Need clarifications on OIM 11gR2

Similar Messages

• Need information on OAM 11gR2 protecting OIM 11gR2

  Hi All,
  I need to implement a solution wherein I have to protect OIM 11gR2 application using OAM 11g2.
  So in this case the identity store for OIM is the normal Oracle database and we have used the generic LDAP connector to provision the users to a LDAP directory which is the identity store for OAM.
  I have gone through the OIM integration with OAM and it talks about a lot of steps involving extension of the identity store for both OIM and OAM,(Integrating Access Manager and Oracle Identity Manager - 11g Release 2 (11.1.2))
  In my case I don't need the features like centralized password management functionality...we only want to protect the OIM application.
  So is it possible to enable SSO without
  1)Externalizing the identity store of OIM to the LDAP directory which is the identity store for OAM,and hence not running the LDAP sync utility
  Also can you please guide me to a document that specifies the steps.
  Thanks

  Hi Thiago,
  Thanks for your replies.
  Yes, I followed certification matrix and tried to install 11.1.1.6 only on wlserver 10.3.6.
  Can you please eloborate on the below points? Or If there are any urls for detailed steps, please provide them.
  -What you have to do:
  +2.1-On Application Server Navigator you can create types of connection:+
  +2.2-Integrated WLS option+
  +2.3-Standalone WLS option+
  +2.4-This first option you can install a local standalone WLS 10.3.6 server on your environment, then create a separate "integrated WLS" connection to the standalone server.+
  +2.5-Then go to your Application's properties through the Application menu -> Application Properties -> Run -> Bind to Integration Application Server option you can the brand new option created WLS server connection to work with your application.+
  +3.0- Don't forget that you need to install the ADF Runtimes for the server to be able to work with ADF applications+

• OIM 11gR2 - Identity console - Search Users Page.  Need to add employee number by default.

  Hi,
  I am new to oim 11gR2.  I have a requirement , to add the employee number field in the user search box. I do not want to use the Add Fields button to add the employee number search field.
  When any user goes to the search page, they must find the employee number field in the search box in addition to the other default fields like lastname, firstname, etc.  Is it achievable? Thanks in advance.  
  If possible.... can you please provide the steps to achieve it?.. thanks

  Karthik Perath
  Thanks for the answer....... but I guess you misread the question.  I am able to add new fields as columns to the search results table.  My problem is I want to add the searchable field to the query form.  Also, I do not want to use the Add Fields button (because that is a part of Saved Search which is Personalization and limited only to the creator) , I want the newly added searchable field. for example Employee Number ( which is not there by default)  to be made available to all the end users of Identity Self Service system..... Hope you got the problem... 

• Replicating the app functionality from OIM 10g to OIM 11gR2

  Hi,
  I have a resource object with an object form and a process form and approval, provisioning configured in OIM 10g design console. Provisioning is manual provisioning assigned to a particular group based on a task assignment adapter. For replicating the same in OIM 11gR2 i followed the following steps.
  1. Created a Resource object in Design console.
  2. Created a dummy IT Resource ( Since while creating app instance it is having IT Resource as Mandatory field. * Is there any way to skip this as i do not have any IT resource in my original app as it is going for manual provisioning?)*
  3. Created a process form in Design Console with the same fields as present in my 10g app process form.
  4. Now i need to Create an app instance and select the created resource object and IT resoource. Also i need to create a form associated with the app instance in which i will add the fields as present in the object form in my 10g app. ( Here i am not understanding how data will flow from object form to process form since there is no data flow mapping here)
  5. Other steps like creating the SOA composite with human tasks and deploying it and after that creating approval policies is pretty much clear.
  Please clarify whether the steps are correct and also the queries which i have posted in between. Thanks in advance.
  Regards,
  Durgaprasad
  Edited by: Durgaprasad on Jan 17, 2013 3:38 AM

  Thanks Gyanprakash. Wll disconnected resource trigger our custom approval process if we select the resource name properly in scope in operational level approval policy. Have you tried a disconnected resource with your custom approval process. Because i read the following lines in admin guide
  Oracle Identity Manager supports provisioning of disconnected resources by using the SOA worklist for manual provisioning of disconnected resources. After the role-based provisioning decision or SOA request approval is complete and the corresponding application instance is determined to be a disconnected application instance, a new SOA workflow is started. This new SOA workflow is assigned to the manual provisioning administrator.
  So i thought disconnected app instance will have its own approval process configured during the creation and it will route accordingly. So just wanted to clarify how to make disconnected app instance to trigger our approval. will approval policay take care of it as i am going to select the name of the disconnected app in the scope field.

