Multilevel Approval SOA WF for OIM

Hi,
I've following requirement:
I want to have a workflow with 2 SERIAL approvers. When the manager approved, the admin needs to approve, and then the resources gets provisioned for the user.
But our problem is that we always see only the last approver in the OIM user interface when the request is completed.
For auditing reasons we want to be able to see all approvers of that request in the user interface.
Is this possible?
When using a parallel sequence in the workflow you see 2 approval tasks in the user interface but the problem is that then the admin already get bothered with the request, also when the managers is going to denie the request ...
Can someone advise please?
Thx

Hi,
Even though serial approval is not supported till now, still we can capture the data for audit purpose if we implement it in a way like,
- Create two separate composite and register it will OIM.
- Attach your manager approval composite in your template level approval.
- Create a approval policy where you can suppress (Auto Approve) the request level approval based on the rule you define (like template name)
- Attach your second composite to the operational level approval by declaring a new approval policy where also its the same rule you define for triggering the second composite.
Finally you get both the approval details in the request metadata which you can do a data mining for custom audit report.
Hope this helps. Thanks.

Similar Messages

  • Multilevel approval when requested for a resource

    Hi,
    When a user requests for a resource , the request has to be approved by xelsysadm. Once approved by xelsysadm , i am able to provision the user to resource.
    I have few queries here
    1.How to configure the second level approval i.e after xelsysadm's approval, the request must be approved by another person also. to configure the second level approval, which task i should add as preceding task.
    3. I have installed sun connector 9.0.4.2, in the iplanet User provisioning process, "Add User To Group" task is present. Once the user is provsioned to the resource, the user must be added to the group .can i use "Add User To Group" to achive this task . if not please suggest me any idea.
    Thanks,
    divya

    Hi Santosh,
    I created seperate approval process for the same resource object.
    It's working.
    Thanks Santosh.
    I am using sun connector . by default i have iplanet user provisioning process. i added approval process additionally.
    After the approval , the user must be added to the group.
    In provisioning processs, i found two task called "Add User To Group " and Remove User From Group.
    Can i use "Add User To Group" task to add the user to the group once his request is approved. if so, how to achieve this task.
    Thanks,
    divya

  • OIM 11g r2: SOA  workflows for two level approval.

    HI Experts,
    I am using SOA workflows in OIM 11g r2. The requirement is to have a two level approval for a role (which provisions Oracle DBUM connector at present) : first for Manager and second for the Role owner.
    I have created and deployed the composite with name AddAccessApproval but need to find how to use this for two level approval.
    There is option for serial approval but how to pass it to Role owner.
    Any help in this regard is appreciated.
    Many Thanks,
    Arvind

    I've run into the same error with oim 11gr2 bp04:
    <Mar 18, 2013 11:07:09 AM CDT> <Notice> <Stdout> <BEA-000000> <<Mar 18, 2013 11:07:09 AM CDT> <Error> <oracle.soa.services.identity>
    <BEA-000000> <<oracle.tip.pc.services.identity.jps.AuthenticationServiceImpl.authenticateUser()> authentication FAILED>>
    <Mar 18, 2013 11:07:09 AM CDT> <Notice> <Stdout> <BEA-000000> <<Mar 18, 2013 11:07:09 AM CDT> <Error> <oracle.soa.services.identity>
    <BEA-000000> <<.> Identity Service Authentication failure.
    Identity Service Authentication failure.
    Either the user name or password is incorrect. Check the error stack and fix the cause of the error. Contact Oracle Support Services if error is not fixable.
    ORABPEL-10528
    Identity Service Authentication failure.
    Identity Service Authentication failure.
    Either the user name or password is incorrect. Check the error stack and fix the cause of the error. Contact Oracle Support Services if error is not fixable.
         at oracle.tip.pc.services.identity.jps.JpsProvider.authenticateUser(JpsProvider.java:2337)
    Caused By: javax.security.auth.login.LoginException: [Security:090304]Authentication Failed: User SOAAdminPassword javax.security.auth.login.FailedLoginException:
    [Security:090302]Authentication Failed: User SOAAdminPassword denied
         at oracle.security.jps.internal.jaas.module.authentication.JpsUserAuthenticationLoginModule.login(JpsUserAuthenticationLoginModule.java:71)
         ...Did you find what the issue is? I'm finding scant information about this user named "SOAAdminPassword" (who makes up these usernames :-/).

