OIM 11g R2 - API to add organization to an Application Instance

Hi,
In OIM 11g R2,we have a requirement to create application instance using API (from a csv file) and assign some default organizations to these application instance.We could able to create Application Instance but couldnt find any API to add organizations.Is it possible to do thia?.Thanks

One of the ways to do it would be to decrypt the current password and then compare with the new password. Where are you doing this check? Depending upon where you want to do this, you can use different ways to decrypt the current password of the user.
There are various posts in the forum about decryting the password.
On a side note, if your policy does not allow same password, then new password validation against the policy should suffice your requirement.
-Bikash

Similar Messages

[ OIM 11gR2 PS1 ]How to add additional field on Application Instance Form ?

Hi,
In our scenario we have Disconnected applications in OIM. AI (Application Instance) form and PD editing is created by OIM.
We want to add additional field in AI form.It is visible in back end. But,its not visible in OIM admin console for admin and as well for end user.
Is there any property related to form field in AI ,where we need to make changes to make it visible ?
Instance used is OIM 11gR2 PS1
Thanks,
RPB
Edited by: RPB25 on May 29, 2013 9:46 PM

I was able to resolve this issue . we need to click on "regenerate view".

Creation of a Request in OIM 11G using API's

Hi Friends,
I am trying to create a request using OIM 11g API's.
I am trying to do this for EBS Responsibility resource and this resource has a request dataset has EBS-IT-Resource-Instance, application name, responsibility name, start date and security group. Please note application name, responsibility name, start date and security group are in child form.
I am trying to populate the request dataset using the below code.
List<RequestBeneficiaryEntityAttribute> entityAttrList;
RequestBeneficiaryEntity entity = null;
entityAttrList = new ArrayList<RequestBeneficiaryEntityAttribute>();
entity = new RequestBeneficiaryEntity();
tcITResourceInstanceOperationsIntf tcITResourceIntf = Platform.getService(tcITResourceInstanceOperationsIntf.class);
HashMap searchcriteria = new HashMap<String, String>();
searchcriteria.put("IT Resources.Name", "EBSHF-APPS12");
tcResultSet resultSet = tcITResourceIntf.findITResourceInstances(searchcriteria);
long itResourceKey=resultSet.getLongValue("IT Resources.Key");
entityAttrList.add(this.getAttrLong("eBusiness Suite Instance Name",itResourceKey));
entityAttrList.add(this.getAttr("Application Name","3~300"));
entityAttrList.add(this.getAttr("Responsibility Name", "3~300~52281"));
entityAttrList.add(this.getAttr("Security Group", "3~0"));
entity.setEntityKey(getResourceKey("Oracle eBusiness Responsibility"));
entity.setEntityType(RequestConstants.RESOURCE);
entity.setEntitySubType("Oracle eBusiness Responsibility");
entity.setEntityData(entityAttrList);
private RequestBeneficiaryEntityAttribute getAttr(String name, String value)
RequestBeneficiaryEntityAttribute attr = null;
attr = new RequestBeneficiaryEntityAttribute(name, value, RequestBeneficiaryEntityAttribute.TYPE.String);
return attr;
private RequestBeneficiaryEntityAttribute getAttrLong(String name, long value)
RequestBeneficiaryEntityAttribute attr = null;
attr = new RequestBeneficiaryEntityAttribute(name, value, RequestBeneficiaryEntityAttribute.TYPE.Long);
return attr;
My code is working fine and a request is getting created. But when I try to open the request dataset(object form) for the newly created request, I am getting null exceptions.
If I did not populate the fields that are in the child form application name, responsibility name and security group which are highlighted above, then I am able to view the form with the correct IT-Resource-Instance name after request creation.
So, I am thinking I am doing something wrong while populating child form data in the request dataset.
Can you please provide me some code snippet to populate the child using 11G API'S?

