Issue in AD - OIM 11g

Similar Messages

• Problem while reconfiguring OIM 11g with existing Database

  Hello,
  I had some issues with my OIM 11g instance, so i reconfigured it by deleting user_projects folder,before deleting i took backup of config folder as i wanted to
  configure with existing database.
  Following steps were performed for reconfiguring OIM11g:-
  1)Ran config.sh from <Middleware>/Oracle_IDM1/common/bin
  2) Copied .xldatabasekey file to newly created domain
  3)Ran config.sh from <Middleware>/Oracle_IDM1/bin
  Then tried to start AdminServer, it showed status as running but with errors like
  java.lang.NoClassDefFoundError: Could not initialize class oracle.dfw.impl.common.TempFileManager
  at oracle.dfw.spi.portable.PortableDiagnosticsFrameworkProvider.init(PortableDiagnosticsFrameworkProvider.java:120)
  Then tried to start OIM server , it showed status as running but with error as
  oracle.iam.platform.utils.OIMAppInitializationException:
  OIM application intialization failed because of the following reasons:
  Password for .xldatabasekey is not seeded in CSF.
  Then i tried to cofigure domain again & this time i didnt select Oracle Identity Manager from Select domain source & checked AdminServer & it was running without any errors, but when i select Oracle Identity Manager from Select domain source then i get above problems.
  Can anyone provide pointers about how to resolve this issue .
  Thank-You
  Rahul Shah

  Dear Rahul,
  I got the same errors:
  ./admin/IDMDomain/mserver/IDMDomain/servers/wls_oim1/logs/wls_oim1.log
  ####<Jan 27, 2013 10:58:09 PM CET> <Error> <Deployer> <server02> <wls_oim1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <aa66ef4907f1903f:4c6a3b0:13c7e03232f:-8000-0000000000000003> <1359323889050> <BEA-149205> <Failed to initialize the application 'oim [Version=11.1.1.3.0]' due to error oracle.iam.platform.utils.OIMAppInitializationException:
  OIM application intialization failed because of the following reasons:
  oim-config.xml was not found in MDS Repository.
  oracle.iam.platform.utils.OIMAppInitializationException:
  OIM application intialization failed because of the following reasons:
  oim-config.xml was not found in MDS Repository.could you explain, how did you sort out it, please? For example point 2 did you create one more domain?
  Best regards,
  Lain

• OIM 11g R1 Request Template issue

  Hi All,
  We are facing an issue with implementing the Request Management of OIM 11g R1 11.1.1.5 for Create User.
  OIM already provides OOTB CreateUserDataSet.xml and a ‘Create User’ Request Template.
  We have changed(customized) the OOTB CreateUserDataSet.xml at the same location in MDS and have created one our own Request Template – ‘Create Custom’.
  We have also added Attribute Restrictions in the ‘Create Custom’  request template for mandatory fields like – ‘Organization’, ‘User Type’ & ’Design Console Access’.
  The issue we are facing is –“After some time(not immediately) the Request Template gets corrupt and does not open thus rendering the Request Process for Create User inoperable.”
  Below is the the log error of the OIM Web console error after we are trying to open ‘Create Custom’ by clicking on the Request Template.
  <ADF_FACES-60096:Server Exception during PPR, #8
  oracle.iam.platform.utils.MinLimitException: size < minimum limit
                  at oracle.iam.platform.canonic.model.Values.setMinLimit(Values.java:187)
                  at oracle.iam.requesttemplate.agentry.operations.OpenActor.renderAttributeRestrictionsTab(OpenActor.java:829)
                  at oracle.iam.requesttemplate.agentry.operations.OpenActor.prepare(OpenActor.java:198)
                  at oracle.iam.consoles.faces.utils.CanonicUtils.prepareOperation(CanonicUtils.java:169)
                  at oracle.iam.consoles.faces.utils.CanonicUtils.prepareOperation(CanonicUtils.java:179)
                  at oracle.iam.consoles.faces.render.canonic.UICursor$TableActionListener.processAction(UICursor.java:855)
                  at javax.faces.event.ActionEvent.processListener(ActionEvent.java:88)
  Any help in solving above issue, workarounds or knowing that is it an OIM bug will be greatly helpful.
  Note* I have noticed(through Export) that in a corrupted Request Template the Organization Name that I have restricted to a Constant, has the- Organization Name's Text as value in exported xml. If I change it back to ACT KEY and import it back in OIM the Template is again restored until next corruption
  Thanks already
  Regards,
  Nitin Tewari