  • Problem while applying BP02 for OIM 11.1.1.5.0

    We have OIM-OAM integrated environment enabled with ldapsynch (OID/OVD). We are applying BP02 for OIM 11.1.1.5.0. We followed all the steps provided in the read me doc.
    1. Running latest Opatch
    2. Setting the environement variables
    3. Configuring Weblogic.profile
    4. Applying SOA patch 13106312
    5. Applied OIM patch 13399365
    6. Running patch_weblogic.sh
    But while doing the 6th step "Running patch_weblogic.sh" we are facing below exception.
    patch:
    [echo] unzipping the archives.....
    explode-archived-apps:
    [delete] Deleting directory /FS2/oracle/apps/MWHOME/Oracle_IDM1/server/apps/oim.ear
    [delete] Deleting directory /FS2/oracle/apps/MWHOME/Oracle_IDM1/server/apps/Nexaweb.ear
    [mkdir] Created dir: /FS2/oracle/apps/MWHOME/Oracle_IDM1/server/apps/oim.ear
    [mkdir] Created dir: /FS2/oracle/apps/MWHOME/Oracle_IDM1/server/apps/Nexaweb.ear
    [unzip] Expanding: /FS2/oracle/apps/MWHOME/Oracle_IDM1/server/patching/oim.ear into /FS2/oracle/apps/MWHOME/Oracle_IDM1/server/apps/oim.ear
    [unzip] Expanding: /FS2/oracle/apps/MWHOME/Oracle_IDM1/server/patching/Nexaweb.ear into /FS2/oracle/apps/MWHOME/Oracle_IDM1/server/apps/Nexaweb.ear
    [echo] archives unzipped successfully.....
    [echo]           seeding the out of the box jobs into db
    seed-ootb-jobs:
    seed-ootb-jobs:
    [echo] ----> SEEDING OUT OF THE BOX SCHEDULE JOBS AND TRIGGERS
    [java] Feb 9, 2012 1:00:26 PM org.quartz.core.QuartzScheduler <init>
    [java] INFO: Quartz Scheduler v.1.6.0 created.
    [java] Feb 9, 2012 1:00:27 PM org.quartz.impl.jdbcjobstore.JobStoreSupport initialize
    [java] INFO: Using thread monitor-based data access locking (synchronization).
    [java] Exception in thread "Main Thread" java.lang.Exception: Unable to seed scheduler data due to configuration problems. Contact System Administrator
    [java]      at oracle.iam.scheduler.seed.SeedSchedulerData.startSeeding(SeedSchedulerData.java:770)
    [java]      at oracle.iam.scheduler.seed.SeedSchedulerData.main(SeedSchedulerData.java:113)
    As it is one of high priority task Can any one help by providing your inputs at earliest ?

    Hello All,
    Still we haven't able to resolve this issue. We already have SR with oracle. So many logs were captured.
    Below is the snippet of seedSchedulerdata.log
    ${work.dir}Entered Validate methodExiting Validate method------------------------------------------------------------
    Start seeding task
    job name--> Password Expiration Task
    schTaskName--> Password Expiration Task
    task class name--> com.thortech.xl.schedule.tasks.tcTskPasswordExpiration
    task job disable--> 0
    task frequency--> DAILY
    task maxRetries--> 5
    task retryCount--> 0
    task paramName--> Email Definition Name
    task paramValue--> Password Expired
    task paramTpe--> String
    Updating Job :Password Expiration Task with keys
    java.lang.Exception: Unable to seed scheduler data due to configuration problems. Contact System Administrator
         at oracle.iam.scheduler.seed.SeedSchedulerData.startSeeding(SeedSchedulerData.java:770)
         at oracle.iam.scheduler.seed.SeedSchedulerData.main(SeedSchedulerData.java:113)
    If any of them faced such issue please help.
    Thanks
    DK

  • ORA-00001: unique constraint during "Configure Database Security Store for OIM Domain"

