OIM 11g R2 - API to validate user's password

Similar Messages

• Creation of a Request in OIM 11G using API's

  Hi Friends,
  I am trying to create a request using OIM 11g API's.
  I am trying to do this for EBS Responsibility resource and this resource has a request dataset has EBS-IT-Resource-Instance, application name, responsibility name, start date and security group. Please note application name, responsibility name, start date and security group are in child form.
  I am trying to populate the request dataset using the below code.
  List<RequestBeneficiaryEntityAttribute> entityAttrList;
  RequestBeneficiaryEntity entity = null;
  entityAttrList = new ArrayList<RequestBeneficiaryEntityAttribute>();
  entity = new RequestBeneficiaryEntity();
  tcITResourceInstanceOperationsIntf tcITResourceIntf = Platform.getService(tcITResourceInstanceOperationsIntf.class);
  HashMap searchcriteria = new HashMap<String, String>();
  searchcriteria.put("IT Resources.Name", "EBSHF-APPS12");
  tcResultSet resultSet = tcITResourceIntf.findITResourceInstances(searchcriteria);
  long itResourceKey=resultSet.getLongValue("IT Resources.Key");
  entityAttrList.add(this.getAttrLong("eBusiness Suite Instance Name",itResourceKey));
  entityAttrList.add(this.getAttr("Application Name","3~300"));
  entityAttrList.add(this.getAttr("Responsibility Name", "3~300~52281"));
  entityAttrList.add(this.getAttr("Security Group", "3~0"));
  entity.setEntityKey(getResourceKey("Oracle eBusiness Responsibility"));
  entity.setEntityType(RequestConstants.RESOURCE);
  entity.setEntitySubType("Oracle eBusiness Responsibility");
  entity.setEntityData(entityAttrList);
  private RequestBeneficiaryEntityAttribute getAttr(String name, String value)
  RequestBeneficiaryEntityAttribute attr = null;
  attr = new RequestBeneficiaryEntityAttribute(name, value, RequestBeneficiaryEntityAttribute.TYPE.String);
  return attr;
  private RequestBeneficiaryEntityAttribute getAttrLong(String name, long value)
  RequestBeneficiaryEntityAttribute attr = null;
  attr = new RequestBeneficiaryEntityAttribute(name, value, RequestBeneficiaryEntityAttribute.TYPE.Long);
  return attr;
  My code is working fine and a request is getting created. But when I try to open the request dataset(object form) for the newly created request, I am getting null exceptions.
  If I did not populate the fields that are in the child form application name, responsibility name and security group which are highlighted above, then I am able to view the form with the correct IT-Resource-Instance name after request creation.
  So, I am thinking I am doing something wrong while populating child form data in the request dataset.
  Can you please provide me some code snippet to populate the child using 11G API'S?