Hi Bikash,
After referring your code, i made changes in mine. Here is my updated code.
RequestBeneficiaryEntityAttribute parantAttr=null;
List<RequestBeneficiaryEntityAttribute> entityAttrList;
RequestBeneficiaryEntity entity = null;
entity = new RequestBeneficiaryEntity();
parantAttr=this.getAttrLong("eBusiness Suite Instance Name", itResourceKey);
RequestBeneficiaryEntityAttribute mid1 = new RequestBeneficiaryEntityAttribute();
List <RequestBeneficiaryEntityAttribute> childAttributesList = new ArrayList<RequestBeneficiaryEntityAttribute>();
childAttributesList.add(this.getAttr("Application Name", "3~555"));
childAttributesList.add(this.getAttr("Responsibility Name", "3~555~22862"));
childAttributesList.add(this.getAttr("Security Group", "3~0"));
mid1.setChildAttributes(childAttributesList);
mid1.setAction(RequestBeneficiaryEntityAttribute.ACTION.Add);
entityAttrList = new ArrayList<RequestBeneficiaryEntityAttribute>();
entityAttrList.add(parantAttr);
entityAttrList.add(mid1);
But when I try to run this, it is getting failed saying "RequestServiceException: IAM-2050033:Invalid attribute name null. No corresponding reference was found in the data set ProvisionResourceOracle eBusiness Responsibility".
Here is my request data set for your reference.
<AttributeReference name="eBusiness Suite Instance Name" attr-ref="eBusiness Suite Instance Name" type="Long" length="50" widget="itresource-lookup" required="true" available-in-bulk="true" itresource-type="eBusiness Suite UM"/>
<AttributeReference available-in-bulk="true" length="10" widget="text" type="String" attr-ref="UD_EBH_RSCP" name="EBS HR Foundation User Responsibilities">
<AttributeReference name="Application Name" attr-ref="Application Name" type="String" length="256" widget="lookup-query" available-in-bulk="true" required="true">
<lookupQuery lookup-query="select lkv_encoded as Value,lkv_decoded as Description from lkv lkv, lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and lkv_encoded like concat('$Form data.eBusiness Suite Instance Name', '~%')" display-field="Description" save-field="Value"/>
</AttributeReference>
<AttributeReference name="Responsibility Name" attr-ref="Responsibility Name" type="String" length="256" widget="lookup-query" available-in-bulk="true" required="true" primary="true">
<lookupQuery lookup-query="select lkv_encoded as Value,lkv_decoded as Description from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Responsibility' and lkv_encoded like concat('$Form data.Application Name','~%')" display-field="Description" save-field="Value"/>
</AttributeReference>
<AttributeReference name="Security Group" attr-ref="Security Group" type="String" length="256" widget="lookup-query" available-in-bulk="true" required="true">
<lookupQuery lookup-query="select lkv_encoded as Value,lkv_decoded as Description from lkv lkv, lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.SecurityGroup' and lkv_encoded like concat('$Form data.eBusiness Suite Instance Name', '~%')" display-field="Description" save-field="Value"/>
</AttributeReference>
I am not sure why it is not referencing to the attribute. In your blog, it is saying your code is to set process form. But i am trying to create a request using API's. so, I need some code snippet to populate request dataset. Do you think, this will serve both?
Thanks for your help.

How to obtain Role name in OIM 11g using API's

Hello,
I have a scenario in which I create Role/Group in OIM 11g & it gets provisioned in AD [=works fine] & other part is when i delete role in OIM 11g then it should
get deleted from AD.I have written postprocess event handler to achieve this.
In role creation part i get all parameters using "orchestration.getParameters();" , but when i delete role then "orchestration.getParameters();" is empty,so i am
not able to get role name.
Is there a way to get role name while deleting roles using API ?
Thanks,
Rahul Shah

