OIM Access Policy Error

I created an access policy for provisioning a resource and it works fine. But I get the following error when I click on manage and edit the child form fields. Can someone please guide what is this error for?
2009-04-20 12:57:35,618 ERROR [org.apache.struts.actions.DispatchAction] Request[ManageAccessPolicies] does not contain handler parameter named method
Thanks!

What version of OIM are you using? And have you made any changes to the web client? (particularly xlWebAdmin.properties, struts-config.xml or the class files?)
Deborah

Similar Messages

  • OIM Access Policy API

    Hi All
    For oIM 10g, I am looking for an API that can mark the "Revoke If No Longer Applies" flag for all the resources of existing Access Policies.
    Any help!

    Yes. Try this API call -
    updateAccessPolicy
    public void updateAccessPolicy(Thor.API.tcResultSet accessPolicyResultSet,
    java.util.Map attributeList)
    throws Thor.API.Exceptions.tcPolicyNotFoundException,
    Thor.API.Exceptions.tcInvalidAttributeException,
    Thor.API.Exceptions.tcAPIException,
    tcAPIException
    This method updates the attributes of an access policy
    Parameters:
    accessPolicyResultSet - A result set containing at the minimum the access policy key and the rowver of the policy record to update.
    attributeList - A map of name-value pairs, each entry holding an attribute-value pair to set/modify for this access policy. The Attribute names are the String column codes (from the Xellerate metadata). The Attribute Values are the String attributes of the columns to set:
    * Access Policies.Description
    * Access Policies.Name
    * Access Policies.Key
    Throws:
    tcPolicyNotFoundException - if the policy is not in the database
    tcInvalidAttributeException - raise if one of the attributes is not a valid attribute
    tcAPIException - if there is an error retrieving information

  • OIM Access Policy dilemma

    I have a need to use an Access policy for basic account creation but still have a Request workflow for enhanced privileges. The Access Policy needs the Resource and Process forms to both be Auto Pre-populate and auto save. This seems to be a conflicting requirement by the way I understand OIM. Any thoughts on a good work around?
    Kerry

    What version of OIM are you using? And have you made any changes to the web client? (particularly xlWebAdmin.properties, struts-config.xml or the class files?)
    Deborah

  • OIM Access Policy OU Updates

    All,
    I am wondering if any you have encountered an issue in OIM where a user’s OU in AD does not change when a new access policy applies to the user with a new OU (the old access policy is no longer valid). I have noticed that child form attributes (groups) are updated with the values from the new access policy, but parent form values such as OU, are not updated.
    The access policies currently do have retrofit selected.
    I also have tried running the “Evaluate User Policies” task with no luck.
    If you have any insight as to how we might resolve or workaround this issue, it would be appreciated.
    Thanks,
    -Derek

    What version of OIM are you using? And have you made any changes to the web client? (particularly xlWebAdmin.properties, struts-config.xml or the class files?)
    Deborah

  • OIM access policy not evaluating a boolean

    I have a test for a boolean in Access Policy
    booleanvariable == true
    but it does not evaluate
    I tried booleanvariable == 1
    and this does not work either.
    If I have a string field instead of a boolean, then it works
    stringvariable == TRUE
    this works.
    Is there something wrong with booleans in Access Policy?

    I'm currently using Boolean with access policies, though maybe a little different.
    In the OIM Design Console, I've created a rule (Resource Management -> Rule Designer) named TestRule
    Add Element:
    - Attribute: booleanvariable
    - Operation: ==
    - Attribute Value: 1
    I have groups that mirror access policies, so let's say that we've also created a group (User Groups->Create via OIM AU Console - Web)
    - Under 'Membership Rules' in the dropdown box for group details, assign the rule you just created
    - Then under 'Access Policies' add the policy you created under Access Policies -> Manage
    Then when a user is in OIM with booleanvariable checked, the Access Policy is applied to that user.

  • Unable to provision to an RO through OIM access policy

    Hi All,
    We have created a group membership and attached it to an access policy which does provisioning for a particular RO.
    When we try to use this, the provisioning process gets stuck in "System Validation" state.
    However, provisioning manually works perfectly fine.
    Is the server looking for something while it tries to provision?
    Thanks!

    Make sure all your required fields are being populated correctly. If you have any checkboxes, make sure they get a 1 or 0 default value. Check the auto save checkbox on your provisioning process definition.
    -Kevin

  • Disable / Delete OIM Access Policy - OIM11g

    Hi Experts,
    checking on these forums I realized that is not possible to delete an Access Policy due to DB constraints.
    I read somewhere that is possible to disable them, but I don't understand how.
    Any ideas?

