JSR168 User Attributes -- testing under JSC

I'm writing a JSR-168 portlet that will receive a user attribute from the portal container that it's running under.
So far, thought, I'm not having any luck finding a place I can configure dummy user attributes into JSC for testing. Should they fit in somehow in one of the tabs in the Deployment Descriptor editor?

Yes, I've been over that document several times -- it's printed out and lying on the desk next to me, in fact.
However...I'm still a little fuzzy on two particular points that I don't think are directly covered:
(1) Accessing the USER_INFO map provided by my portal container (section PLT.17 of the JSR 168 specification). I understand this to be completely distinct from portlet preferences, unless JSC2 is doing something behind the scenes to merge the two. Since the USER_INFO map is a component of the PortletRequest, I think the code in Mr. Botterill's document gets me close enough to work things out there. However...
(2) Assuming that I've got the USER_INFO code figured out in my portlet, how do I configure the JSC2 portlet test environment to populate a USER_INFO map so that I can verify that everything's working correctly?

Similar Messages

URGENT! I need help on LDAP - Finding deleted users Attribute "sAMAccount"

Hi,
I am trying to get deleted users from Active Directory after a certain interval. Every time only the differences in the result will be shown. Also I need to get the value of the specific attribute called "sAMAccount" every time for each user(in the result).
I am using polling here.
*if (localCookie == null) {*
 // Specify the DirSync Control
 *Control[] ctls = new Control[] { new DirSyncControl() };*
 ctx.setRequestControls(ctls);
 *} else {*
 // Specify the DirSync Control with cookie
 *Control[] ctls = { new DirSyncControl(1, Integer.MAX_VALUE, localCookie, true) };*
 ctx.setRequestControls(ctls);
rspCtls = ctx.getResponseControls();
*if (rspCtls != null) {*
 *for (int i = 0; i < rspCtls.length; i++) {*
 *if (rspCtls[i] instanceof DirSyncResponseControl) {*
 *DirSyncResponseControl rspCtl = (DirSyncResponseControl) rspCtls;*
 localCookie = rspCtl.getCookie();
The typical problem I am facing here is 2nd iteration onwards the result is not fetching the attribute "sAMAccount".
Please suggest the possible reason and solution.

String searchBase = "DC=test,DC=com";
String searchString = "(&(objectClass=user)(|(givenName=*)(isDeleted=TRUE)))";
String url = "ldap://jbaitest.test.com:389";
String initCntxtFact = "com.sun.jndi.ldap.LdapCtxFactory";
String login= "CN=Administrator,CN=Users,DC=TEST,DC=COM";
String passwd = "welcome@1";
byte[] localCookie = AdPolling.getCookie();
try {
 Hashtable<String, String> env = new Hashtable<String, String>();
 env.put(Context.INITIAL_CONTEXT_FACTORY, initCntxtFact);
 env.put(Context.SECURITY_AUTHENTICATION, AdConstant.SECURITY_AUTH_TYPE_SIMPLE);
 env.put(Context.SECURITY_PRINCIPAL, login);
 env.put(Context.SECURITY_CREDENTIALS, passwd);
 env.put(Context.PROVIDER_URL, url);
 LdapContext ctx = new InitialLdapContext(env, null);
 SearchControls searchCtls = new SearchControls();
 String returnedAtts[] = null;
 searchCtls.setReturningAttributes(returnedAtts);
 searchCtls.setReturningObjFlag(true);
 searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
 if (localCookie == null) {
 Control[] ctls = new Control[] { new DirSyncControl() };
 ctx.setRequestControls(ctls);
 } else {
 // Specify the DirSync Control with cookie
 Control[] ctls = { new DirSyncControl(1, Integer.MAX_VALUE, localCookie, true) };
 ctx.setRequestControls(ctls);
 NamingEnumeration enumSearchResult = ctx.search(searchBase, searchString, searchCtls);
 AdRestClientConnector adRestCon = populateUsers(enumSearchResult); // Method to get the different attribute values
 rspCtls = ctx.getResponseControls();
 if (rspCtls != null) {
 for (int i = 0; i < rspCtls.length; i++) {
 if (rspCtls[i] instanceof DirSyncResponseControl) {
 DirSyncResponseControl rspCtl = (DirSyncResponseControl) rspCtls;
 localCookie = rspCtl.getCookie();
AdPolling.setCookie(localCookie);
} catch (NamingException e) {
 log.error(AdConstant.ERROR_SEARCHING_DIR_PROBLEM + e);
} catch (Exception e) {
 log.error(AdConstant.ERROR_SEARCHING_DIR_PROBLEM + e);

