OIM - GTC database trusted reconciliation not importing passwords
Hi,
I am using the latest available database connector (9.1.0.5.0) with OIM 9.1.0.2 BP07 and i have an issue with password reconciliation.
Let's say i have a table MY_USERS with users login data and i want to use it as a source for trusted reconciliation.
I have followed the tutorial available in the DBAT documentation and i get the following results:
-if i don't map the password field from the recon staging with the one of the OIM account, original password is ignored and OIM password is set to the username
- if i map the password field from the recon staging with the one of the OIM account i get an exception and reconciliation fails. To succeed i have to proceed as described in this tutorial http://st-curriculum.oracle.com/obe/fmw/oim/10.1.4/oim/obe12_using_gtc_for_reconciliation/using_the_gtc.htm , modifying the password field in the Design Console from "User password" to "Identity". Actually, this makes the recon work, but what happens is that original password is written in the USR table in the USR_FSS field and not in the USR_PASSWORD field (which is set to the username as above), and therefore the change is useless.
I would like to know what should i do to import the original password from database table.
Thanks in advance
Alex
AFAIK, we can't reconcile user's password from Trusted Reconciliation. If in your case you have to bring only those passwords which resides in DB Table then you can write some custom utility/sch task which will read through DB Table and update user's password using OIM APIs.
Similar Messages
-
Error in Database Trusted Reconciliation
Hi All,
I am running the scheduler task for trusted database reconciliation for deleted records.
I am getting following error:
DEBUG,21 Jan 2009 20:45:02,062,[DBADAPTERLOGGER],DBReconciliation::deleteReconEvents : resourceObjectName Xellerate User
ERROR,21 Jan 2009 20:45:08,424,[XELLERATE.DATABASE],Class/Method: tcDataBase/writeStatement encounter some problems: ORA-01691: unable to extend lob segment OIMADMIN.SYS_LOB0000054968C00006$$ by 1024 in tablespace XELTBS01
java.sql.SQLException: ORA-01691: unable to extend lob segment OIMADMIN.SYS_LOB0000054968C00006$$ by 1024 in tablespace XELTBS01
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:138)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:316)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:282)
at oracle.jdbc.driver.T4C8Oall.receive(T4C8Oall.java:639)
at oracle.jdbc.driver.T4CPreparedStatement.doOall8(T4CPreparedStatement.java:185)
at oracle.jdbc.driver.T4CPreparedStatement.execute_for_rows(T4CPreparedStatement.java:633)
at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1161)
at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:3001)
at oracle.jdbc.driver.OraclePreparedStatement.executeUpdate(OraclePreparedStatement.java:3074)
at oracle.oc4j.sql.proxy.PreparedStatementBCELProxy.executeUpdate(PreparedStatementBCELProxy.java:37)
at com.thortech.xl.dataaccess.tcDataBase.writePreparedStatement(Unknown Source)
at com.thortech.xl.dataobj.PreparedStatementUtil.executeUpdate(Unknown Source)
at com.thortech.xl.audit.genericauditor.utils.AuditDataHandler.write(Unknown Source)
at com.thortech.xl.audit.genericauditor.AuditMessageProcessor.updateAuditRecords(Unknown Source)
at com.thortech.xl.audit.genericauditor.AuditMessageProcessor.processAuditMessage(Unknown Source)
at com.thortech.xl.audit.genericauditor.GenericAuditor.processAuditMessage(Unknown Source)
at com.thortech.xl.audit.engine.AuditEngine.processSingleAudJmsEntry(Unknown Source)
at com.thortech.xl.audit.engine.AuditEngine.processOfflineNew(Unknown Source)
at com.thortech.xl.audit.engine.jms.XLAuditMessageHandler.execute(Unknown Source)
at com.thortech.xl.schedule.jms.messagehandler.MessageProcessUtil.processMessage(Unknown Source)
at com.thortech.xl.schedule.jms.messagehandler.AuditMessageHandlerMDB.onMessage(Unknown Source)
at sun.reflect.GeneratedMethodAccessor185.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at com.evermind.server.ejb.interceptor.joinpoint.EJBJoinPointImpl.invoke(EJBJoinPointImpl.java:35)
at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
at com.evermind.server.ejb.interceptor.system.DMSInterceptor.invoke(DMSInterceptor.java:52)
at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
at com.evermind.server.ejb.interceptor.system.SetContextActionInterceptor.invoke(SetContextActionInterceptor.java:44)
at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
at com.evermind.server.ejb.interceptor.system.RunAsInterceptor.invoke(RunAsInterceptor.java:31)
at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
at com.evermind.server.ejb.InvocationContextPool.invoke(InvocationContextPool.java:55)
at com.evermind.server.ejb.MessageDrivenConsumer.onMessage(MessageDrivenConsumer.java:347)
at com.evermind.server.ejb.MessageDrivenConsumer.processMessages(MessageDrivenConsumer.java:233)
at com.evermind.server.ejb.MessageDrivenConsumer.run(MessageDrivenConsumer.java:169)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:298)
at java.lang.Thread.run(Thread.java:595)
ERROR,21 Jan 2009 20:45:08,425,[XELLERATE.AUDITOR],Failed to process audit message
com.thortech.xl.audit.exceptions.AuditMsgProcessingFailedException: Unable to insert new audit record for auditee 2323 in repository UPA
sert statement failed is: insert into UPA (UPA_KEY,usr_key,EFF_FROM_DATE,SRC,SNAPSHOT,DELTAS) values (?,?,?,?,?,?)