    Hi Guru's,
    I am following the below steps for OIM 11.1.2.1 with SOA 11.1.1.7 Installation and facing below error during step "Configure Database Security Store for OIM Domain".
    Installed Database 11.2.0.3
    Installed RCU (Here I used two versions.
         RCU 11.1.2   - Used IDAM prefix for (Metadata Services, OPSS, OIM)
         RCU 11.1.1.7 - Used SOA prefix for(Metadata Services,SOA Infrastructure, User Messaging service)
    Installed JDK 7 (Java 1.7)
    Installed WL 10.3.6 (MW_HOME-/u01/Middleware/fmw, WL_HOME=/u01/Middleware/fmw/wlserver_10.3)
    Installed FMW 11.1.2.1 for OIM. (ORACLE_HOME=Oracle_IDM1)
    Installed FMW 11.1.1.7 for SOA (ORACLE_HOME=Oracle_SOA1)
    WL Domain creation.  (Domain Name – idam_domain1)
    Configure Database Security Store for OIM Domain.
    Internal Exception: java.sql.SQLIntegrityConstraintViolationException: ORA-00001: unique constraint (IDAM_OPSS.IDX_JPS_RDN_PDN) violated
    Also followed the below bug solution, but issue still occurs.
    Bug 16690836 : CONFIGURE DATABASE SECURITY STORE (CONFIGURESECURITYSTORE.PY) SCRIPT IS FAILING
    @ 1. Delete the Schemas using RCU.
    @ 2. Recreate the OAM schemas.
    @ 3. Reinstall the WLS and OAM software.
    @ 4. Run config.sh to create a new domain.
    @ 5. Run setDomainEnv.sh from user_projects/domains/<Domain_name>/bin
    @ 6. Run the configureSecurityStore.py from same window.
    Not sure if anyone tried with different steps that fixed the issue? Could you please help.
    Thanks
    VG

    Hi Gurus, I got the solution from Oracle. SOA 11.1.1.7.0 shouldn't be used with Identity Management 11.1.2.1.0(11GR1-PS1) version. Identity Management 11.1.2.1.0(11GR1-PS1) is bundled with SOA 11.1.1.6.0. When used this SOA version, Installation went smooth. Thanks VG

  • Approval work flow for Role based and Resource based

    Hi All,
    We have to implement approval work flow for the following things in OIM 9.1.0.1
    Approval work flow for Functional Roles (Groups in OIM) (Approvalsrequired for users to get these roles)
    IT Roles (Resources in OIM) (Approvalsrequired for users to get these resource)
    Functional Role (Group) contains policy1,polici2. Polciy1 contains res1,res2 and Policy2 contain res3,res4.I want to create approval work flow for this Functional Role to achieve the following
    User raise a request for the functional role, then it should wait to get manager approval. then once its gets approval, that user account should create on all resources which are involved in that group.
    And, I have to define approoval work flow for all individual resources to get users account creation on target with approvals. These resources may include in the groups as well.
    After getting approval for functional role (Group), then Will OIM starts the approval flow for all resources involved in the group? becase, all resources have approval workflow at resource level also.
    My Goal: Approval work flow for Group, should not process the approval work flow for resource. can we do it in OIM 9.1.0.1?
    And can we do the same in OIM 11g also?
    Please help me and do let me know, if you need any information from my end.
    Thanks.

    Thats configurable buddy ! ! And possible in 10G and 11G both versions.
    Functional Roles : These are the groups/roles in OIM 10g/11g with access policies attached at the backend.
    - Create a dummy resource and name it Request Role or anything as you like. Attach an Object Form to it and have form field for Role Name, this would be a lookup type field linked to all OIM groups (leave system values using lookup query). So a user can select any OIM Group in this request as per configuration. Have approval workflows defined on this dummy resource Request Role and in its Provisioning Process make user/s a part of the requested group.
    - Now once the user is made a part of the group, the associated access policy would be invoked automatically and thereby provisioning. The only thing you need to keep in mind is that create the access policy without approval (there is a check box). If you do this the approvals would never be invoked even if you assign a group manually to the user coz it suppresses all the approvals in this access policy.
    IT Roles : These would be linked to the resource and you can define individual approvals on the resources as required.These approvals would be required if someone raises a request for these resources individually.
    Thanks
    Sunny

  • IDM 11g installation issues on x64 for OIM startup

    Hello,
    I am trying to build a IDM 11g env on x64 machine. We have installed the following components.
    a. Weblogic 10.3.4/JDev
    b. SOA 11.1.1.2 and patch SOA 11.1.1.3
    c. RCU to create schemas for OIM, MDS, OAM etc.
    d. IAM 11.1.1.3 for OIM
    e. Configured for the following, Admin Server, Managed Server, Enterprise Manager and SOA.
    f. Started Weblogjc Admin Server
    g. Configured for OIM for DB schema, no LDAP, RManager, ports, etc.
    h. Restarted Admin Server nd OIM Managed Server, looks like all the servers started but failed to load OIM package.
    All the services are running and Weblogic admin reports all the servers as up and running but cant start the oim page on http://localhost:7001/oim as configured.
    I have a x64 bit installation packages with jdk160_21
    Please can anyone let me know how to proceed.

