IdM v7 and User Extended Attributes

Similar Messages

• I don't find User Extended attributes in IDM 8

  Hi all,
  I have installed idm8 and I need to extend the user attributes, but I can't find the User Extended Attributes object (or Extended User Attributes). Can anyone help me?

  From the release notes :
  Identity Manager 8.0 consolidates the locations where an administrator specifies extended,
  queryable, and summary attributes for user objects into the new
  IDM Schema Configuration object. (ID-17784) In prior versions of Identity Manager, an administrator
  edited the User Extended Attributes configuration object to add extended attributes for
  user objects and the UserUIConfig configuration object to specify additional queryable or
  summary attributes for user objects. An administrator now edits the IDM Schema Configuration
  object for these purposes.

• User Extended Attributes in IDM 7

  Has the set up changed? I imported all my objects from 6.0 and the user extended attributes aren't there. I imported the UserUIConfig object, so I would think they would be present. I noticed that the attributes tab moved in the new version, have the methods of defining them changed much?

  User Extended Attributes are typically defined in the object Configuration:User Extended Attributes. UserUIConfig is used e.g. to define if the attribute should be "Queryable" -but yes its a correct observation that the UserUIConfig is changing shapes...

• Resource Attributes not saving in Queriable User Extended Attributes

  Howdy,
  I added a few queriable user extended attributes to IDM. I originally added them in through the configure user attributes interface. I then edited the UserUIConfig to specify that they were queryable. I then edited the User Search Defaults form's getSearchableAttrs function to include these attributes. My added attributes now show up in the search user form, etc., just like I expected them to. Next I configured a new resource adapter for a database table that contained some values I wanted to use to populate these queriable attributes. I wrote a correlation rule, and ran reconciliation on the new resource. It matched up the account entries and automatically matched and linked the account information. So far so good. However, the user extended attributes I defined are not getting populated with the data from the new resource. The mapped resource attributes are treated as part of the user view, but only under the given resource, not as a queriable attribute. I really want to be able to use the find user interface with these datafields. Does anyone know why my data is ot making it into the queriable fields? Do I need to write another rule or workflow? Any advice would be most helpful.
  Thanks!
  Jim

  Queryable attributes refer to attributes stored in the IDM user object, and so need to be referenced as such.
  If you want attribute 'foo' in resource 'bar' to be stored as a Queryable attribute, you need to define it like so in your User Form :
  <Field name='accounts[Lighthouse].foo'>
      <Expansion>
            <ref>accounts[bar].foo</ref>
      </Expansion>
  </Field>This should pull the value from the resource attribute and put it in the IDM attribute. If you refer to it as a global.foo everywhere, that might work (but I find globals to be problematic).
  Let me know if it works...
  Jason

• Make user extended attribute available on the user report

  Hi,
  We have created a few user extended attributes for the client. The quyestion is how to make them available for select in a user report. Currently we configured a user report for approvers "approver report" and save the XML as TaskTemplate. How can I modify the xml to display user extended attributes? I tried the following but it did not work:
  In the task template xml, add the attribute (e.g., department) into
  <Attribute name='attrMapField'>
  <Map>
  <MapEntry key='attributes.department' value='Department'>
  </Map>
  </Attribute>
  <Attribute name='attrsToDisplay'>
  <List>
  <String>attributes.department</String>
  </List>
  </Attribute>
  Thank you.

  We will need to edit the TaskDefinition object named �User Report� with the id
  �#ID#TaskDefinition:UserSummary�.
  1) Insert the following xml directly above the field named �queryAttr.MemberObjectGroups.enabled�:
  <Field name='queryAttr.employeeId.enabled'>
  <Display class='Checkbox'/>
  </Field>
  <Field name='queryAttr.employeeId.operator'>
  <Display class='Select'>
  <Property name='title' value='Report only users whose employeeId '/>
  <Property name='noNewRow' value='true'/>
  <Property name='nullLabel' value='Please Select'/>
  <Property name='valueMap'>
  <ref>conditionsList</ref>
  </Property>
  </Display>
  <Expansion>
  <cond>
  <eq>
  <ref>queryAttr.employeeId.enabled</ref>
  <s>true</s>
  </eq>
  <ref>queryAttr.employeeId.operator</ref>
  <null/>
  </cond>
  </Expansion>
  </Field>
  <Field name='queryAttr.employeeId.value'>
  <Display class='Text'>
  <Property name='noNewRow' value='true'/>
  </Display>
  <Expansion>
  <cond>
  <eq>
  <ref>queryAttr.employeeId.enabled</ref>
  <s>true</s>
  </eq>
  <ref>queryAttr.employeeId.value</ref>
  <null/>
  </cond>
  </Expansion>
  </Field>
  2) Inside of the defvar named �attrMap� you will need to insert the following text:
  <MapEntry key='attributes.employeeId' value='Employee ID'/>
  3) Save the modifications.
  4) Check the "User Report" your attr will be available