• OIM 11gR2 : User groups not visible on UI

  Hello Experts,
  I have a requirement in which i need to assign the user provisioned to AD to some group(s) depending upon certain conditions like BU, Location etc. I created a Process Task adapter for the same and am able to successfully assign the users to the desired groups.
  But i am able to check for this validity from the Backend only.
  Ideally the groups assigned to the user must be visible after following these steps:
  *1. Search for a user provisioned to AD.
  2. Go the the Accounts tab.
  3. Click on the AD account (to which the user has been provisioned)
  4. A process form is displayed in the lower half of the webpage which also shows the information regarding the groups assigned to the User. But the groups are not getting displayed.*
  Kindly Help.
  Edited by: IDM_newbie on Jan 24, 2013 11:24 PM

  But sir, the groups are listed under the Accounts tab. Is there any schedule job provided by OIM 11gR2 which results in the display of Groups assigned to the user as well under the Accounts tab ?
  Edited by: IDM_newbie on Jan 25, 2013 1:51 AM

• Request dataset in OIM 11gr2

  Hi Experts,
  I have integrated OIM 11gR2 with Siebel and able to provision by xelsysadm. My requirement is End User will be raising request for siebel resource and approval workflow associated with is triggered.
  1. End user raising the request is able to view the process form, I need to restrict few attributes i.e. position and responsiblity should not be visible to end user
  2. Position and Responsibility should be provided by approver (this is specified in request data set of provision resource)
  3. As per Oracle document there is no request data set for PROVISION and MODIFY resource. What is the replacement for this?
  4. After Request is raised it has been assgined to xelsysadm, how do i control the approval ?
  Regards
  A Abhinay

  1. End user raising the request is able to view the process form, I need to restrict few attributes i.e. position and responsiblity should not be visible to end userEnd user will see Application Instance Form and you can customize the UI to hide attributes
  2. Position and Responsibility should be provided by approver (this is specified in request data set of provision resource)
  Make your Java Code/Beans/Expression to show/hide attributes conditionally.
  3. As per Oracle document there is no request data set for PROVISION and MODIFY resource. What is the replacement for this?Application Instance Form
  4. After Request is raised it has been assgined to xelsysadm, how do i control the approval ?Approval Policies

• Pre-populate Organization to the self registration request in OIM 11gR2 PS1

  Hi All
  I want to know if there is a way to pre-populate Organization to the self registration request in OIM 11gR2 PS1.
  I am trying to configure auto approval and for that I need to add org to the request.
  Thanks

  Hi,
  you can look into the following post : https://forums.oracle.com/message/10830661
  Thanks

• [ OIM 11gR2 PS1 ]How to add additional field on Application Instance Form ?

  Hi,
  In our scenario we have Disconnected applications in OIM. AI (Application Instance) form and PD editing is created by OIM.
  We want to add additional field in AI form.It is visible in back end. But,its not visible in OIM admin console for admin and as well for end user.
  Is there any property related to form field in AI ,where we need to make changes to make it visible ?
  Instance used is OIM 11gR2 PS1
  Thanks,
  RPB
  Edited by: RPB25 on May 29, 2013 9:46 PM

  I was able to resolve this issue . we need to click on "regenerate view".

• Configuring ACF2 connector with OIM 11gR2

  Hi Experts,
  I am working on configuring ACF2 connector with OIM 11gr2, In an intermediatory step we need to copy VOYAGER_ID.properties file. The comment against this file is written as: Rename VOYAGER_ID with the name "Voyager server's VOYAGER_ID control file property".
  Can anybody please tell what does this actually mean?
  thanks

  Rename the copied file to match the VOYAGER_ID property. For example, if the target system has VOYAGER_ID = VOYAGE14, then the .properties file should be named VOYAGE14.properties.
  The Voyager reconciliation agent sends a unique identifier value, called VOYAGER_ID, each time a reconciliation event occurs. This value must match the name of the .properties file being used by the topsecret-adv-agent-recon.jar file for reconciliation.

• OIM 11GR2 UNIX Connector Reconcile users from UNIX inquiry

  Good Day!
  I would like to ask whether there is a way in OIM that when I reconcile all new users from my UNIX server, OIM will also create the resource which this user is provisioned upon?
  Here is my scenario:
  1.) Freshly installed OIM 11GR2.
  2.) Installed UNIX connector on OIM 11GR2.
  3.) Configured UNIX TRUSTED Resource
  4.) Reconciled all the UNIX users into OIM. (New users are created since my OIM doesn't have any user)
  5.) The problem is when the new users are now created in OIM, they don't have entitlements or accounts linked to the UNIX server which they have been pulled upon.
  I would like to ask whether I need to configure something to have the entitlements/accounts linking possible?
  If not, what are the ways I can achieve this?
  The only way I can think of is have the UNIX users be created in a flat file first then load via GTC then have reconciliation to have OIM to link these users to UNIX which I believe should be able to do the scenario I am asking upon.
  Thanks in advance!
  Regards,
  Jeff

  By the way, checking target resource recon by default will not create new users when OIM is not able to establish a link.
  In my case, OIM doesn't have any users since this is a fresh install hence even running target resource at start will won't create the new users in OIM right?
  based from this:
  "You configure application (AD, OID, OVD, HR) etc in Target Resource Mode if that OIM is source of truth for user provisioning (All users are created in OIM and OIM then provision accounts in Application. Any changes in Application are reconciled back to OIM)."