  Excellent! Thank you very much!
  Edited by: 958794 on May 22, 2013 10:37 AM

• OIM 11g R1 - AD 9.1.1.7.2 SSL Issue

  Hi All,
  I am trying to configure the SSL b/w OIM 11g R1 BP05 running on IBM AIX 6.1 and AD Connector 9.1.1.7.2. The recon/provisioning is working fine on port 389.
  For SSL Configuration, I imported the AD root certificate in custom keystore configured in WLS and Standard Java Keystore i.e., cacerts. I have updated the ADIT Resource to change the port and use SSL as yes.
  So, now when I am running recon, I am getting below error:
  *[2013-05-28T13:37:02.043-07:00] [oim_server1] [ERROR] [] [OIMCP.ADCS] [tid: OIMQuartzScheduler_Worker-5] [userId: oiminternal] [ecid: 0000JvgXEpH4ykJLQm5Eid1HdFwe000001,1:28614] [APP: oim#11.1.1.3.0] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : searchResultPageEnum : The error occured in tcADUtilLDAPController::connectToAvailableAD():host:636*
  *[2013-05-28T13:37:02.083-07:00] [oim_server1] [ERROR] [] [OIMCP.ADCS] [tid: OIMQuartzScheduler_Worker-5] [userId: oiminternal] [ecid: 0000JvgXEpH4ykJLQm5Eid1HdFwe000001,1:28614] [APP: oim#11.1.1.3.0] com.thortech.xl.exception.ConnectionException: host:636[[*     at com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController.searchResultPageEnum(Unknown Source)
       at com.thortech.xl.schedule.tasks.ADLookupReconTask.performReconciliation(Unknown Source)
       at com.thortech.xl.schedule.tasks.ADLookupReconTask.execute(Unknown Source)
       at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.execute(SchedulerBaseTask.java:384)
       at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:145)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
       at java.lang.reflect.Method.invoke(Method.java:611)
       at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:196)
       at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
       at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
  I am able to connecto to AD on port 636 using LDAP Browser and also using JNDI Code. Also, I used XIMDD to test the Target System SSL Trust Verification and it worked too. Also, the telnet/ping are working too.
  Any clue on this issue?

  Hi Praveen,
  Here is the solution suggested by Oracle for this particular error:
  This exception is encountered because the Connector Server uses a port that has already been used (mostly by another instance of the Connector Server). You can fix this issue by performing one of the following steps:
  If the Connector Server service is running, then stop it.
  Search for and open the ConnectorServer.exe.Config file, change the port value to 8758 or 8755, and then start the Connector Server. The default location of the ConnectorServer.exe.Config file is C:\Program Files\Identity Connectors\Connector Server.
  Ref: http://docs.oracle.com/cd/E22999_01/doc.111/e20347/trbleshoot.htm
  If you still face the issue then try changing Port and Time wait registry values(Take registry backup before making any changes to registry):
  Changing the Dynamic Port Range
  Open regedit.
  Open key HKLM\System\CurrentControlSet\Services\Tcpip\Parameters
  Edit (or create as DWORD) the MaxUserPort value.
  Set it to a higher number. (i.e. 65534)
  Changing the TIME_WAIT delay
  Open regedit.
  Open key HKLM\System\CurrentControlSet\Services\Tcpip\Parameters
  Edit (or create as DWORD) the TCPTimeWaitDelay.
  Set it to a lower number. Value is in seconds. (i.e. 60 for 1 minute delay)
  Thanks and Regards,
  Chinni

• OIM 11g issues with design console, creating resource

  Hi All,
  I have installed OIM 11g, OAM 11g.
  I am facing issues while starting design console or creating a resouce.
  <Sep 2, 2010 9:30:53 PM GMT+05:30> <Error> <XELLERATE.SCHEDULER.TASK> <BEA-0000
  0> <Error while calling reissue on AUD_JMS messages
  com.thortech.xl.dataaccess.tcClientDataAccessException:
  at com.thortech.xl.dataaccess.tcDataBaseClient.getDatabaseProductName(t
  DataBaseClient.java:944)
  at com.thortech.xl.schedule.tasks.ReIssueAuditMessage.processAllByIdent
  fier(ReIssueAuditMessage.java:87)
  at com.thortech.xl.schedule.tasks.ReIssueAuditMessage.execute(ReIssueAu
  itMessage.java:78)
  at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.execute(SchedulerB
  seTask.java:384)
  at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:144)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl
  java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcce
  sorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:16
  at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
  at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.
  ava:529)
  >
  <Sep 2, 2010 9:30:53 PM GMT+05:30> <Error> <XELLERATE.DATABASE> <BEA-000000> <Cl
  ass/Method: tcDataBaseClient/bindToInstance encounter some problems: java.lang.A
  ssertionError: Can only export activatable objects
  oracle.iam.platform.utils.ServiceInitializationException: java.lang.AssertionErr
  or: Can only export activatable objects
  at oracle.iam.platform.Platform.getService(Platform.java:264)
  at oracle.iam.platform.OIMInternalClient.getService(OIMInternalClient.ja
  va:152)
  at com.thortech.xl.dataaccess.tcDataBaseClient.bindToInstance(tcDataBase
  Client.java:151)
  at com.thortech.xl.dataaccess.tcDataBaseClient.<init>(tcDataBaseClient.j
  ava:75)
  at com.thortech.xl.server.tcDataBaseClient.<init>(tcDataBaseClient.java:
  33)
  at com.thortech.xl.client.dataobj.tcDataBaseClient.<init>(tcDataBaseClie
  nt.java:67)
  Please help

