OIM 11g R1 - User Login activities

Hello,
we have OAM-OIM-OID integration. A user authenticates against OAM/OID.
It is possible to track any user login or user password changes?
Where will this activities stored? OAM or OID?

you can check the OAM or OID Audit logs.
OID: ORACLE_INSTANCE/auditlogs/OID/oid1
OAM: <MW_HOME>/user_projects/domains/OAM_domain/servers/oam_server1/logs/auditlogs
Reference:
http://docs.oracle.com/cd/E14571_01/doc.1111/e15478/audit.htm
http://docs.oracle.com/cd/E15523_01/oid.1111/e10029/auditing.htm

Similar Messages

  • OIM 11g (OIMClient) API login without password

    Hi,
    Is it possible to login using OIMClient API with username only?
    I would like to use a trusted web service to invoke the OIMClient API (using private key and username), this seems possible in the previous version of OIM, has anyone tried with 11g and how do you do it.
    Alternatively is it possible to decrypt 11g password from a web service?
    Thanks

    Hi,
    If you are looking for login to OIM using UserName/PrivateKey, refer the link below:
    While login to OIM 11g using private key getting error
    Regards,
    Raghav.

  • OIM 11g, Get users from table and insert them into Approval Task

    Hi All,
    I have OIM 11.1.1.5.4 in Solaris 10 and I have an Oracle Table configured as Trusted Source.
    I am using Database_App_Tables_9.1.0.5.0 connector.
    I want Reconciliate new users from a Oracle Table as follow:
    1. I ran the scheduled job
    2. The new users reconciled Must get into an Approval Task before of insert them into USR Table.
    3. The Administrator User Approved o Rejected the new users.
    4. The new users that were approval Must insert them into USR Table.
    Is there any form of implement this?, Can you guide me please?.
    Thanks for your Help.

    Through your Schedule Task, generate "*Create User*" (Request Type) request and assign approval workflow for such requests.
    After completion of approval ONLY, users will get created into OIM 11g.

  • OIM 11g Modify User Profile for Updating End Date

    Hi Gurus!
    We have an OIM implementation where users may request the creation of other users by means of a Create User request template. In this template we set the End Date to be 3 months after the request date.
    In order for the requester to extend the period of a user's OIM user account (along with its provisioned resources) we customized a Modify User Profile by displaying the End Date field and automatically populate it again to 3 months after the request date. Also we developed a custom event handler to enable the user when it is disabled and the End Date is updated to a future date.
    This Modify User Profile is working great when the user is still enabled (the End Date is still in the future), however, when the End Date has passed (and the user is Disabled) the requester is not able to see the user when selecting the Modify User Profile request template.
    Is there a way to allow requesters to also see disabled users in the Modify User Profile request template?
    Thank you in advance.
    Regards,

    Hi Kevin,
    thanks for your reply!
    But, in this case, when the user is already disabled due to his End Date, how can a requester, through the Self Service TAB, enable it?
    The Enable User request template does not work since when trying to enable the user, OIM sees the End Date is already passed and the DataSet validation throws an exception.
    The only way I saw was providing a Modify User Profile Request template to change the End Date and developing a custom event handler to enable the user upon the extension of the End Date...
    How can, in this situation, a requester enable the user and extend its End Date?
    Thank you!
    Regards,

  • OIM 11g R2 - User random password Generation

    Hi All,
    In my case users are getting created in OIM using Trusted source reconciliation and need to populate a random password for each user.
    Please suggest me which of the following methods is better and why?
    Method 1: Created a post Event Handler and populate password attribute. This case I created a custom Post event handler and populated password attribute and is success but the password stored in database is plain text and so not able login to Adminconsole with same password. So, how to encrypte password and then store in DB?
    Method 2: Create entity adapter and attach to user form using Data object manager
    Or, please suggest me any other best way.
    Thanks in advance.

    Hi,
    Users are being created thru trusted source recon and password is not automatically getting populated. I verified it, by checking USR_PASSWORD attribute in USR table and it is empty.

  • OIM 11g r2  User  UDF fields  Updation based on AD ID

    Hi,
    We have to update the UDF fields created for the users in OIM using the data from a table.
    This table contains the AD ID, and other fields.
    OIM User (already available) will be updated based on AD ID ….i;e AD ID column will be used to find the user in OIM and then his UDF will be updated based on the respective data from other columns in the table .
    Please can you help me on this task?
    Thanks,

    Your requirement doesn't tell much like when you want to update your user. If it would be on daily basis then go for Schedule Task, if you want to at the time of provisioning then you can have one task and attach your code to bring AD ID in OIM..
    You may leverage Event Handlers as well if your use case requires that.

  • OIM 11g create user with API - double resources

    Hello.
    We have a custom web client for creating a user in OIM. When we create a user with the OOTB web app (formerly xlWebApp), it creates the user and the Access Policies work correctly to give the user one of each resource.
    When we create the user with the API from our custom web app, it tries to assign 2 of each resource to the new user. Has anyone seen this behavior before? Thank you.

    Bump Thanks.