auditRepository=UPA_KEY; auditeeID=2323
auditEpoch=2009-01-21 17:24:30.953; source=User: XELSYSADM, API: ReconOfflineMessage, Method: -
at com.thortech.xl.audit.genericauditor.utils.AuditDataHandler.write(Unknown Source)
at com.thortech.xl.audit.genericauditor.AuditMessageProcessor.updateAuditRecords(Unknown Source)
at com.thortech.xl.audit.genericauditor.AuditMessageProcessor.processAuditMessage(Unknown Source)
at com.thortech.xl.audit.genericauditor.GenericAuditor.processAuditMessage(Unknown Source)
at com.thortech.xl.audit.engine.AuditEngine.processSingleAudJmsEntry(Unknown Source)
at com.thortech.xl.audit.engine.AuditEngine.processOfflineNew(Unknown Source)
at com.thortech.xl.audit.engine.jms.XLAuditMessageHandler.execute(Unknown Source)
at com.thortech.xl.schedule.jms.messagehandler.MessageProcessUtil.processMessage(Unknown Source)
at com.thortech.xl.schedule.jms.messagehandler.AuditMessageHandlerMDB.onMessage(Unknown Source)
at sun.reflect.GeneratedMethodAccessor185.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at com.evermind.server.ejb.interceptor.joinpoint.EJBJoinPointImpl.invoke(EJBJoinPointImpl.java:35)
at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
at com.evermind.server.ejb.interceptor.system.DMSInterceptor.invoke(DMSInterceptor.java:52)
at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
at com.evermind.server.ejb.interceptor.system.SetContextActionInterceptor.invoke(SetContextActionInterceptor.java:44)
at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
at com.evermind.server.ejb.interceptor.system.RunAsInterceptor.invoke(RunAsInterceptor.java:31)
at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
at com.evermind.server.ejb.InvocationContextPool.invoke(InvocationContextPool.java:55)
at com.evermind.server.ejb.MessageDrivenConsumer.onMessage(MessageDrivenConsumer.java:347)
at com.evermind.server.ejb.MessageDrivenConsumer.processMessages(MessageDrivenConsumer.java:233)
at com.evermind.server.ejb.MessageDrivenConsumer.run(MessageDrivenConsumer.java:169)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:298)
at java.lang.Thread.run(Thread.java:595)
Caused by [Nested Exception]:
com.thortech.xl.orb.dataaccess.tcDataAccessException
at com.thortech.xl.dataaccess.tcDataAccessExceptionUtil.createException(Unknown Source)
at com.thortech.xl.dataaccess.tcDataBase.createException(Unknown Source)
at com.thortech.xl.dataaccess.tcDataBase.writePreparedStatement(Unknown Source)
at com.thortech.xl.dataobj.PreparedStatementUtil.executeUpdate(Unknown Source)
at com.thortech.xl.audit.genericauditor.utils.AuditDataHandler.write(Unknown Source)
at com.thortech.xl.audit.genericauditor.AuditMessageProcessor.updateAuditRecords(Unknown Source)
at com.thortech.xl.audit.genericauditor.AuditMessageProcessor.processAuditMessage(Unknown Source)
at com.thortech.xl.audit.genericauditor.GenericAuditor.processAuditMessage(Unknown Source)
at com.thortech.xl.audit.engine.AuditEngine.processSingleAudJmsEntry(Unknown Source)
at com.thortech.xl.audit.engine.AuditEngine.processOfflineNew(Unknown Source)
at com.thortech.xl.audit.engine.jms.XLAuditMessageHandler.execute(Unknown Source)
at com.thortech.xl.schedule.jms.messagehandler.MessageProcessUtil.processMessage(Unknown Source)
at com.thortech.xl.schedule.jms.messagehandler.AuditMessageHandlerMDB.onMessage(Unknown Source)
at sun.reflect.GeneratedMethodAccessor185.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at com.evermind.server.ejb.interceptor.joinpoint.EJBJoinPointImpl.invoke(EJBJoinPointImpl.java:35)
at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
at com.evermind.server.ejb.interceptor.system.DMSInterceptor.invoke(DMSInterceptor.java:52)
at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
at com.evermind.server.ejb.interceptor.system.SetContextActionInterceptor.invoke(SetContextActionInterceptor.java:44)
at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
at com.evermind.server.ejb.interceptor.system.RunAsInterceptor.invoke(RunAsInterceptor.java:31)
at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
at com.evermind.server.ejb.InvocationContextPool.invoke(InvocationContextPool.java:55)
at com.evermind.server.ejb.MessageDrivenConsumer.onMessage(MessageDrivenConsumer.java:347)
at com.evermind.server.ejb.MessageDrivenConsumer.processMessages(MessageDrivenConsumer.java:233)
at com.evermind.server.ejb.MessageDrivenConsumer.run(MessageDrivenConsumer.java:169)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:298)
at java.lang.Thread.run(Thread.java:595)Hi,
Please check the reconciliation key field in OIM DB Console for Reconciliation and mapping configuraton where you have set the matching only option.
