OIM 11G UserManager Service or Trusted Recon

Hi All,
with everything changing in the world with 11g is the new UserManager server the better way to create new users or is the trusted recon the more correct way to go?
Thanx
Fred

With 11G User Manager Service is just a new representation of the API for user management. So even with 10G you had an option of using tcUserOperationsIntf instead of tcReconciliationOperationsIntf. Anyway it depends on the following:
- Do you need to keep a track of all the users created in OIM via Reconciliation Events for reference in future
- Do you need this Reconciliation Events Data for actual verification that the user was created from your Trusted Source
- Let's say if you use User Manager service for methods like create(User user) then you cannot differentiate later that the user was manually created or using a scheduler reading from a falt file feed. The only check point then would be to verify this user in the Trusted Source/Flat File
- Using API directly for managing users is definitely faster then using Reconciliation API's but most of the folks use Trusted Recon
- You also have the liberty to verify that which attributes were provided from Recon and if there are any missing attributes for any user from Reconciliation Event Manager which would not be handy in case of using User Manager API directly, so you have to keep an eye on the logs for that
Thanks
SRS

Similar Messages

  • How can I o create, modify or delete users using OIM 11g web services?

    Hi,
    I have a requirement to create, modify or delete users using OIM 11g web services.
    The end users will be signing on to the online application, a user interface to request ids online. The user interface is the home grown application to request ids.
    I want to integrate this user interface with OIM 11g. I generated the java classes using the out of the box wsdl file as mentioned in the Developer’s Guide for Oracle Identity Manager 11g. But I need to know how to create users using web server client from a given wsdl file? Is there a sample web service client program to create a user in OIM?
    If you know of any document which I can follow or if you can give any details I really appreciate.
    Thanks and Regards,
    Viraf

    Hi Chong,
    Were you able to figure out the approach? I am facing the same issue like this. I have created a web service where the input values are no. of days to extend user's end date and user's employee ID. Output will be true or false. But I am getting error while searching user in OIM DB. I think my web service is not to query OIM DB
    Please let me know if you have worked on this senario.
    Thanks,
    Kalpana.

  • [OIM 9.1.0.2] Trusted Recon Workaround

    Hi all,
    IHAC that uses a GTC (Flat file) for trusted recon.
    The generated file for reconciliation brings entries of actives and inactives users (So, the expected result is User Creation, User Update and User Disabling).
    AFAIK, the User Definition Fields has some fields defined per defualt as mandatory. For some entries, the effect expected was the user to be disabled (in the case of inactive user), but like sometimes, the generated file has some entries with those mandatory fields in blank or invalid value, so those entries are not reconciliated and the user is not disabled. This is causing a security issue, since access and permission of the users are not revoked.
    Customer request: During trusted recon, the OIM should ignore the mandatory field just for inactive users (there is a field that define this status).
    My question:
    1) Can I achieve this requirement in OIM? Would this a trouble even by customization? Let me know your thought.
    2) Is it possible to turn those fields as 'not-required' in a native manner?
    I would appreciate any help on this.
    Regards,

    Use Transformation to achieve this...
    Following link will be helpful regarding Transformation
    Pre-Computations in OIM 11gR2
    In case of mandatory attributes in the custom Transformation:-
    (1) Use Status flag to determine InActive users
    (2) Obtain by using OIM API current values of those Mandatory fields...
    (3) Return the same value... This means ignoring the mandatory values...

  • Adding Custom Tab in OIM 11g  Self Service Page

    Hi All,
    I have to add a custom tab in oim self service page and when i click on that tab it should show two tab like "Search Resource" and "User Info" and when i click on "Search Resource"
    it should show Resources list and when i click on User Info tab it should show the all the attribute of user.
    Please help me how i can do it.
    thanks,

    For OIM 11g R2, we don't have any composer and all. You need to understand the OIM UI then you need to proceed with Customization.
    Steps:
    http://www.oracle.com/webfolder/technetwork/tutorials/obe/fmw/oim/oim_11g/customize_oim_ui_selfservice_tabs/customize_oim_ui_selfservice_tabs.htm
    Pointers: http://docs.oracle.com/cd/E23943_01/doc.1111/e14309/uicust.htm#BABIGCJA