  Hi Bikash,
  After referring your code, i made changes in mine. Here is my updated code.
  RequestBeneficiaryEntityAttribute parantAttr=null;
  List<RequestBeneficiaryEntityAttribute> entityAttrList;
  RequestBeneficiaryEntity entity = null;
  entity = new RequestBeneficiaryEntity();
  parantAttr=this.getAttrLong("eBusiness Suite Instance Name", itResourceKey);
  RequestBeneficiaryEntityAttribute mid1 = new RequestBeneficiaryEntityAttribute();
  List <RequestBeneficiaryEntityAttribute> childAttributesList = new ArrayList<RequestBeneficiaryEntityAttribute>();
  childAttributesList.add(this.getAttr("Application Name", "3~555"));
  childAttributesList.add(this.getAttr("Responsibility Name", "3~555~22862"));
  childAttributesList.add(this.getAttr("Security Group", "3~0"));
  mid1.setChildAttributes(childAttributesList);
  mid1.setAction(RequestBeneficiaryEntityAttribute.ACTION.Add);
  entityAttrList = new ArrayList<RequestBeneficiaryEntityAttribute>();
  entityAttrList.add(parantAttr);
  entityAttrList.add(mid1);
  But when I try to run this, it is getting failed saying "RequestServiceException: IAM-2050033:Invalid attribute name null. No corresponding reference was found in the data set ProvisionResourceOracle eBusiness Responsibility".
  Here is my request data set for your reference.
  <AttributeReference name="eBusiness Suite Instance Name" attr-ref="eBusiness Suite Instance Name" type="Long" length="50" widget="itresource-lookup" required="true" available-in-bulk="true" itresource-type="eBusiness Suite UM"/>
  <AttributeReference available-in-bulk="true" length="10" widget="text" type="String" attr-ref="UD_EBH_RSCP" name="EBS HR Foundation User Responsibilities">
  <AttributeReference name="Application Name" attr-ref="Application Name" type="String" length="256" widget="lookup-query" available-in-bulk="true" required="true">
  <lookupQuery lookup-query="select lkv_encoded as Value,lkv_decoded as Description from lkv lkv, lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and lkv_encoded like concat('$Form data.eBusiness Suite Instance Name', '~%')" display-field="Description" save-field="Value"/>
  </AttributeReference>
  <AttributeReference name="Responsibility Name" attr-ref="Responsibility Name" type="String" length="256" widget="lookup-query" available-in-bulk="true" required="true" primary="true">
  <lookupQuery lookup-query="select lkv_encoded as Value,lkv_decoded as Description from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Responsibility' and lkv_encoded like concat('$Form data.Application Name','~%')" display-field="Description" save-field="Value"/>
  </AttributeReference>
  <AttributeReference name="Security Group" attr-ref="Security Group" type="String" length="256" widget="lookup-query" available-in-bulk="true" required="true">
  <lookupQuery lookup-query="select lkv_encoded as Value,lkv_decoded as Description from lkv lkv, lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.SecurityGroup' and lkv_encoded like concat('$Form data.eBusiness Suite Instance Name', '~%')" display-field="Description" save-field="Value"/>
  </AttributeReference>
  I am not sure why it is not referencing to the attribute. In your blog, it is saying your code is to set process form. But i am trying to create a request using API's. so, I need some code snippet to populate request dataset. Do you think, this will serve both?
  Thanks for your help.

• OIM 11g R2 - API to add organization to an Application Instance

  Hi,
  In OIM 11g R2,we have a requirement to create application instance using API (from a csv file) and assign some default organizations to these application instance.We could able to create Application Instance but couldnt find any API to add organizations.Is it possible to do thia?.Thanks

  One of the ways to do it would be to decrypt the current password and then compare with the new password. Where are you doing this check? Depending upon where you want to do this, you can use different ways to decrypt the current password of the user.
  There are various posts in the forum about decryting the password.
  On a side note, if your policy does not allow same password, then new password validation against the policy should suffice your requirement.
  -Bikash

• OIM 11g (OIMClient) API login without password

  Hi,
  Is it possible to login using OIMClient API with username only?
  I would like to use a trusted web service to invoke the OIMClient API (using private key and username), this seems possible in the previous version of OIM, has anyone tried with 11g and how do you do it.
  Alternatively is it possible to decrypt 11g password from a web service?
  Thanks

  Hi,
  If you are looking for login to OIM using UserName/PrivateKey, refer the link below:
  While login to OIM 11g using private key getting error
  Regards,
  Raghav.

• How to obtain Role name in OIM 11g using API's

  Hello,
  I have a scenario in which I create Role/Group in OIM 11g & it gets provisioned in AD [=works fine] & other part is when i delete role in OIM 11g then it should
  get deleted from AD.I have written postprocess event handler to achieve this.
  In role creation part i get all parameters using "orchestration.getParameters();" , but when i delete role then "orchestration.getParameters();" is empty,so i am
  not able to get role name.
  Is there a way to get role name while deleting roles using API ?
  Thanks,
  Rahul Shah

  Hi Raghav,
  Following is my code :
  tcRODetails = orgOpInterface.getObjects(organizationKey);
  for(int i = 0;i < tcRODetails.getRowCount();i++){
  tcRODetails.goToRow(i);
  // resourceName=AD Group
  if(resourceName.equalsIgnoreCase(tcRODetails.getStringValue("Objects.Name"))&&
  tcRODetails.getStringValue("Objects.Object Status.Status").equalsIgnoreCase("Provisioned")||
  tcRODetails.getStringValue("Objects.Object Status.Status").equalsIgnoreCase("Enabled")) {
  System.out.println("<<<FOUND>>>");
  processKey = tcRODetails.getLongValue("Process Instance.Key");
  provisionObjectKey = tcRODetails.getLongValue("Objects.Key");
  tcProcessSet = oimFormUtility.getProcessFormData(processKey);
  for(int j=0;j<tcProcessSet.getRowCount();j++){
  tcProcessSet.goToRow(j);
  if(grpName.equalsIgnoreCase(tcProcessSet.getStringValue("UD_ADGRP_NAME"))){
  System.out.println("MATCH FOUND!!!!!");
  orgOpInterface.removeObjectAllowed(organizationKey,provisionObjectKey);
  break;
  & i get following error :
  <Mar 22, 2012 1:54:43 PM IST> <Error> <XELLERATE.APIS> <BEA-000000> <Class/Method: tcOrganizationOperationsBean/removeObjectAllowed encounter some problems: Object with key=7 is not already set as an allowed object for Organization with key=1>
  Thanks
  Rahul Shah

• Is Audit related api's are missing in OIM 11g new API's.

