OIM 11g R2 Group Membership

Hi All,
In OIM 11g R2, when i try to manually add a user to a group (custom or OOTB), i do not see the "Assign" button active and with the absence of the assign button, i could not assign a new user to the group. But, I can see that the Create Rule option is active.
Does this mean that the group membership in OIM 11g can only happen through Group membership rule satisfaction?
Please help.
Thanks,
Srini

You can manually add an user to a role in OIM 11gR2. Open identity console --> Click on Roles--> Search
You will get all the roles listed. Select the role to which you want to add a member. Assign tab will be visible under the Members panel layout in the bottom frame.
When you click on assign the request catalog opens with the selected target user and the role. You can change the target user or add another target user.
Then click on submit.
If this process is done through sysadmin login then directly the member is assigned to the role
Else it will create a request and after approval is completed the member will be assigned to the role.

Similar Messages

  • OIM 11g Roles/Groups

    Dear All,
    I noticed that 11g version has the ability for end-user to request Roles. What is the difference between Role and Group in OIM 11g?

    In 11g the new definition of an OIM Group = Role.
    -Kevin

  • Not able to add groups to the user ODSEE via OIM 11g R2

    Hi,
    I have created some groups in ODSEE and ran the recon job to sync these groups in OIM 11g R2.
    Groups are populated in OIM 11g R2 and while raising the request for ODSEE Application Instance I can see these groups.
    Now following are the issues I am facing :
    1. ODSEE groups are not getting displayed in Catalog ( I have ran the Entittlement-List job also)
    2. When I request for a group while creating the request, the group is not getting assigned to the user in ODSEE, wherein user is getting created in ODSEE successfully.
    Please help.
    Thanks

    Please let me know what could be the reason of not adding the groups to the user in ODSEE.
    I was able to add the groups successfully to user by assigning the groups while raising the request in OIM 11g R1.
    But the same is not working in OIM 11g R2, if I check the OIM logs it is calling the function ADDUSERTOGROUP but the groups are not getting assigned to user.
    Thanks

  • Child form for Group Membership OID -OIM 11g

    Hi,
    Can we configure a custom child form to store OID group membership in OIM 11g? If Yes, what are the configuration changes to be considered.
    Thanks in advance

    Hi,
    Can we configure a custom child form to store OID group membership in OIM 11g? If Yes, what are the configuration changes to be considered.
    Thanks in advance

  • Active Directory Group membership based on OIM Role

    In OIM 11g, is it possible to determine additional AD group membership based on role membership?
    If it is, could someone point me to documentation or give me a brief description of what to do in order to make this work?
    Thanks!

    In OIM 11g, is it possible to determine additional AD group membership based on role membership?
    If it is, could someone point me to documentation or give me a brief description of what to do in order to make this work?
    Thanks!

  • Reconcile user groups to OIM (11g)

    I would appreciate it if someone may let me know how to reconcile the organization and leadership structure information from an Oracle DB based identity vault into OIM (11g) to create organizational roles, for example, into the user group and user group membership tables, i.e. the UGP and USG table series. Many thanks.

    yesy, I have defines correct search value but its again and again throwing error. I change the search values too. But its not working.

  • Group Membership Update Task -AD Connector 11g

    OIM 11g R2:
    When will Group Membership Update task be triggered for a user? Will this get triggered when a Entitlement associated to a user is updated (entitlement metadata) -How will OIM identify that it is an update to the existing Entitlement and that User is associated with?
    This is my understanding on other group related OOTB tasks:
    Insert Group Membership will be triggered when a new entitlement  is added to the user
    Delete Group Membership will be triggered when a Entitlement is removed
    Thanks in advance.

    If entitlement display name is updated in OIM then it also get updated in provisioned resource profile for all users who are associated with the entitlement but it does not insert 'Group Update' task.
    If entitlement - group name is changed in target system them OIM treats this change as a completely new and does not update it for the existing associated users.
    Thanks,
    Pallavi

  • OIM 9.1.0.2 Group Membership Removal for Disabled Users

    Hello
    In OIM 9.1.0.2, when a user is disabled, they are removed from the groups they are a member of within 24 hours. i was wondering if this is a set time and if so, can this be extended to a specified time so membership can be left for a week before it is removed from the user. If you can let me know on this I would appreciate it.
    Thanks
    Nick