OIM 11g: UDF disappears from User Attributes page

Hi,
I was modifying a user defined attribute using the 11.1.1.3 User Attributes configuration page. All I did was change its category to move it to another section of the user profile page. The last remaining field in the category 'disappeared'. It just went from the list of fields in the category. The field still exists on the USR object and still contains all the values. But it's gone from the UI.
I exported the /file/User.xml from MDS and sure enough the missing attribute is not present in the User.xml file. It is there for the mapping to the back end column, and in another element. But the element that describes the field proper is not there. I've since added the attribute element back in manually and re-imported the metadata using the weblogic environment manager, but the field still does not appear.
So, my question is does anybody know where else OIM stores the attribute details? Is it in the DB somewhere and merely mirrored in the MDS? What do I need to do to restore the field? (I can't add it in because it says it already exists.)
Thanks

PeachEye,
I was unable to see the UDF's I had created on the user form until I set up a policy for them. Please check the policy around the UDF's.
I am hoping this can help you.
From Oracle documentation:
User's Guide for Oracle Identity Manager
11g Release 1 (11.1.1)
E14316-03
User-defined fields (UDFs) can be added by creating a policy and
adding attributes in the self service user management
administration policy in Oracle Identity Administration. To add
the User defined attributes for view or modification under the
Attributes tab, these UDFs need to be added to the modify user
data set for self-service. Also, a custom policy needs to be created
under self service user management to grant permission to view
and/or modify these attributes.
For details on authorization policies, refer "Creating and Managing
Authorization Policies" on page 15-2.

Updating values dynamically in an user attribute which is lookup field

Hi All,
Can I have a pre process event handler to update the values in the lookup field on my create user page? I have two user attributes - one is the default organization and the other is a user created Country attribute. Both of these are Lookup fields. I want to update the country lookup field by checking what is selected in the organization lookup field. Is this possible in OIM?
Not sure if pre process event handler is the way to go but this is what I want to achieve. Can anybody guide me regarding the same?
Thanks,
$id

OK, here's my shot at a walkthrough... let me know if I missed any steps.
1. From your original post, you are using two lookup fields. I'm use a base VM for testing, so I needed to create two. I went with City and State (I know they are OOB, but this is just an example).
- Created Lookup.Custom.City and Lookup.Custom.State Samples:
Lookup.Custom.City
Code Key-Decode
Miami-Florida
Orlando-Florida
New Orleans-Louisiana
Lookup.Custom.State
Code Key-Decode
Florida-Florida
Lousiana-Louisiana
- Creating Custom UDF Attributes: Advanced->User Configuration->Actions->User Attributes (LOV's)
-- Office City and Office State
2. Use weblogicExportMetadata.sh to export /metadata/iam-features-requestactions/model-data/CreateUserDataSet.xml
3. Edit CreateUserDataSet.xml to add:
<AttributeReference name="Office State" attr-ref="Office State" available-in-bulk="false" type="String" length="20" widget="lookup" lookup-code="Lookup.Custom.State" required="false" mls="false"/>
<AttributeReference name="Office City" attr-ref="Office City" type="String" length="30" widget="lookup-query" available-in-bulk="false">
<lookupQuery lookup-query="select City.LKV_ENCODED as City from (Select LKV_ENCODED , LKV_DECODED from LKU LKU, LKV LKV where lku_type_String_key = 'Lookup.Custom.City' and lku.lku_key = lkv.lku_key) City, (Select LKV_ENCODED, LKV_DECODED from LKU LKU, LKV LKV where lku_type_String_key = 'Lookup.Custom.State' and lku.lku_key = lkv.lku_key and lkv_decoded='$Form Data.Office State') State where State.LKV_ENCODED = City.LKV_DECODED order by City" display-field="City" save-field="City"/>
</AttributeReference>4. Use weblogicImportMetadata.sh to import CreateUserDataSet.xml
5. Run ./PurgeCache ALL (same directory)
6. Go to request - create user (this example is for request based provisioning)
7. If all went ok, when you select State, let's say Florida, then when you then click on city lookup, you will only see Orlando and Miami. If you toggle the state to Louisiana, you'll need to click search again on city and New Orleans should be the only one that comes up.