Hi Raghav,
Following is my code :
tcRODetails = orgOpInterface.getObjects(organizationKey);
for(int i = 0;i < tcRODetails.getRowCount();i++){
tcRODetails.goToRow(i);
// resourceName=AD Group
if(resourceName.equalsIgnoreCase(tcRODetails.getStringValue("Objects.Name"))&&
tcRODetails.getStringValue("Objects.Object Status.Status").equalsIgnoreCase("Provisioned")||
tcRODetails.getStringValue("Objects.Object Status.Status").equalsIgnoreCase("Enabled")) {
System.out.println("<<<FOUND>>>");
processKey = tcRODetails.getLongValue("Process Instance.Key");
provisionObjectKey = tcRODetails.getLongValue("Objects.Key");
tcProcessSet = oimFormUtility.getProcessFormData(processKey);
for(int j=0;j<tcProcessSet.getRowCount();j++){
tcProcessSet.goToRow(j);
if(grpName.equalsIgnoreCase(tcProcessSet.getStringValue("UD_ADGRP_NAME"))){
System.out.println("MATCH FOUND!!!!!");
orgOpInterface.removeObjectAllowed(organizationKey,provisionObjectKey);
break;
& i get following error :
<Mar 22, 2012 1:54:43 PM IST> <Error> <XELLERATE.APIS> <BEA-000000> <Class/Method: tcOrganizationOperationsBean/removeObjectAllowed encounter some problems: Object with key=7 is not already set as an allowed object for Organization with key=1>
Thanks
Rahul Shah

OIM 11g (OIMClient) API login without password

Hi,
Is it possible to login using OIMClient API with username only?
I would like to use a trusted web service to invoke the OIMClient API (using private key and username), this seems possible in the previous version of OIM, has anyone tried with 11g and how do you do it.
Alternatively is it possible to decrypt 11g password from a web service?
Thanks

Hi,
If you are looking for login to OIM using UserName/PrivateKey, refer the link below:
While login to OIM 11g using private key getting error
Regards,
Raghav.

Is Audit related api's are missing in OIM 11g new API's.

Hi All,
I want to use OIM 11g Apis to use perform tasks related to audit. But I didn't found any api in oim11g new APIs.
Can any one suggest me what shall i do?
Thanks,
Iceman513

Hello,
Did you get any answer?
I am also trying to generate Audit using OIM API/Direct procedure calls..
Any help will be appreciated.
Thanks

OIM 11g R2 Available Roles For Organizations Is Empty After XML Import

Hi,
When we exported Organizations in OIM via Deployment Manager and imported them back, available roles on Organizations are gone.
To be exact; Hierarchical role assignments are gone, which are done using "include-sub-orgs" check while putting organizations to Roles.
To understand the problem,
We took a single organization, exported it, changed only organization name in the XML and imported it back. The results are the same.
We included every possible dependency in the xml to see if this was the issue, apparently it wasn't.
Furthermore,
On the Role screens' Available Organization's tab, when we check the "include sub orgs" box, it works fine on manually added organizations. They are shown on Available Roles for the Organizations.
But this doesn't work on imported organizations.
Is there a trick to this in R2?
How can we export-import the organizations and still see the available roles?
Thanks,
Erdogdu

Hi All
Any updates please . Can any one just update whether creating a custom attribute on User Profile adds the attribute in the list of attributes for membership rules for roles .
Thanks
Darshan

OIM 11g R2 - API to validate user's password

Hi,
Is there any API available to validate if an user's password in OIM is valid.I have an user login and password and need to verify if the user's password in OIM is same the input password.I am not looking for the API to validate my password against password policy,for which I have the API.
Thanks.

One of the ways to do it would be to decrypt the current password and then compare with the new password. Where are you doing this check? Depending upon where you want to do this, you can use different ways to decrypt the current password of the user.
There are various posts in the forum about decryting the password.
On a side note, if your policy does not allow same password, then new password validation against the policy should suffice your requirement.
-Bikash

OIM 11g R1 API to create business rule

Hi,
I have a requirement where new companies get created quite often and hence the roles for companies, access policies, authorization policies is to be created.
I tried figuring out if there is any api to create business rules and authorization policies?
Configuring companies (along with polices and business rules) is a tedious job and I am trying to find some way to automate it.
Thanks,
Ani

When i go to the request templates, and try to create a new one, the "Create Role" is not a valid request type.
I would suggest you create an authorization policy that grants permission to create roles. And then you can create an approval policy for action of "Create Role" and configure it so that you trigger an approval process.
-Kevin

OIM 11g - How to run a schedule task using API

Hi All,
May I know how i can run a schedule job in OIM 11g through API.I referred the below link but it is for 9.x version.I need the same functionality in 11g?.
Schedule Tasks
Thanks in advance.