    Today, when accounts are disabled, within 24 hours all the group memberships are removed on the OIM side. I would like to change the interval for the cleanup so that when an account is disabled, all the existing group (role) memberships stay assinged to the account then after 30 days of the account being disabled, the group (role) memberships are removed. Not sure if this would be an ORM thing or OIM, but I think it would be OIM since ORM still has the role mappings for users when they are disabled.
    Thanks
    Nick

  • Issue with deleting a group using Request APIs in OIM 11g R1

    Hi,
    I am facing an issue with Request Based provisioning in OIM 11g R1.
    I am currently testing a scenario where i have imported a data set for 'Modify Provisioned Resource' and am able to add a group/entitlement to an already provisioned resource by using the following code :
            RequestBeneficiaryEntityAttribute childEntityAttribute= new RequestBeneficiaryEntityAttribute();
            childEntityAttribute.setName("AD User Group Details");
            childEntityAttribute.setType(TYPE.String);
            List<RequestBeneficiaryEntityAttribute> childEntityAttributeList=new ArrayList<RequestBeneficiaryEntityAttribute>();
            RequestBeneficiaryEntityAttribute attr = new RequestBeneficiaryEntityAttribute("Group Name", <group>,                                                                       RequestBeneficiaryEntityAttribute.TYPE.String);
            childEntityAttributeList.add(attr);
            childEntityAttribute.setChildAttributes(childEntityAttributeList);
            childEntityAttribute.setAction(RequestBeneficiaryEntityAttribute.ACTION.Add);
            beneficiaryEntityAttributeList = new ArrayList<RequestBeneficiaryEntityAttribute>();   
            beneficiaryEntityAttributeList.add(childEntityAttribute);
            beneficiarytEntity.setEntityData(beneficiaryEntityAttributeList);
    This works fine for adding a group but if i try to remove a group by changing the action to Delete in the same code, the request fails. The only change made is in the following line:
    childEntityAttribute.setAction(RequestBeneficiaryEntityAttribute.ACTION.Delete);
    Could you please suggest where can this possibly be wrong.
    Thanks for your time and help

    Hi BB,
    I am trying to follow up your response.
    You are suggestng to use prepopulate adapter for to populate respource object name, that means We have to just use an sql query from obj tabke to get the resource object name. right ?? it could be like below, what should I have entity-type value here ??
    <AttributeReference name="Field1" attr-ref="act_key"
    available-in-bulk="false" type="Long" length="20" widget="ENTITY" required="true"
    entity-type="????"/>
    <PrePopulationAdapter name="prepopulateResurceObject"
    classname="my.sample.package.prepopulateResurceObject" />
    </AttributeReference>
    <AttributeReference name="Field2" attr-ref="Field2" type="String" length="256" widget="lookup-query"
    available-in-bulk="true" required="true">
    <lookupQuery lookup-query="select lkv_encoded as Value,lkv_decoded as Description from lkv lkv,lku lku
    where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.xxx.BO.Field2'
    and instr(lkv_encoded,concat('$Form data.Field1', '~'))>0" display-field="Description" save-field="Value" />
    </AttributeReference>
    Then I need think about the 'Lookup.xxx.BO.Field2' format.
    Could you please let me know if my understanding is correct?? What is the entity-type value of the first attribute reference value?
    Thanks for your all help.

  • OIM 10G OID user account / group membership reconciliation

    Hello
    I have an OID environment that is used for OAM access to applications within the environment. I need to be able to reconcile users from OID into OIM along with their group membership so that roles for users are maintained and updated. I have ORM integrated within the environment so entitlements would need to flow to orm to document that users are members of a role / OIM group. Not sure if this is possible through the trusted reconciliation or if there is a user / group target reconciliation that can be used for this. Any help you can give for this would be appreciated.
    Thanks

    When i use ADCS timestamp as 0 (to capture changes from the beginning and not necessarily after the group change event occured on the AD side) and run AD user target recon this is getting updated. Is this correct and if so how can i always default ADCS timestamp as 0 in the scheduled task and are there any side effects for this sort of approach.
    Prasad.
    Edited by: Prasad on Nov 7, 2011 12:31 PM