User attributes checked by Delta Discovery in SCCM 2012

Hi All,
Since I simply cannot find an answer to my question using google, will ask it here and hope you can help me.
Which EXACT User attributes does Delta Discovery check for in SCCM 2012? Is it possible to manipulate this, and add one more attribute?
Microsoft's answer to this question is a simple: Basic User Information, but that not an exact answer.
Here is the deal. We updated the extensionAttribute12 with computernames, so that we know what the primary device for a User is (I know this feature is present in CM12, but we will not use it for reasons). This information will be collected by User Discovery
and by using a nested query in the device collection, the Primary device will be added to it. This works like a charm, the only issue is time. We need that value to be checked by delta discovery if it has been changed, however this only works with FULL discovery
which is set to 1 week. If I lower this value that might cause serious backlogs, as the jobs get piled up in the inboxes due to the large amount of DDR files. Is there anything we can do? Powershell script, a configuration file in CM12 for delta discovery
or something. We really don't what to set the User discovery to run a FULL scan every 4 hours or so, as I don't know what would happen when checking for 24k Users.
Thank you in advance for any sort of feedback!
Regards,

Hi,
Well, I checked the attribute if its replicated to the GC and according to this line isMemberOfPartialAttributeSet: TRUE it does. Will run a test again with delta discovery, and if that failes, will try to change the SystemFlag on it.
dn:CN=ms-Exch-Extension-Attribute-12,CN=Schema,CN=Configuration
>objectClass: top
>objectClass: attributeSchema
>cn: ms-Exch-Extension-Attribute-12
>distinguishedName: CN=ms-Exch-Extension-Attribute-12,CN=Schema,CN=Configuration
>instanceType: 4
>whenCreated: 20050715092317.0Z
>whenChanged: 20110528160036.0Z
>uSNCreated: 6155
>attributeID: 1.2.840.113556.1.2.600
>attributeSyntax: 2.5.5.12
>isSingleValued: TRUE
>rangeLower: 1
>rangeUpper: 2048
>mAPIID: 35928
>uSNChanged: 6155
>showInAdvancedViewOnly: TRUE
>adminDisplayName: ms-Exch-Extension-Attribute-12
>adminDescription: ms-Exch-Extension-Attribute-12
>oMSyntax: 64
>searchFlags: 16
>lDAPDisplayName: extensionAttribute12
>name: ms-Exch-Extension-Attribute-12
>objectGUID: {5AC9437E-18AE-4EE6-909B-94CC1B6EF1C5}
>schemaIDGUID: {167757F7-47F3-11D1-A9C3-0000F80367C1}
>attributeSecurityGUID: {E48D0154-BCF8-11D1-8702-00C04FB96050}
>isMemberOfPartialAttributeSet: TRUE
>objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration
>dSCorePropagationData: 16010101000000.0Z
>msDS-IntId: -1992421057

Editing LDAP User attributes from UME interface

Hi Gurus,
We want to develop a solution with user management screens in WD. These screens will provide password reset and unlock functionality for users. Our users are stored in LDAP. Current connection to LDAP is in Read Only manner.
I want to know
1. How to enable the connection from UME to LDAP in read/write manner?
2. What certificates need to be exchanged for write access? if any?
3. What changes needs to be done in config file of UME?
4. Which permissions should be granted for communication user to edit LDAP user attributes?
Even after performing the change to read LDAP in read/write manner, will it be sure: If we lock user from UME, it will lock LDAP user? please comment.
regards
Kedar Kulkarni

Hi,
We are half way into our application between UME and LDAP. We have developed screens and tested in our internal server. In internal landscape, UME is connected to LDAP in read only fashion. So when we try to create User, it gets created in UME.
But when we deploy same application into client landscape, we receive error as below:
No data source feels responsible for principal. Please check the data source configuration
Now we are not sure why this error is getting displayed.
In client landscape there are 2 LDAPs connected to UME, with only one LDAP in read/ write access.
Is there any way we can check which LDAP is being accessed by our code? Is there any concept of Default LDAP?
Any code to access LDAP details will help us lot.
regards
Kedar Kulkarni

How to modify user attributes in Microsoft IAS or Active Directory??