Check this :
SchedulerService schService = oimClient.getService(SchedulerService.class);
schService.triggerNow("Second Demo Scheduled Task");
API Reference :
void triggerNow(java.lang.String jobName)
throws SchedulerException,
SchedulerAccessDeniedException
Runs the specified job
Parameters:
jobName - The job that is to be triggered
Throws:
SchedulerException - when an error occurs at the Quartz Engine or scheduler is not running.
SchedulerAccessDeniedException - This exception will be thrown if access permission for operation is not available to the user

Service IDs API for OIM 11g

Hello,
I have one requirement to get ServiceID details in OIM 11g using APIs. basicllay I need to get the Service Ids from OIM .
Please let me know if you have any solutions for this.
Thanks!

Hello,
Any proposed solution for doing ServiceId provisioning in OIM11g ?I see there is an option for Service ID check bo while creating a provisioning request.I am note sure what is the use of this? any information would be helpful.
Thanks,

ESSO PG Connector Issue in OIM 11G

I setup ESSO Provision Gateway Connector in OIM 11G.
But during "add credential task" I get error:
"*The add_credential execution failed. Error: Error in sending instruction from provisioning manager in Api Command (400) Bad Request. Add Credential Command failed to get invoked*".
In Event Log of the Windows Server 2008 with the Provision Gateway I saw:
"*Unexpected end tag. Line 6, position 1015*", "*server cannot clear headers after http headers have been sent*".
It means a syntax error in xml request of connector to web-service of Provision Gateway.
Wireshark shows me sent xml-request:
"<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
<wsse:UsernameToken><wsse:Username>cn=adm,o=petro</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">12345678</wsse:Password><wsse:Nonce>QFJ903k1GFWnAoqZ/Npijg==</wsse:Nonce><wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2010-12-07T11:47:02.502Z</wsu:Created></wsse:UsernameToken></wsse:Security></soapenv:Header><soapenv:Body><AddCredential xmlns="http://passlogix.com/UP/"><strRequest><?xml version = '1.0' encoding = 'UTF-8'?>
<addRequest><attributes><attr name="objectclass"><value>urn.oasis.names.tc:SPML:1:0#GenericString</value></attr><attr name="provisioningAgent"><value>Provisioning Agent</value></attr><attr name="ssoUserId"><value>SGP63234</value></attr><attr name="creationTime"><value>2010-12-07 11:47:02.491Z</value></attr><attr name="executionTime"><value>2010-12-07 11:47:02.490Z</value></attr><attr name="applicationId"><value>SAP</value></attr><attr name="userId"><value>EBELOV</value></attr><attr name="description"><value>SAP</value></attr><attr name="password"><value>Q123</value></attr><attr name="thirdField"><value>888</value></attr></attributes></addRequest></strRequest></AddCredential></soapenv:Body></soapenv:Envelope>*</#document>*"
I saved it to xml-file and opened in Internet Explorer and there was error.
Then I decided to watch the view of this request in OIM 9.1.0.2 to compare with request in OIM 11G.
I found out next one:
the main difference was in last tag "*</#document>*".
I take this tag off from xml-file, taken from request of OIM 11G and saved the file.
Edited xml-file was correct.
Is it error in connector or in OIM 11G?How to solve it?Can anyone help me?

Hi!
I get the same error during Add Credential task with the ESSO PG connector in OIM 11g.....
The add_credential execution failed. Error: Error in Sending instruction from the provisioning manager in API Command (400)Bad Request.
com.passlogix.integration.provision.client.CommandInvocationException: Error in Sending instruction from the provisioning manager in API Command (400)Bad Request
Where I can check the xml file?
You could solve the problem?
Thanks in advance!!!