    Hi
    In order to disable the access policy.. remove the role associated with it. Since it is mandatory for atleast one role..create and provide some dummy role..
    alternatively you can delete the membership rule which is reponsible adding users to the group.
    Regards
    user12841694

  • Create Access Policy with OIM API: can't fill child form

    Hi!
    I'm having a problem with creating OIM Access Policy with API. I'm doing the following:
    1. Create a new access policy via AccessPolicyIntf
    2. Add a resource object which will be provisioned to all users who are within policy scope
    3. Get Resource Object (Parent) Form Definition via FormDefinitionIntf
    4. Add data to parent form (AccessPolicyIntf setFormData(FormDefinitionKey))
    5. Now I want to add data to the child form, for that purpose I need to know child form definition key, but I can' get one, because there's no method like 'getChildFormDefinitionKey' in FormDefinitionIntf interface.
    Please, help me to get child form definition key, knowing parent form definition key and version

    See if this code helps:
    public String addChildTableValue(long userKey, String group, String objectName, String fieldName tcDataProvider ioDatabase) {
    log.debug("addChildTableValue() Parameter Variables passed are:" +
    "userKey=[" + userKey + "]" +
    "group=[" + group + "]" +
    "fieldName=[" + fieldName + "]" +
    "objectName=[" + objectName + "]");
    try{
    tcUserOperationsIntf userIntf = (tcUserOperationsIntf)tcUtilityFactory.getUtility(ioDatabase, "Thor.API.Operations.tcUserOperationsIntf");
    tcFormInstanceOperationsIntf formIntf = (tcFormInstanceOperationsIntf)tcUtilityFactory.getUtility(ioDatabase, "Thor.API.Operations.tcFormInstanceOperationsIntf");
    boolean roleExists = false;
    //Result set of all Object for user
    tcResultSet obResultSet = userIntf.getObjects(userKey);
    if (obResultSet.isEmpty()){
    log.error("User has no provisioned objects");
    return "NO_OBJECTS_EXIST";
    }else{
    for (int ii=0; ii<obResultSet.getRowCount(); ii++){
    obResultSet.goToRow(ii);
    if ((obResultSet.getStringValue("Objects.Name").equals(objectName)) &&
    (!(obResultSet.getStringValue("Objects.Object Status.Status").equals("Revoked")) &&
    !(obResultSet.getStringValue("Objects.Object Status.Status").equals("Provisioning")))){
    log.debug("Resource object found: " + objectName);
    //Process Instance Key of the object
    long plProcessInstanceKey = obResultSet.getLongValue("Process Instance.Key");
    log.debug("Process instance key: " + plProcessInstanceKey);
    //Process Key for the parent for
    long plParentFormDefinitionKey = obResultSet.getLongValue("Process.Process Definition.Process Form Key");
    log.debug("Parent form definition key: " + plParentFormDefinitionKey);
    //Form version of the parent form
    int pnParentFormVersion = formIntf.getProcessFormVersion(plProcessInstanceKey);
    log.debug("Parent form version: " + pnParentFormVersion);
    //Result set of Child Form information
    tcResultSet childFormResultSet = formIntf.getChildFormDefinition(plParentFormDefinitionKey, pnParentFormVersion);
    //Child form definition key
    long plChildFormDefinitionKey = childFormResultSet.getLongValue("Structure Utility.Child Tables.Child Key");
    String plChildTableName = childFormResultSet.getStringValue("Structure Utility.Table Name");
    log.debug("Child form definition key: " + plChildFormDefinitionKey);
    log.debug("Child table name: " + plChildTableName);
    tcResultSet childFormData = formIntf.getProcessFormChildData(plChildFormDefinitionKey, plProcessInstanceKey);
    if (!(childFormData.isEmpty())){
    log.debug("Searching child table current values");
    for (int iii=0; iii<childFormData.getRowCount();iii++){
    childFormData.goToRow(iii);
    String fieldValue = childFormData.getStringValue(fieldName);
    log.debug("Child table entry: " + iii + " | value: " + fieldValue);
    if (fieldValue.equals(group)){
    roleExists = true;
    log.debug("Value already exists in child table");
    return "DUPLICATE_VALUE";
    log.debug("Value not found in child table");
    if (!roleExists){
    Hashtable childFormHash = new Hashtable();
    childFormHash.put(fieldName, group);
    formIntf.addProcessFormChildData(plChildFormDefinitionKey, plProcessInstanceKey, childFormHash);
    log.debug("Value successfully added to table");
    return "VALUE_ADDED";
    log.debug("Provisioned resource " + objectName + " object not found");
    return "OBJECT_NOT_FOUND";
    catch(Exception ex){
    ex.printStackTrace();
    return "ERROR";