Anyone have an idea?? What I'm trying to do is to authenticate management access to an ACE 4710 against a Microsoft IAS server.
According to the document below:
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/security/guide/aaa.html#wp1519045
it sounds like I need to be able to modify user attributes similar to what I know is doable in ACS. I base my assumption on this because of the following statement in the link above:
"Step 3 Go to the User Setup section of the Cisco Secure ACS HTML interface and double-click the name of an existing user that you want to define a user profile attribute for virtualization. The User Setup page appears.
Step 4 Under the TACACS+ Settings section of the page, configure the following settings:
â¢Click the Shell (exec) check box.
â¢Click the Custom attributes check box.
â¢In the text box under the Custom attributes, enter the user role and associated domain for a specific context in the following format:
shell:<contextname>=<role> <domain1> <domain2>...<domainN>"
Is something like this possible in IAS??
I have the authentication piece working for the ACE however when I login, I'm assigned an ACE defined default role of 'network-monitor' which gives me only read-only access. The way I'm interpreting what needs to be done to resolve this is to have the authentication server send an attribute value that states that the user is in the role 'Admin' in which case I'll have unlimited access to my ACE.
Make sense?? Any thoughts??
Thanks in advance.
-Lloyd

Lloyd,
It is possible via Radius and not TACACS. On the same link if you scroll down, you will see option of doing it via Radius.
"Defining Private Attributes for Virtualization Support in a RADIUS Serve"
Find attached the doc that explains about setting up user attributes on IAS.
Regards,
~JG
Do rate helpful posts

Extended Identity Manager User Attributes

Howdy,
I'm trying to add some attributes to the user accounts stored local to the Identity Manager. I went to the configure menu, and set up the attributes under the Identity Attributes tab. I set the attributes to be stored locally and saved them. I also made sure to indicate that the attributes should be available to the IDM admin and end user interfaces. However, the attributes do not show up when I list the users. When I go to the users attribute tab, it contains only the Account ID attribute. Shouldn't I be able to add a new attribute and edit it?
Much thanks in advance for any help you may be able to provide.

It is an XML object so I dont think it has a limit as such, though the system will get slower to checkout and checkin if you overextend it.
there usually isn't any reason to extend it extensivly... I believe it stores most of that, if the querable flag is set at least, in the user attributes table
if you need a lot of data connected to a user you could always have an extra table and store it in, you dont need to store everything in the user object unless you need it every time the user is checked in/out etc etc

Custom User Attributes stored?

Hi,
I would like to know which table in Database, user attributes like firstname, lastname, email, custom attributes if any are stored. I know that some of the attributes like islocked, failedlogonattempts are stored in ATTR field of UME_STRINGS and their values stored in VAL field in the same table.
Can anyone help me in identifying the table in which attributes stored and how altering the table to add extra custom attributes other than the UME APIs?
Thanks in advance....
Regards,
Ganesh N

Hi Ganesh
I'm not sure why you'd want to get to the table(s) directly. Why not use the supported mechanism (APIs) rather than hope SAP never changes the underlying tables?
Have you tried a SQL trace at the J2EE level?
Cheers

User Attribute Management

Hello,
Our Authentication technique is 'SAP'.
We want to add the attribute 'Telephone' from SU01 of the BW system to our BOBJ User attribute.
In order to accomplish that I did the following:
1. In 'User Attribute Managemnet' in CMC, I defined a new User Attribute:
    Name: Telephone
    Internal Name: SI_TELEPHONE (automatically populated by BOBJ)
    Source: SAP
    Attribute Source Name: Telephone (this is also the attribute name in SU01)
2. I then did User Update in 'Authentication'. Ran an Update of "Update Roles and Aliases"
3. Now in User Properties of all users, I can see the 'Additional User Properties' and under that I see 'Telephone'.
    But it is not populating the Telephone number from SAP SU01.
Any help would be much appreciated.
Thanks.

Hi,
you have to grant the Group "TESTGROUP" at leas the "View Object" right on the Root Level of all Users and All groups - then you see the snap in in the CMC.
Regards
-Seb.

Saving/fetching extended user attribute

I recently got rid of all of my global.* attribute references because both in experience and in quite a lot of stated opinions here in the forum, it was the right thing to do.
Everything is working great except my sole extended user attribute, which is basically an employee ID. It has a good IDMAttributeConfiguration and IDMObjectClassAttributeConfiguration defined in IDMSchemaConfiguration. In my active sync form I set accounts[Lighthouse].myAttributeName, and in the field directly after it I trace the value out to catalina.out so I can see that it's all good.
But when I bring up the user in a view user form, myAttributeName is nowhere to be found as I look through all of the local variables via the debugger. In particular, none of these exist:
accounts[Lighthouse].myAttributeName
waveset.attributes.myAttributeName
waveset.myAttributeName
global.myAttributeName
I'm running 8.0.0.4 (I'd like to get this last bit to production before I upgrade to 8.1.x). I've triple-checked to make sure there aren't typos.
What am I forgetting? I feel like it must be something pretty basic...
Thanks in advance, -Les
Edited by: LesL on Apr 12, 2010 4:21 PM