  • Help needed in OIM 11g with respect to Target Recon

    Hi Experts,
    I have OIM 11.1.1.5.0 installed with AD Connector configured. We have 3 AD instances, so we have cloned the full AD Connector to "A_AD_RO User", "B_AD_RO User" and "C_AD_RO User" resourced with separate-separate Process defn, scheduled task, lookups and IT resource
    When I am doing target recon based on "emailID" as key from respective ID, the reconciliation events gets generated and I can see the event in Recon Manager with "No Match Found", even though the user with valid email id is present in the OIM.
    Once I do re-evaluate of reconciled user, the user target gets linked with the correct user.
    Problem: Everytime, I need to go to Recon Manager, and manually click on "Reevaluate Event", then only the target AD is getting linked to user.
    How to set it automatically?
    Has anyone faced this kind of issue?
    Any suggestion which I can apply to skip "Reevaluate Event" manually to link user with target.
    Regards,
    J
    Edited by: J_IDM on Mar 19, 2012 6:35 AM

    A few things to check.
    On the resource object, reconciliation tab. Check the recon action rules. The Entity Match is the one that matches a user to the target data if the user does not have an instance on their profile.
    Check your reconciliation rules. Make sure that you have a rule for each resource, and that it is in an active state. Also make sure the rule is a valid matching rule.
    For each resource workflow, there are configuration lookups. You must be VERY careful when cloning a resource to go through every lookup that is duplicated and make sure the values are all for the new resources.
    It sounds like you used the same adapters for every instance. This will cause a problem because there are hard coded form values in the adapter, so you will need to change those to have an input so you can specify the value for each instance. Otherwise, every provisioning task will look for the objectguid from the original workflow.
    There are lots of updates you must perform to make sure they work correctly during a clone.
    Once you have done all these, try and run your recons again, and make sure you wait till the recon completes so it processes the events in the correct bulk amounts.
    -Kevin

  • OIM 11g: UserManager.changePassword is a one time use password - why?

    I am writing an OIM application to bulk load passwords into OIM from another source. I am using OIMClient to connect to OIM and the UserManager class to set the password on each user. The method I am using is the following:
    userMgr.changePassword(AttributeName, AttributeValue, password.toCharArray());
    The problem I see now is that every time I call this changePassword() method to change the password on the user, it turns on the must-change-password-at-next-logon flag. I do not want to do this. The password I am setting on these users is their current password, they should not have to change it the next time they log onto OIM.
    I have set the system property that says a user must change password at first logon to FALSE. But changing the password using that API still sets the flag on the USR table record.
    Is there anything else I need to do to prevent the user from having to change their password again when they next logon?
    Thanks for any advice.
    -Dave

    Use the 10g APIs.
    void updateUser(Thor.API.tcResultSet poUserResultSet, java.util.Map phAttributeList, boolean changePassword)poUserResultSet - A result set containing at the minimum the user key and the rowver of the user record to update.
    phAttributeList - A map of name-value pairs, each entry holding an attribute-value pair to set/modify for this user. The Attribute names are the String column codes (from the Xellerate metadata). The Attribute Values are the String attributes of the columns to set.
    changePassword - Whether this update has been trigerred for a password change
    >
    -Kevin

  • OIM 11g: Form Version of Linked Recon Event

    If an old reconciliation event is linked (Ad-hoc link) to a user, what form version is given to the form?
    The current active version?
    The active version at the time the recon event was created?
    Based on our testing, it appears as though #2 is the answer. Somehow the form version at time of recon is retained, and given to the form when the recon event is linked.
    Is this expected behavior? In our environment we'd like for #1 to be the case, and we can't seem to find a way to prevent this from happening. (The FVC util doesn't seem to help here).
    How can we ensure any linked recon events always get the current active form version?
    Thanks

    If anyone else is running into this, the "current" and "active" form versions are stored in the recon profile XML files. So, if you update a form version, you need to also regenerate the recon profiles to bring them up to the current active version.