    You need to set up your existing DNS server to allow it to delegate to a GNS Service running on the Oracle Database Grid.
    Ask your network admin to give you a subdomain that the Oracle GNS will take responsibility for.
    For example if your company domain is acme.com then the GNS will resolve all connections to database.acme.com
    The GNS will also be allowed to allocate a range of IP's as when those IP's or subdomain are requested the DNS just passes the work on to the GNS to resolve.
    So the first step is to talk to your network admin about DNS delegation

  • URGENT: Is Weblogic 10.3.4 not supported for OIM 11g ?

    Hi Everyone,
    Is Weblogic 10.3.4 not supported for OIM 11g ?
    I installe & configured all IAM suite components (OAM,OIM,OAAM,SOA) on WLS 10.3.4. I am able to start all servers including OIM. However it is unable deploy "oim". After doing some research , I found below URL which tells WLS 10.3.4 is NOT SUPPORTED for OIM 11g.
    Not able start oim_server1, could not open oim url
    If that is true, Is there anyway to downgrade Weblogic to 10.3.3 ?
    Please provide your inputs and suggestions.
    Thanks
    GK

    No. 11G has been released with all type of supporting infrastructure components to be residing at the same level (i.e 11G only). So you would not be able to just downgrade weblogic to any lower versions.

  • Approval process workflow for Customer XBO

    Hi experts,
    We have a client requirement which asks for multilevel approval process for Accounts (when a new Account is created/ existing Account is changed). As per my knowledge, there is no standard approval process defined for Customer XBO as of now by SAP.
    Also, if the Account creation/modification is 'Rejected' by any manager, then how will the Account be reverted back to its original version? (kind of a rollback)
    I had raised an incident for this asking the SAP team whether they will be adding any approval processes for Customer BO in the near future C4C releases. But they do not have any plans of implementing it sooner.
    They suggested a workaround as follows:
    Add 1 extension field "approval status code" in Account with code values:
    1 - To be approved by L1 manager
    2 - Approved by L1
    3 - Approved by L2......etc for more levels of approval
    Reverting 'Rejected' Account to previous state is not possible via PDI. In principle you would have to read the changehistory data and revert to the state before the change was done. But the changehistory BO is/will not be PSM released.
    Any workaround or suggestions on how can I go about implementing this requirement? I need to put validations like L2 can approve only after L1 approval.
    Please guide and help.
    Thanks,
    Ambuja Prabhudessai
    Persistent Systems Ltd.

    Hi,
    why don't you create a screen from which user will create or modify the accounts. after submitting the custom screen , you should start the approval process, once all the approval is done, create or modify the account in SAP.
    Regards.
    Sanchari

  • Define if users or functional owner can self-approve their own requests-OIM

    I have a scenario where in if a user replaces his manager as proxy and makes a request for a resource, the approval task triggered goes to the user itself and the user can approve it. I want to deactivate this functionality.
    I was told that since BP12 has been applied, OIM allows us to define if users or functional owner can self-approve their own requests. Is this possible and if yes then how to go about it??
    Thanks in advance.

    Per BP11 for OIM 10g documentation:
    9649346 A user could approve or update the user's own request. This feature could not be disabled. From this release onward, this feature can be enabled or disabled depending on your requirement. See Section 3.10, "Using the XL.AllowBeneficiaryToApprove System Property" for information about implementing the fix for this item.>
    There is also this in BP11:
    9271449 Requesters could reassign approval tasks to themselves. See Section 3.9, "Using the XL.RequesterCanBeApprover System Property" for information about implementing the fix for this item.>
    System configuration variables in 10g are in the design console. In 11g, they are in the web console.
    -Kevin

