OIM-OIA policies integration issues

Similar Messages

• OIM - OIA integration documentation

  hi,
  i am facing some issues in OIM-OIA integration.
  version used:
  OIM ( Version: 9.1.0.1866.47 )
  OIA 11gR1 where we have applied bundle patch 11.1.1.3_bp04
  can anyone please share with me the link or guide for integrating OIM ( Version: 9.1.0.1866.47 ) and OIA 11gR1
  Thanks in advance.

  Hi,
  Those are not a really a document, but I think will be helpful for you, because helped me as well.
  1-http://cn.forums.oracle.com/forums/thread.jspa?messageID=9612293
  2-OIM & OIA 11g integration
  3--http://www.identigral.com/blog/2009/10/19/oracle-identity-analytics-11g
  I hope this help.
  Thiago Leoncio Guimaraes

• OIM - SOA 11g R1  Integration Issue

  Hi ,
  I am facing an integration issue in my newly set up Dev environment .
  We have single node OIM and SOA environment . I was executing the basic connectivity checks to ensure that the environment is good and ready for use .
  When I ran the SOA-OIM Configuration test (http://i.tinyuploads.com/M1zyaP.jpg ) in the environment from Diagnostic Dashboard, it failed .
  I have verified the URLs from EM and also in MDS (in oim-config.xml) file . All entries seem to be there , not sure why its failing ? Any pointers ??
  I have checked the rmi and soap urls here Application Defined MBeans ->oracle.iam->Server (OIM ServerName)->Application:oim->XML Config->Config->XMLConfig.SOAConfig->SOAConfig  and they looked perfectly fine .
  Any clues ??
  Regards
  Suren

  did you tried accessing the oim and soa urls:
  1. http://<hostname>:<port>/oim (login with xelsysadm user)
  2. http://<hostname>:<port>/soa-infra (login with weblogic user)
  Are you able to login to both urls.

• OIM - OIA Attributes Mapping

  Hi All,
  I am trying to get User's Organization value from OIM to OIA through OIM-OIA integration (when pulling users from OIM to OIA). But could not get this particular attribute in OIA. Could you please let me know the exact mapping of User's Organization attribute in OIA with respect to OIM?
  I am able to retrieve all other User's attribute values except the Organization value.
  Your help is highly appreciated.
  Thanks
  Edited by: user9521153 on Dec 7, 2011 8:36 AM

  Hi Rajiv,
  I did Integration of OIA 11.1.1.5.0 with OIM 11.1.1.5.0, and its importing users into OIA.
  I have mapped all attribute in oim-common-context.xml file.
  <util:map id="iamUserToUserCustomProperties">
  <entry key="customProperty16" value="USR_UDF_TRANSFERDATE"/>
  customproperty16 is VARCHAR2(100) in OIA where USR_UDF_TRANSFERDATE is DATE data type in OIM, When I do import users into OIA, this customproperty16 is not updating with new value.
  Can you please suggest on this, its very urgent.
  Thanks.
  Edited by: user13285646 on Dec 12, 2011 1:57 PM
  Edited by: user13285646 on Dec 12, 2011 2:04 PM

• Provision Entitlements using Access Policy in OIM & OIA

  Hi All,
  Access policies in OIM does not allow entitlements definition in it such as defining the AD Groups that needs to be attached to the account which would be provisioned on the target resource when the access policy gets triggered. These entitlements definition in OIM is taken care on the Process Form level, whereas in case of OIA the Provisioning polices allow entitlements definition according the resource type in the policy level. It would be of great help if you could help us in understanding how the import and export of access policy data between OIA and OIM would be feasible with these differences in place
  Appreciate any helpful pointer on this.
  Thanks,
  RPB
  Message was edited by: RPB25

  You can edit the Access Policy, select the Resource added-Provide more information, If it has a child table, you can add entitlement to it. you can also add entitlement while exporting OIA policies using accesspolicy api of OIM. But just chek after importing to OIM, the access policies order will be messed.
  sjit

• OIM 11g-OIA11g Integration question

  Hi All,
  As per the OIM-OIA Integration documentation, we need either OIM 9.1.0.2 BP14 or OIM11g BP3 to integrate with OIA 11gR1 BP3. But in our case, We have upgraded oim 9.1.0.2 BP 13 to oim 11.1.1.5.0. Now, I have two questions
  1. Do we need to apply BP3 on top of upgraded OIm 11.1.1.5 or not required to integrate OIA11g?
  2. Is those versions compatable to integrate OIm 11.1.1.5.0 and OIA 11.1.1.3.6?
  Please suggest me.
  Thanks.