  You need to copy the files from the linux box to a windows box and change the startup paramaters to meet that of a Windows machine.
  I have the following files once moved to my windows machine:
  basecp.bat:
  >
  set CLASSPATH=.;.\lib\oimclient.jar;.\lib\iam-platform-auth-client.jar;.\lib\iam-platform-pluginframework.jar;.\lib\iam-platform-utils.jar;.\lib\iam-platform-context.jar;.\lib\XellerateClient.jar;.\lib\xlAPI.jar;.\lib\xlLogger.jar;.\lib\xlVO.jar;.\lib\xlUtils.jar;.\lib\xlCrypto.jar;.\lib\xlAuthentication.jar;.\lib\xlDataObjectBeans.jar;.\ext\log4j-1.2.8.jar;.\ext\jhall.jar;
  >
  classpath.bat:
  >
  call basecp.bat
  set CLASSPATH=%CLASSPATH%;.\ext\spring.jar;.\ext\security-api.jar;.\ext\commons-logging.jar;.\ext\logging-utils.jar;.\ext\jakarta-oro-2.0.8.jar;.\ext\bsh.jar;.\ext\mail.jar;.\ext\jboss-j2ee.jar;.\ext\jboss-jaas.jar;.\ext\jbosssx.jar;.\ext\jts.jar;.\ext\jbossall-client.jar;.\ext\concurrent.jar;.\ext\getopt.jar;.\ext\gnu-regexp.jar;.\ext\jacorb.jar;.\ext\jboss-client.jar;.\ext\jboss-common-client.jar;.\ext\jbosscx-client.jar;.\ext\jbossha-client.jar;.\ext\jboss-iiop-client.jar;.\ext\jbossjmx-ant.jar;.\ext\jboss-jsr77-client.jar;.\ext\jbossmq-client.jar;.\ext\jboss-net-client.jar;.\ext\jbosssx-client.jar;.\ext\jboss-system-client.jar;.\ext\jboss-transaction-client.jar;.\ext\jcert.jar;.\ext\jmx-connector-client-factory.jar;.\ext\jmx-ejb-connector-client.jar;.\ext\xdoclet-module-jboss-net.jar;.\ext\jsse.jar;.\ext\jnet.jar;.\ext\jmx-rmi-connector-client.jar;.\ext\jmx-invoker-adapter-client.jar;.\ext\jnp-client.jar;.\ext\wlfullclient.jar;.\ext\webserviceclient+ssl.jar;.\ext\sas.jar;.\ext\oc4jclient.jar;.\ext\ejb.jar;.\ext\oscache.jar;.\ext\commons-logging.jar;.\ext\javagroups-all.jar
  >
  xlclient.cmd:
  >
  @echo off
  setlocal
  call classpath
  REM SET DEBUG_OPTS=-classic -Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5001 -DXL.RedirectSysOutErrToFile=TRUE -DXL.SysOutErrLogFile=.\logs\Client.System.Out.Err.log
  REM Make sure to remove java.naming.provider.url and read it from the configuration
  REM once the JNDI Profiles are implemented.
  REM make sure you are using j2sdk1.4.2_05
  "C:\jdk1.6.0_22\bin\java" %DEBUG_OPTS% ^
       -DXL.ExtendedErrorOptions=TRUE -DXL.HomeDir=C:\oracle\oim1_11g\designconsole ^
       -Djava.security.policy=config\xl.policy ^
       -Dlog4j.configuration=config\log.properties ^
       -Dweblogic.security.SSL.trustedCAKeyStore=%TRUSTSTORE_LOCATION% ^
       -Djava.security.manager -Djava.security.auth.login.config=config\authwl.conf ^
       com.thortech.xl.client.base.tcAppWindow -server server
  endlocal
  >
  See if this works.
  -Kevin