  • Design Console SSL problems for OIM 9.1.0.2

    Hi there,
    I have installed the design client for OIM 9.1.0.2, patched it and activated SSL using the instructions in:
    http://download.oracle.com/docs/cd/E14049_01/doc.9101/e14062.pdf
    However, when I attempt to log in, I get the following error at the UI:
    Error Keyword: DAE.UNKNOWN_CODE
    Description: An unknown error code was passed.
    Remedy: Contact your system adminstrator.
    Action: E
    Severity: C
    Help URL:
    Detail:
    com.thortech.xl.security.tcLoginException: javax.naming.CommunicationException: Server protocol was not ORMI, if uncertain about the port your server uses for ORMI then use the default, 23791 [Root exception is java.io.IOException: Server protocol was not ORMI, if uncertain about the port your server uses for ORMI then use the default, 23791]
    This seems to indicate that the server protocol is not ORMI, which is correct, it is ORMIS (as per the SSL instructions).
    I've checked through the logs for this error, and am unable to find it, so it looks like it is only visiible client side. This suggests that the connection is not reaching OIM.
    Does anyone have any ideas about how to make sure ORMIS is in use and trouble shooting my SSL connection?
    Any advice gratefully received,
    Hugh

    While seting rmis port in opmn.xml file one should ensure that these ports must be unique as per the DC install guide. Please note there are three instances of <port id="rmis" range="1270x"/> in the opmn.xml file. The first one is generic, the second one is for oc4j_home oc4j container and the last for the oim oc4j container. The rmis port for the oim container must be 12701 for the other instructions to work, the others can be 12702 and 12703 so set the first one to 12702, the second one to 12703 and the third one to 12701 respectively.
    xlConfig_dc_side I had the following:
    <java.naming.provider.url>ormi://172.20.16.139:12701/Xellerate</java.naming.provider.url>
    where it should have been:
    <java.naming.provider.url>ormis://172.20.16.139:12701/Xellerate</java.naming.provider.url>
    This fixed my problem.
    2Hugh

  • How to set up Approval or Alter for Budget amount.

    Hi,
    We need to set Approval based on monthly Budget amount wise
    ex: We set up budget amount Total year is 60000 based on GL Account (Service Charges)wise in Budget scenario set up per month is i.e., April 5000
    May = 5000
    June = 5000
    July = 5000
    Aug = 5000
    Sep= 5000
    Oct = 5000
    Nov = 5000
    Dec = 5000
    Jan = 5000
    Feb = 5000
    Mar = 5000. when user is adding more than 5000 for the month April though this service charges general ledger account in AP Invoice or Manual Journal entries or Out going payment we need to give alter like you need get approval, after getting approval only he need add these documents. Here we have taken example he got approval for 6000 for the month April. next month he may added 2000 through service charges acct here remaining 3000 we need to carry forward to next month and we need to show in alter when he using service charges general ledger account available budget balance for June is 8000 but here also if he using more than 5000 for the June month same Approval we need to show like You need to get approval. How we can set up for this? This is my query below
    SELECT T0.BudgId, T0.Line_ID, T0.DebLTotal, T0.DebSTotal, T0.DebRLTotal, T0.FtrIDRSSum, T0.FtrODRLSum, T0.FtrODRSSum, T0.MonthPrcnt, T0.AcctCode FROM BGT1 T0 WHERE T0.DebLTotal >5000 and T0.Acctcode=4110101001 this query I added in terms under Approval template set up for AP Invoice but when am adding Ap invoice through Service charges GL account itu2019s not showing approval message. Please guide me how to solve this?
    And Case 2. I tried though SP also to block if Budget amount exceed in AP and Manual Je but it's not blocking documents. Below SP
    Begin
    set @check1 = ((select inv1.linetotal from bgt1
    cross join  inv1
    WHERE  bgt1.acctcode=inv1.acctcode and inv1.Docentry=@list_of_cols_val_tab_del))
    set @check2 = ((select bgt1.debLtotal from bgt1
    cross join  inv1
    WHERE  bgt1.acctcode=inv1.acctcode and inv1.Docentry=@list_of_cols_val_tab_del))
    If (@check1 >@check2 )
    begin
    SET @error = 10
    SET @error_message = N'You Need take Approval from Finance Head, please forward mail to FH....'
    end
    end
    Please guide how to setup Alters or Approval or SP for these requirements.
    Regds,
    Sampath Kumar.

