OIM - OIA integration documentation

Similar Messages

• OIM OIA integration automatically publishing roles

  I have OIM 11gr2 OIA integration working feeding users/accounts/entitlements etc and roles export properly to OIM however they are ALWAYS published to the catalog and alto to the Top organization which is a bit of an issue as now these are requestable for all users. I would like the ability to restrict the roles to only publish to a certain organization. I have picked through everything I can find to determine if there is any place to hook in to prevent this but no luck so far. Anyone got any ideas?
  Thanks!

  Any updates on this ??

• OIM - OIA Integration

  Hi guys!
  It's is possible integrate OIA 11g ( *11.1.1.3.0* ) when it's deployed in Apache Tomcat ( *6.0.18* ) and OIM 11g ( *11.1.1.3.0* ) is deployed in Weblogic ( *11.1.1.3.0* )?, because the documentation (http://wikis.sun.com/display/OIA11gDocs/System+Integrator%27s+Guide) suggest two ways to do it ( Preferred and Deprecated Methods).
  I'm already using the Deprecated method due to I cannot download the Bundle Patch (BP3) for OIA that is neccesary for using Preferred Method.
  When I'm configuring my Provisioning Server (OIM) in OIA I see the field Initial Context Factory but the documentation doesn't show nothing about tomcat and I don't know what value must be here.
  I need your help with this value!
  Thanls in advance

  When you have OIA and OIM on different servers, you need the oim config directory FTP'd from the OIM server to the OIA server.
  Therefore, the Xellerate Home and Login Config settings are then set with the locations on the configs on the OIA server where you have copied these directories to. This will reslove the problem.
  After solving the above error I proceeded with a new error!! Can anyone help?
  Thor.API.Exceptions.tcAPIException: Error while getting utility Thor.API.Operations.tcUserOperationsIntf

• OIM -  OIA integration steps not clear

  We are integrating OIM 9.1.0.2 BP14a with OIA 11g R1 BP03. Can anybody clarify on the integration steps mentined in the preferred method of integration steps provided in http://wikis.sun.com/display/OIA11gDocs/Integrating+With+Oracle+Identity+Manager,+Preferred+Method#IntegratingWithOracleIdentityManager%2CPreferredMethod-step1 ?
  Atleast, the following 2 steps need clarification:
  •Copy the following JAR files located in the <IDM-HOME>/server/lib folder to the Oracle Identity Analytics $RBACX_HOME/WEB-INF/lib folder:
  What is this *<IDM-HOME>/server/* in nthe above step. I think this should be <OIM_HOME>/xellerate for OIm 9.1.0.2 and <IDM-HOME>/server/lib for OIM 11g.
  •Copy the conf folder from <OIMDesignConsole>/conf to the Oracle Identity Analytics $RBACX_HOME/WEB-INF/lib folder.
  Again this step looks like specific to OIM 11g, because OIM 9.1.0.2 does not have the dir <OIMDesignConsole>/conf. Is it so? I think the step is erroneous.

  Prakash,
  You are right for mentioned step 1,
  •Copy the following JAR files located in the <IDM-HOME>/server/lib folder to the Oracle Identity Analytics $RBACX_HOME/WEB-INF/lib folder:
  Its <OIM_HOME>/xellerate for OIm 9.1.0.2 and <IDM-HOME>/server/lib for OIM 11g.
  step 2:
  Copy the conf folder from <OIMDesignConsole>/conf to the Oracle Identity Analytics $RBACX_HOME/WEB-INF/lib folder.
  You can get this folder, from where you install design console installation for both oim 9.1 (xlclient/config) and oim 11g (designconsole/config).
  Hope helps you !!!
  Regards,
  Ravi.G

• Error : OIM - OIA Integration

  hai gurus,
  i got some error when i integration OIA with OIM. i'm trying to running import scheduler and i'm facing an error.
  this is an error :
  29 Jun 13 0:56:05 com.thortech.util.logging.Logger error
  SEVERE: Class/Method: tcUtilityFactory/tcUtilityFactory(Hashtable env, String psUserId, String psPassword) encounter some problems: javax.security.auth.login.LoginException: java.lang.SecurityException: [Security:090304]Authentication Failed: User xelsysadm javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User xelsysadm denied
  javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: java.lang.SecurityException: [Security:090304]Authentication Failed: User xelsysadm javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User xelsysadm denied
          at weblogic.security.auth.login.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:199)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  i'm using  :
  OIM 11.1.1.5 bp07
  OIA 11.1.1.5 bp05
  weblogic 10.3.5
  oracle db 11.2.0
  any solution in this error ?
  thank's
  darvesth

  can somebody to help solving this error ??