  It would be compatible. See the statment below:
  To use this integration method you must have at least Oracle Identity Manager version 11gR1 BP3 or version 9.1.0.2 BP14a, and at least Oracle Identity Analytics 11gR1 BP3Oracle has mentioned about minimun requirement which is already met your case.

• RBAC with OIM/OIA - Best practice

  Just wondering what should be the RBAC architecture with OIM and OIA as per best practices when the number of applications is huge e.g. >1000.
  Normally, we create one or more OIM Access policies and corresponding user groups for automated provisioning of the user to target applications. And further integrate OIM with OIA to govern user access by aligning the OIA policies with the OIM Access policies.
  This is fine when the number of applications is manageable. But what if the number of applications rises to more that 1000 or 5000. What would be our approach to handle this.

  A fine topic that has been discussed many times over the years in this forum.
  It is also something I have spent far more time than what is actually healthy working on so there are a couple of articles on my blog about the subject:
  http://iamreflections.blogspot.com/2010/10/oim-vs-tim-basic-rbac.html
  http://iamreflections.blogspot.com/2010/09/rbac-vs-abac.html
  http://iamreflections.blogspot.com/2010/08/role-based-group-memberships-in-oim.html
  http://iamreflections.blogspot.com/2010/08/primary-limitation-of-oim-access.html
  The basic answer is that you have to build your own RBAC framework once things leave the very basic state.
  Hope this helps
  /Martin

• Reports 6i and WeBDB 2.2 Integration Issues

  1. I have installed reports6i andintegrated with WebDB 2.2 by running the fo
  llo
  wingScripts:
  oracle_home\report60\server\security\rwwwvins.sql webdb and
  \oracle_home\report60\server\security\rwenable.sql
  as described in the webdb& reports6i integration issues document in oracle r
  epo
  rts6i beta site.
  Afterinstalling, when i logged to webdb as webdb user, i was able to see sev
  er
  access and rdf access options in webdb 2.2
  However, when i log as an userwhere i have created forms components i am una
  ble
  to access the abovecomponents. (there is no documentation on what privileg
  es
  needs to be providedto the user., however i had given grants to following ro
  les
  withRW_ADMINISTRATOR, RW_POWER_USER, RW_DEVELOPER AND RW_BASIC_USer
  null

  Hi Matt,
  You didn't mention but do you also wish to install the database(8i) on the same machine ?
  I am also trying to install all these products(+8i and designer 6i) on the same box but I am concerned more about the min. resources needed before I get started.(I put up a question about it on the 6i Forum, but nobody has answered yet !)
  The correct install order should be Forms/Reports 6i then Forms/Reports 6i Server and then WebDb 2.2.
  Forms /reports server needs a http listener and installs en configures the WebDb listener for the job.(you are prompted for this during tho have the install process).This is handy if you are intending to use WebDb anyway. When you install Webdb it detects the already installed WebDb listener and does not reinstall.
  You do have the SYS password on the database you will use to stored the WDK and WebDb schema.
  About installing the demo.....
  I dont' think there are any special issues.I have never done it.
  If you are intending to install an 8i database on the same box there are some important things to consider with respect to the install order and what products in which Oracle home must be installed.
  1.Forms/Reports first in the default_oracle
  home.
  2.Then Oracle 8i in a 2nd oracle home call
  it ora81 for example.
  3.Then WebDb in the non oracle 8i home !!
  This is just a quick summary.
  If you run into any problems let me know
  Good Luck.
  Dave.

• Info about OIM and WebCenter integration

  Any info or doc/url for OIM and WebCenter integration would be helpful. Any experiences etc please provide some links.

  Follow the link -
  http://docs.oracle.com/cd/E21764_01/core.1111/e12037/oam.htm#WCEDG345
  Follow the below points -
  *"Credential and Policy Store Configuration"*
  *"Oracle Access Manager 10g Integration"*
  *"Oracle Access Manager 11g Integration"*
  *"Configuring WebCenter Applications"*
  *"Configuring WebCenter and BPEL Authentication"*
  *"Backing Up the Installation"*

• Self Service Requests for OIM Access Policies

  In the absence of a Role Management product, is there a good way to enable OIM End User Self Service to process requests and approvals for OIM Access Policies or OIM Groups?
  Any suggestions are appreciated!
  KC

  Ultimately the group membership will trigger an access policy. The access policy assignment is the goal, the group assignment is the typical method to assign the access policy to the user.
  When creating a dummy resource, I assume that resource would have a lookup on the form to select the group name. Is this what you are suggesting?
  KC

• Photoshop Fill - A major integration issue?

