OIM OID PROVISIONING-RECONCILIATION
hi
i m using OIM with OID for provisioning and reconciliation
while i reconcile from OID to OIM changes are reflected in OIM user profile
while provisioning from OIM to OID ,when i make some changes in user profile, it does not get reflected in process form. i need to make the changes again in process form ,then only it gets reflected in OID.
the process becomes very cumbersome. how this can be resolved ?
Well for that you need to configure proper Change Field type process tasks which will actually transfer information from User Profile to process form.
Refer look up USR_PROCESS_TRIGGERS for more details. You might also have a look at similar threads like following.
Re: Password Update Task for OID Process form
Thanks
Sunny
Similar Messages
-
OIM-OID provisionning issue with external plug in with AD
Hi OIM/OID Guru's,
We are using OIM with OID connector and having external authentication plug-in feature of OID with AD. Here we are using OID for user profile storage and doing password validation by using external plugin through AD however we have been
facing one issue which is mentioned below :-
Whenever we are creating any user in through OIM and found that user is provisioned to the OID target source but populating wrong value of attribute orclSourceObjectDN in OID process form:-
orclSourceObjectDN = cn=OIDTEST3,CN=Users,DC=oracle-test,DC=oracle,DC=com
correct value should be orclSourceObjectDN =cn=OIDTEST3,CN=Users,DC=oracle,DC=com
we don't have any container in OID with DC=oracle-test however not sure how the process form is picking up this value?
However could you please put more light why it is appending wrong DN in OIM process form? Where should i check for this from OIM side?Hi Dear,
thanks for your reply and we are using OIM 9.x version. Checked Root DN value as you suggested (see below snap shot for oid resource definition):-
Admin Id cn=username
Admin Password *******
Group Reconciliation Time Stamp
Last Target Delete Recon TimeStamp
Last Target Recon TimeStamp
Last Trusted Delete Recon TimeStamp
Last Trusted Recon TimeStamp
Port 6060
Prov Attribute Lookup Code AttrName.Prov.Map.OID
Prov Group Attribute Lookup Code AttrName.Group.Prov.Map.OID
Prov Role Attribute Lookup Code AttrName.Role.Prov.Map.OID
Role Reconciliation Time Stamp
Root DN DC=oracle,DC=com
SSL false
Server Address My server name
Use XL Org Structure false -
Queuing/Retrying 'Rejected' status OID Process Tasks: OIM-OID provisioning
Hello Gurus,
I have already up and running environment with OIM, OID connector pack and OID as the target system. So when a user data (for e.g. a UDF) is being provisioned from OIM to OID target system; if a process task comes back with 'rejected' status due to target unavailability/OID down; then is there any settings that we can configure within OIM design console that queues up and retries these 'rejected' tasks related to each individual user?
Is there any setting within any of the OID lookups such that we can set a retry count for such process tasks?
The goal is without human intervention all these 'rejected' process tasks should run successfully and be set to 'completed' status. If the target system is unavailable then there should be a way to run all these failed tasks - is my assumption.
Is it by anyway related to 'Offline Provisioning'?
Please provide some guidelines.
Thanks,
- oidm.
Edited by: oidm on Mar 16, 2010 10:34 PMBut it'll only allow us to 'retry' those specific tasks for a limited number of times and limited period of time. And will this task be retried only if its 'rejected' or it'll be retried for whatever number of times we specified?
What if the target system doesn't come up for the whole day? Can we specify some value for the same in 'Duration' fields?
So all in all if we talk about retrying the failed/rejected tasks we just have these options in hand as far as task 'status' is concerned?
Thanks,
- oidm. -
OIM-OID Provisioning - OID Group PrePopulate Approach :
Hi,
I am working on OID Connector 9.0.1.14 with OIM 11.1.1.5.
I have reconciled all the Roles and Groups from OID to OIM and can successfully provision users to the OID along with membership to these specific Roles and Groups.
I want to prepopulate the OID Group based on certain attribute from the OIM User form. My Approach so far is :
1) Created an Entity Adapter with a variable : say Org and GroupName.
