OIM 11g Question

Hi All,
Can we create custom datatypes and access those using the OIM API. If yes, please let me know how to do that..??
Thanks,
anag

I understand in OIM there is User, Role and Organisation Types.
Is it possible to,
1. Create a new type e.g. Assessment (which contains a number of attributes and references such as name, company, organisation, etc)
2. If possible, can you access (Read, Delete, Insert, Update) the custom type through OIMclient API, SPML webservice or any other means?
Thanks

Similar Messages

  • Oim 11g Custom Challenge questions

    hi,
    does oim 11g allows users to setup custom challenge questions.
    Sun Idm does have this feature..
    any idea on Oracle Idm..
    thank you.

    How to add custom challenge questions in OIM 11g
    Find below link for 11gR2
    http://srini-bellamkonda.blogspot.in/2012/11/adding-custom-challenge-questions-in.html

  • Questions against OIM 11g

    Hi All!
    Is it possible to add user photo to user profile in new OIM 11g? My second question is: there is possibility to add attachment to approvall form (like word doc), or digitally sign approval form?
    Any help will be nice
    Best
    mp

    MariuszP wrote:
    Hi All!
    Is it possible to add user photo to user profile in new OIM 11g? My second question is: there is possibility to add attachment to approvall form (like word doc), or digitally sign approval form?Without customization:
    No photo http://download.oracle.com/docs/cd/E14571_01/doc.1111/e14316/usr_mangmnt.htm#BGBGFJAH
    No digitally signed approval form
    No attachments

  • A question regarding authorisation policies in OIM 11g

    Hi,
    I went through the list of OOTB Authorization policies in OIM 11g, just to know what all permissions were given to the 'ALL USERS' role which will be assigned to any OIM user by default.
    Below two policies are of a bit confusion to me. It would be great if you can put some light and clarify the missing link.
    ::::::::Role Management Role Owner Policy::::::
    This has the permission to delete role, modify role and search role:
    This is applicable to all roles in the system.
    This is assigned to 'ALL USERS' role.
    So as per my understanding, any user who is a member of ALL USERS role, can delete, modify and search role.
    But I can see only search role functionality for the default user. (ie., any user who is a member of 'ALL USERS' role)
    A simple user was not able to delete any kind of role.
    Is my understanding incorrect... Where is the missing link???
    :::::::User Management All Users Policy:::::::
    Permission is view user detail.
    Applicable to All users and assigned to 'ALL USERS' role.
    So any user should be able to view any other user detail.
    But its not happening. A user was not able to view another user's detail
    Is my understanding in correct... Where is the missing link???
    Looking forward to hearing from you,
    Many thanks in advance
    Warm regards,
    818343

    Can u check if role is assignd to user.

  • OIM 11g Approval Workflow Notification questions

    Hello.
    I am working with an OIM 11g approval workflow. The workflow will flow from one group to another, and if one user in each group approves it, it is approved. Because I assigned it to groups, the notifications are going to every user in each group.
    Is it possible to send a notification to only a single user within a group, instead of everyone? Does auto claim do this?
    Is it possible to send a different notification if the ApprovalTask is rejected versus approved?
    Thanks.

    If I understand correctly, you want to send the notification only to the user who has approved the request and not to all in the group. You can do it by NOT using the notification tab in the .task but by using EmailNotificationService after the .task in BPEL. There you can read the data from payload on who approved the request and can send the notification only to that user. Same way for rejects. You can configure that.
    1. After your .task completion you can have a decision box which can check the value for 'outcome' and then direct it to appropriate path for appropriate notification.
    or
    2. Based on outcome you can set the template in a variable and then in the notificationservice use that variable.
    -Bikash

  • OIM 11g - Install Question

    Hi All,
    Is it possible to install just the files for an OIM 11g installation, but connect it to an existing database?
    For example, if I have a current environment, and I managed to break my WLS to the point where I can't start it, is there any way I can reinstall Weblogic with OIM/SOA but not lose all my OIM configurations?
    Thanks