  • OIM Group membership rules

    Hi Friends,
    I want to create groups in oim on the basis of complex rules(It requires some Java coding) but for attaching group membership rule we use Rule Designer and in rule designer we can't user adapter that means no java code.
    What is the solution for this problem?
    One solution could be create entity adapter for group membership and execute it on pre-update.
    Thanks
    Edited by: user10968321 on Oct 28, 2009 7:06 AM

    The entity adapter on the user form in pre or post update mode is the standard way to solve complex membership rules.
    Works well as long as you can accept a slight performance decrease on user updates (including things like password resets). Make sure your code is decently fast.
    Good luck
    /Martin

  • OIM 11g R2 : AD Group Management

    Hi,
    I'm looking to implement a POC for creation and deletion of Active Directory groups (Group Management) from OIM 11g R2. I was going through AD connector documentation. But it doesn't see to be evident in the documentation on on how to achieve the functionality. Can anyone throw some light on how to implement this? Do we need any customizations?
    Thanks,
    Raj

    Hi,
    I'm looking to implement a POC for creation and deletion of Active Directory groups (Group Management) from OIM 11g R2. I was going through AD connector documentation. But it doesn't see to be evident in the documentation on on how to achieve the functionality. Can anyone throw some light on how to implement this? Do we need any customizations?
    Thanks,
    Raj

  • OIM: What is the purpose of "Update" while editing group memberships

    Hi,
    This is when you lookup a user's Resource Profile and go to "Edit" link. The process form shows up along with a drop down to edit the group memberships. When we select one of the choices such as "Groups" another window pops up where we could add more entires into the child form. In this form there is an "Update" column with a radio button besides a "Remove" column. What is the purpose of this "Update" column? We can add or delete child entries but what does update do? Is there a way to remove this selection altogether?
    Thanks in advance

    Update I can see used for a cases where you have multiple columns on a child table entry and want to change one of them. Strictly speaking, you can update a single column child table rather than delete and insert also. Access policies always do insert and delete actions, but you will want to implement an update task as well if you expect anyone to be editing child tables on resources directly.

  • Problem in AD Group membership Insert Error "Response: CURRENT_ATTRIBUTES"