• Issue with deleting a group using Request APIs in OIM 11g R1

  Hi,
  I am facing an issue with Request Based provisioning in OIM 11g R1.
  I am currently testing a scenario where i have imported a data set for 'Modify Provisioned Resource' and am able to add a group/entitlement to an already provisioned resource by using the following code :
          RequestBeneficiaryEntityAttribute childEntityAttribute= new RequestBeneficiaryEntityAttribute();
          childEntityAttribute.setName("AD User Group Details");
          childEntityAttribute.setType(TYPE.String);
          List<RequestBeneficiaryEntityAttribute> childEntityAttributeList=new ArrayList<RequestBeneficiaryEntityAttribute>();
          RequestBeneficiaryEntityAttribute attr = new RequestBeneficiaryEntityAttribute("Group Name", <group>,                                                                       RequestBeneficiaryEntityAttribute.TYPE.String);
          childEntityAttributeList.add(attr);
          childEntityAttribute.setChildAttributes(childEntityAttributeList);
          childEntityAttribute.setAction(RequestBeneficiaryEntityAttribute.ACTION.Add);
          beneficiaryEntityAttributeList = new ArrayList<RequestBeneficiaryEntityAttribute>();   
          beneficiaryEntityAttributeList.add(childEntityAttribute);
          beneficiarytEntity.setEntityData(beneficiaryEntityAttributeList);
  This works fine for adding a group but if i try to remove a group by changing the action to Delete in the same code, the request fails. The only change made is in the following line:
  childEntityAttribute.setAction(RequestBeneficiaryEntityAttribute.ACTION.Delete);
  Could you please suggest where can this possibly be wrong.
  Thanks for your time and help

  Hi BB,
  I am trying to follow up your response.
  You are suggestng to use prepopulate adapter for to populate respource object name, that means We have to just use an sql query from obj tabke to get the resource object name. right ?? it could be like below, what should I have entity-type value here ??
  <AttributeReference name="Field1" attr-ref="act_key"
  available-in-bulk="false" type="Long" length="20" widget="ENTITY" required="true"
  entity-type="????"/>
  <PrePopulationAdapter name="prepopulateResurceObject"
  classname="my.sample.package.prepopulateResurceObject" />
  </AttributeReference>
  <AttributeReference name="Field2" attr-ref="Field2" type="String" length="256" widget="lookup-query"
  available-in-bulk="true" required="true">
  <lookupQuery lookup-query="select lkv_encoded as Value,lkv_decoded as Description from lkv lkv,lku lku
  where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.xxx.BO.Field2'
  and instr(lkv_encoded,concat('$Form data.Field1', '~'))>0" display-field="Description" save-field="Value" />
  </AttributeReference>
  Then I need think about the 'Lookup.xxx.BO.Field2' format.
  Could you please let me know if my understanding is correct?? What is the entity-type value of the first attribute reference value?
  Thanks for your all help.

• OIM 11g (11.1.1.5.0) issue with AD connector after importing into new env

  OIM 11g 11.1.1.5.0
  I had exported the AD connector from our Dev environment and imported it into Test. When I try to assign the AD resource to a user, provisioning is stuck on the AD Create User adapter, specifically the isADAM Task.
  I'm assuming something isn't populated in the IT resource or there is a disconnect in the tables after the import. The IT Resource config looks identical to the Dev env, isADAM = no. The group and org recon jobs run fine and it gets past the server validation task.
  If anyone can point me in the right direction to resolve this, I would greatly appreciate it.
  Here are the errors received:
  Class/Method: tcAdpEvent/getITAttrVal encounter some problems: Could not find IT asset value for Svr_key = 0 and attribute = isADAM
  Class/Method: tcAdpEvent/getITAttrVal encounter some problems: Could not find attibute value for IT Resource Key = 0 and attribute = isADAM
  com.thortech.xl.dataobj.util.tcAdapterTaskException: DATA_ERROR
  at com.thortech.xl.adapterfactory.events.tcAdpEvent.getITAttrVal(tcAdpEvent.java:1937)
  at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADCSCREATEUSER.ISADAM(adpADCSCREATEUSER.java:105)
  at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADCSCREATEUSER.implementation(adpADCSCREATEUSER.java:60)
  at com.thortech.xl.client.events.tcBaseEvent.run(tcBaseEvent.java:196)
  at com.thortech.xl.dataobj.tcDataObj.runEvent(tcDataObj.java:2492)
  ...

  This has been fixed. For reference, we had a slightly different resource name in the AD Server prepopulate adapter which was causing issues even if the correct ad server was selected in the user form.

• Issue in adapters mapping in OIM 11g

  Hi,
  I am having the issue in adapters mapping in OIM 11g.....
  I had created an Entity Adapter using utility task in OIM... and I had attached it to post update of users form in data object manager.... But when I am trying to map the adapter variables.... it shows me two fields in map to field (Literal and Entity field) and when I select the entity field.. I am not able to see any thing in qualifier field...as there should be fields of user form so that I can map the adapter variables with user form fields...
  I am not able to troubleshoot why is it so....I had restarted the server again but no solution...
  Can anybody help me to resolve the issue??
  Regards,
  Anil

  Hi Rajiv,
  Actually my issue is not that entity adapter will work or not.... But issue is I am not able to map the adapter variables.... there should be user forms fields shown during mapping of entity adapter...... so that i can map the adapters variables...