Thanks & Regards
Ramesh -
Trusted Networks not recognised - password in keychain ignored
Since I returned from Italy my wireless G4 Powerbook will not automatically recognise my trusted (wep or wpa encrypted) networks. It finds open networks just fine. It will not recognise my password even though I rewrote the log-on info and deleted old keychain passwords. Every time I log on I have to choose "diagnostics" and scan "airport". Eventually I get a message that my "network configuration has changed" and it works for that one session. Even letting the Powerbook "sleep" will wipe out my connection. I tried deleting and re-authenticating each "trusted" network but - no luck.
Powerbook G4 Mac OS X (10.4.8)Do you have a login password for your user account? I've noticed sometimes after upgrades my keychain password is switched to that and I have to reset it. I agree after upgrades there's usually a number of issues that need resolution and it can by time consuming identifying and fixing the problems.
Dave -
Firefox sync not importing password on my new installed firefox
i just installed new firefox deleting all preferences and settings.. i set up firefox syn successfully and got all history, last visited sites and etc successfully but... My passwords and ids are not there.. like when i visit gmail or facebook or any site it doesn't show any user id nor any password for it.. i checked settings in firefox option can checked all items tick marked bookmarks, password, history etc.. and my quota for password is 58.3 KB.. What should i do now??
jscher2000 asked:"Could you clarify something for me: when you say you have a problem loading a new tab, is it the standard new tab page with 9 thumbnails for your frequently visited sites, or do you mean opening a link in a new tab?"
I have Firefox setup to open a link that I click on in an email or on a site into a new tab, and this is the new tab I am writing about. When I click on the link in the email or on a site, there is a delay and I get the dreaded "not responding" message. After a wait, finally I get to the site. And, which just happened, when I went from writing here and clicked on the tab to go back to my Yahoo email, I received the "not responding" message.
I have also used the additional malware checking programs that are listed on the Firefox site in additional to Norton. Malwarebytes found 14 issues, which it took care of, but I still have the "not responding" problem. I even did the long version of their scan which did not find anything additional. I used the Microsoft Safety Scanner also. This program did not find anything.
I mentioned above that I was getting the "not responding" message just going from here back to my email, but this last time I did that I did not get the "not responding" issue and was able to go back and forth normally.
Everything you asked me to check looks normal. I just wish Firefox would work properly 98% of the time and some this "not responding" nonsense.
I also do a program called Lumosity. This program will not work correctly when Firefox decides to not respond. Fortunately, this does not happen all of the time, but then it should not happen at all.
I wonder the Firefox is meant to work with a Win8.1 touchscreen computer.
I really do appreciate all of your help. Maybe we will get to the bottom of this some day. -
Lookup.USR_PROCESS_TRIGGERS not working with trusted reconciliation oim 11g
Hi,
I am facing one issue while running the trusted incremental reconciliation in OIM 11g.
In the bulkEvent of the event handler I am checking if the operation is MODIFY then I am comparing some attributes and based of that result I am performing some action.
Now the issue is that if the first name or last name of the users gets changed in OIM due to trusted reconciliation then the Change First Name or Change Last Name Process task should get execute on the resources provisioned to the user. This is not happening in my case.
I tried modifying the first name of the user via UI and then the Change First Name Process task got executed.
Please let me know if I need to do some thing extra to get this working.
ThanksHi,
Try creating a custom adapter and attach the adapter to the process task which you have created. This adapter should read the user profile value and populate in the AD provisioning form. Then test the flow for one attribute. As I am suspecting that there would be an issue with OOTB adapter.
Regards
Sai -
Trusted Reconciliation-Oracle Database to OIM
Hi,
I created a GTC in OIM for Trusted reconciliation with Oracle database as source.
I can able to create & update users in OIM according to the same operation on database.
but when i delete a user in oracle database, the same user is marked as deleted in OIM (although the user is not physically deleted).
How to know the user is marked as deleted? i mean which attribute of user is updated? how to reflect the same in OIM admin console?
RegardsHello
About the trusted conector for an Oracle DB that you mentioned before, you said that you could create and update OIM Users....
Could you please tell me what steps did you do to make the reconciliation work, is just that i already created the connector the same way the manual of the connector said but when I ran the reconciliation it doesnt create any OIM User, but when i saw the log it doesnt have any error.
I hope you can help me please!!!!! TNKS!!!! -
User not created in OIM 11gr2 - trusted reconciliation from OID
Hello,
in my tests I'm trying to do a trusted reconciliation from OID to OIM.
I checked the errors below in the log file and I checked the column on the database. The column is there but I can't understand why this error appear.