    Hi all,
    I am using Oracle Identity and Access Management 11g (11.1.1.5.0) with Weblogic 10.3.5 and apply patch -11.1.1.5.4. I have install AD Connector (activedirectory-11.1.1.5.0) and recon Group, OU and Users as a target source Successfully. When I tried to provision user in AD user is provisioned successfully but got following error message in Group membership Insert.
    Task Name     -     Group membership Insert
    Resource Name:     AD User
    Description:     
    User:     Test User 10 [?TESTUSER10?]
    Status:          Rejected
    Response:     CURRENT_ATTRIBUTES
    Response Description:     Unknown response received
    Notes:
    Assigned to     User     :     System Administrator[?XELSYSADM?]
    Error Details
    Setting task status... "CURRENT_ATTRIBUTES" does not correspond to a known Response Code. Using "UNKNOWN".
    Schedule Detail
    Projected Start:     November 7, 2012 6:14:47 PM     Projected End:     November 7, 2012 6:14:47 PM
    Actual Start:     November 7, 2012 6:14:47 PM     Actual End:     November 7, 2012 6:14:48 PM
    Last Update:     November 7, 2012 6:14:48 PM
    Back to Resource Provisioning Details
    OIM LOG
    Running UPDATECHILDTABLEVALUES
    Target Class = oracle.iam.connectors.icfcommon.prov.ICProvisioningManager
    <ObjectClassInfos>
    <ObjectClassInfo type='Group' container='false' embedded='false'>
    </optionsByOperation>
    </Schema>
    java.lang.reflect.InvocationTargetException
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADIDCUPDATECHILDTABLEVALUES.UPDATECHILDTABLEVALUES(adpADIDCUPDATECHILDTABLEVALUES.java:111)
         at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADIDCUPDATECHILDTABLEVALUES.implementation(adpADIDCUPDATECHILDTABLEVALUES.java:56)
         at com.thortech.xl.client.events.tcBaseEvent.run(tcBaseEvent.java:196)
         at com.thortech.xl.dataobj.tcDataObj.runEvent(tcDataObj.java:2492)
         at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(tcScheduleItem.java:2917)
         at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(tcScheduleItem.java:547)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at com.thortech.xl.ejb.beansimpl.tcProvisioningOperationsBean.retryTasks(tcProvisioningOperationsBean.java:4042)
         at Thor.API.Operations.tcProvisioningOperationsIntfEJB.retryTasksx(Unknown Source)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
         at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
         at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
         at $Proxy348.retryTasksx(Unknown Source)
         at Thor.API.Operations.tcProvisioningOperationsIntfEJB_4xftoh_tcProvisioningOperationsIntfRemoteImpl.__WL_invoke(Unknown Source)
         at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
         at Thor.API.Operations.tcProvisioningOperationsIntfEJB_4xftoh_tcProvisioningOperationsIntfRemoteImpl.retryTasksx(Unknown Source)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
         at $Proxy172.retryTasksx(Unknown Source)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
         at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
         at $Proxy347.retryTasksx(Unknown Source)
         at Thor.API.Operations.tcProvisioningOperationsIntfDelegate.retryTasks(Unknown Source)
         at com.thortech.xl.webclient.actions.ResourceProfileProvisioningTasksAction.retryTasks(ResourceProfileProvisioningTasksAction.java:702)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:269)
         at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(tcLookupDispatchAction.java:133)
         at com.thortech.xl.webclient.actions.tcActionBase.execute(tcActionBase.java:894)
         at com.thortech.xl.webclient.actions.tcAction.execute(tcAction.java:213)
         at org.apache.struts.chain.commands.servlet.ExecuteAction.execute(ExecuteAction.java:58)
         at org.apache.struts.chain.commands.AbstractExecuteAction.execute(AbstractExecuteAction.java:67)
         at org.apache.struts.chain.commands.ActionCommandBase.execute(ActionCommandBase.java:51)
         at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
         at org.apache.commons.chain.generic.LookupCommand.execute(LookupCommand.java:305)
         at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
         at org.apache.struts.chain.ComposableRequestProcessor.process(ComposableRequestProcessor.java:283)
         at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
         at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
         at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at com.thortech.xl.webclient.security.CSRFFilter.doFilter(CSRFFilter.java:76)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:121)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:107)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
         at java.security.AccessController.doPrivileged(Native Method)
         at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
         at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
         at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
         at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
         at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
         at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
         at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
    Caused by: java.lang.NoSuchFieldError: CURRENT_ATTRIBUTES
         at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.getCurrentAttributes(ICProvisioningManager.java:408)
         at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.updateChildTableValues(ICProvisioningManager.java:485)
         ... 104 more
    com.thortech.xl.dataobj.util.tcAdapterTaskException: CURRENT_ATTRIBUTES
         at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADIDCUPDATECHILDTABLEVALUES.UPDATECHILDTABLEVALUES(adpADIDCUPDATECHILDTABLEVALUES.java:117)
         at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADIDCUPDATECHILDTABLEVALUES.implementation(adpADIDCUPDATECHILDTABLEVALUES.java:56)
         at com.thortech.xl.client.events.tcBaseEvent.run(tcBaseEvent.java:196)
         at com.thortech.xl.dataobj.tcDataObj.runEvent(tcDataObj.java:2492)
         at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(tcScheduleItem.java:2917)
         at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(tcScheduleItem.java:547)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at com.thortech.xl.ejb.beansimpl.tcProvisioningOperationsBean.retryTasks(tcProvisioningOperationsBean.java:4042)
         at Thor.API.Operations.tcProvisioningOperationsIntfEJB.retryTasksx(Unknown Source)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
         at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
         at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
         at $Proxy348.retryTasksx(Unknown Source)
         at Thor.API.Operations.tcProvisioningOperationsIntfEJB_4xftoh_tcProvisioningOperationsIntfRemoteImpl.__WL_invoke(Unknown Source)
         at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
         at Thor.API.Operations.tcProvisioningOperationsIntfEJB_4xftoh_tcProvisioningOperationsIntfRemoteImpl.retryTasksx(Unknown Source)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
         at $Proxy172.retryTasksx(Unknown Source)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
         at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
         at $Proxy347.retryTasksx(Unknown Source)
         at Thor.API.Operations.tcProvisioningOperationsIntfDelegate.retryTasks(Unknown Source)
         at com.thortech.xl.webclient.actions.ResourceProfileProvisioningTasksAction.retryTasks(ResourceProfileProvisioningTasksAction.java:702)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:269)
         at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(tcLookupDispatchAction.java:133)
         at com.thortech.xl.webclient.actions.tcActionBase.execute(tcActionBase.java:894)
         at com.thortech.xl.webclient.actions.tcAction.execute(tcAction.java:213)
         at org.apache.struts.chain.commands.servlet.ExecuteAction.execute(ExecuteAction.java:58)
         at org.apache.struts.chain.commands.AbstractExecuteAction.execute(AbstractExecuteAction.java:67)
         at org.apache.struts.chain.commands.ActionCommandBase.execute(ActionCommandBase.java:51)
         at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
         at org.apache.commons.chain.generic.LookupCommand.execute(LookupCommand.java:305)
         at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
         at org.apache.struts.chain.ComposableRequestProcessor.process(ComposableRequestProcessor.java:283)
         at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
         at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
         at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at com.thortech.xl.webclient.security.CSRFFilter.doFilter(CSRFFilter.java:76)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:121)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:107)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
         at java.security.AccessController.doPrivileged(Native Method)
         at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
         at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
         at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
         at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
         at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
         at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
         at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)