2) Set the Logic as if Org = XYZ (+XYZ does exist on OIM+) set GroupName as = "OID Group 1" else set GroupName as = "OID Group 2"
3) Attached this adapter to the "OID User Group" form on the "Data Object Manager" at the pre-insert stage.
4) Mapped the Adapter variable as :
a) Org Maps to "Organization Definition" with the qualifier "Organization Name"
b) GroupName maps to the "Entity Field" with the qualifier "UD_OID_GRP_GROUP_NAME"
However nothing seems to happen when I create/modify a user with Orgization Name as XYZ and manually Provision the OID Resource. I can see the form but nothing is populated in the Group Field. Upon completing the request, I get the user provisioned to OID but without any Group information..
Is my approach right ? Am I missing something ?Here is what I have done for a client. My requirement was for a given department, a user must have a list of groups provisioned to them. So here is what i've done:
1. Create a lookup that has Code Key = Department, Decode = CN of the groups in a delimited format.
2. Create a provisioning task that will look at the department code from the user form, reference the lookup and find the decode values. Split them based on a delimiter. Then using each value, lookup the code key value from the real lookup that contains the full distinguished name of the group in the OID Group lookup. I even appened the IT Resource Key and ~ so that my search would be Decode or Code = "IT Resource Name~CN=<CN VALUE>%". This would return only the single group code key value. And then i add it to the child table. Repeat this for all the values in the delimited field.
3. Create a provisioning task that removes the values from the child table based on the delimited value. You'll need to search through the existing child table values.
Once you have the 2 tasks, you'll want to add a value to the your Lookup.USR_PROCESS_TRIGGERS that is your group determining field. Create your task name in this lookup. On your provisioning workflow, for the Adding of the groups task, make this unconditional, and have a preceding task of the Create User. Give it the name from your Lookup.USR_PROCESS_TRIGGERS and append " - Add Groups" to the task name. Create another task called the same, but append " - Delete Groups" to the task name. On the Add Groups task, make the preceding task the Delete groups. When you map your inputs to the adapters, on the delete, select the old value check box from the User Form so that you get the old value. Now, when the value changes on the user form, it will first remove the old groups, then add the new ones. All this will be done using the child table APIs, so that the existing Insert and Delete task triggers for your child table will run.
-Kevin -
OIM - OID provisioning How to kill formatOrgDN ?
Hello friends,
few rows from OIM log :
XL_INTG.OID OID:tcUtilLDAPOperations -> ~~~~~~~~~~Leaving getPath() with dc=company,dc=com~~~~~~~~~~
XL_INTG.OID the initial pContainerDN is:cn=Users
XL_INTG.OID tcUtilOIDUserOperations -> Entering formatOrgDN(s,s)
XL_INTG.OID tcUtilOIDUserOperations -> with Parameters
XL_INTG.OID tcUtilOIDUserOperations -> [pOrgDNcn=Users
XL_INTG.OID tcUtilOIDUserOperations -> pRootDNdc=company,dc=com]
XL_INTG.OID OID:tcUtilLDAPOperations -> ~~~~~~~~~~Entering getPath() with ou=users~~~~~~~~~~
XL_INTG.OID OID:tcUtilLDAPOperations -> ~~~~~~~~~~Leaving getPath() with ou=Users,dc=company,dc=com~~~~~~~~~~
so formatOrgDN changes orgDN from cn=Users to ou=Users.
Maybe someone can help me, where can i disable this formatting ?