• Fetch the User Extended Attribute" Group" Value in Java

  Hi All,
  I have been able to add a User Extended attribute in SIM and wish to fetch its value for a particular user in my java code.
  kindly help.
  Thanks
  Sunny

  Hi All,
  I am able to fetch the value of extended attribute "Group" of type "Select" I added in the Default User Form using user.getAttribute("Group") in my java code of Custom Resource Adapter.
  This extended attribute has groups name populated in it. What I am doing now is that I am fetching the Group name value and assing the user this group. This is working fine for me. However, In case user select a different group next time, I need to remove the user from old group and assign him the new group. For this, I need to have the old group value and new group value. I don't know how to retrieve the old group value?
  Any pointer on this will be helpful.
  Note: I have done the mapping of extended attribute "Group" in my Custom Resource Adapter.
  Regards,
  Sunny

• Configuration of User Extended Attributes

  Hi ,
  I am very new to sun idm.
  Anyone please expain how to configure user extended attributes in sun idm 8.0
  Thanks in Advance,
  Ram.

  Hi,
  You now modify the "IDM Schema Configuration" object.
  See [http://docs.sun.com/source/820-2961/A_edit_configObjects.html#wp19336] for more information

• Approval Limit of user - Extended Attributes

  Hello everyone,
         I would like to know the difference between standard values and local values for approval
  limit in extended attributes in PPOSA_BBP.  The standard value has 15000 AUD which is
  inherited by the organization unit under which the user is created.  Local value is 1000 AUD.
  What does this mean?  All users under the organization unit carry the same standard valu for
  approval limit but only head carries the local value which is 1000 AUD.
     Can anyone please answer to this.
  Thanks in Advance.

  Hi Priya,
  Even i checked in my system and i couldn't able to find much importance for standard value...system is considering only local values.....
  if you got the answer then please post it ...
  Thanks
  Ravi

• NPS: Override User-Name and User Identity Attribute

  After configuring NPS and using http://technet.microsoft.com/en-us/library/dd197535%28WS.10%29.aspx it's possible to authenticate based on MAC Addresses.
  Is it by design that all authentication requests handled, are changed to MAC Address Authentication?
  We want to have three Network Access Policies, two based on Active Directory Account, one based on MAC Address.
  After entering the registry values and rebooting the server, it's only possible to authenticate based on MAC Address.
  Do we need seperate NPS servers, one for MAC based authentication and one for A.D. account authentication?
  Thank you in advance.

  Hi GerardVU4,
  Thank you for your post.
  Is it by design that all authentication requests handled, are changed to MAC Address Authentication?
  To always use the MAC address as the user identity, on the NPS server set the Override User-Name registry value to 1.
  If you set Override User-Name to 1 and the User Identity Attribute to 31, the authenticating server can perform
  only Automatic Number Identification/Calling Line Identification (ANI/CLI)-based authentication. Normal authentication by using authentication protocols, such as Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) and Extensible
  Authentication Protocol (EAP), is disabled.
  So please remove Override User-Name registry entry on your NPS server first.
  Do we need separate NPS servers, one for MAC based authentication and one for A.D. account authentication?
  No, you could set up three Network Access Policies on same NPS server.
  Network Access Policies based on MAC Address, just select Authentication Methods PAP in policy Constraints TAB.
  Network Access Policies based on Active Directory Account, Keep the default Authentication Methods MS-CHAP-v2& MS-CHAP.
  If there are more inquiries on this issue, please feel free to let us know.
  Regards,
  Rick Tan

• User Extended Attribute maintenance through ActiveSync

  Following is happening in the activeSync process.
  There is an existing user in IDM with some defined attributes (as per the extended attrs pre-defined).
  If any of the user attributes does not have a value in the authoritative source and the user is processed via activeSync then whatever attrs does not hold a value in authoritative source that attr is completely deleted from the userObject xml in IDM
  It does not keep a trace in the userObject.
  Before the ActiveSync update process UserOBject has the following value.
  <Attribute name='Manager' type='string' value='Smith'/>
  If in the authoritative source for this user the manager becomes null then
  this entire attribute is removed from the xml.
  question here is :Is this a normal behaviour w.r.t ActiveSync Process?
  Should it not leave the attr trace in UserObject xml in the following way.
  <Attribute name='Manager' type='string' >
  </Attribute>
  If anyone can share their experience in this that would really help.