I did a select on this table and this column is empty (select RA_USERLOGIN7C7B96D4 from RA_OIDTRUSTEDUSERBCBD344A).
INFO: Generic Information: select USR_KEY from usr where USR_MIDDLE_NAME is null and USR_UDF_ORCLGUID=? and USR_FIRST_NAME=? and USR_EMAIL=? and USR_LAST_NAME=? and USR_STATUS=? and USR.USR_STATUS != 'Deleted' AND ((UPPER(USR.USR_LOGIN)=UPPER(RA_OIDTRUSTEDUSERBCBD344A.RA_USERLOGIN7C7B96D4)))
INFO: Generic Information: Params = [CF7C29EE75F5A78FE040A8C084000DE8, orcladmin, orcladmin, orcladmin, Enabled]
SEVERE: Generic Information: {0}
oracle.iam.reconciliation.exception.DBAccessException: Failed SQL:: select USR_KEY from usr where USR_MIDDLE_NAME is null and USR_UDF_ORCLGUID=? and USR_FIRST_NAME=? and USR_EMAIL=? and USR_LAST_NAME=? and USR_STATUS=? and USR.USR_STATUS != 'Deleted' AND ((UPPER(USR.USR_LOGIN)=UPPER(RA_OIDTRUSTEDUSERBCBD344A.RA_USERLOGIN7C7B96D4))) =>PARAMS:: [CF7C29EE75F5A78FE040A8C084000DE8, orcladmin, orcladmin, orcladmin, Enabled]
at oracle.iam.reconciliation.utils.DBAccessTemplate.executeQuery(DBAccessTemplate.java:71)
at oracle.iam.reconciliation.impl.BaseEntityTypeHandler.executeSql(BaseEntityTypeHandler.java:508)
at oracle.iam.reconciliation.impl.UserHandler.getMatchingKeys(UserHandler.java:601)
at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.ignoreEvent(ReconOperationsServiceImpl.java:556)
at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.ignoreEvent(ReconOperationsServiceImpl.java:535)
at sun.reflect.GeneratedMethodAccessor3188.invoke(Unknown Source)
at org.quartz.core.JobRunShell.run(JobRunShell.java:203)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
Caused by: java.sql.SQLSyntaxErrorException: ORA-00904: "RA_OIDTRUSTEDUSERBCBD344A"."RA_USERLOGIN7C7B96D4": invalid identifier
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:462)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:405)
at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:931)
at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:481)
at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:205)
After this error the log shows:
SEVERE: oracle.iam.connectors.icfcommon.recon.SearchReconTask : handle : Recon event skipped
oracle.iam.connectors.icfcommon.exceptions.OIMException: Thor.API.Exceptions.tcAPIException: Child tables only supported at account-level
at oracle.iam.connectors.icfcommon.service.oim11.OIM11Reconciliation.processEvent(OIM11Reconciliation.java:101)
Please help me on this and tell me if I am missing something here.
ThanksI've found something that worked for me. When executing the trusted recon schedule task, the "Configuration Lookup" field in the "OID Server" IT Resource has to have the value "Lookup.OID.Configuration.Trusted". On the other hand, when executing the user sync recon schedule task, this field must have the value "Lookup.OID.Configuration.Trusted".
The lookups' names can be different if you've manually renamed them.
--jtellier -
OIM 11g : Flat-File Reconciliation using GTC Connector : Urgent
Hi,
Can you pls. help in creating an GTC for flatfile reconciliation.
I am using OIM 11g version, and i am struck when i create a try to insert a record into OIM.
Provided a flatfile in the below format:
#GTC Trusted Source
login,firstName,lastName,eMail,organization
TESTACC,TESTFN,TESTLN,[email protected],Xellerate Users
and while creating GTC did the below settings:
Name FFRecon
Reconciliation check box [selected]
Transport Provider Shared Drive
Format Provider CSV
Trusted Source Reconciliation check box [selected]
Staging Directory (Parent identity data) C:\stage\External Files
Archiving Directory C:\stage\External Files\archive
File Prefix identities
specified Delimiter ,
File Encoding UTF8
Source Date Format yyyy/MM/dd hh:mm:ss z
Reconcile Deletion of Multivalued Attribute Data check box [cleared]
Reconciliation Type Full
Performed the mapping of data in the below format
login -> User Login
firstName -> First Name
lastName -> Last Name
eMail -> Email
organization -> Organization
password -> Password Generator
Also did the configuration on the OIM design console end.
I have taken guidance from the OIM release 9.1.0,
http://st-curriculum.oracle.com/obe/fmw/oim/10.1.4/oim/obe12_using_gtc_for_reconciliation/using_the_gtc.htm
Now when i run the GTC connector, the job moves to running state and remains there for a long duration. The account is also not gettting created on the OIM end.
Pls. let me is there any issue in configuration.
It would be greatful, if you can provide the steps for the same.
Also let me know any details required from my end.
Regards,
KaranThanks for your quick response.
We have tried the option, of creating a new GTC, but that too didn't helped in solving the issue.