  • AD Access Policy Update or Revoke Not Happening

    Hi
    Problem:
    I am automating the AD user Provisioning through OIM Access Policy. I am able to provision user in AD, But the provisioned user is not visible in Resources tab. If anything is modified OIM attributes and that are not transferring from OIM to AD User Process Form. If I removed User from the Role, The user was not revoked from the AD.
    Configuration:
    I have created the following task to automate the user provisioning. They are
    1) Rule
    Name: ALL AD Users
    Rule Criteria : User Login != NULL
    2) Role
    Name : AD Role
    Member Ship Rule : ALL AD Users
    3) Access Policy:
    Access Policy Information Provided
    Access Policy Name:      AD Access Policy
    Access Policy Description:      AD Access Policy
    With Approval:      No
    Retrofit Access Policy:      Yes
    Priority:1
    Resources to be provisioned by this access policy
    Resource Name: AD User
    Revoke resource and entitlement(s) if no longer applies: Checked
    Process Forms: AD User Details
    AD User form details are populating through pre-populate adapter in create and Change <FieldName> populating in update Operation.
    Role           
    Name : AD Role
    I couldn't see any error in the AD Connector log file.
    Do I need to do anything apart from AD Access Policy to view the resource in Resource TAB, and also Updating the user attributes ( Change Process Tasks are configured), and Revoke.
    Help is greatly appreciated.

    What do you mean by this statement :
    But the provisioned user is not visible in Resources tabDo you mean that when you go to Resource Profile of a user then you can't see AD User is provisioned to that user ?
    Check "Auto Save" check box on "AD User" Process Defintion
    Add one user into that Role explicitly into that Role/Group
    Resources to be provisioned by this access policyI hope you are giving values for AD Server and Organization Name on the process form in this section.
    Enable the logs as well whether AD User tasks are getting called or not
    And
    For sending Modified Attributes to AD, have you create corresponding tasks like Change First Name, Change Last Name etc in AD User Process Defintion and made its entry in Trigger Lookup ?
    If yes then it will work only when you'll see AD User in Provisioned/Enables status in User's Resource Profile
    Let me know the results