  • OIM 11g - PeopleSoft connector - Future Dated Recon Events

    Hi OIM Experts,
    I am having a problem, processing the future dated events using OIM peoplesoft connector.
    All the current dated, events are getting linked and processed.
    The future dated events in OIM are in deferred state as expected. But after running the "Run Future Dated Reconciliation Events " , the event is not linked to any user, but state changes to data received.
    The user exists in OIM.
    Any ideas on how to resolve this.
    Regards
    Vicky

    Hi Suren,
    1311 - Cause: Status of the batch is not 'Completed'.
    1311 - Event id, when i try to Re-Evaluate event.
    Regards
    Vicky
    Edited by: vicky on Jan 27, 2011 6:27 PM

  • Trusted recon failed to insert RA_XELLERATEUSER2 due to RA_XELLERATEUSER2

    hi all,
    I have seen a previous posting for this error but I still don't get why I am getting this error. it is OIM 11G and doiing a trusted recon to the Xellerate User resource.
    I have OrgName mapped to Organization Name and set it to "Xellerate Users" in the recon map. not sure what's going on.
    Thanx in advance.
    Fred

    now we're sorta getting somewhere.
    Thor.API.Exceptions.tcAPIException: An exception occurred: oracle.iam.platform.utils.SuperRuntimeException: Error occurred in XL_SP_RECONEVALUATEUSER while proc
    essing Event No 43 Error occurred in XL_SP_RECONUSERMATCH while processing Event No 43 One or more input parameter passed as null
    Except it's real obvious which field is missing. below is what I'm sending in.
    DEBUG,15 Jul 2011 10:50:29,996,[AI.BASECLIENT][191],ReconMap {UserType=End-User, Phone=6203332384, Street=22 Underwood Lane, Fax=6207609551, OrgName=Xellerate U
    sers, UserId=mforester, LastName=Forester, DisplayName=Melvin Johnny Forester, City=Thorndale, State=PA, CellPhone=6203332384, UDCIdentifier=3B99F5545DEE329BE04
    40003BA33B440, EmailAddress=[email protected], FirstName=Melvin, Role=Full-Time Employee, Zip=59640}
    This is in the OIM Log
    <Jul 15, 2011 7:51:19 AM PDT> <Error> <oracle.iam.reconciliation.dao> <IAM-5010001> <Calling stored procedure - XL_SP_RECONEVALUATEUSER
    strTargetTableName_in=RA_XELLERATEUSER2
    strRequiredAttributesList_in=RECON_FIRSTNAME,RECON_LASTNAME,RECON_USR_EMAIL,RECON_USR_LOGIN
    strMatchingRule_in=
    intEventKey_in=43
    intUserKey_in=1>
    the 4 fields missing in RA record are start/end dates and manager key/id
    Thanx for your help.
    Fred

  • Customize Self Service Page in OIM 11g

    Hi All,
    How can i add some functionality of Profile tab in to another custom tab like(i have to add resource tab(Self Service Page-->My Profile-->Resource) in to a custom tab) because i have to hide Profile tab and add Proxy and Resource tab of Profile tab in to another custom tab so that user can see only these two tab instead of whole profile tab .
    please give me any idea how to do it.
    thanks
    Edited by: 902535 on Apr 10, 2013 10:53 PM