When we schedule the job, it moves to RUNNING state for a long duration and the below error is encountered. Can you pls provide some suggestion on the below error.
Regards,
Karan
==================================================================================
Caused by: oracle.iam.reconciliation.exception.ReconciliationException: Matching rule where clause is null
at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.getMatchingRule(ReconOperationsServiceImpl.java:476)
at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.ignoreEvent(ReconOperationsServiceImpl.java:376)
... 48 more
[2011-01-18T23:00:23.696+05:30] [oim_server1] [WARNING] [] [XELLERATE.GC.FRAMEWORKRECONCILIATION] [tid: OIMQuartzScheduler_Worker-6] [userId: xelsysadm] [ecid: 0000IqQ6XOI4mniNd6T4i51DDSFi00000k,0] [APP: oim#11.1.1.3.0] [dcid: 8319cc259f6c13fc:4b9b7450:12d9a0d8ae4:-7ffd-0000000000000040] Though Reconciliation Scheduled task has encountered an error, Reconciliation Transport providers have been "ended" smoothly. Any provider operation that occurs during that "end" or "clean-up" phase would have been executed e.g. Data archival. In case you want that data to be a part of next Reconciliation execution, restore it from Staging. Provider logs must be containing details about storage entities that would have been archived
[2011-01-18T23:00:23.696+05:30] [oim_server1] [WARNING] [] [XELLERATE.GC.PROVIDER.RECONCILIATIONTRANSPORT] [tid: OIMQuartzScheduler_Worker-6] [userId: xelsysadm] [ecid: 0000IqQ6XOI4mniNd6T4i51DDSFi00000k,0] [APP: oim#11.1.1.3.0] [dcid: 8319cc259f6c13fc:4b9b7450:12d9a0d8ae4:-7ffd-0000000000000040] FILE SUCCESSFULLY ARCHIVED : C:\Sudhan\Project Related\COE\Installation\Flatfile\Stage\identities20110112.txt
[2011-01-18T23:00:25.259+05:30] [oim_server1] [NOTIFICATION] [IAM-1020005] [oracle.iam.scheduler.impl.quartz] [tid: OIMQuartzScheduler_Worker-6] [userId: xelsysadm] [ecid: 0000IqQ6XOI4mniNd6T4i51DDSFi00000k,0] [APP: oim#11.1.1.3.0] [dcid: 8319cc259f6c13fc:4b9b7450:12d9a0d8ae4:-7ffd-0000000000000040] [arg: QuartzJobListener.jobWasExecuted Description null FullName DEFAULT.FFRECONLT_GTC Name FFRECONLT_GTC] Job Listener, Job was executed QuartzJobListener.jobWasExecuted Description null FullName DEFAULT.FFRECONLT_GTC Name FFRECONLT_GTC
[2011-01-18T23:04:11.618+05:30] [oim_server1] [NOTIFICATION] [IAM-1020004] [oracle.iam.scheduler.impl.quartz] [tid: OIMQuartzScheduler_Worker-7] [userId: xelsysadm] [ecid: 0000IqQ6Y4F4mniNd6T4i51DDSFi00000l,0] [APP: oim#11.1.1.3.0] [dcid: 8319cc259f6c13fc:4b9b7450:12d9a0d8ae4:-7ffd-0000000000000041] [arg: Description null FullName DEFAULT.Issue Audit Messages Task Name Issue Audit Messages Task] Job Listener, Job to be executed Description null FullName DEFAULT.Issue Audit Messages Task Name Issue Audit Messages Task
[2011-01-18T23:04:12.290+05:30] [oim_server1] [NOTIFICATION] [IAM-1020014] [oracle.iam.scheduler.impl.quartz] [tid: OIMQuartzScheduler_Worker-7] [userId: xelsysadm] [ecid: 0000IqQ6Y4F4mniNd6T4i51DDSFi00000l,0] [APP: oim#11.1.1.3.0] [dcid: 8319cc259f6c13fc:4b9b7450:12d9a0d8ae4:-7ffd-0000000000000041] [arg: Method details: executeJob] Method details Method details: executeJob
Edited by: user8674642 on Jan 18, 2011 11:06 AM -
Error while creating GTC for trusted source reconciliation in OIM11g
Hi,
I got an exception while trying to create GTC for Trusted source Reconciliation in OIM11g
Class/Method: CreateGenConnectorAction/imageScreen encounter some problems: Provider Exception[[
java.lang.Exception: Provider Exception
at com.thortech.xl.webclient.actions.CreateConnectorAction.getGenericAdapter(CreateConnectorAction.java:2265)
at com.thortech.xl.webclient.actions.CreateConnectorAction.imageScreen(CreateConnectorAction.java:1196)
at com.thortech.xl.webclient.actions.CreateConnectorAction.goNext(CreateConnectorAction.java:521)
at sun.reflect.GeneratedMethodAccessor4673.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:600)
at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:269)
at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(tcLookupDispatchAction.java:133)
at com.thortech.xl.webclient.actions.tcActionBase.execute(tcActionBase.java:894)
at com.thortech.xl.webclient.actions.tcAction.execute(tcAction.java:213)
at com.thortech.xl.webclient.actions.CreateConnectorAction.execute(CreateConnectorAction.java:135)
at org.apache.struts.chain.commands.servlet.ExecuteAction.execute(ExecuteAction.java:58)