    The way to do it is to follow the same procedure which you used while installing a new environment but leave the RCU part where you create the schema(s). Once WLS, IAM, SOA are installed you would have to configure IAM. At that step where you configure IAM via the config wizard and provide the db details, there it would prompt you a warning saying that the database is already encrypted from previous installation and that if you want to continue. If you want to continue then you need to copy the .xldatabase key from the previous installation (fwmconfig folder from Oracle_IDM home if I remember it correctly) into the new installation directory. Once copied, you would be able to start OIM successfully.
    The problem with SOA as I understand is that it does not keep the private key into some key file but rather keeps it into the credential map (in the mbeans). If you look at the cretential map of SOA via EM on you current installation, you would see a bunch of passwords saved there. The problem thus is to get the unencrypted value from that and once new installation is complete (pointing to the existing db), update its credential map.
    I think there should be some jps config for it, but haven't got the time to dig around it. Let us know if you get to find anything.
    HTH,
    BB

  • OIM 11g R2 PS1 - Bugs fixed info required

    Hi ,
    I have OIM 11g R2 with BP 06 installed on my system and want upgrade to latest version so that majority of bug fixes are incorporated. As both BP07 and PS1 are in market.
    While checking for BP7 fixes we noticed that there are certain fixes that we really require in our application like:
    Bug:16315001 : GTC mapping image on migration to other environment is not displayed.
    Bug:16506870 : De-provisioning of user accounts via the Set User De-provisioned Date scheduled job fails.
    Bug:16347855 : Users are able to submit a request for modify account although nothing is modified on the form fields.
    But while checking for release notes of PS1 (11.1.2.1) i did not notice any such fixes, rather there were some certification exception fixes ,new menu called "Certification" in Sysadmin Console and Introduced new menu called "Inbox" in Identity/Self Service Console
    So my question is that to apply above fixes we need install the BP7 patch separately, considering PS1 is not a cumulative one and then install PS1
    Thanks,
    Puneet

    Hi,
    Check out: http://www.iamidm.com/2013/05/oim-11g-r2-ps1-certification-tab-in.html
    Regards,
    Chinni

  • DB quries wrt migration from oim 9.1 to oim 11g (11.1.1.5)

    Hi All,
    We have to do migration from oim9.1 to oim 11g (11.1.1.5) with new DB and AppServers.
    High level Steps are as follows
    1. import the existing OIm9.1 DB to new DB.
    2. Create Additional schemas (SOA,MDS) on new DB.
    3. Install OIm 11g and SOA applications on new servers
    4. Migrate new DB's OIm 9.1 Schema to support oim 11g (by running Oracle_IDM_Home/bin/ua.sh)
    5. Some other releated tasks (As mentioned in the upgrade guide)
    6. Migrate OIM application middlte tier
    7. Other tasks (As mentioned in the upgrade guide)
    Our requirement is
    Step 1, we have to import DevDB data to new tempDB and will proceed with new tempDB for migration.
    Then after, we wanted to import the tempDB to NewDevDB and then wanted to replace newDevDB data(which is imported from tempDB) with QA DB's data (its QA oim 9.1 DB). (We have limitations to take QADB at first time itself, thats why, we are taking Dev DBdata in step 1).
    My questions are
    1. What are the required changes required for Moving oim11g DB to another DB (by dumping the same DB).
    2. After, performing the migration, can we dump only the OIm 9.1 DBdata(QA) to OIm 11g DB? if yes, will it affect the oim 11g DB Schema.
    Please suggest me, or do let me know, if you need any other information.
    Thanks.

    I think, I can consider my Question #1 is as equal to Oracle Identity Manager Database Host and Port Changes, So I can use the steps mentioned in the link http://download.oracle.com/docs/cd/E21764_01/doc.1111/e14308/handlinglcm.htm#CIAJBHHH (Section: 13.1.1 Oracle Identity Manager Database Host and Port Changes). Do we need to do any additional modification with in any configuration files? Please, can any one confirm it.
    And Can any one help on my question #2.
    Edited by: user13285646 on Aug 11, 2011 12:46 PM

