type value of the first attribute reference value?
Thanks for your all help.
Maybe you are looking for
-
MS Word property descriptions or heirarchy?
I am formatting test reports that I am creating via LabVIEW in MS Word 2000 on NT. The new LabVIEW 6.0.2 Report Generation Toolkit with Word vi's are great but incomplete. My huge hurdle for formatting directly with properties and methods is that the
-
Portal Runtime Error : An exception occurred while processing a request
Hello friends, After upgradation of my portal to the following patch level, SAP J2EE 6.20: <b>Portal Version :</b> EP 6 SP 2 patch 29 hotfix 0 <b>Content Mgmt and Collaboration version</b> : 6 SP2 patch 5 i faced many performance related issues. Por
-
Had to restore my macbook to original operating system that came with the computer when purchased in the spring of 2008. I am now trying to complete a software update to mac os x 10.5.8 and i get an error message stating "The installer could not vali
-
IDVD create disk image larger than DVD-R capacity
Here's the background: - I made an iMovie 6 in 16:9 NTSC that is 1:32:00:06 long. I put that into iDVD 6, use the 5.0 Theme called "Wedding White", no slideshow, just a few photos and one 128k audio AAC file for menu music. Motion menu right now is a
-
GL_ARB_vertex_buffer_object not working on Intel 945GSE
Hello everyone, I noticed that one of my older applications does not work on my netbook with a Intel 945GSE graphics card. The application requires either OpenGL 1.5 or the GL_ARB_vertex_buffer_object extension. The Intel 945GSE supports this extensi