• OIM 11g Plugin - Third Party Jars : Classloader issue

  Hi All,
  I am having a Plugins.zip under middleware/Oracle_IDM1/server/plugins folder.  [OIM 11g R2]
  This gets invoked from a schedule job.
  I have third party Jars (axis.jar) within Plugins.zip/lib. My code within Plugins.zip calls Thrid Party APIs.
  Now the issue is:
  The APIs (within axis.jar) do not seem to find property files from within their own JARS.
  These property files are within their own Third Party Jars and the Third Party APIs should be able to access them by default. I have tested these APIs from stand alone clients and web clients, they work perfectly.
  But within the Plugins.zip, these third party APIs do not seem to find property files from within their own JARs.
  Looks like some class loader issue. Something must be getting messed up in the way the Third Party JARs from within the Plugins.zip/lib are loaded.
  Has anyone faced similar issue.
  Any suggestions please?
  Thanks,
  Sandeep

  I placed the required JARs under middleware/Oracle_IDM1/server/ThirdParty.
  I also executed UploadJars utility for required JARs.
  I have also added to server startup path : .../middleware/Oracle_IDM1/server/ThirdParty/axis.jar.
  But I still get the following Error:
  java.lang.ExceptionInInitializerError
  Caused By: java.util.MissingResourceException: Cannot find resource 'org.apache.axis.i18n.resource'
  I'm calling axis APIs from my code. The resource "org/apache/axis/i18n/resource.properties" is clearly present inside axis.jar.
  My client works when executed outside of Plugins.zip.
  Please see the full stack trace below:
  java.lang.ExceptionInInitializerError
          at org.apache.axis.utils.Messages.<clinit>(Messages.java:36)
          at org.apache.axis.configuration.EngineConfigurationFactoryFinder$1.run(EngineConfigurationFactoryFinder.java:144)
          at java.security.AccessController.doPrivileged(Native Method)
          at org.apache.axis.configuration.EngineConfigurationFactoryFinder.newFactory(EngineConfigurationFactoryFinder.java:113)
          at org.apache.axis.configuration.EngineConfigurationFactoryFinder.newFactory(EngineConfigurationFactoryFinder.java:160)
          at org.apache.axis.client.Service.getEngineConfiguration(Service.java:813)
          at org.apache.axis.client.Service.getAxisClient(Service.java:104)
          at org.apache.axis.client.Service.<init>(Service.java:113)
          at org.my.company.webservice.SecurityQASyncWS_ServiceLocator.<init>(SecurityQASyncWS_ServiceLocator.java:12)
          at org.my.company.webservice.SecurityQASyncWSClient.invoke(SecurityQASyncWSClient.java:31)
          at com.my.company.idm.xl.schedule.tasks.SecurityQASynchronization.processBatch(SecurityQASynchronization.java:561)
          at com.my.company.idm.xl.schedule.tasks.SecurityQASynchronization.execute(SecurityQASynchronization.java:222)
          at oracle.iam.scheduler.vo.TaskSupport.invokeExecute(TaskSupport.java:183)
          at oracle.iam.scheduler.vo.TaskSupport.access$000(TaskSupport.java:40)
          at oracle.iam.scheduler.vo.TaskSupport$1.processWithoutResult(TaskSupport.java:143)
          at oracle.iam.platform.tx.OIMTransactionCallbackWithoutResult.process(OIMTransactionCallbackWithoutResult.java:9)
          at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:13)
          at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:6)
          at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:128)
          at oracle.iam.platform.tx.OIMTransactionManager.execute(OIMTransactionManager.java:22)
          at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:125)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
          at java.lang.reflect.Method.invoke(Method.java:606)
          at oracle.iam.scheduler.impl.quartz.QuartzJob$TaskExecutionAction.run(QuartzJob.java:268)
          at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
          at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
          at weblogic.security.Security.runAs(Security.java:41)
          at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
          at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:77)
          at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
          at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
  Caused By: java.util.MissingResourceException: Cannot find resource 'org.apache.axis.i18n.resource'
          at org.apache.axis.i18n.ProjectResourceBundle.getBundle(ProjectResourceBundle.java:288)
          at org.apache.axis.i18n.MessagesConstants.<clinit>(MessagesConstants.java:32)
          at org.apache.axis.utils.Messages.<clinit>(Messages.java:36)
          at org.apache.axis.configuration.EngineConfigurationFactoryFinder$1.run(EngineConfigurationFactoryFinder.java:144)
          at java.security.AccessController.doPrivileged(Native Method)
          at org.apache.axis.configuration.EngineConfigurationFactoryFinder.newFactory(EngineConfigurationFactoryFinder.java:113)
          at org.apache.axis.configuration.EngineConfigurationFactoryFinder.newFactory(EngineConfigurationFactoryFinder.java:160)
          at org.apache.axis.client.Service.getEngineConfiguration(Service.java:813)
          at org.apache.axis.client.Service.getAxisClient(Service.java:104)
          at org.apache.axis.client.Service.<init>(Service.java:113)
          at org.my.company.webservice.SecurityQASyncWS_ServiceLocator.<init>(SecurityQASyncWS_ServiceLocator.java:12)
          at org.my.company.webservice.SecurityQASyncWSClient.invoke(SecurityQASyncWSClient.java:31)
          at com.ets.idm.xl.schedule.tasks.SecurityQASynchronization.processBatch(SecurityQASynchronization.java:561)
          at com.ets.idm.xl.schedule.tasks.SecurityQASynchronization.execute(SecurityQASynchronization.java:222)
          at oracle.iam.scheduler.vo.TaskSupport.invokeExecute(TaskSupport.java:183)
          at oracle.iam.scheduler.vo.TaskSupport.access$000(TaskSupport.java:40)
          at oracle.iam.scheduler.vo.TaskSupport$1.processWithoutResult(TaskSupport.java:143)
          at oracle.iam.platform.tx.OIMTransactionCallbackWithoutResult.process(OIMTransactionCallbackWithoutResult.java:9)
          at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:13)
          at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:6)
          at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:128)
          at oracle.iam.platform.tx.OIMTransactionManager.execute(OIMTransactionManager.java:22)
          at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:125)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
          at java.lang.reflect.Method.invoke(Method.java:606)
          at oracle.iam.scheduler.impl.quartz.QuartzJob$TaskExecutionAction.run(QuartzJob.java:268)
          at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
          at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
          at weblogic.security.Security.runAs(Security.java:41)
          at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
          at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:77)
          at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
          at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)