OIM 9.1.0.0
OID connector : 9.0.4.1
Thanx!Check IT Resource configuration put root dn for your identities, then searh in AttrName.Prov.Map.OID lookup change ldapOrgDNPrefix with your entry name and
ldapOrgUnitObjectClass for your organization ldap class -
From where can i get the use cases for practice on OIM OID provisioning reconciliation and other aspects
Hi Dear,
thanks for your reply and we are using OIM 9.x version. Checked Root DN value as you suggested (see below snap shot for oid resource definition):-
Admin Id cn=username
Admin Password *******
Group Reconciliation Time Stamp
Last Target Delete Recon TimeStamp
Last Target Recon TimeStamp
Last Trusted Delete Recon TimeStamp
Last Trusted Recon TimeStamp
Port 6060
Prov Attribute Lookup Code AttrName.Prov.Map.OID
Prov Group Attribute Lookup Code AttrName.Group.Prov.Map.OID
Prov Role Attribute Lookup Code AttrName.Role.Prov.Map.OID
Role Reconciliation Time Stamp
Root DN DC=oracle,DC=com
SSL false
Server Address My server name
Use XL Org Structure false -
ADD new fields in OIM to provisioned on OID
Hello,
I need a confirmation about these steps to add a new field to provisioned to OID.
new field called slClient
did i need to do all these steps ?
1- Resource Object
OID User --> Object Reconciliation (tab), add Field: sl Client --> String
Xellerate User --> Object Reconciliation (tab) , add Field: sl Client --> String
2- Form Designer
UD_OID_USR --> add : UD_OID_USR_ CLIENT --> sl Client
3- Lookup definition
AttrName.Recon.Map.OID --> Add: sl Client --> slClient ( this is what field name in OID database)
AttrName.Prov.Map.OID --> Add: sl Client --> slClient ( this is what field name in OID database)
4- Process Definition
OID User --> Reconciliation Field Mappings (tab), Add field map: sl Client --> UD_OID_USR_ CLIENT( this is what in Form Designer)
Xellerate User --> Reconciliation Field Mappings (tab), Add field map: sl Client --> Letter Client (what is defined in User Defined Field Definition)
5- User Defined Field Definition
Users --> Add Letter Client --> USR_UDF_LTR_CLIENT ( this is what in OIM database)
I need to validate also the relationship, between all the components.
thanks,
TGI believe for trusted reconciliation with OID, the OOTB connector does not allow for additional attributes to be populated no the Xellerate User object. I beleive it only retrieves a set list of attributes that are requried for creating an OIM user and also adds in the additional values for Xellerate Role, and Xellerate Type, and Organization.
I would suggest you create a new Resource Object, marked as trusted, called OID Trusted. Duplicate your recon lookup to have only values needed for your trusted recon. Create an event handler/entity adapter on your Users data object which will populate the Xellerate Role, Xellerate Type, and Organization to populate these values. Then create a provisioning process definition with no additional tasks. Map all your reconciliation fields to your Xellerate User object. Then create a duplicate scheduled task of the OOTB OID recon and set your Resource Object to OID Trusted. Also, don't forget to create a recon rule and set your recon action rules. Run the recon and there you go.
-Kevin -
OIM to OID Provisioning - Userid getting 'null' in OID
OIM provisioned to OID. When Im creating a user in OIM and provisioning the OID resource, the userid is getting 'null' value in OID.
Any reasons? How to fix this ?
I have checked the design console and the ldapuserDNPrefix is mapped to uid.Hi,
You have to had an another atrribute in order to make it work:
Solution
While creating a user account on Oracle Internet Directory through Oracle Identity Manager, the
user ID that you specify is assigned to the cn field of Oracle Internet Directory.
If required, you can customize the mapping so that the user ID is assigned to the uid field of
Oracle Internet Directory.
1.In the Design Console, open the AttrName.Prov.Map.OID lookup definition.
2.Change the decode value of the ldapUserDNPrefix code key to uid.
*3.Add the following item to AttrName.Prov.Map.OID lookup defintion*
Code key "User ID", decode value "uid".