  • AD Password Sync connector 9.1.1 With OIM 11g R2 - ERROR OVER SSL

    I have set up AD password sync with from AD to OIM 11G R2
    The password syncs from AD to OIM 11G R2 on non ssl port 389.
    But if fails on SSL Port 636.
    Errors in OIMMain.Log:_
    Debug [10/11/2012 10:49:34 AM] Inside ConnectToADSI
    Debug [10/11/2012 10:49:34 AM]
    ldap_connect failed with
    Debug [10/11/2012 10:49:34 AM] Server Down
    Debug [10/11/2012 10:49:34 AM]
    Steps Carried Out thus far:_
    AD is up and running.
    Configured AD Password Sync Connector on 636 and selected ssl.
    Created Certificate on OIM host, configured custom identity key store on weblogic. Restarted Weblogic.
    Imported Certificate to AD. After this, restarted the AD
    I can Telnet port 636 from OIM Box and also connect to AD through LDAP Browser on 636 and view OU and CN, so this seems fine.
    Provisioning from OIM through Connector Server to AD works over SSL and this works fine.
    Help would be appreciated.
    Many Thanks

    This question is now been fixed.
    Instead of explicitly stating 636 for SSL,
    Use the same port 389 for ssl and also configured oim port to be 140001 which is the ssl port for oim in the configuration of OIM Password Sync.
    Export Certificates from AD to java security keystore and to weblogic keystore
    Export .pem certificate created on OIM host machine to AD.
    Restart weblogic, oim and AD
    Everything would work fine.
    For all the other information, refer to doc.
    Thanks

  • Customizing request datasets in OIM 11g

    Hi Friends,
    I have couple of questions/issues while customizing request datasets in OIM 11g. Can you please help me?
    1) I gave read-only="true" in my request dataset for one of the attribute, but I was still able to edit that attribute value while raising requests.
    2) I gave hidden="true" in my request dataset for one of the attribute, but I was still able to see that attribute while raising requests.
    3) I have around 90 attributes in my request dataset. Is there any way to display category type and under that category display the attrbitues i.e. just like attributes in user profile.
    4) As I have 90 attributes, I am expecting the format will be like first 45 will be shown in left panel(column) and remaining 45 in right panel (column). Instead of this , it is showing first 70 in left panel and the remaining 20 in right panel which is very ugly to see. Is there any way to show frist 45 on left side and remaining 45 on the right side? Please help me.

    Regarding the first two points:
    1) The read only property applies to the approver only, i.e. approver can read and not modify the attribute. It does not apply to the requester. I don't believe you can configure a read-only attribute in the data set.
    2) If you want to hide an attribute, you can restrict it in your request template.

  • How setup LDAP Sync After Install in OIM 11g  ver, 11.1.1.5.0

    Hi guys, I'm trying to find how to setup LDAP Sync After Install in OIM 11g (ver, 11.1.1.5)....
    I found on Metalink an interesting article "*How to Setup LDAP Sync After Install in OIM 11g [ID 1272682.1]*", but inside there is a Note that says:
    Note: This article is applicable to OIM version 11.1.1.3 only. Steps for 11.1.1.5 are not the same, and product manual has documented steps to setup LDAP sync after install.
    So, that the steps for 11.1.1.5 are not the same, it's clear.....
    and I tried to look for these steps in the manual:
    Oracle® Fusion Middleware Quick Installation Guide for Oracle Identity Management
    11g Release 1 (11.1.1)
    Part Number E10033-06
    but I didn't still find nothing for the specific 11.1.1.5.0 version....only for the 11.1.1.3.0 version
    Can anyone help me to find where these steps are ? I need this information as soon as possible ti start the development
    Thanks in advance for the help
    Alex

    If you are creating Before and After Create Opeation script, you would be able to access all the variables in the process form. Now obvious question, what are the names of these variables? The answer is: the name of the variable is same as that mentioned in the "decode" column of the provisioning attribute map lookup or in other words, the variable name is same as the AD attribute name. In the example mentioned in the documentation, the variable "%givenName% was used in the script. On the similar lines you can use other variables like "sn", "samAccountName", etc.
    Hope the information helps.