• Java.lang.IllegalArgumentException OIM OIA integration

  Hi,
  I am trying to connect OIM and OIA which are on same server. On importing data, I am getting the below error. The below eroor is when I imported Resource Metadata.
  13:26:46,164 ERROR [IamDbNamespaceImporterHelperImpl] Error connecting to OIM
  java.lang.IllegalArgumentException: No Configuration was registered that can handle the configuration named xellerate
       at com.bea.common.security.jdkutils.JAASConfiguration.getAppConfigurationEntry(JAASConfiguration.java:130)
       at javax.security.auth.login.LoginContext.init(LoginContext.java:269)
       at javax.security.auth.login.LoginContext.<init>(LoginContext.java:427)
       at Thor.API.Security.LoginHandler.weblogicLoginHandler.login(weblogicLoginHandler.java:58)
       at oracle.iam.platform.OIMClient.login(OIMClient.java:213)
       at oracle.iam.platform.OIMClient.login(OIMClient.java:184)
       at Thor.API.tcUtilityFactory.<init>(tcUtilityFactory.java:155)
       at com.vaau.rbacx.iam.util.oracle.oimapi.OimUtilityFactory.getUtilityFactory(OimUtilityFactory.java:67)
       at com.vaau.rbacx.iam.db.helpers.IamDbNamespaceImporterHelperImpl.readNamespaces(IamDbNamespaceImporterHelperImpl.java:85)
       at com.vaau.rbacx.iam.db.DBIAMSolution.readResourceMetadata(DBIAMSolution.java:746)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
       at java.lang.reflect.Method.invoke(Method.java:613)
       at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
       at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
       at com.sun.proxy.$Proxy127.readResourceMetadata(Unknown Source)
       at com.vaau.rbacx.iam.service.impl.RbacxIAMServiceImpl.importResourceMetadata(RbacxIAMServiceImpl.java:474)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
       at java.lang.reflect.Method.invoke(Method.java:613)
       at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
       at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
       at com.sun.proxy.$Proxy130.importResourceMetadata(Unknown Source)
       at com.vaau.rbacx.scheduling.executor.iam.IAMJobExecutor.execute(IAMJobExecutor.java:111)
       at com.vaau.rbacx.scheduling.manager.providers.quartz.jobs.AbstractJob.execute(AbstractJob.java:72)
       at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
       at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:534)
  13:26:46,167 ERROR [DBIAMSolution] Error Importing Namespaces : No Configuration was registered that can handle the configuration named xellerate
  Please suggest me on the error.

  This issue is because you have deployed OIM and OIA on same server
  refer below doc
  http://docs.oracle.com/cd/E27119_01/doc.11113/e23129/glbvw.html

• OIM-OIA integration error

  Hi,
  I have installed OIA 11.1.1.5 on linux 64 bit system successfully and also installed OIM 11gR2.
  OIM and OIA both are in different weblogic domains.
  Now I am trying to integrate OIM with OIA.
  But while doing the following step
  Log in to Oracle Identity Analytics. -->Choose Administration > Configuration.-->Click Provisioning Servers.--> Click New Provisioning Server Connection-->From the Type of Provisioning Server Connection drop-down menu, select oracle.
  I am not seeing "oracle" listed in the drop-down to create an oracle server connection.
  I am sure that I have updated iam-context.xml to uncomment the entry. I have verified this file and this entry was uncommented out.
  <entry key="oracle">
  <ref bean="oimSolution"/>
  </entry>
  Please let me know where I was doing wrong.

  Hi Daniel,
  Thanks for your reply.
  I followed all the steps given in your URL and I am getting the same issue.
  More over, now I am getting the below error as well after changing iam-context.xml file.
  org.springframework.beans.factory.BeanDefinitionStoreException: Unexpected exception parsing XML document from ServletContext resource [/WEB-INF/dataaccess-c
  ontext.xml]; nested exception is java.lang.NoClassDefFoundError: javax/xml/namespace/QName
  at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:420)
  at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:342)
  at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:310)
  at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:143)
  at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:178)
  at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:149)
  at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:124)
  at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:93)

• OIM - OIA Integration Before the resources are created

  Hi Everyone,
  I need to integrate OIM and OIA (both 11.1.1.5.0) but all the resources aren't created on OIM, should I wait until every one of the resources are created on OIM? If I create the policies and resources on OIA (with the same name) after I create them on OIM and import them into OIA would they match?
  I know it a silly question, but we need to find ways to not hold the data loading into OIA until all the resources are created on OIM.
  Thanks!
  Camila

  Ideally you should have all users, roles and policies created in OIM first. Once you get all these in OIM, you can forward them to any target system including OIA. Next, you can have ongoing incremental recons to get the new records in OIM and subsequently put them in OIA.
  regards,
  Gyan