at org.apache.struts.chain.commands.AbstractExecuteAction.execute(AbstractExecuteAction.java:67)
at org.apache.struts.chain.commands.ActionCommandBase.execute(ActionCommandBase.java:51)
at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
at org.apache.commons.chain.generic.LookupCommand.execute(LookupCommand.java:305)
at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
at org.apache.struts.chain.ComposableRequestProcessor.process(ComposableRequestProcessor.java:283)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.thortech.xl.webclient.security.XSSFilter.doFilter(XSSFilter.java:103)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.thortech.xl.webclient.security.CSRFFilter.doFilter(CSRFFilter.java:61)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:115)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:100)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:330)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3684)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:600)
at com.thortech.xl.gc.util.ProviderFacade.getProvider(ProviderFacade.java:344)
at com.thortech.xl.webclient.actions.CreateConnectorAction.getGenericAdapter(CreateConnectorAction.java:2201)
... 47 more
Caused by: java.lang.NullPointerException
at com.thortech.util.logging.Logger.isDebugEnabled(Logger.java:599)
at com.thortech.xl.gc.impl.recon.SharedDriveReconTransportProvider.initialize(SharedDriveReconTransportProvider.java:106)
... 53 more
Thanks & Regards,
PrasadMost likely you are hitting below bug
Bug 14271576 - OIM BETA : CONNECTOR LOGS ARE NOT GETTING UPDATED IN 11G R2 [preferrred fix ...]
or
Bug 13605443 - NULL POINTER EXCEPTIONS IN OIM SERVER DURING RECONCILIATION USING GTC CONNECTOR
Thanks Deepak -
OIM Trusted Reconciliation with OID
Hi all,
1. i am facing the problem with trusted reconciliation , i mapped AttrName.Recon.OID.Map with OOTB values , and in Reconciliation manager the Event is created with No Match Found,
2. In provisioning i am using the Entity Adapter to generate the User ID is this causing the error ?.
3. when i run Trusted Recon ii am getting the following error
DEBUG,06 Apr 2011 16:49:48,655,[XELLERATE.SERVER],Class/Method: tcDataObj:handleErr - Data: poError.isDescription - Value: Cannot save: Bad SQL operation FATAL REJECT, raw value 2.
DEBUG,06 Apr 2011 16:49:48,656,[XELLERATE.SERVER],Class/Method: tcDataObj:handleErr - Data: poError.isRemedy - Value:
DEBUG,06 Apr 2011 16:49:48,656,[XELLERATE.SERVER],Class/Method: tcDataObj:handleErr - Data: poError.isDetail - Value:
DEBUG,06 Apr 2011 16:49:48,656,[XELLERATE.SERVER],Class/Method: tcErrorList/addError entered.
DEBUG,06 Apr 2011 16:49:48,656,[XELLERATE.SERVER],Class/Method: tcDataObj/doRollback entered.
ERROR,06 Apr 2011 16:49:48,656,[XELLERATE.DATABASE],Class/Method: tcDataBase/rollbackTransaction encounter some problems: Rollback Executed From
java.lang.Exception: Rollback Executed From
at com.thortech.xl.dataaccess.tcDataBase.rollbackTransaction(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.rollback(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.doRollback(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcRCE.createUserRecord(Unknown Source)
at com.thortech.xl.ejb.databeansimpl.tcRCEBean.createUserRecord(Unknown Source)
at com.thortech.xl.ejb.beans.tcRCE_4tknfu_EOImpl.createUserRecord(tcRCE_4tknfu_EOImpl.java:615)
at com.thortech.xl.ejb.beans.tcRCE_4tknfu_EOImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.activation.ActivatableServerRef.invoke(ActivatableServerRef.java:85)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:477)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:473)
at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
INFO,06 Apr 2011 16:49:48,656,[XELLERATE.DATABASE],Class/Method: tcDataBase/setTransaction: ##########setTransaction getting called from: #######
DEBUG,06 Apr 2011 16:49:48,656,[XELLERATE.SERVER],Class/Method: tcDataObj/doRollback left.
DEBUG,06 Apr 2011 16:49:48,656,[XELLERATE.SERVER],Class/Method: tcDataObj/save left.
DEBUG,06 Apr 2011 16:49:48,657,[XELLERATE.SERVER],Class/Method: tcRCE/createUserRecord left.
DEBUG,06 Apr 2011 16:49:48,825,[XELLERATE.SERVER],Class/Method: tcErrorList/getErrors entered.
DEBUG,06 Apr 2011 16:49:48,825,[XELLERATE.SERVER],Class/Method: tcErrorList/getErrors left.
DEBUG,06 Apr 2011 16:49:48,887,[XELLERATE.SERVER],Class/Method: tcErrorList/ getRejections entered.