  • OIM 11g AD Connector Access Policy Based Provisioning Issue

    Hi,
    I created Approval Policy for Access Policy Based Provisioning request type for request level (autoapproval) and operational level (used standart beneficiaryManagerApproval process), but when the resource must assigned to User,- throws exception when running setAdDn adapter of Process Definition Form:
    Running ISADAM
    Target Class = java.lang.String
    Running Get Attribute Map
    Running AD Create User
    Running ISADAM
    Target Class = java.lang.String
    Running GETUSESSL
    Target Class = java.lang.String
    Running CheckUserStatus
    Running GETATTRIBUTEHASH
    Target Class = com.thortech.xl.util.adapters.tcUtilHashTableOperations
    Running Set User Attribute
    Running Set User Expiration Date
    Running ISADAM
    Target Class = java.lang.String
    Running CheckUserStatus
    Running GETPWDEXPIRESATTRIBUTEHASH
    Target Class = com.thortech.xl.util.adapters.tcUtilHashTableOperations
    Running Set Pwd Expires Attribute False
    Running GETATTRIBUTEHASH
    Target Class = com.thortech.xl.util.adapters.tcUtilHashTableOperations
    Running SETADDN
    [2012-07-19T16:15:52.281+03:00] [oim_server1] [ERROR] [] [XELLERATE.SERVER] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Class/Method: tcDataObj/save Error :Insertion of dataobject into database failed
    [2012-07-19T16:16:34.375+03:00] [oim_server1] [WARNING] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Exception while trying to get the connection count : 0
    [2012-07-19T16:16:55.422+03:00] [oim_server1] [WARNING] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Exception while trying to get the connection count : 1
    [2012-07-19T16:17:12.750+03:00] [oim_server1] [ERROR] [] [XELLERATE.APIS] [tid: OIMQuartzScheduler_Worker-10] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-0000000000000003,0] [APP: oim#11.1.1.3.0] Class/Method: tcLookupOperationsBean/getLookupValuesFilteredData encounter some problems: The LookupCode 'Lookup.ESSOMFONumbers' does not exist.
    [2012-07-19T16:17:14.703+03:00] [oim_server1] [ERROR] [] [XELLERATE.APIS] [tid: OIMQuartzScheduler_Worker-10] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-0000000000000003,0] [APP: oim#11.1.1.3.0] Class/Method: tcLookupOperationsBean/getLookupValuesFilteredData encounter some problems: The LookupCode 'Lookup.ESSOMFONumbers' does not exist.
    [2012-07-19T16:17:15.203+03:00] [oim_server1] [ERROR] [] [XELLERATE.APIS] [tid: OIMQuartzScheduler_Worker-10] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-0000000000000003,0] [APP: oim#11.1.1.3.0] Class/Method: tcLookupOperationsBean/getLookupValuesFilteredData encounter some problems: The LookupCode 'Lookup.ESSOMFONumbers' does not exist.
    [2012-07-19T16:17:15.703+03:00] [oim_server1] [ERROR] [] [XELLERATE.APIS] [tid: OIMQuartzScheduler_Worker-10] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-0000000000000003,0] [APP: oim#11.1.1.3.0] Class/Method: tcLookupOperationsBean/getLookupValuesFilteredData encounter some problems: The LookupCode 'Lookup.ESSOMFONumbers' does not exist.
    [2012-07-19T16:17:16.469+03:00] [oim_server1] [WARNING] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Exception while trying to get the connection count : 2
    [2012-07-19T16:17:37.516+03:00] [oim_server1] [WARNING] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Exception while trying to get the connection count : 3
    [2012-07-19T16:17:58.562+03:00] [oim_server1] [WARNING] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Exception while trying to get the connection count : 4
    [2012-07-19T16:17:58.562+03:00] [oim_server1] [ERROR] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Class/Method: DirectDB/getConnection encounter some problems: Error while retrieving database connection.Please check for the follwoing[[
    Database srever is running.
    Datasource configuration settings are correct. java.sql.SQLException: Unexpected exception while enlisting XAConnection java.sql.SQLException: Transaction rolled back: Event handler ApprovalInitiation is asynchronous but orchestration is configured as synchronous.
         at weblogic.jdbc.jta.DataSource.enlist(DataSource.java:1616)
         at weblogic.jdbc.jta.DataSource.refreshXAConnAndEnlist(DataSource.java:1503)
         at weblogic.jdbc.jta.DataSource.getConnection(DataSource.java:446)
         at weblogic.jdbc.jta.DataSource.connect(DataSource.java:403)
         at weblogic.jdbc.common.internal.RmiDataSource.getConnection(RmiDataSource.java:364)
         at oracle.iam.platform.utils.vo.OIMDataSource.getConnection(OIMDataSource.java:57)
         at com.thortech.xl.util.DirectDB.getConnection(DirectDB.java:200)
         at com.thortech.xl.util.DirectDB.getConnection(DirectDB.java:148)
         at com.thortech.xl.dataaccess.tcDataBase.getConnection(tcDataBase.java:3198)
         at com.thortech.xl.dataaccess.tcDataBase.readPartialStatement(tcDataBase.java:705)
         at com.thortech.xl.dataobj.tcDataBase.readPartialStatement(tcDataBase.java:271)
         at com.thortech.xl.dataobj.tcDataBase.readStatement(tcDataBase.java:221)
         at com.thortech.xl.dataobj.tcDataBase.getError(tcDataBase.java:700)
         at com.thortech.xl.dataobj.tcDataObj.handleError(tcDataObj.java:1197)
         at com.thortech.xl.dataobj.tcDataObj.handleError(tcDataObj.java:1140)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:487)
         at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(tcORC.java:844)
         at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(tcORC.java:1159)
         at com.thortech.xl.dataobj.tcOrderItemInfo.completeCarrierBaseMilestone(tcOrderItemInfo.java:735)
         at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostInsert(tcOrderItemInfo.java:171)
         at com.thortech.xl.dataobj.tcUDProcess.eventPostInsert(tcUDProcess.java:234)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2906)
         at com.thortech.xl.dataobj.tcORC.autoDOBSave(tcORC.java:2995)
         at com.thortech.xl.dataobj.util.tcOrderPackages.createOrder(tcOrderPackages.java:526)
         at com.thortech.xl.dataobj.util.tcOrderPackages.orderPackageForUser(tcOrderPackages.java:177)
         at com.thortech.xl.dataobj.tcOIU.provision(tcOIU.java:527)
         at com.thortech.xl.dataobj.tcOIU.eventPostInsert(tcOIU.java:303)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2906)
         at com.thortech.xl.dataobj.tcUserProvisionObject.insertImplementation(tcUserProvisionObject.java:283)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:591)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at oracle.iam.accesspolicy.impl.handlers.provisioning.ProvisionAccountActionHandler.execute(ProvisionAccountActionHandler.java:104)