  Hi All,
  I want to use OIM 11g Apis to use perform tasks related to audit. But I didn't found any api in oim11g new APIs.
  Can any one suggest me what shall i do?
  Thanks,
  Iceman513

  Hello,
  Did you get any answer?
  I am also trying to generate Audit using OIM API/Direct procedure calls..
  Any help will be appreciated.
  Thanks

• OIM 11g r2 - Do we have User history in OIM?

  Hi,
  when we created a user in OIM, is there any time stamp for creation or last modification?
  It is OIM 11g r2.
  Thank in advance
  dongsu

  Hi Dongsu,
  Login to DB using OIM username and use below query and verify
  select * from usr;
  which gives all user details including modified date, creation data and all other details.
  Thanks & Regards,
  Chinni
  Edited by: chinni on 25-Apr-2013 16:50

• OIM 11g: Error Installing Sybase DBUM User Management 9.1.0.4 connector

  Hi All,
  While installing Sybase DBUM User Management 9.1.0.4 connector from OIM console, I get the following:
  While on Step 2 of the wizard (Connector Installation):
  - Configuration of connector libraries: passes
  - Import of connector XML Files (using deployment manager): FAILS
  The following error message appears:
  DOBJ.XML_IMPORT_ERROR
  Unresolved dependency{WIN=Reconciliation Manager}
  Operating System: Linux
  Thanks in advance for any ideas!

  which release of OIM are you using.
  Did you try to retry the installation of connector?
  If not then refrsh your OIM database and then install again.
  Seems like some earlier installation has kept some data in OIM DB.

• OIM 11g R1: How to export Users

  Hello,
  how can i export users to an ldif, csv or xml file from OIM?
  I need an automated process, which give me a list of special users and their attributes to import this to another system.

  Hello,
  a out-of-the-box function is not available by default in OIM?
  BI-Publisher would be a solution, isn't it?

• OIM 11g  - OID target reconc overwrites User-Type in OIM

  Hi All,
  When i run OID-OIM User-Type to Consultant in OIM user profile. I guess it is some where hard coded. please le tm know where can i find it. Also let me know if i can make it configurable.
  Regards,
  Ashok

  Check the Schedule Task Parameters. It should be there only.

• OIM 11g - Approval workflows for disabled user accounts

  Hi,
  We have a scenario wherein a user will be created in OIM with a future start date resulting in a Disabled Untill Start Date user status. Once the user is created, we should let anyone submit a New Hire form for the user and the submitted form needs to be approved by the Manager. Once the Manager approves the form, the target accounts should get created with disabled status. These accounts should get enabled on the start date.
  As submission of New Hire Form is not a straightforward process, we came up with the following design.
  A dummy resource object corresponding to the New Hire Form will be created and can be requested for a newly hired person by anyone who has OIM access. An approval workflow will be configured for the New Hire Form Resource object and provisioning of target accounts will be based on Manager's approval for this resource object.
  However the challenge that we see with this design is, it wasn't possible to place a request for New Hire Form dummy resource object for a disabled user. But the requirement is to complete the New Hire Form submission process befor the user becomes active.
  How can these workflows be invoked for a disbaled user? Is there any other way to implement this requirement?
  Any kind of help/guidance is greatly appreciated.
  Thanks and Regards
  Deepa