PaulHilchey wrote:
I believe accounts[Lighthouse].myAttributeName should do what you want, but be sure you don't have any "global" references at all.
If you've got even one global reference it would trigger the global propagation mechanism that could mess you up.Paul,The default tabbed user form pulls in IdentityContent from User Library, which uses "global" references for firstname, lastname, fullname, email, idmManager. Do you use the default IdentityContent, or you do replace the name fields with accounts[Lighthouse] references? When you update firstname (say) in activesync, do you refer to it in the global or accounts[Lighthouse] namespace?
I discovered something else unexpected that feels related. In my IDM schema configuration, I had correctly formatted IDMAttributeConfiguration and IDMObjectClassAttributeConfiguration entries for my attribute, but I had inserted them alphabetically in the configurations. My attribute name begins with a "c", and it came at the top of the lists as presented in the XML source. In that state, my attribute was no longer listed in the Identity Manager Attributes in the Rule Argument pull down list when assigning a conditionally contained role. But when I moved the IDMAttributeConfiguration and IDMObjectClassAttributeConfiguration entries for my attribute to follow the entries for lastname (and restarted the app server), then my attribute became listed in the pulldown! How odd.
I have reset my equivalent of IdentityContent to use "global" instead of "accounts[Lighthouse]" and have fixed most of the issues except for an odd race condition in activeSync. I did that before I made the schema configuration changes above, though, so more testing is required. I'll write back if I find out anything interesting.

User attributes

I am trying to integrate to a J2EE application from a webdynpro and want to store connection parameters for a role. Is there a way to add a custom attribute for a role.
Thanks
Sachin

Andrew,
This spec does not specify any methods to set user attributes. So,
you'll have to use vendor specific APIs to set user attributes. In the
case of WLP, you can use the p13n user profile APIs.
Subbu
Andrew Jones said the following on 12/03/2003 06:33 AM:
Hi
Can you point me in the direction of some documentation that shows how to programatically
set user attributes for JSR168 portlets?
Thanks
Andrew

How to get user attributes from LDAP authenticator

I am using an LDAP authenticator and identity asserter to get user / group information.
I would like to access LDAP attributes for the user in my ADF Taskflow (Deployed into webcenter spaces).
Is there an available api to get all the user attributes through the established weblogic authenticator provider or do i have to directly connect to the LDAP server again?
Any help would be appreciated

Hi Julián,
in fact, I've never worked with BSP iViews and so I don't know if there is a direct way to achieve what you want. Maybe you should ask within BSP forum...
A possibility would be to create a proxy iView around the BSP iView (in fact: before the BSP AppIntegrator component) which reads the user names and passes this as application params to the BSP component. But this is
Beginner
Medium
Advanced
Also see http://help.sap.com/saphelp_nw04/helpdata/en/16/1e0541a407f06fe10000000a1550b0/frameset.htm
Hope it helps
Detlev

How can i pass the logged in user attribute value into looku query ?

HI,
Is there any way to pass loggined in user attribute vallue to lookup query directrely in AD Child Group form.(Like '$Form data.UD_ADUSER_AD')
Thanks in advance
Edited by: 790561 on 5/12/2011 16:01

loggined in user attribute vallue can be understood differently:
- A requester raising a request and you want *Requestor's ID" there.
- An approver logging in to the system for doing approvals.
- A System admin logged in to the system for managing the *Forms, Requests' etc
All the above cases are different and you would expect different values for all. If you requirement was the Requester then
1) Either create a hidden attribute in the Process Form and pre-populate it from the Request Form. In your query use *$Form data.UD_ADUSER_DUMMYREQID')*
2) Or directly capture the *$Requester Information.User Login$* attribute in the process form and do manipulations

3rd gen iPod Nano will not sync with latest version of iTunes. It passes the connectivity test but not the sync test under diagnostics. Worked fine on old Windows 7 laptop but not new one. From Control Panel it shows up as an Apple iPod USB Device...

3rd gen iPod Nano will not sync with latest version of iTunes on new laptop. It passes the connectivity test but not the sync test under diagnostics. Worked fine on old Windows 7 laptop but not new one. From Control Panel it shows up as an Apple iPod USB Device...

Never mind, I think. I think I figured it out. There was 1 song (out of > 900!) that somehow had been purchased with the other ID - I have no idea how. Once I deleted that song, it stopped asking.
There may be something with the newest iTunes version too. I didn't think in older versions that the "On this iPod" list of songs was greyed out. But at least it syncs ok.

JSR168 User Attributes -- testing under JSC

Similar Messages

Maybe you are looking for