• OIM - OIA Attributes Mapping

  Hi All,
  I am trying to get User's Organization value from OIM to OIA through OIM-OIA integration (when pulling users from OIM to OIA). But could not get this particular attribute in OIA. Could you please let me know the exact mapping of User's Organization attribute in OIA with respect to OIM?
  I am able to retrieve all other User's attribute values except the Organization value.
  Your help is highly appreciated.
  Thanks
  Edited by: user9521153 on Dec 7, 2011 8:36 AM

  Hi Rajiv,
  I did Integration of OIA 11.1.1.5.0 with OIM 11.1.1.5.0, and its importing users into OIA.
  I have mapped all attribute in oim-common-context.xml file.
  <util:map id="iamUserToUserCustomProperties">
  <entry key="customProperty16" value="USR_UDF_TRANSFERDATE"/>
  customproperty16 is VARCHAR2(100) in OIA where USR_UDF_TRANSFERDATE is DATE data type in OIM, When I do import users into OIA, this customproperty16 is not updating with new value.
  Can you please suggest on this, its very urgent.
  Thanks.
  Edited by: user13285646 on Dec 12, 2011 1:57 PM
  Edited by: user13285646 on Dec 12, 2011 2:04 PM

• OIM 11g integration AutoLogin error (first login or forgot password)

  Hi,
  We are currently integrating OAM+OIM 11g (R2). We have used a 10g webgate for this.
  When the user logs in for the first time, and sets his password and answers the challenge questions, he should be "Auto logged in" when he is finished.
  The same scenario should happen, if the user forgot his password, and resets it. He should be "Auto-logged in" when finished.
  This is not happending for us.
  The OIM logs tells us this:
  ERROR: Autologin failed oracle.iam.ui.platform.sso.exception.AutoLoginException: Error occured while retrieving TAP partner key from Credential store
  We have tried to verify everything recommended by this Oracle Support article:
  How to Solve Autologin problems in OIM with OAM? [ID 1475297.1]
  Any ideas what we are missing?
  Thanks & Regards,
  Henrik

  Maybe this is a something?
  Whate should the value of the property OAM_SERVER_VERSION be, when running idmConfigTool.sh and using a 10g webgate for the integration?
  Chapter 7.6 in the integration documentation states this:
  OAM_SERVER_VERSION: 11g (use 10g if Oracle Access Manager 10g is used)
  http://docs.oracle.com/cd/E27559_01/integration.1112/e27123/oim.htm#CACFCJHI
  Under chapter 2.4.5 in the idmConfigTool documentation it's described like this:
  OAM_SERVER_VERSION: Required only when Access Manager server does not support 11g webgate in Oracle Identity Manager-Access Manager integration. In that case, value should be provided as '10g'.
  http://docs.oracle.com/cd/E27559_01/integration.1112/e27123/idmcfgtool.htm#CIHCICHD
  When we ran the script, we had the value set to "11g" (because that's our OAM version)... now I'm wondering if I need to set this value at all..
  Regards,
  Henrik

• OIM AD Integration - 'User must change password at next logon'

  Hi,
  These are the issues in OIM AD integration that we are stuck up on:
  Issue:
  1. When OIM Admin resets the password for User1 in OIM, the password is propagated to AD but the ‘User must change password at next logon’ attribute is not updated in AD. As a result, if the User1 logs into AD account (i.e. computer), there is no prompt to change the password.
  2. When AD Admin resets the password for User1 in AD and checks the ‘User must change password at next logon’ flag, the password is propagated to OIM but the ‘obpasswordchangeflag’ attribute (of oblixPersonPwdPolicy class) is not updated in OID. As a result, if the User1 logs into OIM account, there is no prompt to change the password.
  Research:
  1. For case 1 above: When OIM Admin resets the password for User1, the ‘User must change password at next logon’ attribute on the AD process form itself is not getting updated. So the AD Connector doesn’t propagate the attribute to AD.
  2. For case 2 above: When the AD Admin resets the password for User1 in AD, the AD Password Sync connector only sends the password to OIM and not other attribute. So, there is no way to fetch the ‘User must change password at next logon’ attribute and then copy it into ‘obpasswordchangeflag’ attribute in OID.
  Environment Details:
  1. OIM-OAM-OAAM 11.1.1.5 BP02 integrated using OVD-OID 11.1.1.5
  2. AD on WIN 2008 R2.
  3. OIM AD Connector 9.1.1.7.2
  4. AD Password Sync Connector 9.1.1.5
  Any help would be highly appreciated!
  Thanks,
  Kulesh...