         at oracle.iam.accesspolicy.impl.handlers.provisioning.ProvisionAccountActionHandler.execute(ProvisionAccountActionHandler.java:35)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at oracle.iam.platform.kernel.impl.EventHandlerDynamicProxy.invoke(EventHandlerDynamicProxy.java:30)
         at $Proxy250.execute(Unknown Source)
         at oracle.iam.platform.kernel.impl.OrchProcessData.runActionEvents(OrchProcessData.java:1035)
         at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:644)
         at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
         at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:669)
         at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:716)
         at oracle.iam.platform.kernel.impl.OrhestrationAsyncTask.execute(OrhestrationAsyncTask.java:108)
         at oracle.iam.platform.async.impl.TaskExecutor.executeUnmanagedTask(TaskExecutor.java:100)
         at oracle.iam.platform.async.impl.TaskExecutor.execute(TaskExecutor.java:70)
         at oracle.iam.platform.async.messaging.MessageReceiver.onMessage(MessageReceiver.java:68)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
         at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
         at $Proxy311.onMessage(Unknown Source)
         at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:574)
         at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:477)
         at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:379)
         at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4659)
         at weblogic.jms.client.JMSSession.execute(JMSSession.java:4345)
         at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3821)
         at weblogic.jms.client.JMSSession.access$000(JMSSession.java:115)
         at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5170)
         at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
         at weblogic.jdbc.jta.DataSource.refreshXAConnAndEnlist(DataSource.java:1522)
         at weblogic.jdbc.jta.DataSource.getConnection(DataSource.java:446)
         at weblogic.jdbc.jta.DataSource.connect(DataSource.java:403)
         at weblogic.jdbc.common.internal.RmiDataSource.getConnection(RmiDataSource.java:364)
         at oracle.iam.platform.utils.vo.OIMDataSource.getConnection(OIMDataSource.java:57)
         at com.thortech.xl.util.DirectDB.getConnection(DirectDB.java:200)
         at com.thortech.xl.util.DirectDB.getConnection(DirectDB.java:148)
         at com.thortech.xl.dataaccess.tcDataBase.getConnection(tcDataBase.java:3198)
         at com.thortech.xl.dataaccess.tcDataBase.readPartialStatement(tcDataBase.java:705)
         at com.thortech.xl.dataobj.tcDataBase.readPartialStatement(tcDataBase.java:271)
         at com.thortech.xl.dataobj.tcDataBase.readStatement(tcDataBase.java:221)
         at com.thortech.xl.dataobj.tcDataBase.getError(tcDataBase.java:700)
         at com.thortech.xl.dataobj.tcDataObj.handleError(tcDataObj.java:1197)
         at com.thortech.xl.dataobj.tcDataObj.handleError(tcDataObj.java:1140)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:487)
         at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(tcORC.java:844)
         at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(tcORC.java:1159)
         at com.thortech.xl.dataobj.tcOrderItemInfo.completeCarrierBaseMilestone(tcOrderItemInfo.java:735)
         at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostInsert(tcOrderItemInfo.java:171)
         at com.thortech.xl.dataobj.tcUDProcess.eventPostInsert(tcUDProcess.java:234)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2906)
         at com.thortech.xl.dataobj.tcORC.autoDOBSave(tcORC.java:2995)
         at com.thortech.xl.dataobj.util.tcOrderPackages.createOrder(tcOrderPackages.java:526)
         at com.thortech.xl.dataobj.util.tcOrderPackages.orderPackageForUser(tcOrderPackages.java:177)
         at com.thortech.xl.dataobj.tcOIU.provision(tcOIU.java:527)
         at com.thortech.xl.dataobj.tcOIU.eventPostInsert(tcOIU.java:303)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2906)
         at com.thortech.xl.dataobj.tcUserProvisionObject.insertImplementation(tcUserProvisionObject.java:283)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:591)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at oracle.iam.accesspolicy.impl.handlers.provisioning.ProvisionAccountActionHandler.execute(ProvisionAccountActionHandler.java:104)
         at oracle.iam.accesspolicy.impl.handlers.provisioning.ProvisionAccountActionHandler.execute(ProvisionAccountActionHandler.java:35)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at oracle.iam.platform.kernel.impl.EventHandlerDynamicProxy.invoke(EventHandlerDynamicProxy.java:30)
         at $Proxy250.execute(Unknown Source)
         at oracle.iam.platform.kernel.impl.OrchProcessData.runActionEvents(OrchProcessData.java:1035)
         at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:644)
         at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
         at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:669)
         at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:716)
         at oracle.iam.platform.kernel.impl.OrhestrationAsyncTask.execute(OrhestrationAsyncTask.java:108)
         at oracle.iam.platform.async.impl.TaskExecutor.executeUnmanagedTask(TaskExecutor.java:100)
         at oracle.iam.platform.async.impl.TaskExecutor.execute(TaskExecutor.java:70)
         at oracle.iam.platform.async.messaging.MessageReceiver.onMessage(MessageReceiver.java:68)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
         at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
         at $Proxy311.onMessage(Unknown Source)
         at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:574)
         at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:477)
         at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:379)
         at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4659)
         at weblogic.jms.client.JMSSession.execute(JMSSession.java:4345)
         at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3821)
         at weblogic.jms.client.JMSSession.access$000(JMSSession.java:115)
         at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5170)
         at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
    But when I try to provision this Resource through Access Policy, but without approving it works fine!!!
    Please, Help.
    Edited by: user13830503 on 19/7/2012 6:39