  Any one has noticed this issue in your system? Please help.
  Thanks,
  Arun

• Differences between attribute and user defined attributes

  1.what is commit block

  When uncommitted access is enabled (by default)
  Commit Block - number of blocks modified before a sycornization point occurs
  Relates to how calc scripts are processed and written to the database during a transaction.
  If this setting is too low, Essbase will automatically adjust it.
  Default setting is 3000.
  Brian Chow

• IDM schema and attribute mapping

  As I understood from the documents - Identity manager doesn't store any data in local database.I have 60 attributes in resource-1 which needs to be flown to resource-2
  ==>As per my understanding, i will need to create 60 attributes in IDM as user extended attributes and do the mapping between Resource1 -- IDM -- Resource-2
  ==>But if I create this schema in IDM will it hold the whole data locally ?
  Or will it hold the data between scheduled jobs for Resource-1 and Resource-2
  ==>Or I have to enable somewhere to store the data locally?
  ==>Also if there is any other option that I don't need to configure schema and attribute mapping ?
  I am new to IDM so not sure how to configure the flow in better way.

  First things first keep the extended attributes to the minimum in IDM
  for your case
  To get the values from one resource to the other you have to have attribute mappings in IDM for both the resources.
  There is no need for storing them in the extended attributes just have a job that picks up the users data from resource 1 and push it to resource 2 if the user in IDM has both the resources linked.
  Hope this works

• Custom report Extended Attribute

  Hi,
  On my user selection screen I just need a multiple selection box and user related data needs to be populated in it, can anybody guide me on this.
  Thanx

  Open BPE --
  click File - >
  --> OpenRepository Object
  ---> Forms
  --->EndUserMenu
  you can have a look at EndUserMenu
  if you want to display custom forms then you need
  login as configurator to administrator module
  Click configure Tab
  --->Forms and Process Mapping
  you can find EndUserMenu
  change the name of the EndUserMenu to your form name(should be uploaded to the IDM)
  for adding attributes to your User Object
  login to your http:\\localhost:8080\idm\debug pages then select
  ListObjects -->configuraton
  from the list of values select the User Extended Attributes for edit
  then you can add your Extended Attributes here. eg PassportNo
  <List>
  <String>firstname</String>
  <String>PassportNo</String>
  </List>
  </List>

• Adding Extended Attributes for Data Exporter

  Hi, I'm having trouble in getting an exported attribute to export within the new Data Exporter feature. In fact, once i alter the export schema to include the additional column (ext att), it won't write to that table at all.
  I am doing the following per the documentation from Sun, hopefully someone can point out the error of my way.
  First I alter the IDM Schema Configuration.xml file to include the additional User extended attribute.
  Next, I alter the model-export.xml file under model name='User' within WS_HOME to include the additional attribute here, my entry is as follows:
  <field name='employeeId'
  type='java.lang.String'
  introduced='8.0'
  max-length='50'
  forensic='User'
  queryable='true'
  exported='true'
  friendlyName='Employee Id'>
  <description>The Peoplesoft ID coming over</description>
  </field>
  Next, I go to the unzipped directory of IDM hence, \exporter and execute: "ant rebuild" and "ant deploy".
  The following takes place, The rebuild process regenerates my create and drop schema configuration scripts for MySQL. I run both scripts and
  my new column with the newly added extended attribute appears in the EXT_USER table. I also issue the proper permission commands on the tables
  I then undeploy my web application from Tomcat and re-deploy the web app.
  I start the server, log into IDM and go to the Data Exporter configuration page. Under the User data type, my extended attribute does not show up. Further, what once worked, the scheduler now does not write to the EXT_USER table and gives the following error when I believe IDM is starting up. I have no doubt that this is a clue as to why it is not working:
  "StartupServlet: Defining properties from web.xml
  Starting: Identity Server...
  ...Finished starting Startup Servlet
  {Model=User, employeeId=[], assignedRoles=[], idmManager=, businessPhone=[], location=[], MemberObjectGroups=[(id=#ID#Top)], lhdis=true, lhlocked=false, controlledObjectGroupsRule=, ACCT_CD=[], lastModDate=Tue Oct 21 16:44:21 PDT 2008, failedPasswordLoginAttemptsCount=0, description=, lastModifier=Configurator, role=[], divisionCode=[], companyMobilePhoneNumber=[], fullname=Anuradha Rao, employeeType=[], CompanyMailingAddress=[], objectClass=[Top, Object, Principal, User], hasCapabilities=false, questionLocked=false, [email protected], subtype=, managerId=[], sponsorId=[], contractorLocation=[], jobCode=[], locked=false, failedQuestionLoginAttemptsCount=0, xmlSize=936, res=[], repoMod=Tue Oct 21 16:44:21 PDT 2008, accountId=, textPagerEmailAddress=[], lastname=Rao, lastAuditorScan=, user_resources=[], creator=Configurator, id=#ID#54D7-:3AE94AA9C11:110E5685:2FC0FC1B3DEDDBF6, title=[], idmManagerNameNotFound=, faxNumber=[], facility=[], dis=0, lastPasswordUpdate=Wed Oct 01 15:31:47 PDT 2008, name=definabl, authType=, effectiveDate=[], createDate=Thu Sep 25 10:56:13 PDT 2008, jobTitle=[], prov=2, accounts=[], ControlledObjectGroups=[], costCenter=[], firstname=Anuradha, correlationKey=, primaryObjectClass=User, departmentName=[], roleInfo=[], accountType=, middleInitial=[], departmentId=[], displayName=, cubeNumber=[], disabled=true, }
  ex: java.lang.reflect.InvocationTargetException"
  java.lang.reflect.InvocationTargetException is thrown which leads me to believe that something is wrong with the javabean that is regenerated under the ant rebuild and the underlying User.hbm.xml file that regenerated as well. I can see from the User.hbm file that the new extended attribute has been added but this is as far as I have gotten. I really don't know where to go from here.
  Any and all help is extremely appreciated.
  Thank you. Dan