  For the first time in a production environment, I was ready
  to use FW CS3 to slice and dice a colleague's PSD. I opened it in
  Photoshop and then in Fireworks for comparison - the two looked
  nothing alike.
  This particular colleague likes to take advantage of PS's
  Fill setting (as opposed to opacity and I can understand why in
  certain situations) - but Fireworks has no understanding of this
  Fill concept so every layer that uses it is darker in FW. So what's
  a guy to do?
  Is this a known integration issue? Will there be a solution
  for CS4? Can I wait that long? Is it ever really worth trying to
  open a PSD in Fireworks?
  I'm more than a little disappointed...
  Matt
  Firewoiks

  I haven't tried this yet, but here's a thought:
  PS is layer based, FW is object bases. As a result, in FW you
  can
  control the opacity of layers AND objects. Is it similar
  enough to
  Photoshop's Fill and Opacity in a layer? Maybe adjusting the
  opacity of
  the object will get you what you need? It might impact the
  stroke on the
  object, but you could possibly duplicate the object and
  remove/mask it's
  fill, so the solid stroke remains.
  It's a workaround, and a bit more work, but it might solve
  the problem
  for now.
  Jim Babbage - .:Community MX:. & .:Adobe Community
  Expert:.
  Extending Knowledge, Daily
  http://www.communityMX.com/
  CommunityMX - Free Resources:
  http://www.communitymx.com/free.cfm
  .:Adobe Community Expert for Fireworks:.
  news://forums.macromedia.com/macromedia.fireworks
  news://forums.macromedia.com/macromedia.dreamweaver
  Stowball wrote:
  > Linda
  >
  > The problem is not caused by any colour mode or embedded
  profiles - it's
  > caused by Fireworks' lack of support for Photoshop's
  Fill feature.
  >
  > The Fill feature is useful, because you can change the
  opacity of the actual
  > fill, without changing the opacity of any effects - like
  strokes - that are
  > applied to the layer.
  >
  > My colleague uses this method frequently in his his
  designs.
  >
  > This PNG demonstrates it perfectly:
  >
  http://www.mattstow.com/downloads/fill_test.png
  >
  > And the original PSD can be found here:
  >
  http://www.mattstow.com/downloads/fill_test.psd
  >
  > This is a real issue for PS->FW interoperability - I
  basically could not use
  > FW for the task of preparing a design for the web.
  >
  > I'd be interested to hear how this will affect other
  users.
  >
  > Regards
  >
  > Matt
  >

• Lync 2013 Outlook Integration Issues

  I have a client that is having Exchange Outlook Integration issues when trying to set up Lync 2013.
  The email address is [email protected] The sip address is
  [email protected] But the Lync server is lync.domain.local. Client is on Exchange 2010.
  The address book is not downloading and the outlook integration issue error icon appears on the bottom right.
  If the client is set manually to [email protected] the address book downloads.
  But can Lync work in the long run set up like this?

  Hi,
  Did you solve the issue with the help of Andrew provided?
  Which sip domain name did you use for default SIP domain ([email protected] or
  [email protected])?
  Did the issue happen internal or external?
  For the issue of cannot download address book, please check the External Base URL on Lync topology with the help of the link below:
  http://ucken.blogspot.in/2011/07/configuring-lync-for-external-access.html
  For the issue of Lync and Exchange integration you can refer to the link below:
  http://blog.schertz.name/2010/11/lync-and-exchange-im-integration/
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there.
  Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• OIM OIA integration automatically publishing roles

  I have OIM 11gr2 OIA integration working feeding users/accounts/entitlements etc and roles export properly to OIM however they are ALWAYS published to the catalog and alto to the Top organization which is a bit of an issue as now these are requestable for all users. I would like the ability to restrict the roles to only publish to a certain organization. I have picked through everything I can find to determine if there is any place to hook in to prevent this but no luck so far. Anyone got any ideas?
  Thanks!

  Any updates on this ??