• Issues with offline provisioning in OIM 11G

  We are facing an issue with OIM 11G where we are trying to provision few resources via offline provisioning. Ths issue is that when I do a provisioning/disable/enable on the resource the status of the resource says something like "provisioning in queue/Disable in queue/Enable in queue". This is not happenning all the time but seems to be consistent when I repeatedly disable/enable the resource. Once the status of hte resource remains "in queue" it is never changed back to the actual status which says provisioned/disabled/enabled. Can anyone provide me an insight of what is happenning here and how the offline events are processed within OIM? Is there any way to get the status of the resource back to normal? Please let me know.
  Thanks!

  Check
  http://docs.oracle.com/cd/E14899_01/doc.9102/e14761/offline_prov.htm
  Configuring the Remove Failed Off-line Messages Scheduled Task
  Configure the Remove Failed Off-line Messages scheduled task to schedule deletion of failed requests from the OPS table. While configuring this scheduled task, set a value for the Remove Failed Messages Older Than (days) attribute.
  Regards
  Shashank

• OIM 11g - Issue with Bulk Load Utility for Account Data

  Hi,
  We are trying to load the account data for users in OIM 11g using bulk load utility.
  We are trying to load the account data for resource "iPlanet". For testing purpose, we made one account entry in csv file and run the bulk load utility. After the bulk load process completes, we have noticed that resource is provisioned to the user multiple times and multiple entries have been created in process form table.
  We have tried to run the utility multiple times with a different user record each time.
  The out put of the below sql query:
  SELECT MSG FROM OIM_BLKLD_LOG
  WHERE MODULE = 'ACCOUNT' AND LOG_LEVEL = 'PROGRESS_MSG'
  ORDER BY MSG_SEQ_NO;
  is coming as follows:
  MSG
  Number of Records Loaded: 126
  Number of Records Loaded: 252
  Number of Records Loaded: 504
  Number of Records Loaded: 1008
  Number of Records Loaded: 2016
  Number of Records Loaded: 4032
  We have noticed that each time the number of records loaded is increased to double from the records loaded in last run even when the csv file contains only one record.
  Provided below are the parent and child csv file entries.
  Parent file:
  UD_IPNT_USR_USERID,UD_IPNT_USR_FIRST_NAME,UD_IPNT_USR_LAST_NAME,UD_IPNT_USR_COMMON_NAME,UD_IPNT_USR_NSUNIQUEID
  KPETER,Peter,Kevin,Peter Kevin,
  Child file 1:
  UD_IPNT_USR_USERID,UD_IPNT_GRP_GROUP_NAME
  KPETER,group1
  Child file 2:
  UD_IPNT_USR_USERID,UD_IPNT_ROL_ROLE_NAME
  KPETER,role1
  Can you please throw some insight on what could be the potential cause for this issue and how it could be resolved?
  Thanks
  Deepa
  Edited by: user10955790 on Jun 25, 2012 6:45 AM

  Hi Deepa,
  I know from 'User load' perspective that is required to restart Oracle Identity Manager when we need to reload data that was not loaded during the first run.
  So, my suggestion is restart it before reload.
  Reference: http://docs.oracle.com/cd/E21764_01/doc.1111/e14309/bulkload.htm#CHDEICEH
  I hope this helps,
  Thiago Leoncio.