• OIM 11gR2 Request Validator Plugin and Axis based Web Service Client

  Hi,
  I am trying call a web service client generated using axis2 from a request validator plugin in OIM 11gR2 and I have all the axis related jar files under the plugin lib folder but it fails due to the axis reference issues.
  I tried putting the jar files under different locations like thirdparty folder, server lib etc. But it is giving issues every where. Please let me know if you have some solution.
  Thanks in advance,

  Haven't worked on this, but have you tried by putting the axis libraries inside the plugin lib folder when you are building up the plugin? Also you need to check asix2 compatibility with weblogic version with R2.
  -Bikash

• Organization Admin control in OIM 11gR2

  Hi,
  I was trying to configure Organization Admin control in OIM 11gR2. Our requirement is to configure roles having read access of organization (members of this role can only see the members of the organization but cannot update it), roles having admin control on organization (where members of this roles can read/write/execute member access). There should be different set of roles having access on different organization where members from one role cannot access the members of the other organization. I tried to configure these security models but the only thing i could find in organization is Admin Roles which also i couldn't able to configure very well :(. Can someone point me to the correct documentation or procedure/tool which we should use to achieve such functionality (These functionalities are very easily available in OIM 10g but couldn't find in 11gR2 :( )

  If you add the members of a role to the Admin Roles of a given Organization (Specifically OrclOIMOrgViewer Admin Role). The users will be able to see the users in that organization.
  A few things to consider:
  Only xelsysadm or a users in the System Administrator Admin Role can assign users to Admin Roles within the scope of an Organization.
  Here is a piece of code that you can use to programmatically add users to the Admin Role OrclOIMOrgViewer:
  public List getScopedAdminRoleMemberships() {   // This one gets the list of all admin roles scoped by Organization
  Hashtable env = new Hashtable();
  env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL,"weblogic.jndi.WLInitialContextFactory");
  env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, "t3://<oim server host>:<oim port>");
  OIMClient oimClient = new OIMClient(env);
  try {
  oimClient.login("xelsysadm", "<XELSYSADM Password>".toCharArray());
  } catch (LoginException e) {
  throw new RuntimeException(e.getMessage(), e);
  AdminRoleService adminRoleSvc = oimClient.getService(AdminRoleService.class);
  return adminRoleSvc.getScopedAdminRoles();
  public AdminRoleMembership addAdminRoleMembershipFor(String userId, AdminRole role, String scopeId) {  // This method adds the user identified by userId (pass usr_key not usr_login) to the Admin Role in Org whose key (act_key) is
  // passed as a parameter in the scopeId.
  AdminRoleMembership membership = new AdminRoleMembership();
  membership.setAdminRole(role);
  membership.setUserId(userId);
  membership.setScopeId(scopeId);
  Hashtable env = new Hashtable();
  env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL,"weblogic.jndi.WLInitialContextFactory");
  env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, "t3://<oim server host>:<oim port>");
  OIMClient oimClient = new OIMClient(env);
  try {
  oimClient.login("xelsysadm", "<XELSYSADM Password>".toCharArray());
  } catch (LoginException e) {
  throw new RuntimeException(e.getMessage(), e);
  AdminRoleService adminRoleSvc = oimClient.getService(AdminRoleService.class);
  return adminRoleSvc.addAdminRoleMembership(membership);
  This should give you what you need. Remember, the API's work with act_key and usr_key values don't use Org Names or User Logins.
  Hope this helps.
  Regards
  Alex Lopez

• Usr_key: Modifying user in OIM 11gr2

  Hi Experts,
  My requirement: while modifying the user i need to get the "usr_key" or "User Login" of that user for further use.
  I am new to OIM, so can anyone of you help me in resolving my isseu.
  Thanks in advane.

  Hi
  Can anyone let me know the steps to restrict modify user operation for the users belonging to specific organization in OIM 11gR2. The condition which I specified under Authorization Policy in APM console is not triggering at all.
  Thanks!

• Multiple self-registration pages in OIM 11gR2 PS1

  Hi All
  I have a requirement to implement multiple self-registration pages in OIM 11gR2 PS1. Has anybody faced such requirement before.
  Any pointers will be highly appreciated.
  Thanks

  Hi,
  Basically i need some more information about your use case.
  Can you please elaborate the use case. What actually you want to do  by having multiple self-registration pages

• OIM 11gR2 PS1 installation on Websphere

  Hi,
  Has any one installed OIM 11gR2 PS1 on websphere (With Cluster environment or single node).
  I

  I was able to resolve this issue . we need to click on "regenerate view".