    Duplicate Post:
    Adding Custom Tab in OIM 11g  Self Service Page

  • Getting error in trusted recon from DB in oim 11g

    Hi,
    I am getting below error while running the trusted recon from DB in OIM 11g:
    [2013-12-25T23:27:33.033-08:00] [oim_server1] [ERROR] [] [oracle.iam.reconciliation.impl] [tid: OIMQuartzScheduler_Worker-7] [userId: oiminternal] [ecid: 0000KCGU85V2ZNK5qVCCyY1Ih5WC000002,1:21446] [APP: oim#11.1.2.0.0] Generic Information: {0}[[
    oracle.iam.reconciliation.exception.ReconciliationException: Exception occurred while inserting data into table RA_HRRECONTEMPROSS_GTC due to java.sql.SQLException: ORA-12899: value too large for column "IDAMPOC_OIM"."RA_HRRECONTEMPROSS_GTC"."RA_SERVICE_DT" (actual: 10, maximum: 7)
            at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl$1.process(ReconOperationsServiceImpl.java:429)
            at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl$1.process(ReconOperationsServiceImpl.java:407)
            at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:13)
            at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:6)
            at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:128)
            at oracle.iam.platform.tx.OIMTransactionManager.execute(OIMTransactionManager.java:22)
    Caused by: oracle.iam.platform.entitymgr.ProviderException: java.sql.SQLException: ORA-12899: value too large for column "IDAMPOC_OIM"."RA_HRRECONTEMPROSS_GTC"."RA_SERVICE_DT" (actual: 10, maximum: 7)
            at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:305)
            at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:241)
    Service date is a varchar field(VARCHAR 2 BYTE) in our trusted table. Its mapped to service date field in OIM 11g which is of type date.
    Please let me know if I need to change the field type in our trusted table.
    Note: The same configuration is working fine in OIM 9.x.
    Regards,
    Kalpana.

    Now, i went into IDM schema & altered date fields to VARCHAR2(30 CHAR) for all the date type attributes. Now, when I ran schedule job is worked fine and didnt got any errros. But now the trusted recon is not creating users. I dont know why users are not getting created. Can you please let me know which all things should be checked to make a recon a trusted recon so that it creates users.
    Thanks,
    Kalpana.

  • Getting Error - Cause: Status of the batch is not 'Completed' in OIM 11g R2 during Trusted Recon

    Hi All
    I am new to OIM 11g R2. I am trying to create custom connector for trusted recon. The case is to migrate the users from 10g to 11g R2. The recon event is created but it is in Event Recieved status and when I re-evaluate the event, its giving error - Cause: Status of the batch is not 'Completed'.
    I saw in some posts to change the recon batch size parameter to 0 and restart the server. I have done that but still I am facing the same issue.
    There is no child data in the attribute mapping and user login is set as key.
    Any inputs are welcome on how to get rid of this error.
    Regards
    Vinay

    J_IDM@ I am not passing any OID IT Resource as parametere. Yes I have checked but no entries were thr.
    Prakash bAJIYA@ i was running Job fro Web console & didnt find any such object. it may be diff from design console.
    810444@ Thanks.
    Dear All,
    In Web Console Job Scheduler, I had one Recon "LDAP FULL Recon" which has a property
    "OIM Employee Type" which was before "Full-TYpe" i changed it to * & it worked.Now I am able to generate events.
    It seems like value of Employee Type has an Issue in OID, please correct me ?
    Thanks a lot for you guys contribution.

  • OIM 11g R2 - Trusted User Recon 'Reconciliation Insert Received' not trigge

    Hi,
    We have recently upgrade OIM 10g to 11g R2. One thing which we use to depend on in 10g was the 'Reconciliation Insert Received' to trigger of other tasks. This does not seem to work in OIM 11g R2? Is there a way to fix this?

    This turned out to be an Oracle bug.
    Bug 9539918 - BOTH MANAGER ID FIELD AND ORG UNIT FIELD IS DISPLAYED WITH ORG UNIT VALUE
    This has been fixed in9.1.2.4 version of the connector. Patch11656991
    Sunny
    Edited by: Sunny on Mar 15, 2011 1:47 PM

  • OIM 11g: Can't Map (De)Provisioning Dates in Custom Trusted Recon

    I'm developing a custom trusted recon to reconcile users from a legacy IdM system.
    The issue I'm running into is that if I map a recon attribute to (De)provisioned/(De)provisioning date in the Reconciliation Mapping, when I try to "Create Reconciliation Profile" it fails saying: "Xellerate User: Invalid Attributes [Deprovisioning Date, Provisioning Date, Deprovisioned Date, Provisioned Date]".
    I'm not sure why it's rejecting these, but is there a workaround? Updating the reconciliation profile XML manually perhaps?