  Thanks for your reply again.
  I did not get you completely here. Can you please elaborate on the "process task on the AD Process which passes along the USR_PWD_MUST_CHANGE and immediately sets it to 0 this should work". How many total additional tasks would be needed here?
  what all targets are you provisioning the password to?
  - AD and OID (through LDAPSYNC)
  where are end users allowed to change their passwords on (OIM,AD....??)
  - Both OIM and AD.
  Where can admins change the passwords?
  - Currently they use ARS for such purposes but this is something we need to clearly define. The thing is, they use ARS for whole lot of purposes and we can't dictate/restrict them to use OIM only for password resets. So they may use ARS or OIM.
  What do you suggest?
  Edited by: Kulesh Kane on Nov 8, 2012 11:43 AM

• OIM-OAM integration and LDAP Sync

  Hello All, I have deployed OIM 11g R2 and OAM/OVD 11.1.1.5. Now I need to enable LDAP sync for OIM-OAM integration and I'm not allowed to extend Oracle schema in AD. So I decided to use OUD for FMW schema and I have completed all those steps and OUD is up and running. Since my enterprise directory is AD and OUD is my FMW directory, I need to think of a split profile setting in OVD. I'm following this link http://fusionapplications-ateam.blogspot.com/2012/04/split-profiles-with-ad-and-oid-for.html for this deployment. I have OVD adapters configured for AD, OUD, Join view and changelog. The link does not clearly explain the steps in OIM for LDAP Sync.
  When I configure LDAP Sync in OIM, should I point the sync to the OUD users container?
  When and how this cn=shadowentries container will be used? I understand that the password (obattributes) are used for password management by OAM, but wondering where will that get stored in OUD?
  Please let me know your thoughts.
  Thanks.

  Hi,
  when I use url:
  http://idm1:14000/admin/faces/pages/Admin.jspx
  I get Access Manager login page, I can click links: register new user, reset password and I get correct OIM pages. But when I type xelsysadm and password I get error on the next page:
  Error 401--Unauthorized
  From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
  10.4.2 401 Unauthorized
  I can't logon to EM, OAMconsole, Weblogic etc. when the OAM is running. In OIM log I got errors from oam-agent: "User is not authorized to access resource, MinorCode: DENY, MajorCode: DENY".
  I have got user xelsysadm in OIM and in LDAP, when the OAM is not running I can login to OIM, create users in OIM (they appear in OID) etc. The user xelsysadm is added to group: OAMAdministrators. Also when I try to logon to OAM console (http://idm1:7001/oamconsole) using orcladmin name I get error: Access to administration console is restricted. But when I use weblogic username (the user is in OAMAdministrators group in OID) i can get OAMconsole.
  How can I change logon type in OIM?
  best
  mp
  Edited by: J23 on 2011-01-10 00:47

• OIM - AD integration info required

  Hello Experts,
  I want to integrate OIM with AD. For your information, I have installed OIM 11g on my windows system and all other things are like database are on my windows system only, Kindly suggest me about the about OIM-AD integration.
  Also tell me if I can create vm for AD???
  what is the difference between AD and OID?? Suggest which should I install?
  what are all the things which I can perform after this integration,??
  As am doing this for learning purpose and am a newbie please suggest from the basics.
  Any information about AD usage will be very helpful.
  Kindly suggest...
  Regards,
  KK

  I don't know how much RAM you have in your machine. If you have VM for AD again you required around 1-2 GB of RAM.There is no seprate installer of AD. For Active Directory(AD) you have to have the VM for windows 2003 or windows 2008 server. where you will configure and enable Active Directory for OIM integration.
  Better you can install OID in your Local windows machine if you have enough memory. Both AD and OID are directory server and based on LDAP protocol. Where OID is oracle product and AD is Microsoft product.
  You won't get much diff on functional level. But there are architectural diff is there. As OID use its own Database(oracle DB) internally where AD don't use DB.
  Once you setup with the target systems download online OOTB connectors and start with integration.
  Connector doc has all the required steps to move on.
  www.oracle.com/technetwork/middleware/id-mgmt/downloads/connectors-101674.html

• 11g R2 OES - OAM Integration Documentation Link

  Hi,
  Can some one post the link for OES and OAM 11g R2 integration Documentation?
  Thanks in Advance,
  Sandy.

  11gR1 was using OES already for its policies so in this regard, nothing much has changed for R2 with respect to how they integrate. However, there is a big difference in that in R1, OAM had an embedded OES based on OES10g wheras OAM in R2 is using OES11g. This means you get more control of OES via the apm and other interfaces.

• OIM-SOA integration

  Hi all,
  please provide me the document to know how the integration of OIM and SOA is done.
  thank you.

  OIM-SOA integration ????
  SOA is a required component before you install OIM 11g. Are you looking for how to install SOA before OIM install ?
  Thanks
  GK