  • Lookup codekey value in Request dataset in OIM 11g

    Hi,
    Below is my Attribute reference in Request dataset in OIM 11g.
    Could you please suggest what could be the possible Lookup code key values in lookup 'Lookup.AccountingControl.Roles'
    I tried giving CodeKey values as "ACCOUNTING CONTROL~" then Decode value as "Administrator" , However it does not give any value.
    So I think what I am giving as Codekey value is wrong based on below lookup query.
    What could be the correct value for CodeKey ? Thanks!!
    <AttributeReference name = "Role Name" attr-ref = "Role Name" type = "String" length = "256" widget = "lookup-query"
    available-in-bulk = "true"
    required = "true"
    primary = "true">
    <lookupQuery
    lookup-query = "select lkv_encoded as Value,lkv_decoded as
    Description from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and
    lku_type_string_key='Lookup.AccountingControl.Roles' and instr(lkv_encoded,concat('ACCOUNTING CONTROL','~'))>0"
    display-field = "Description"
    save-field = "Value"/>
    </AttributeReference>

    Yes..You were right.
    You resolved one of my issue. I have marked it as answered giving 10 pts ;-)
    I think I have already raised another forum question where I needed to pass this Accounting Control as dynamic and this is one Resource Obkect selected from previous page.
    You asked me to use Prepopulate adapter to get the Resource Object name.
    I have still some questions to solve that issue.I will put that question there. It would be great yo answer it.

  • Sending email notification  using email template in OIM 11g

    HI all
    I want to send an email to the user in OIM 11 g using API's
    I have created a email template using oim 11g's design console.
    now i want to access that email template from design console and send mail to user.
    previously in OIM 9i there was class com.thortech.xl.dataobj.util.tcEmailNotificationUtil;
    which was having utilities method like send-email etc.where we were able to access the email template from design console and send mail to user.
    I want such API's to send mail to user in OIM 11g.Iam unable to find the tcEmailNotificationUtil class in OIM 11g;
    Thanks in advance
    Bipin patil

    Thanks kuldeep
    I have one single question,.
    I have gone through the 11g docs but it is not present in the oim 11g docs any reasons for it .

  • Self Registration in OIM 11g

    Hi,
    Can some one guide me on how to add User defined fields to self Registration page.My requirement is : In self registration form(at the login page),I have to add some UDFs and delete some existing fields.
    2.User should be created immediately - no approval process for user creation
    3.User email address should be the userid/username. All the oim-username properties should apply to user email address.(No duplicate user email address).Please help.
    Thanks.

    Regarding Question 1, Chapter 8 ( managing profile) of OIM 11g user guide should help you here. In summary, You will need to use self service related authorization policies to add udfs to self profile page.
    http://download.oracle.com/docs/cd/E14571_01/doc.1111/e14316/my_profile.htm#CACICCFD
    Regarding Question 3, Please check out 11.5.2 Configuring the Username Policy of OIM 11g user guide.
    http://download.oracle.com/docs/cd/E14571_01/doc.1111/e14316/usr_mangmnt.htm#CHDJGJJA
    You will need to configure EmailIdPolicy as the username generation policy. OIM11g has OOTB validations to enforce email uniqueness.