OIM 11g: Connector based on SEND / EXPECT or scripting

Hello
I have a system that I need to integrate into OIM 11g. (11.1.1.5.2) The application has a scripting engine to perform all user management functions. For example, on the system itself you would run the following from the command line:
account create 'bsmith'
account password 'password'
account permission 'login'
account group default 'enduser'
account description 'Bob Smith'
account firstname 'Bob'
account lastname 'Smith'
The account repository is a custom format, and I cannot provisioning directly to it via the DB tables, or flat file etc etc. The system, however, is running on a standard UNIX platform, so I have access to SSH into the box and issue the commands.
Question: What is the best way to implement a connector to an application that only uses a scripting engine for account management? Is there an OOTB connector that can use UNIX send/expect? What about executing a shell script with inputs for the variables needed? Can I use the standard SSH connector, and override the 'user add' command?
Thank you.

Following are the the list of mappings. The ones wth similar names are easy to guess. Notice that USR_COUNTRY is missing in the list. I have requested Oracle to log a bug for this and for any other missing fields. If accepted this should be available in the next patch.
(Mapping between user definition qualifiers on data object manager form and actual USR fields)
=== Process Definition ===
Name -> pkg_name
Type -> pkg_type
=== Object Definition ===
Object Name -> obj_name
Object Type -> obj_type
Object Target Type -> obj_order_for
=== Organization Definition ===
Organization Name -> act_name
Organization ID -> act_key
Organization Type -> act_cust_type
Organization Status -> act_status
Organization Parent ID -> parent_key
+ Organization UDFs
=== User Definition ===
User Key -> usr_key
Request Key -> req_key
Identity -> usr_fss
User Login -> usr_login
Role -> usr_emp_type
Password -> usr_password
First Name -> usr_first_name
Middle Initial -> usr_middle_name
Last Name -> usr_last_name
Disabled -> usr_disabled
Type -> usr_type
User Status -> usr_status
Manager -> usr_manager_key
Organization -> act_key
Start Date -> usr_start_date
End Date -> usr_end_date
Provisioning Date -> usr_provisoning_date
Deprovisioning Date -> usr_deprovisioning_date
Provisioned Date -> usr_provisioned_date
Deprovisioned Date -> usr_deprovisioned_date
Email Address -> usr_email
Email -> usr_email
+ User UDFs

Trying to create Organization in OIM 11g R2 using API

Hi All,
I am trying to create Organization in OIM 11g R2 using API's. I able to create a organization with attributes Organization Name and Organization Customer Type but when i am trying to add Parent Organization Name it is throwing me the following error
Caused by: oracle.iam.platform.entitymgr.UnknownAttributeException: Organization : [Parent Organization Name]
any help in this regard will be helpful....
Thanks