• OIM-AD connector Issues in OIM 11g

  Hi
  We are trying to provision user from OIM 11G to AD using Administration Tab of Admin Console.
  As part of ADITResource configuration , follwoing fields are included.In the Enterprise manager OIM server log, we are getting the below error message.
  Error Message In Enterprise manager OIM server log -
  Module     OIMCP.ADCS
  Thread ID     [ACTIVE].ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'
  Message     com.thortech.xl.integration.ActiveDirectory.tcUtilADTasks : createUser : Wrong Value Specified in Root Context of IT ResourceOr Organization DN_
  However, in Admin console Selfservice-->Task-->Provisioning -->Shows error as
  Response:Connection Error encountered
  Response Description:     Error encountered while connecting to target system
  We have sucessfully tested the connection using Diagnoistic Dashboard (XIMDD) & Ldap Browser.
  IT Resource Details-
  Parameter                               Value
  AD Sync installed (yes/no)                     no
  ADAM LockoutThreshold Value                5
  ADDisableAttr Lookup Definition                Lookup.ADProvisioning.DisableAttrLookup
  ADGroup LookUp Definition                     Lookup.ADReconciliation.GroupLookup
  Abandoned connection timeout                600
  Admin FQDN                               cn=administrator,cn=Users,dc=example,dc=com
  Admin Login                               administrator
  Admin Password                          ********
  Allow Password Provisioning                     yes
  AtMap ADGroup                          AtMap.ADGroup
  AtMap ADUser                               AtMap.AD
  AtMap Group                               AtMap.ADGroup
  Atmap ADOrg                               AtMap.ADOrg
  Backup Server URL                          [NONE]
  Connection pooling supported                false
  Connection wait timeout                     100
  Custom Attribute Name      
  CustomizedReconQuery      
  Inactive connection timeout                     600
  Initial pool size                               1
  Invert Display Name                          no
  LDAP Connection Timeout                     30000
  Last Modified Time Stamp                     0
  Last Modified Time Stamp Group                0
  Max pool size                               30
  Min pool size                               2
  Native connection pool class definition      
  OIM User UDF      
  Pool excluded fields      
  Pool preference                               Default
  Port Number                               389
  Remote Manager Prov Lookup                AtMap.AD.RemoteScriptlookUp
  Remote Manager Prov Script Path      
  ResourceConnection class definition           com.thortech.xl.integration.ActiveDirectory.ADResourceConnectionImpl
  Root Context                               dc=example,dc=com
  SSL Port Number                          636
  Server Address                               WIN-PEUB23TMMT4.example.com
  Target Locale: Country                     US
  Target Locale: Language                     en
  Target Locale: TimeZone                     GMT
  Target supports only one connection           false
  Timeout check interval                     100
  UPN Domain                               example.com
  Use Disable Attr                          false
  Use SSL                               false
  Validate connection on borrow                true
  isADAM                               no
  isUserDeleteLeafNode                          no
  For Organization we have selected ou=Test,dc=example,dc=com in our lookup defination
  Please suggest....
  Thanks

  It's not Key, it's the Scheduled Task attribute "IT Resource Name"
  Documentation: http://download.oracle.com/docs/cd/E11223_01/doc.910/e11197/using_conn.htm#CHDFBAAC
  Here is the documentation on the lookup format: http://download.oracle.com/docs/cd/E11223_01/doc.910/e11197/intro.htm#CHDHCCJD
  -Kevin

• OIM 11g R2 installation Issue. OIM Schema creation failed using RCU 11.1.2

  I have been trying to install OIM 11g R2 on a Windows server 2008 R2 64 Bit and have been encountering the following error during the OIM schema creation. The other schemas, such as Metadata, SOA, user messaging services and other associated schema creation was successful. But, the OIM schema creation was taking more than 2 minutes and finally it fails with the below error.
  RCU-6130: Action failed
  RCU-6135: Error while trying to execute java action.
  Components used:
  OS: Windows Server 2008 R2 64 Bit
  DBS: 11gR2 (11.2.0.1)
  RCU: 11.1.2
  The first error occured was ora-12637 packet receive failed followed by Table or View does not exist. I could not fetch much information from the oim and rcu.log.
  I have set the processes, open_cursors and session_cached_cursors as suggested in the preinstallation step of OIM 11g R2 installation.
  Any pointers on this will be highly appreciated.
  Thanks,
  Srini

  Copy the msvcr71.dll file from rcuHome\jdk\jre\bin inside rcu installer and paste it in C:\Windows\SysWOW64.
  Try running the rcu again with the new user i.e. instead of DEV_OIM, run it with DEV_OIM1.
  Or drop the DEV_OIM user first and then use the same user.