  • OIM 11g Entity Adapters

    Hi all,
    I have developed an Entity Adapter using Oracle Identity Manager Design Console which generates different account user ids against a user defined field on Process Form.
    Here I'll provide more details about my scenario.
    SCENARIO*
    a. OIM version: 11.1.1.5.0
    b. Process Form fields (Siebel Process Form):
    - User ID
    - First Name
    - Last Name
    .... [any other out of the box Siebel Connector field]
    - Anonymous Flag (this is a user defined field on Siebel Process Form)
    c. Entity Adapter
    - this adapter has an input variable which is Process Form user defined field "+Anonymous Flag+"
    - if "+Anonymous Flag+" is checked (true) then the adapter sets the return value to "*Anonymous*"
    - else if "+Anonymous Flag+" is uncheked (false) then the adapter sets the return value to "*NOT Anonymous*"
    - the adapter return variable is mapped to Process Form "+User ID+"
    - NOTE: the adapter return values are only for testing pourpose. In the future, the adapter should return two different syntax for User ID.
    For example in case of Anonymous Flag checked, account User ID should be +<surname>+ + "+_+" + +<name>+ + +<random_number>+; while in case of Anonymous Flag unchecked, account User ID should be <+company_name+> + <+random_number+>
    d. Access Policies
    - an access policy "+AP_for_Anonymous+" linked with a role "+ROLE_for_Anonymous+" that sets "+Anonymous Flag+" to checked (true)
    - an access policy "+AP_for_NOT_Anonymous+" linked with a role "+ROLE_for_NON_Anonymous+" that sets "+Anonymous Flag+" to unchecked (false)
    RESULTS*
    Assigning one of roles "+ROLE_for_Anonymous+" or "+ROLE_for_NON_Anonymous+", on Process Form, user defined field "+Anonymous Flag+" is valorized correctly, but Entity Adapter doesn't seems to work. In fact Process Form User ID remains empty.
    QUESTIONS*
    1. Are Entity Adapters associated with accounts supported in OIM 11g? I found a couple of posts that assert that Entity Adapters don't exist in OIM 11g (Event handlers are not getting invoked in oim 11g. or that state Entity Adapters are not supported with the User Form (Issue in adapters mapping in OIM 11g About this I found Entity Adapter Oracle documentation (http://docs.oracle.com/cd/E21764_01/doc.1111/e14309/creadp.htm#BABDHECI)
    2. If Entity Adapters are not applicabile to my scenario, can I use Event Handlers? If yes, what are the entity types that I can specify in event handler metadata xml file? For "event handler metadata xml file" I mean the following
    <action-handler class="com.test.sample" entity-type=????? operation="CREATE" name="Sample" stage="postprocess" order="1007" sync="TRUE"/>3. If Entity Adapters are not applicabile to my scenario, what are the operations that I can specify in event handler metadata xml file?
    Thank for your help,
    Daniele

    Entity Adapter still exist in 11g. Yes, you can use Event Handler .
    But why don't you use Process task/prepopulate adapter for your scenario. Try below
    1. You have some condition on which role is assigned. Based on same condition populate this Anonymous/ Not Anonymous(true/false) at user profile.
    2. write a pre-populate adapter to generate User ID. pass parameters Anonymous flag along with other user profile attribute(first name, last name..etc.) . Here based on flag you will be able to decide User ID.
    3. attach this pre-populate with process form.
    4. already you have two access policy which is fine. just edit both and remove the Anonymous flag value else can leave it as it is.
    Note: for populating Anonymous flag on user profile create a new UDF and try to populate in trusted recon.else write post process event handler for same which will execute before access policy. I mean the order of evethandler should be between 1003 to 1008
    If you have doubt let me know
    --nayan                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

Maybe you are looking for

  • XSLT to create JSP Document

    In the JSP 1.2 spec it talks about using XSLT to generate JSP Documents. I'm not sure if it's talking about generating JSPs at design time or run time. Has anyone attempted creating them at runtime? I've looked around and haven't found anything addre

  • Gdm locale problem..

    Default locale is en_US.UTF-8 and I need to input Korean Language.. So LC_CTYPE is setted ko_KR.UTF-8 in .xinitrc But only when loggin in gdm, locale LC_CTYPE doesn't work., .profile and .xprofile file is no useful.... In my experence, .xprofile affe

  • WARNING: Granules of pga_aggregate_target 133

    Hi DB VERSION 11G My alerts log full whit this massage WARNING: Granules of pga_aggregate_target 133 cannot be more than memory_target (275) - sga_target (147) or min_sga (15). What it mean or how to fix it ? My memory setting is : SQL> select NAME,

  • Directory Server & NDA: modifications or permission problem?

    My predecessor replaced the "change password" page in the IDA. The original page is still at the original location, so I wonder if it was changed in a servlet or config-file (searched, but didn't find it). Accessing the original page (/nda/change.htm

  • How to skip database JOBS during export &  import ?

    1) Is there a way to skip database jobs while exporting (EXPDP) ? 2) Is there a way to skip database jobs while importing (IMPDP) ?