    2e0e6e14:1389f3fa30b:-8000-0000000000000003,0] [APP: oim#11.1.1.3.0] Class/Method: tcLookupOperationsBean/getLookupValuesFilteredData encounter some problems: The LookupCode 'Lookup.ESSOMFONumbers' does not exist.
    Make sure the lookup table exists and is spelled correctly in your process task.

  • [OIM 9.1.0.2] Access Policy being evaluated to an OIM user disabled.

    Hi Gurus,
    I have an Access Policy being evaluated and provisioning resource (AD) to an OIM user disabled.
    Any tip on what I should take a look?
    Thanks in advance.

    Hi all,
    I have configured out the XL.EvaluateMembershipForInactiveUser System Property as TRUE, but the membership rule does not get evaluated for disabled users. So the user still remain into the group. I have restarted the OIM.
    I need to active the Evaluate User Policies schedule task for this configuration be effective. Or should I do something more?
    Thanks a lot.

  • Android MS RDP - RPC Error: Your connection was denied because of a Resource Access Policy (TS_RAP). Please contact your server administrator. (2147965402).

    I love iTap Mobile.  Paid for the app.  Sorry to see them discontinue it, but now I know why.  Microsoft bought them out!  But even though free, I am getting an error: RPC Error: Your connection was denied because of a Resource Access
    Policy (TS_RAP). Please contact your server administrator. (2147965402).  I worked with iTap to fix this so I guess they sold Microsoft their older buggy code...  Microsoft, please fix!
    PS: This is the Android version.  Mac and iOS are both okay.
    EDIT:  After an update a few months ago, iOS is no longer working.  Not sure if the problem is related to the Android MSRDP issue.
    UPDATE - Relevant posts (need Android RDP software engineer to fix):
    Event Viewer Log when using Android client:
    The user
    "DOMAIN\testuser", on client computer "10.x.x.x", met connection authorization policy requirements and was therefore authorized to access the RD Gateway server. The following authentication method was used: "NTLM". (This
    is most likely for logging into RD Web - icons shows up).
    The
    user "DOMAIN\testuser", on client computer "10.x.x.x", did not meet resource authorization policy requirements and was therefore not authorized to resource"localhost".
    The following error occurred: "23002".  (This is after clicking on any
    of the icons).
    I
    think the Android MS RDP client is providing the incorrect resource.  It shouldn't be "localhost".
     It should be the RD Connection Broker's hostname, I believe.
    Here's what it should look like (connected using a Windows PC going
    through the RD Web portal via Internet Explorer):
    The user "DOMAIN\testuser", on client computer "10.x.x.x", met connection
    authorization policy requirements and was therefore authorized to access the RD Gateway server. The following authentication method was used: "NTLM".
    The user "DOMAIN\testuser", on client computer "10.x.x.x", met resource
    authorization policy requirements and was therefore authorized to connect to resource "rdsfarm.domain.com".
    The user "DOMAIN\testuser", on client computer "10.x.x.x", connected
    to resource "rdsfarm.domain.com".
    Stephan,
    Do you have any way to contact the software engineer who worked on the Android version of the RDP client?  Please
    have them read this thread.  They need to fix the hard coded "localhost" resource to be a variable (namely whatever the user put in for the server).
    This is why the MS RDP app is failing in situations where the FQDN for the RD Gateway and Connection Broker uses
    the same host name.
    Again, this is not a configuration problem on our end as it works as intended with the native Windows RDP client
    as well as the Mac and iOS version of the mobile RDP client (all based on iTap Mobile's RDP app).
    This is a problem specific to the Android RDP app.
    PS: No matter how hard I try, the WYSIWYG editor is not very WYSIWYG at all, and so everything here looks messed up even though it looked right when I posted it (it is deleting new blank lines I'm inserting to make it spaced out and easier to read). See
    below to read the post in context.