• ESSO PG Connector Issue in OIM 11G

  I setup ESSO Provision Gateway Connector in OIM 11G.
  But during "add credential task" I get error:
  "*The add_credential execution failed. Error: Error in sending instruction from provisioning manager in Api Command (400) Bad Request. Add Credential Command failed to get invoked*".
  In Event Log of the Windows Server 2008 with the Provision Gateway I saw:
  "*Unexpected end tag. Line 6, position 1015*", "*server cannot clear headers after http headers have been sent*".
  It means a syntax error in xml request of connector to web-service of Provision Gateway.
  Wireshark shows me sent xml-request:
  "<?xml version="1.0" encoding="UTF-8"?>
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <soapenv:Header>
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
  <wsse:UsernameToken><wsse:Username>cn=adm,o=petro</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">12345678</wsse:Password><wsse:Nonce>QFJ903k1GFWnAoqZ/Npijg==</wsse:Nonce><wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2010-12-07T11:47:02.502Z</wsu:Created></wsse:UsernameToken></wsse:Security></soapenv:Header><soapenv:Body><AddCredential xmlns="http://passlogix.com/UP/"><strRequest>&lt;?xml version = '1.0' encoding = 'UTF-8'?&gt;
  &lt;addRequest&gt;&lt;attributes&gt;&lt;attr name="objectclass"&gt;&lt;value&gt;urn.oasis.names.tc:SPML:1:0#GenericString&lt;/value&gt;&lt;/attr&gt;&lt;attr name="provisioningAgent"&gt;&lt;value&gt;Provisioning Agent&lt;/value&gt;&lt;/attr&gt;&lt;attr name="ssoUserId"&gt;&lt;value&gt;SGP63234&lt;/value&gt;&lt;/attr&gt;&lt;attr name="creationTime"&gt;&lt;value&gt;2010-12-07 11:47:02.491Z&lt;/value&gt;&lt;/attr&gt;&lt;attr name="executionTime"&gt;&lt;value&gt;2010-12-07 11:47:02.490Z&lt;/value&gt;&lt;/attr&gt;&lt;attr name="applicationId"&gt;&lt;value&gt;SAP&lt;/value&gt;&lt;/attr&gt;&lt;attr name="userId"&gt;&lt;value&gt;EBELOV&lt;/value&gt;&lt;/attr&gt;&lt;attr name="description"&gt;&lt;value&gt;SAP&lt;/value&gt;&lt;/attr&gt;&lt;attr name="password"&gt;&lt;value&gt;Q123&lt;/value&gt;&lt;/attr&gt;&lt;attr name="thirdField"&gt;&lt;value&gt;888&lt;/value&gt;&lt;/attr&gt;&lt;/attributes&gt;&lt;/addRequest&gt;</strRequest></AddCredential></soapenv:Body></soapenv:Envelope>*</#document>*"
  I saved it to xml-file and opened in Internet Explorer and there was error.
  Then I decided to watch the view of this request in OIM 9.1.0.2 to compare with request in OIM 11G.
  I found out next one:
  the main difference was in last tag "*</#document>*".
  I take this tag off from xml-file, taken from request of OIM 11G and saved the file.
  Edited xml-file was correct.
  Is it error in connector or in OIM 11G?How to solve it?Can anyone help me?

  Hi!
  I get the same error during Add Credential task with the ESSO PG connector in OIM 11g.....
  The add_credential execution failed. Error: Error in Sending instruction from the provisioning manager in API Command  (400)Bad Request.
  com.passlogix.integration.provision.client.CommandInvocationException: Error in Sending instruction from the provisioning manager in API Command  (400)Bad Request
  Where I can check the xml file?
  You could solve the problem?
  Thanks in advance!!!

• OIM 11g R2-Issue while configuring oim domain in weblogic

  Hi,
  I'm trying to install OIM 11g R2 version and downloaded the entire suit from edelivery site.
  Oracle DB version: Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
  Others like Weblogic, RCU and IdM suite versions are 11g R2 downloaded from edelivery site
  When i try to configure domain for OIM in weblogic, getting the below exception which is returning no rows
  Component Schema=OIM Schema
  Driver=oracle.jdbc.OracleDriver
  URL=jdbc:oracle:thin:@localhost:1521/orcl
  User=DEV5_OIM
  Password=**********
  SQL Test=select 1 from schema_version_registry where owner=(select user from dual) and mr_type='OIM' and version='11.1.2.0.0'
  **CFGFWK-60850: Test Failed!**
  **CFGFWK-60853: A connection was established to the database but no rows were returned from the test SQL statement.**

  Hi,
  It's likely that you need to Install/update the OIM schema by using the RCU. Its looking for the condition of the (where version =11.1.2.0.0) though it's not finding that version
  -- What OIM schema is installed?
  http://app-security.blogspot.com/2012/01/quick-oim-tip-finding-out-oim-version.html
  Regards,
  Daniel