  • OIM 11g searching users by UDF, using API

    Hi,
    I can't search by any field other then "Users.User ID, Users.Key, Users.Middle Name ... "
    Standard fields but not on the list above (i.e. "USR_STREET"), allways result as 0 (rs.getRowCount()=0).
    And the worst is searching by user defined field. It always ends with exception.
    my code:
    tcUserOperationsIntf a = client
                             .getService(tcUserOperationsIntf.class);
                   Hashtable ht = new Hashtable();
                   ht.put("USR_UDF_HR_ID1", "10000008");
                   System.out.println(ht);
                   tcResultSet rs = a.findAllUsers(ht);
                   System.out.println("count: " + rs.getRowCount());
                   System.out.println(rs.getStringValue("Users.User ID"));
                   System.out.println(rs.getStringValue("USR_UDF_HR_ID1"));
    HR_ID1 is string, not required, not unique, searchable.
    What I get is:
    *Thor.API.Exceptions.tcAPIException: Error occurred while finding users.
         at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:234)
         at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
         at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
         at Thor.API.Operations.tcUserOperationsIntf_e9jcxp_tcUserOperationsIntfRemoteImpl_1033_WLStub.findAllUsersx(Unknown Source)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:84)
         at $Proxy2.findAllUsersx(Unknown Source)
         at Thor.API.Operations.tcUserOperationsIntfDelegate.findAllUsers(Unknown Source)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at Thor.API.Base.SecurityInvocationHandler$1.run(SecurityInvocationHandler.java:68)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
         at weblogic.security.Security.runAs(Security.java:41)
         at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
         at Thor.API.Base.SecurityInvocationHandler.invoke(SecurityInvocationHandler.java:79)
         at $Proxy3.findAllUsers(Unknown Source)
         at com.netline.woz.magwit.ApiTester.main(ApiTester.java:72)
    Caused by: Thor.API.Exceptions.tcAPIException: Error occurred while finding users.
         at com.thortech.xl.ejb.beansimpl.tcUserOperationsBean.findAllUsers(tcUserOperationsBean.java:4588)
         at Thor.API.Operations.tcUserOperationsIntfEJB.findAllUsersx(Unknown Source)
         at sun.reflect.GeneratedMethodAccessor2851.invoke(Unknown Source)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
         at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
         at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
         at $Proxy321.findAllUsersx(Unknown Source)
         at Thor.API.Operations.tcUserOperationsIntf_e9jcxp_tcUserOperationsIntfRemoteImpl.findAllUsersx(tcUserOperationsIntf_e9jcxp_tcUserOperationsIntfRemoteImpl.java:1182)
         at Thor.API.Operations.tcUserOperationsIntf_e9jcxp_tcUserOperationsIntfRemoteImpl_WLSkel.invoke(Unknown Source)
         at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:589)
         at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
         at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:477)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
         at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:473)
         at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)*
    Any idea what's missing? I saw in diffrent threads that searching by UDF should work fine...
    Thank you,
    Magda

    Did you restart your oim server after creation of the UDF?
    Also, you can create a lookup definition of Field type. Put the database field in the field, and the Users.XXXXX in the label and then you should be able to search on the Users.XXXX after a restart.
    -Kevin

  • OIM 11g , Ignore User Creation

    Folks ,
    I am facing a issue , hoping you guys could throw some pointers ..
    I have a trusted recon set up via GTC DB connector . There is particular condition when i dont want the user to created in OIM though it will be pulled by GTC (Unfortunately i cant stop that).
    So in nutshell, i want to ignore the OIM user creation when a particular reconciled attribute lets say firstName = ABC AND user is not already present in oim, then ignore the user creation ..
    Any pointers how to achieve this ..
    Thanks
    Suren

    Thanks Raghav for your response , but how ill this work .
    So , when FirstName = ABC record will come , as per your recon rule .., it wont link to any existing user and it will land up in No Match Found status and as its trusted recon it will create the user .., which i dont want ..
    I cant delete rest of the action rules , they are required for processing the updates etc ...
    Please let me know if you need more info ..
    Thanks
    Suren

  • OIM 11G : Selecting Multiple RO's in Single "Self Request Resource" Failing

    Hello Everyone,
    OIM 11G : End User "Self Request Resource" failing when user selects 2 or more resources in a Single Self Request Resource Request
    1) On OIM 11G, I have created 2 resource objects, workflow, process forms.
    2) Created the separate request dataset xml and imported into OIM repository
    3) Now if an end user creates a request , "Self Request Resource" and selects one of the resource
    4) Form defined as per request dataset shows up perfectly for the application on Resource Attributes page which comes next.
    5) Only Problem that I am seeing is when End User selects 2 resources in one single request
    Both the resource request dataset has been correctly configured because selecting only 1 works not both when both are selected in same request.
    Thanks,
    Deepak

    Hello Experts,
    on OIM 11G
    I am getting the above issue when an end user does a "self request resource" and selects 2 Resource Objects.
    On the Next Page, attribute form defined as per the request dataset.xml does not show up.
    Both the RO's are seen on top breadcrumbs but with a blank form. I can navigate to the next RO Resource Data Details again with a blank form.
    Though the attribute form as per request dataset comes up properly if I select any 1 of the 2 RO's and make "self request resource". everything goes fine.
    I have followed the documentation thoroughly to import the datasets etc and can see request dataset in MDS_PATHS table (DEV_MDS user).
    If anybody has also faced a similar issue or tested that selecting 2 RO's in 1 single "self request resource" works , pls let me know.
    Thanking in advance,
    Deepak

  • Oim 11g Custom Challenge questions

    hi,
    does oim 11g allows users to setup custom challenge questions.
    Sun Idm does have this feature..
    any idea on Oracle Idm..
    thank you.