    Hello
    1. Download the latest version of Connector Server.
    2. Stop OIM
    3. Take from Connector Server Distr:
    connector-framework.jar
    connector-framework-internal.jar
    to
    $XEL_HOME\apps\oim.ear\APP-INF\lib
    $XEL_HOME\ext\internal
    4. Delete temporary cached libs from:
    $DOMAIN_HOME\servers\$WEBLOGIC_NAME\tmp\_WL_user\oim_11.1.2.0.0\*
    5. Start OIM-server
    Записки на полях внедрения: java.lang.NoSuchFieldError: CURRENT_ATTRIBUTES

  • OAM-OIM 11g r2 integration is failing

    Hi,
    Following is my configuration,
    1. I have OIM 11g r2 and OAM 11gr2 installed on different weblogic domains.
    2. OIM synchronized with OUD LDAP
    3. I followed the steps described in http://docs.oracle.com/cd/E27559_01/integration.1112/e27123/oim.htm
    4. After the integration, I'm not able to login to the Oracle Access Manager console. Though my authentication is successful, I'm getting authorization error.
    As per the doc, oamadmin user (member of oamadministrator group) should be able to login to the console. On weblogic console -> security realms screen, I can see oudauthenticator (authenticates against OUD LDAP) created by the idmconfig tool (tool used for the integration). On the same screen, if I open oamadmin user profile, I don't see any group membershiip information for this user. I also created Administrator group in my LDAP and assigned oamadmin as a member, but in vain. My guess is, since oam server is not recognizing user's role, it's giving an authorization error.
    The documentation mainly talks about using OID as LDAP between OIM and OAM, though it claims other LDAPs are also supported. If anyone has successfully integrated, what do you see in oamadmin user profile, especially in the group membership attribute. Any other ideas/workarounds are greatly appreciated.
    Thanks, Nishanth

    I successfully did this into my VMWare and oamadmin user has there:
    [oracle@thiagoleoncioVM ~]$ ldapsearch -D cn=orcladmin -w **** -b "dc=leoncio,dc=thiago" -L -s sub -v orclmtuid=*oaamadmin* memberOf
    filter pattern: orclmtuid=*oaamadmin*
    returning: memberOf
    filter is: (orclmtuid=*oaamadmin*)
    dn: cn=oaamadmin,cn=Users,dc=leoncio,dc=thiago
    memberof: cn=oaamcsrgroup,cn=groups,dc=leoncio,dc=thiago
    memberof: cn=oaamcsrmanagergroup,cn=groups,dc=leoncio,dc=thiago
    memberof: cn=oaamenvadmingroup,cn=groups,dc=leoncio,dc=thiago
    memberof: cn=oaaminvestigationmanagergroup,cn=groups,dc=leoncio,dc=thiago
    memberof: cn=oaaminvestigatorgroup,cn=groups,dc=leoncio,dc=thiago
    memberof: cn=oaamruleadministratorgroup,cn=groups,dc=leoncio,dc=thiago
    memberof: cn=oaamsoapservicesgroup,cn=groups,dc=leoncio,dc=thiago
    1 matches
    I hope this information helps you with your issue then you should be able to see what is missing there,
    Thiago Leoncio.

Maybe you are looking for