DEBUG,06 Apr 2011 16:49:48,887,[XELLERATE.SERVER],Class/Method: tcErrorList/ getRejections left.
DEBUG,06 Apr 2011 16:49:48,997,[XELLERATE.SERVER],Class/Method: tcDataBase/readEncryptedStatement entered.
DEBUG,06 Apr 2011 16:49:48,998,[XELLERATE.SERVER],Class/Method: tcDataBase/readPartialStatement entered.
Thank you.Hi Khanh,
[This is not good for my use case. I don't want the users from OID to be created in OIM]
Remember this Ldap Sync we use when we want all users in OID -OIM to be in Synch. Otherwise you should have disabled Ldap Sync and used OID 11g Connector.
So if you want to link users in OIM using OID process form/resouce, then its must to use OID 11g Connector.
~J -
OIM 11g DBAT connector - trusted reconciliation for user roles
Hi,
We have a database table containing a bunch of user records, and a table with a foreign key that contains all the associations user-group. We would like to do trusted reconciliation from those two tables into OIM. I already did that for target reconciliation but now I am having a look at the DBAT connector docs, and I have found this:
"Child Table/View Names
If you want to use the connector for trusted source reconciliation, then do not enter a
value. If you want to use the connector for target resource reconciliation and if user data is
spread across parent and child tables, then enter a comma-separated list of child table
names."
Does this mean that role membership trusted reconciliation is not supported by the DBAT connector?
thanks in advanceDBAT connector does not support trusted source with child data.
But that does not mean you cannot configure user table as trusted source.
What is it that you want to do with child table ? -
Trusted Reconciliation Status mapping does not work - 11g Release2
Hi all,
On my process for trusted reconciliation I have mapped my status attribute to Oim 'Status' attribute. It is as follow:
UserStatus -> Status
On my custom scheduled task I transform the status data get form HR (my trusted system) with the values 'Active', 'Disabled','Deleted' and create a reconciliation event.
Even the value I set for the status is 'Active' , afte reconciliation the status is not updated and it is 'Disabled'., what may be the problem? any help is strongly appreciated
Part of my reconciliation event creation code is as follow :
params.put(AttributeConstants.TCMB.ROLE, "Consultant");
params.put(AttributeConstants.TCMB.ORGANIZATION_NAME, "Xellerate Users");
params.put(AttributeConstants.TCMB.XELLERATE_TYPE, "End-User");
params.put(AttributeConstants.TCMB.DISPLAY_NAME, resourceData.getName()+" "+resourceData.getSoyadi());
params.put(AttributeConstants.TCMB.IDENTITY_STATUS, UserManagerConstants.AttributeValues.USER_STATUS_ACTIVE.getId());
System.out.println("Active param : "+UserManagerConstants.AttributeValues.USER_STATUS_ACTIVE.getId());
System.out.println("Disabled param : "+UserManagerConstants.AttributeValues.USER_STATUS_DISABLED.getId());
System.out.println("Deleted param : "+UserManagerConstants.AttributeValues.USER_STATUS_DELETED.getId());
long result = recObject.createReconciliationEvent("TCMB_PBS_TRUSTED", params, true);
Thnaks in advance,
BR
AliyeI would say don't supply status info for recon. OIM will update automatically based on start date and end date.
If you have special scenario then sure we have to map it and try params.put(AttributeConstants.TCMB.IDENTITY_STATUS,"Active") for same.
Better ignore passing status attribute. Lets OIM decide.
--nayan -
Create Organizations in OIM by recon with GTC Database App tables
Hello,
Does anybody know if and how you can create organizations instead of users in OIM when using the GTC DataBase Application Tables connector?
Thank you,
Ionut.Very unlikely verging on the impossible.
I would recommend writing your own connector. As you only need a little bit of JDBC and call the createOrganization in tcOrganizationOperationsIntf wrapped in a scheduled task this should not be a big issue.
Good luck
/M -
Trusted Reconciliation in OIM 11g
Hi
I have written custom scheduler task in OIM 11g which will retrieve values from database and call recon API's to create users in OIM.
Database Table contains the following sample values
FIRSTNAME:RECON
LASTNAME:USER1
USERLOGIN:RUSER1
ORGANIZATION:Xellerate Users
EMPLOYEE-TYPE:Full-Time
I created Resource Object with the above recon attributes and mapped these attributes to OIM User Attributes and made userlogin as key attribute.
I created Recon Rule as USER LOGIN equals userlogin and action rule as No Matches Found -> Create User
Now I ran the job from UI and status is showing as Data Recieved only. It is not creating users.
Below are the logs for the same.