Yes i do have the org with act_key 27
I have done that changes...still it is throwing the same error
Exception in thread "main" oracle.iam.identity.exception.OrganizationCreateException: IAM-3056148:act_createby is a System Attribute and cannot be set through API.:act_createby
     at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:237)
     at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
     at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
     at oracle.iam.identity.orgmgmt.api.OrganizationManager_874ar_OrganizationManagerRemoteImpl_1036_WLStub.createx(Unknown Source)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
     at $Proxy2.createx(Unknown Source)
     at oracle.iam.identity.orgmgmt.api.OrganizationManagerDelegate.create(Unknown Source)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at Thor.API.Base.SecurityInvocationHandler$1.run(SecurityInvocationHandler.java:68)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
     at weblogic.security.Security.runAs(Security.java:41)
     at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
     at Thor.API.Base.SecurityInvocationHandler.invoke(SecurityInvocationHandler.java:79)
     at $Proxy3.create(Unknown Source)
     at oracle.iam.ui.custom.Class1.main(Class1.java:108)
Caused by: oracle.iam.identity.exception.OrganizationCreateException: IAM-3056148:act_createby is a System Attribute and cannot be set through API.:act_createby
     at oracle.iam.identity.orgmgmt.impl.OrganizationManagerImpl.create(OrganizationManagerImpl.java:318)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
     at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
     at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
     at $Proxy333.create(Unknown Source)
     at oracle.iam.identity.orgmgmt.api.OrganizationManagerEJB.createx(Unknown Source)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
     at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
     at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
     at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
     at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
     at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
     at com.oracle.pitchfork.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:34)
     at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
     at com.oracle.pitchfork.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:42)
     at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
     at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
     at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
     at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
     at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
     at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
     at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
     at $Proxy331.createx(Unknown Source)
     at oracle.iam.identity.orgmgmt.api.OrganizationManager_874ar_OrganizationManagerRemoteImpl.__WL_invoke(Unknown Source)
     at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
     at oracle.iam.identity.orgmgmt.api.OrganizationManager_874ar_OrganizationManagerRemoteImpl.createx(Unknown Source)
     at oracle.iam.identity.orgmgmt.api.OrganizationManager_874ar_OrganizationManagerRemoteImpl_WLSkel.invoke(Unknown Source)
     at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:667)
     at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
     at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:522)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
     at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
     at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:518)
     at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused by: oracle.iam.platform.kernel.ValidationFailedException: IAM-3056148:act_createby is a System Attribute and cannot be set through API.:act_createby
     at oracle.iam.identity.usermgmt.utils.UserManagerUtils.createValidationFailedException(UserManagerUtils.java:337)
     at oracle.iam.identity.usermgmt.utils.UserManagerUtils.createValidationFailedException(UserManagerUtils.java:372)
     at oracle.iam.identity.utils.Utils.checkAllowedAttributes(Utils.java:2523)
     at oracle.iam.identity.orgmgmt.impl.handlers.create.CreateOrganizationValidationHandler.validate(CreateOrganizationValidationHandler.java:102)
     at oracle.iam.platform.kernel.impl.OrchProcessData.validate(OrchProcessData.java:258)
     at oracle.iam.platform.kernel.impl.OrchProcessData.runValidationEvents(OrchProcessData.java:203)
     at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.validate(OrchestrationEngineImpl.java:699)
     at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.process(OrchestrationEngineImpl.java:547)
     at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:485)
     at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:403)
     at sun.reflect.GeneratedMethodAccessor1171.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
     at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
     at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
     at $Proxy251.orchestrate(Unknown Source)
     at oracle.iam.identity.orgmgmt.impl.OrganizationManagerImpl.create(OrganizationManagerImpl.java:306)
     ... 46 more

Error while creating authorisation policy using OIM 11g API

Hi,
We have a requirement to create ‘Authorization Policies’ (assign Data Constraints, Permissions & Assignments) using OIM 11g API’s. I am using ‘oracle.iam.authzpolicydefn.api.PolicyDefinitionService & oracle.iam.authzpolicydefn.vo.AuthzPolicy’. But when I am trying to attach Entity/Feature (User Management) to authorisation policy, it is throwing exception. Below is the code snippet which I am trying to implement.
Line1: PolicyDefinitionService policyService = oimClient.getService(PolicyDefinitionService.class);
Line2: AuthzPolicy authPolicy = new AuthzPolicy();
Line3: authPolicy.setName("Test Authz Policy");
Line4: authPolicy.setDisplayName("Test Authz Policy Dsp Name");
Line5: authPolicy.setDescription("Test Authz Policy Description");
Line6: Feature feature = oimClient.getService(Feature.class);
Line7: Action featureAction = feature.getAction(FeatureManagerConstants.Features.USER_MGMT.getId());
Line8: List<Action> actions = new ArrayList<Action>();
Line9: actions.add(featureAction);
Line10: authPolicy.setActions(actions);
Line11: policyService.createPolicy(authPolicy);
Exception: oracle.iam.platform.utils.NoSuchServiceException: java.lang.ClassNotFoundException: oracle.iam.authzpolicydefn.api.FeatureDelegate
The above exception is throwing at Line6.
Let me know if anyone implemented.
- Kalyan Mutya

If you are using JDeveloper , can you able to get class after giving "." .If yes no than it is the problem with the jar file you are using .Check whether you can able to import oracle.iam.authzpolicydefn.api.Feature.
Thanks ,
Animesh anand

OIM 11g R2 - API to add organization to an Application Instance

Similar Messages

Maybe you are looking for