  911709 wrote:
  If I create a dummy resource, called "Group Membership" for example, and use this to show the groups that are available in AD, how can I have the request be routed to different approvers? For example, group cn=HR Users,cn=Users,dc=company,dc=com needs to be routed to HR for approval. Group cn=IT,cn=Users,dc=company,dc=com needs to be routed to IT for approval. How can I change the approvers dynamically?
  Re: Spawning multiple approval tasks in parallel in OIM11g SOA Composite
  You can have dynamic task assignment in BPEL; where you defne a variable in the task assignment and update the variable with the approver group name before triggering the task assignment task. Check BPEL docs for same.
  If every group needs a different approver, and there are 5000 groups, can I make 5000 resources and use the built-in routing of approvals? Or, use the dummy resource approach and handle the management of the approvals in some other way.Just make one resource with one field attached to it which takes in the group name and handle approval in SOA by reading a lookup which has AD group to Approval Group mapping.
  >
  Thank you.-Bikash
  Edited by: Bikash Bagaria on Feb 18, 2012 1:00 AM

• OIM 11g R1 API to create business rule

  Hi,
  I have a requirement where new companies get created quite often and hence the roles for companies, access policies, authorization policies is to be created.
  I tried figuring out if there is any api to create business rules and authorization policies?
  Configuring companies (along with polices and business rules) is a tedious job and I am trying to find some way to automate it.
  Thanks,
  Ani

  When i go to the request templates, and try to create a new one, the "Create Role" is not a valid request type.
  I would suggest you create an authorization policy that grants permission to create roles. And then you can create an approval policy for action of "Create Role" and configure it so that you trigger an approval process.
  -Kevin

• OIM 11g add custom role on user creation

  Hi,
  I when i create a user in OIM11g by default it gets added to "ALL USERS" role.
  I have created a new role and want to add user to this custom role while creating users. How can i do this in OIM11g
  Regards,
  Ab
  Edited by: 824473 on Jan 18, 2011 2:33 AM

  set Auto submit true. you can't set the value for ValueChangedListener property in current release of R2. This is bug and you can raise SR for same. But, this won't cause saving data into USR table. ValueChandedListener property for Modify User page only.
  As you said, data is not being saved in the USR table then verify your steps again:
  create sandbox->users->create user/edit user/view user details page->click customize->leftTopcorner->View->Source->select area->edit->Click Add Content (on left top)->Data Component catalog->scroll down and select User VO->Refresh dialogue box->select the field and click 'Add'->on dropdown select 'ADF Input test w/label/for view user page it should be output test w/label->close that window->Check if it added to create user form->save and close customization
  for user detail page select "Managed User->UserVo1 " as datacomponent
  Re: UDF creation on User form in 11gR2
  for valuechangedlistener the fixes all ready available. you have to do some workaround as other poster has given in above link:
  1.Create a sandbox and activate it. Open the page that contains the UDF, and click Customize.
  2.Select View, Source.
  3.Note the value of the valueChangeListener property of a predefined field. To do so:
  a.Click the predefined field, and then click Edit to open the Component Properties dialog box.
  b.Copy the value of the valueChangeListener property.
  4.Export the sandbox as a ZIP file.
  5.Extract the ZIP file and edit the jsff.xml file for the specific screen.
  6.Add the following attributes to the ADF tag, for example af:inputText, for the UDF:
  ◦valueChangeListener=VALUE_COPIED_IN_STEP3
  ◦autoSubmit="true"
  7.Create the ZIP file for the sandbox.
  8.Import the sandbox.
  9.Publish the sandbox.
  Edited by: Nishith Nayan on Sep 21, 2012 1:04 PM

• OIM 11g - How to run a schedule task using API

  Hi All,
  May I know how i can run a schedule job in OIM 11g through API.I referred the below link but it is for 9.x version.I need the same functionality in 11g?.
  Schedule Tasks
  Thanks in advance.

  Check this :
  SchedulerService schService = oimClient.getService(SchedulerService.class);
  schService.triggerNow("Second Demo Scheduled Task");
  API Reference :
  void triggerNow(java.lang.String jobName)
  throws SchedulerException,
  SchedulerAccessDeniedException
  Runs the specified job
  Parameters:
  jobName - The job that is to be triggered
  Throws:
  SchedulerException - when an error occurs at the Quartz Engine or scheduler is not running.
  SchedulerAccessDeniedException - This exception will be thrown if access permission for operation is not available to the user

• Service IDs API for OIM 11g

  Hello,
  I have one requirement to get ServiceID details in OIM 11g using APIs. basicllay I need to get the Service Ids from OIM .
  Please let me know if you have any solutions for this.
  Thanks!

  Hello,
  Any proposed solution for doing ServiceId provisioning in OIM11g ?I see there is an option for Service ID check bo while creating a provisioning request.I am note sure what is the use of this? any information would be helpful.
  Thanks,