    Have you added oimclient.jar in the CLASSPATH of Eclipse ?
    http://download.oracle.com/docs/cd/E14571_01/apirefs.1111/e17334/toc.htm

  • Error running Organization Lookup Recon in OIM 11g R2 with Active Directory

    Hi all,
    I have an implementation of OIM 11g R2, with an Active Directory 11.1.1.5.0 connecting to an instance of Active Directory on Windows Server 2008. I am trying to run the "Active Directory Organization Lookup Reconciliation" scheduled task, but the job fails with this error:
    oracle.iam.connectors.icfcommon.exceptions.IntegrationException: Connector ConnectorKey( bundleName=ActiveDirectory.Connector bundleVersion=1.1.0.6380 connectorName=Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector ) not found
    This is the full stack trace from the oim_domain.log file:
    oracle.iam.connectors.icfcommon.exceptions.IntegrationException: Connector ConnectorKey( bundleName=ActiveDirectory.Connector bundleVersion=1.1.0.6380 connectorName=Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector ) not found
    at oracle.iam.connectors.icfcommon.ConnectorFactory.createConnectorFacade(ConnectorFactory.java:176)
    at oracle.iam.connectors.icfcommon.recon.AbstractReconTask.init(AbstractReconTask.java:115)
    at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.execute(SchedulerBaseTask.java:382)
    at oracle.iam.scheduler.vo.TaskSupport$1.processWithoutResult(TaskSupport.java:135)
    at oracle.iam.platform.tx.OIMTransactionCallbackWithoutResult.process(OIMTransactionCallbackWithoutResult.java:9)
    at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:13)
    at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:6)
    at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:128)
    at oracle.iam.platform.tx.OIMTransactionManager.execute(OIMTransactionManager.java:22)
    at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:116)
    at sun.reflect.GeneratedMethodAccessor739.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at oracle.iam.scheduler.impl.quartz.QuartzJob$TaskExecutionAction.run(QuartzJob.java:266)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.security.Security.runAs(Security.java:41)
    at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
    at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:75)
    at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
    at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
    The Connector Server is installed on the AD instance, and the key has been set, and used appropriately in the Active Directory Connector Server IT Resource in OIM.
    Any advice on how to resolve this error or on any possible causes would be much appreciated, thank you.

    From the installation media, copy and extract contents of the bundle/ActiveDirectory.Connector-1.1.0.6380.zip file to the CONNECTOR_SERVER_HOME directory
    Refer http://docs.oracle.com/cd/E22999_01/doc.111/e20347/deploy.htm#CHDDJGIG

Maybe you are looking for

  • Error while creating a report from personal files.

    Hi All, We are trying to insert a report from excel file( Env BO XIr3 Desktop intelligence) Poping up with error "Too many data to display" Is there any data limit or data size limit or no of rows limit. Thanks in advance...

  • Need help connecting new HDTV to an old 5.1 speaker system

    I have an old Creative 5.1 speaker system that I want to connect to my new HDTV, and I am not sure how to do it in a way that preserves the 5.1 surround sound. My new TV only has two options for audio out: 1. Optical/TOSLINK 2. 3.5 mm jack (labeled "

  • Getting large file sizes in AppleScript...

    For starters I am new to AppleScript. Please excuse my lack of knowledge. I am trying to get file sizes for large files and kicking that out to a text file. Problem is that all these files are a gigabyte and up. When I use: set fileSIZE to size of (i

  • Query regarding templates in smartforms

    Hi friends, In my smartforms, I have used templates to display tabular data and i have defined line no. and column no. under text elements.Now, the data that is coming in the output is repetitive that is its not looping the table although i have used

  • Problem with a custom tag using Jasper Report

    Hi everybody, I'm deprived of hope, I wrote this code for a custom taglib to convert a .jasper file into a .pdf file: package com.tag; import javax.servlet.jsp.*; import javax.servlet.jsp.tagext.*; import net.sf.jasperreports.engine.*; import net.sf.