    Hi,
    the above requirement we are going develop add on.below code is there. in this code how we can set for line level amount instead of document total amount
    Private Function GetCondition(ByVal sCondition As String) As ApprovalTemplateConditionTypeEnum
            Try
                Select Case sCondition
                    Case "Deviation from Credit Limit"
                        Return (ApprovalTemplateConditionTypeEnum.atctDeviationFromCreditLine)
                    Case "Deviation from Commitment"
                        Return (ApprovalTemplateConditionTypeEnum.atctDeviationFromObligo)
                    Case "Gross Profit %"
                        Return (ApprovalTemplateConditionTypeEnum.atctGrossProfitPercent)
                    Case "Discount %"
                        Return (ApprovalTemplateConditionTypeEnum.atctDiscountPercent)
                    Case "Deviation from Budget"
                        Return (ApprovalTemplateConditionTypeEnum.atctDeviationFromBudget)
                    Case "Total Document"
                        Return (ApprovalTemplateConditionTypeEnum.atctTotalDocument)
                End Select
            Catch ex As Exception
                MsgBox(ex.Message())
            End Try
        End Function
    Please guide me.
    Regds,
    Samapth Kumar.

  • Looking for a Business Objects Universe built for OIM

    My company has Business Objects and Management prefers to do reporting using the BO product. Also adding reports to OIM requires several database changes and a redeploy to push out the label changes, and that causes the skitters with Management. We have a team that is looking at creating a BO Universe for the OIM database, but as you know, a lot of display transformation work is done in the Java WebApp and that would need to be modeled in the SELECTs in the Universe.
    Does anyone have a BO Universe already built for OIM?

    Rick,
    I'm the Internet Technologies Practice Manager for one of Oracle's Managed Partners.
    That means I have Collaboration Suite and iAS product stacks under my practice. Responsible for everything from planning through go-live.
    You can email me at [email protected] - send some specifics and a phone #. We'll talk.
    Thanks,
    Dennis

  • How to fetch APPROVER NAME  and approval date dynamically for an user

    Hi all..
    How to fetch approver name and approval date dynamicall for an user in an email template..
    can any help me to sort out this pbm,i am new to IDM..
    Thanks in advance..

    Access policies get a static value.  You can't populate a field with an adapter.  If you must do this, leave the field blank, and put an adapter on the process form for your field that must be populated using code or logic.
    -Kevin