*<Jul 20, 2011 7:47:55 AM EDT> <Error> <oracle.iam.reconciliation.impl> <IAM-5010000> <Generic Error/Information: {0}*
oracle.iam.platform.utils.SuperRuntimeException: java.sql.SQLIntegrityConstraintViolationException: ORA-02291: integrity constraint (OIM11GDB.FK_RECON_EVENTS_USR) violated - parent key not found
ORA-06512: at "OIM11GDB.OIM_SP_RECONBLKUSERCRUD", line 759
ORA-06512: at "OIM11GDB.OIM_SP_RECONBLKUSRMLSWRAPPER", line 71
ORA-06512: at line 1
at oracle.iam.reconciliation.dao.DBCall.execute(DBCall.java:24)
at oracle.iam.reconciliation.dao.ReconActionDao.processSPCall(ReconActionDao.java:1316)
at oracle.iam.reconciliation.dao.ReconActionDao.executeBulkUserMatchCRUD(ReconActionDao.java:686)
at oracle.iam.reconciliation.impl.UserHandler.executeBulkCUD(UserHandler.java:568)
at oracle.iam.reconciliation.impl.BaseEntityTypeHandler.process(BaseEntityTypeHandler.java:34)
at oracle.iam.reconciliation.impl.ActionEngine.processBatch(ActionEngine.java:129)
at oracle.iam.reconciliation.impl.ActionEngine.execute(ActionEngine.java:90)
at oracle.iam.reconciliation.impl.ActionTask.execute(ActionTask.java:73)
at oracle.iam.platform.async.impl.TaskExecutor.executeUnmanagedTask(TaskExecutor.java:100)
at oracle.iam.platform.async.impl.TaskExecutor.execute(TaskExecutor.java:70)
at oracle.iam.platform.async.messaging.MessageReceiver.onMessage(MessageReceiver.java:68)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy364.onMessage(Unknown Source)
at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:466)
at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:371)
at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:328)
at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4659)
at weblogic.jms.client.JMSSession.execute(JMSSession.java:4345)
at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3822)
at weblogic.jms.client.JMSSession.access$000(JMSSession.java:115)
at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5170)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Pls Help.Hi Rajiv,
Please see my comments below.
Where is Design Console Access attributes ?I think no need to set value for this attribute as the default value will be End-User only. Correct me if I am wrong.
Have you created Recon Rule properly ?yes
Have you created Reconciliation Profile ?yes
Call teh API porcessReconciliationEvent after createReconciliationEvent API.Is it mandatory to call processReconciliationEvent after createReconciliationEvent? The reason why I am asking is when I wrote scheduler for target recon I didn't used processReconciliationEvent.
Thanks -
Reconciliation of "change password on next logon" from AD fails in OIM 11g
Hello,
We have a use case on our OIM 11g project where we create a user in Active Directory and check *"User must change password at next logon"* box in AD.
We have setup AD as Trusted and Target resource (using connector 9.1.1.7), where users coming from AD will be created in OIM and password changes in OIM will be sent to AD. Also we use the password synchronization module (9.1.1.5) to synchronize the passwords from AD to OIM when they are changed in AD.
What we noticed is the "User must change password at next logon" is synchronized to the "AD Resource", but unlike the regular attributes it is not accessible normally because it's a system attribute.
What we expect is the user logging in to OIM will be prompted to change the password, but nothing happens when the newly reconciled user logs in (i.e. normal self-service page is shown). Same thing applies when we set the flag on an existing user also.
Did anyone get this working properly?
P.S. In a previous version it used to be the opposite where the user was constantly prompted for the password, even though it was changed in AD already, after changing the password using Alt+Crtl+Delete the user was still prompted to change when logging in to OIM. Oracle suggested we upgrade to 11.1.1.5.1 (most recent patch set) but now the reverse happens - we never get change password prompt now.
Thanks,
-JP
Edited by: JacekP on Oct 17, 2011 8:10 AMYeah, you're right, unfortunately we have dual authorative password model, where a user can change the password from OIM when he is accessing a OIM through a web interface or from his Windows machine through the domain controller. We need the use case to work fully both ways ideally.
A plan-B solution is to use a directory synchronization mechanism outside of OIM that would connect OID and AD, but we would prefer not to.
Maybe you are looking for
-
How to read messages in message pool from a java file
Hi All, I want to read a message that is defined in a message pool of a webdynpro component. This reading should be done from a java file present in the "src" folder. How can I get the handle to the IWDComponent? Or is there any other way? Or is ther
-
To increase the length of a vanilla column
Hello Everyone, I have a situation, where I have to increase a length of a vanilla column in siebel. I have to increase the length of a base column CORP_STOCK_SYMBOL of a vanilla table S_ORG_EXT. From the tools level I can't do this as it does not al
-
Hello After completing my site with Muse, when I export it in HTML or download it directly to host FTP, accents, are directly converted and impossible from the displayed on my site. For example, the "é" becomes on the page "é". on www.gramme.be/euro
-
Trouble connecting to external server with 10.9.2
So despite all my complaints about Mavericks 10.9 and 10.9.1, I was at least able to mount my GoDaddy server on the disk. Although whenever I restarted the computer, I had to run the mounting program/script again. But now, with 10.9.2 it has stopped
-
R12 Process Step for Windows XP
Hi, I am planning to install R12 in my laptop on XP Professional SP-2 operating system, it will be great if anyone has process step can you please share,