    Thanks for the bumps, everyone.  I haven't check this thread in a while because I basically gave up on Microsoft's ability to respond.  Unlike paid apps, there's no number to call or ticket to open when an app like this malfunctions.
    Just to give you an update, iOS users started having issues connecting a few months ago.  I don't remember what version started this.  I'm not sure if it's the same problem.
    Also, the newest version now gives a slightly different error message:  RpcOverHttpEndpointException: 2, Your connection was denied because of a Resource Access Policy (TS_RAP).  Please contact your server administrator.
    For Android users, I am starting to recommend Xtralogic Remote Desktop Client.  It's a paid app, but it works great.  I don't know of any alternative for iOS.
    MSRDP for Mac OSX (was also an iTap application) continues to work throughout the many updates.
    We need a software engineer from MS to read my first post.  All the information that will point to a fix is there.  I strongly believe someone hardcoded the string "localhost" instead of using a variable to point to the FQDN of the rdsfarm
    name.
    Here's that info again (copied/pasted).  It doesn't take an engineer to understand the issue.  If you know how to decipher Event Logs, you can see where the problem is.
    Event
    Viewer Log when using Android client:
    The
    user "DOMAIN\testuser", on client computer "10.x.x.x", met connection authorization policy requirements and was therefore authorized to access the RD Gateway server. The following authentication method was used: "NTLM". (This
    is most likely for logging into RD Web - icons shows up).
    The
    user "DOMAIN\testuser", on client computer "10.x.x.x", did not meet resource authorization policy requirements and was therefore not authorized to resource"localhost".
    The following error occurred: "23002".  (This
    is after clicking on any of the icons).
    I
    think the Android MS RDP client is providing the incorrect resource.  It shouldn't be "localhost".
     It should be the RD Connection Broker's hostname, I believe.
    Here's
    what it should look like (connected using a Windows PC going through the RD Web portal via Internet Explorer):
    The user "DOMAIN\testuser", on client computer "10.x.x.x",
    met connection authorization policy requirements and was therefore authorized to access the RD Gateway server. The following authentication method was used: "NTLM".
    The user "DOMAIN\testuser", on client computer "10.x.x.x",
    met resource authorization policy requirements and was therefore authorized to connect to resource "rdsfarm.domain.com".
    The user "DOMAIN\testuser", on client computer "10.x.x.x",
    connected to resource "rdsfarm.domain.com".

  • RemoteApps Error "Your connection was denied because of a Network Access Policy (TS_NAP). Please contact your server administrator."

    Hello All,
    Good day. May I ask if anyone experienced this error when trying to access remoteapps in Azure? We are using IaaS and set-up RDS using Windows 2012 R2 but we are getting an error below.
    "Your connection was denied because of a Network Access Policy (TS_NAP). Please contact your server administrator.
    Various roles and services (Broker, Session Host, RD Gateway and Web Access are installed on each VMs).
    Please advise.
    Thanks,
    Glenn

    Hi Glen;
    Looks like the set up was not done correctly. Please follow the guidelines given on this
    blog by Keith Mayer.
    Regards;
    Prasant

  • [OIM 9.1.0.2] RESOURCE NOT REVOKED BY ACCESS POLICY WHEN USER DISABLED

    Hi Experts,
    OIM Build Number: 1866.62 ( BP15 )
    IHAC that faced an unexpected behavior on User disabling.
    Some users were associated to groups that had access policies applied.
    When those users were disabled, they didnt lose their associated groups and also the resource and permission associated thru access policy applied to those groups.
    I saw that there was a bug reported to that issue. So I performed the action plan and set up the XL.EvaluateMembershipForInactiveUser System Property as TRUE. Now after disabling the users are properly removed from groups.
    Customer problem: For those users, almost 1000, I did a recon just to estimule the identity, so the membership rule was applied and the groups were removed, but OIM didn't evaluate the access policies and didn't revoke the resources.
    I ran the Evaluate User Policies task, and it seems to be stuck. Should the Evaluate User Policies schedule task work for that scenario? Should the resource after running that task be revoked?
    Any help would be very appreciated.