  • Facing issue when LDAPSync is enabled for OIM-AD integration with SSL enabled

    Hi
    We are performing LDAPSync for OIM AD real time sync.We have done all configuration as per oracle documentation on LDAPSync for OIM 11gR2 : http://docs.oracle.com/cd/E27559_01/integration.1112/e27123/oid_oim.htm The OIM environment we tested is the latest OIM version OIM 11gR2 PS1 (11.1.2.1.0).
    WE have performed LDAPSync enablement on postinstallation of OIM .So we dont have OVD , we have configured libOVD as mentioned in this doc.
    We have performed following  steps mentioned in this document  in our OIM environment.
    3.1 Enabling Post installation LDAP Synchronization
    3.3 Creating Identity Virtualization Library (libOVD) Adapters and Integrating With Oracle Identity Manager
    As attribute like password  might be not getting updated in AD from OIM , we have configured SSL enabled integration in LDAP sync as mentioned in above document.
    We implemented this step  3.4.1 Enabling SSL Between Identity Virtualization Library (libOVD) and Microsoft Active Directory,
    but here it is not properly mentioned that about how to import public key certificate of AD into OIM envirioment for SSL.
    We are getting following error message in logs : Looking at logs it looks like the import of AD SSL certificate did not happen properly in OIM environment. But ,we have imported it using keytool and OVD keystore ...please let us know if we are missing any configuration in this process.Above oracle document is not pretty clear on this.
    <Dec 7, 2013 12:22:53 AM IST> <Warning> <oracle.ods.virtualization.engine.backend.jndi.LDAP2.BackendJNDI> <OVD-40118> <Could not automatically detect binary attribute list: simple bind failed: 10.88.164.231:636.>
    <Dec 7, 2013 12:22:53 AM IST> <Warning> <oracle.ods.virtualization.engine.backend.jndi.LDAP2.JNDIConnectionPool> <OVD-60024> <Connection error: simple bind failed: 10.88.164.231:636.>
    <Dec 7, 2013 12:22:53 AM IST> <Error> <oracle.ods.virtualization.engine.backend.jndi.LDAP2.BackendJNDI> <OVD-60143> <[#LDAP2]  Unable to create connection to ldap://[10.88.164.231]:636 as null.
    javax.naming.CommunicationException: simple bind failed: 10.88.164.231:636 [Root exception is javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]
    at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:195)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
    at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
    at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
    at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
    at javax.naming.InitialContext.init(InitialContext.java:223)
    at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
    at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.createCtx(JNDIConnectionPool.java:463)
    at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.create(JNDIConnectionPool.java:494)
    at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.<init>(JNDIConnectionPool.java:156)
    at oracle.ods.virtualization.engine.backend.jndi.RemoteServer.getJNDIConnectionPool(RemoteServer.java:163)
    at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:984)
    at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getConnection(BackendJNDI.java:927)
    at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.getHolder(ConnectionHandle.java:415)
    at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.search(ConnectionHandle.java:250)
    at oracle.ods.virtualization.engine.backend.jndi.JNDIEntrySet.initialize(JNDIEntrySet.java:219)
    at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.get(BackendJNDI.java:728)
    at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:303)
    at oracle.ods.virtualization.engine.chain.BasePlugin.get(BasePlugin.java:89)
    at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
    at oracle.ods.virtualization.engine.chain.BasePlugin.get(BasePlugin.java:89)
    at oracle.ods.virtualization.engine.chain.plugins.usermanagement.UserManagement.get(UserManagement.java:742)
    at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
    at oracle.ods.virtualization.engine.chain.PluginChain.runGet(PluginChain.java:211)
    at oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:351)
    at oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:316)
    ...more
    Caused By: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1731)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1692)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1675)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1601)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:94)
    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
    at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:414)
    at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:387)
    at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:332)
    at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:190)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
    at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
    at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
    at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
    at javax.naming.InitialContext.init(InitialContext.java:223)
    at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
    at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.createCtx(JNDIConnectionPool.java:463)
    at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.create(JNDIConnectionPool.java:494)
    at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.<init>(JNDIConnectionPool.java:156)
    at oracle.ods.virtualization.engine.backend.jndi.RemoteServer.getJNDIConnectionPool(RemoteServer.java:163)
    at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:984)
    at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getConnection(BackendJNDI.java:927)
    ...more
    Caused By: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
    at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:57)
    at sun.security.validator.Validator.getInstance(Validator.java:161)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:108)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:204)
    at oracle.ods.virtualization.engine.util.OVDTrustManager.checkServerTrusted(OVDTrustManager.java:99)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1198)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:637)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:89)
    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
    Let us know for any helpful pointers on this
    Thanks in advance,
    RPB25

    Use the steps given below to perform import public key certificate of AD into OIM envirioment for SSL
    Obtain the AD Certificates from the AD Administrator.
    Copy the AD Certificates to the directory /jrockit-jdk1.6.0_20/jre/lib/security
    Run the following command to import all the certificates
    /jrockit-jdk1.6.0_20/bin/keytool -import -alias <provide_alias> -file <file-name> -keystorecacerts -storepasschangeit
      4. The CA certificates are now present in the trust store.

Maybe you are looking for

  • Itunes will not Import Video???

    Ok my itunes doesnt like me or something. Yesterday it let me import a .avi video file and convert it so my ipod can play it. So that one worked fine. Tried to do a few different ones today, no go. I try to import the file to my itunes library, it do

  • Why can't I adjust the scale of my text by clicking and dragging the corner boxes?

    Why can't I adjust the scale of my text by clicking and dragging the corner boxes? Why I have the text selected, all it does it let me highlight it to change font, size, etc, OR all I can do is move it throughout the artboard. Why can I click and dra

  • D11.5 Projector gets stuck on encountering first sound file

    My projector runs fine on my PC (where I have D11.5) but when pack up all the files and try to play it from a new machine, the projector plays the opening screen and as soon as it has to make the first sound, it freezes. It seems as if it can not fin

  • Clear explanation of Watchers, Subscriptions, and Responses

    I'm looking for a clear description of Watchers, Subscriptions, and Responses, and how they interact. And then, for example, let's say I wanted to generate an XML file for an asset when the status is set to "Rejected". And then pass back an XML reque

  • Finding errors in fixed-layout EPUB

    When I try to export my 58-page document from InDesign CC as a fixed-layout EPUB, Adobe Digital Editions reports the file cannot be opened due to errors. It exports fine as a PDF. I am new to this. Can anyone share the process I need to follow to fin