• OIM and OIA11g Integration(error while importing Resource metadata into OIA

  Hi,
  I followed the below link and trying to integrate OIM 11.1.1.5 and OIA 11.1.1.3.6
  And both are deployed different weblogic domains..
  http://wikis.sun.com/display/OIA11gDocs/Integrating+With+Oracle+Identity+Manager,+Preferred+Method
  I am getting error in Step 6: Import the Oracle Identity Manager (OIM) Data Into Oracle Identity Analytics (OIA) -> To Import Resource Metadata
  10:56:21,484 DEBUG [DBIAMSolution] publishing import starting event...
  10:56:21,623 DEBUG [OimUtilityFactory] ************** OIM Connection Params *************
  10:56:21,628 DEBUG [OimUtilityFactory] XL Home ---> C:\Oracle\Middleware\Oracle_IDM1
  10:56:21,630 DEBUG [OimUtilityFactory] login config ---> C:\Oracle\Middleware\Oracle_IDM1\server\config\authwl.conf
  10:56:21,631 DEBUG [OimUtilityFactory] ****************************************************
  10:56:21,636 DEBUG [OimUtilityFactory] Xellerate Discovery Settings {}
  10:56:21,638 DEBUG [OimUtilityFactory] ********** Connecting to OIM Server **********
  10:56:21,774 ERROR [IamDbNamespaceImporterHelperImpl] Error connecting to OIM
  Thor.API.Exceptions.tcAPIException: javax.security.auth.login.LoginException: java.lang.SecurityException: [Security:090304]Authentication Failed: User xelsysadm javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User xelsysadm denied
       at Thor.API.tcUtilityFactory.<init>(tcUtilityFactory.java:166)
       at com.vaau.rbacx.iam.util.oracle.oimapi.OimUtilityFactory.getUtilityFactory(OimUtilityFactory.java:67)
       at com.vaau.rbacx.iam.db.helpers.IamDbNamespaceImporterHelperImpl.readNamespaces(IamDbNamespaceImporterHelperImpl.java:87)
       at com.vaau.rbacx.iam.db.DBIAMSolution.readResourceMetadata(DBIAMSolution.java:642)
       at com.vaau.rbacx.iam.service.impl.RbacxIAMServiceImpl.importResourceMetadata(RbacxIAMServiceImpl.java:472)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
       at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
       at $Proxy274.importResourceMetadata(Unknown Source)
       at com.vaau.rbacx.scheduling.executor.iam.IAMJobExecutor.execute(IAMJobExecutor.java:107)
       at com.vaau.rbacx.scheduling.manager.providers.quartz.jobs.AbstractJob.execute(AbstractJob.java:72)
       at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
       at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:534)
  10:56:21,784 ERROR [DBIAMSolution] Error Importing Namespaces : javax.security.auth.login.LoginException: java.lang.SecurityException: [Security:090304]Authentication Failed: User xelsysadm javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User xelsysadm denied
  10:56:21,836 DEBUG [DBIAMSolution] publishing import completed event...
  10:56:21,903 INFO [VaauSchedulerEventListenerImpl] Job executed: oim tst, IAM
  10:56:21,904 INFO [VaauSchedulerEventListenerImpl] Job run time: 0s
  10:56:21,904 INFO [VaauSchedulerEventListenerImpl] Next Run: null
  Thanks..
  Edited by: IDMuser19 on Aug 24, 2011 4:06 PM
  Edited by: IDMuser19 on Aug 25, 2011 10:58 PM

  Thanks rajiv for the reply..
  No i am not able to import users too..getting same error in the rbacx.log
  I tried with below details
  Xellerate Home: C:\Oracle\Middleware\Oracle_IDM1
  Login Config : C:\Oracle\Middleware\Oracle_IDM1\server\config\authwl.conf
  User Name: XELSYSADM
  Password : ●●●●●●●●
  ( in version 11.1.1.3.6 does not prompt for these two Provider URL: t3://localhost:14000 , Initial Context Factory: weblogic.jndi.WLInitialContextFactory)
  here the OIA and OIM are in different domains.. i am able loginto OIM with xelsysadm without any problem just followed the instruction in the integration doc not sure where i did a mistake..
  Please let know if have any idea..Thanks..
  Edited by: IDMuser19 on Aug 30, 2011 8:25 AM

• How to Map OIA Provisioning policies to OIM Access Policies

  Hi,
  Access policies in OIM does not allow entitlements definition in it such as defining the AD Groups that needs to be attached to the account which would be provisioned on the target resource when the access policy gets triggered. These entitlements definition in OIM is taken care on the Process Form level, whereas in case of OIA the Provisioning polices allow entitlements definition according the resource type in the policy level. It would be of great help if you could help us in understanding how the import and export of access policy data between OIA and OIM would be feasible with these differences in place
  Secondly the access policies defined in OIM can contain resources belonging to different resource types unlike the OIA where we can create access policies only pertaining to the selected resource type, Kindly let us know how the Import and Export process would workout in this scenarios as well
  Appreciate your guidance and support
  Thanks
  Avinash

  Hi,
       Any helpful pointer on above mentioned scenario ?
  Thanks,
  RPB