    Hi Nishith,
    I ran the task, but it seems really stuck. It displays the RUNNING status, but any effect is observed. I have to change task status to INACTIVE in the Design Console.
    This task has 2 attributes: Batch Size= 500 and Number of Threads=20.
    But I have noticed this task in another environment (w/ BP 18 applied), it has 3 attributes: Batch Size= 500 ; Number of Threads=20 and Time Limit in mins=1.
    Is it any enhancement for this task in order to improve its performance, or something like that?
    What else I can check?
    Thanks in advance.

  • OIM 11g R2 - AD provisioning based on Role and Access Policy

    Hi, for Active Direcotry integration i used some prepopulation plugin for populationg resource form (based on http://fusionsecurity.blogspot.sk/2013/01/populating-request-attributes-in-oim.html).
    It's work fine - requested account was fully provisioned.
    Can i use this plugins for Role based provisioning?
    I try to create access policy and associated role but when attached the role to the user and run Evaluate User Policies Job, account can't be provisioned.
    In diagnostic.log i found.....
    [oracle.iam.platform.kernel.impl] [.....] [userId: oiminternal] [.....] [APP: oim#11.1.2.0.0] Immediate consequences are returned with event - InitiatePolicyEvaluationAndProvisioning
    [oracle.iam.platform.kernel.impl] [.....] [userId: oiminternal] [.....] [APP: oim#11.1.2.0.0] Next Waiting child process is ..........6380 sync = false
    [oracle.iam.platform.kernel.impl] [.....] [userId: oiminternal] [.....] [APP: oim#11.1.2.0.0] First Waiting child process is ..........6380
    [oracle.iam.platform.kernel.impl] [.....] [userId: oiminternal] [.....] [APP: oim#11.1.2.0.0] Kernel executing default validation with process id, event id, entity and operation 6,380.0.Resource.ACCESS_POLICY_BASED_PROVISION
    [oracle.iam.platform.kernel.impl] [.....] [userId: oiminternal] [.....] [APP: oim#11.1.2.0.0] Kernel completed the child orchestration - 6380.6379
    [oracle.iam.platform.kernel.dao] [.....] [userId: oiminternal] [.....] [APP: oim#11.1.2.0.0] Inserting records for orchestration cleanup
    [oracle.iam.platform.kernel.impl] [.....] [userId: oiminternal] [.....] [APP: oim#11.1.2.0.0] Completed orchestration with action result - 113

    Hi, all
    I try to fill Access policy Process Form. Account request was created and provisioned when field AD Server and Organization Name was filled in, but pre-population plugin doesn't fired
    The question is.... How can i use pre-population plugin for populating request dataset used with request generated by access policy....
    Is it possible to use plugins for requests generated based on access policy?
    a.

Maybe you are looking for

  • Unable to restore Satellite laptop running Windows 8.1

    I have recently acquired some malware on my laptop, and after several unsuccessful attempts to remove it have decided to try to restore the machine to factory settings. Unfortunately, I did not create backup media when the laptop was new and the reco

  • I have a question about fields and NTSC 24fps.

    I shoot in DV (30fps), edit with final cut, export using compressor to DVD studio pro. The end product is a DVD that get's played on a TV in the U.S. I have always used the sequence preset DV NTSC 48kz. Which is 29.97 fps. It works fine and that's th

  • Recieve/Read  Messages  from JMS Queue through ALSB

    Hi, I have configured JMS Queue in weblogic server. I have created Messaging Service in ALSB which sends messages in MESSAGE QUEUE. Now Is it possinle to receive messages from JMS Queue by creating business service in Aqualogic Service bus???

  • Paper Clip Should Be Included In

    Creative should include a special paper clip with each Sleek product. My Sleek Photo freezes up every other time I use it and I seldom skip tracks or change content of player. This is not acceptable and probably the reason unit is now discontinued af

  • Dng converter for canon 6d

    Anyone there? I just purchased a Canon 6D and need to get the images into Lightroom 3. I downloaded the DNG Converter, but 8.8 is not compatible with my iMac (10.6.8). 1) Is there another version of the DNG converter that will work with the 6D images