    How to add custom challenge questions in OIM 11g
    Find below link for 11gR2
    http://srini-bellamkonda.blogspot.in/2012/11/adding-custom-challenge-questions-in.html

  • USER LOGIN GENERATION USING EVENT HANDLER IN OIM 11G

    Hi
    I am looking to generate user logins in OIM 11g (11.1.1.5) using event handlers. Can anyone guide me with the process and which API need to be used?
    Regards

    You have to write your custom class which implements oracle.iam.identity.usermgmt.api.UserNamePolicy. Then you have to register the plugin which will contain the plugin.xml and class file of your custom code.
    More in this metalink ID 1228035.1

  • Retrieving Last used User Login Name in OIM 11g R2

    In my scenario, i want to retrieve the last used user login in OIM for user profile, to create next User Login based on last one retrieved ?
    Is there any API method available in User Management to get this value or Any customized DB query that will help ?
    Setup used is OIM 11g R2 PS1.

    Thanks Rajiv for Input !
    Still i have some doubts in my scenario. Actually i have to create new User Login in sequence based on last User Login of Last user created . This is no based on User ID. Also, whatever already existing users with user login are present , they will be uploaded in OIM for first time through trusted reconcilation.
    After reconcilation is done, then hereafter while creating next user i have to update its user login attribute in sequence of latest user login used and check for its uniqueness.Suppose, in case while bulk data import in OIM for first time , the users are not in sequence of User Login attribute, then it will be difficult to get the latest user login. Is there any way to get last user created based on User Login and not on User Id ?
    Hope i have given clear picture of my scenario.

  • Restricting administrator tab to user created with default role OIM 11g R2

    Hi,
    I have a query, if we create a user in OIM 11g R2 without any admin role and then login to Self Service screen (Identity) with the newly created user, we can see the Administration Tab is visible to the user.
    Is this mean that by default user is having admin role assigned to him to do some of the admin activities.
    Please let me know how to control this behavior and not to show the Administration tab to the user until and unless he is having some admin roles assigned to him.
    Please help.

    You can hide Administration tab for normal users using EL's. By default users will get this tab when they login to identity console even though admin role is not assigned to them. But if you do any operation on any users, request will be raised accordingly.
    Check this link to configure EL's http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/uicust.htm#autoId18

  • OIM 11g Login Screen not showing up

    Hi,
    I installed OIM 11g and could able to login successfully.Couple of days back,my database has got some problem and I solved it and restarted my OIM.OIM server is starting up but when I try to access the admin console,it is just saying "Loading" but the login screen is not getting displayed.
    In the server log,I could see the following error during the server stop
    "javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: java.lang.SecurityException: [Security:090304]Authentication Failed: User xelsysadm javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User xelsysadm denied
    at weblogic.security.auth.login.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:199)"
    and the following error which accessing the admin console.
    " [HTTP][java.lang.NoClassDefFoundError]] [dcid: 11d1def534ea1be0:41b34a55:12b9b675a66:-7ffd-0000000000000026] incident 20 created with problem key "BEA-101017 [HTTP][java.lang.NoClassDefFoundError]"
    Any idea what might be going wrong?
    Thanks,

    What did you solve *? ? ?* That's where lies your solution. xelsysadm is being denied the access, so could be something on password front. If you have the DB backup, revert to an older state and it would be fine.

Maybe you are looking for

  • Broken M key.

    I got my Blackberry Curve 8330 for christmas yesterday. (Pre-Used) Everything works fine on it, except the M key is unresponsive. I've tried restarting it, and removing the battery, but I can't get it to work. Is there a possibility this is a softwar

  • HDMI -Micro USB Cable

    Would like to know if anybody purchased HDMI-Micro B USB cable and if it worked with HD TV. Thanks PJK Dublin

  • I've upgraded to Snow Leopard, Aperture 3 won't open.

    I've finally upgraded to snow leopard (hoping the bugs would all be worked out!)  Aperture 3 won't open.  I did the "fix" found under aperture support.  However, the advised,  3.1.1 update for aperture won't open either, saying it I need to install a

  • Oracle 11i Install fails on InstantiateFile ... instconf.drv

    I am trying to install Oracle 11i E-Business Suite on a Windows 2K server and keep running into a problem with the install hanging after all the DB files have been unzipped. The step in the adrun9i.cmd script that seems to be hanging is "InstantiateF

  • 'Tags' in Organizer

    I'm running Organizer. When I've selected and assigned a group of pictures to a category, should a 'tab' sybol remain on the picture in 'Media' so we know that the photo's been catalogued?