  Hi Nik,
  From section 1.4.2 of the install guide.
  https://docs.oracle.com/middleware/1213/edq/DQINS/planning.htm#DQINS5205
  EDQ Configuration Directories
  EDQ requires two configuration directories, which are separate from the EDQ Home (installation) directory that contains the program files. The configuration directories are:
  The base configuration directory: This directory contains default configuration data. Once EDQ is installed, the files in the base configuration directory must not be altered, renamed, or moved.
  The local configuration directory: This directory contains overrides to the default configuration. EDQ looks for overrides in this directory first, before looking in the base configuration directory. Files in the local configuration directory can be modified to customize or extend EDQ.
  The names and locations of the configuration directories are as follows:
  If you are using Oracle WebLogic Server, the Oracle installation wizard automatically creates and populates the configuration directories in the EDQ domain with the names of oedq.home (base configuration directory) and oedq.local.home (local configuration directory). An example installation path is: WLS_HOME/user_projects/domains/edq_domain/edq/oedq.home
  WLS_HOME/user_projects/domains/edq_domain/edq/oedq.local.home
  If you are using Apache Tomcat, you create the configuration directories manually in any location, with any names, and the configuration utility will populate them. You are prompted to create the directories during the installation instructions.
  Just copy flags.xml from your oedq.home casemanagement folder to your oedq.local.home casemanagement folder and edit the file accordingly.
  thanks,
  Nick

• HELP: Extended Attributes Not Appearing In Instances of Custom Content Type

  From Java code I create a custom content type derived from Document and define some extended attributes with default values for that type. All done using the same methodology shown in the Developer's Guide and Oracle example code.
  I start ifsmgr and I can indeed see the content type and the extended attributes.
  If I however create an instance of this (custom) type, either from the Viewer (file Upload) or from Java code (using code simuilar to createDocument from the Oracle ContentModule example), the extended attributes do not appear!
  BUT, if I delete one of the extended attributes using ifsmgr (highlight one of my extened attributes, click on "Remove", and then "Apply"), from that point on the previously missing extended attributes appear (except for the one I deleted of course) when I create files of the custom type from either Java code or the Viewer. Furthermore, once I get ifs to "see" one of these extended attributes in this manner, I can delete the extended attribute and re-create it from Java at will and it will appear in created instances of my custom content type just fine.
  If however I add another new extended attribute to the custom content type, I have to do the "Remove/Apply" drill in ifsmgr to get this new attribute to appear in created files of my custom type.
  I've tried deleting all instances of the custom type and closing both ifsmgr and the Viewer, but unless I delete one of the extended attributes from ifsmgr I cannot get new extended attributes to appear.
  What do I need to do in my 9ifs Java code to get new custom content extended attributes to appear in instances of that custom type?
  Thank you,
  Jeff "Did Kafka Write ifs?" Rininger

  Dear @user10993347,
  As mentioned by @vinod2303, you need to maintain content relationships along with subscriptions.
  Regards,
  Saurabh