Please note that Key is case sensitive. -
OID provisioning from OIM
i have deployed and configured OID connector but users not provisioned to OID. it gives INVALID_NAMING_ERROR. what could be the possible reason.please check and reply :
View IT Resource Details and Parameters
IT Resource Name OID IT Resource
IT Resource Type OID Server
Port 389
Use XL Org Structure false
Last Trusted Delete Recon TimeStamp
CustomizedReconQuery
SSL false
Server Address 10.76.118.72
Recon Attribute Lookup Code AttrName.Recon.Map.OID
Root DN dc=ad,dc=infosys,dc=com
Admin Id cn=orcladmin,cn=Users,dc=ad,dc=infosys,dc=com
Last Target Recon TimeStamp
Last Target Delete Recon TimeStamp
Last Trusted Recon TimeStamp
Admin Password *********
Prov Attribute Lookup Code AttrName.Prov.Map.OID -
OIM-OID 11g provisioning connector
Hi all,
we are performing OIM-OID (both 11.1.1.5) user provisioning, please can anybody let me know which version of connector we have to use and provide us the steps to perform the installation of the connector.
We used 9.0.4.12 connector for OIM 9i. If we have to use different version of connector for 11g other than this please provide the link and version detail of the connector.
Thank you.Hi,
Where you able to achieve this?? i have similar requirment where, i have added 5 custom attributes in both OIM and OID, when i create the users these attributes doesnot get updated on OID....should i add these UDF in any objectclass which OIM understands??please suggest
Thanks in advance -
i am able to provision users from oim to oid
but reconciliation is not working
command prompt is not showing any error when reconciliation tasks are running
following are the details
OID Lookup Reconciliation Task
LookupCodeName Lookup.OID.Organization
ITResourceName OID IT Resource
SearchContext cn=Users,dc=ad,dc=infosys,dc=com
ObjectClass OrganizationalUnit
CodeKeyLTrimStr [NONE]
CodeKeyRTrimStr ,dc=ad,dc=infosys,dc=com
ReconMode UPDATE
AttrType ou
OID User Recon Task
IsNativeQuery no
ITResourceName OID IT Resource
ResourceObjectName OID User
XLDeleteUsersAllowed false
UserContainer cn=Users,dc=ad,dc=infosys,dc=com
Keystore [NONE]
Organization Xellerate Users
Xellerate Type End-User Administrator
Role Consultant
TrustedSource true
PageSize 100
command prompt shows : (both the above task are set to run at recurring intervals of 5 minutes)
15:14:08,027 INFO [OID] tcTskOIDUserReconciliation LDAP RECONCILIATION CLASS In
stance Created
15:14:08,074 INFO [OID] Parameter Variables passed into tcUtilLDAPOperations:t
cUtilLDAPOperations(): Login Variables are:: are sServerName = 10.76.118.72, sPo
rtNo = 389, sPrincipalDN = cn=orcladmin,cn=Users,dc=ad,dc=infosys,dc=com, sProvi
derURL = ldap://10.76.118.72:389,
15:14:08,074 INFO [OID] Parameter Variables passed into tcUtilLDAPOperations:c
onnectToLDAP(s): are pContainerContext = ,
15:14:08,074 INFO [OID] Parameter Variables passed into tcUtilLDAPOperations:c
onnectToLDAP(s) provider URL before encoding: are sProviderURL = [ldap://10.76.1
18.72:389/],
15:14:08,074 INFO [OID] Parameter Variables passed into tcUtilLDAPOperations:c
onnectToLDAP(s) provider URL After encoding: are sProviderURL = [ldap://10.76.11
8.72:389],
15:14:08,090 INFO [OID] tcUtilLDAPOperationsParameter Variables passed are: pSe
archBase = [cn=Users,dc=ad,dc=infosys,dc=com], pFilterExpression = [(&(&(&(&(&(&
(objectclass=top)(objectclass=person))(objectclass=organizationalPerson))(object
class=inetOrgPerson))(objectclass=orclUser))(objectclass=orclUserV2))(modifyTime
stamp>=20100113094308Z))], pIsRelative = [true], pAttrNames = [[Ljava.lang.Strin
g;@fc0359]
15:14:08,105 INFO [OID] >>Next Page
Edited by: user12240044 on Jan 13, 2010 1:45 AMu mean to say i need to run only the user recon task and not the lookup task in case i want to reconcile oid users to xellerate users org in oim
i provided the details stated by you:
refer below:
IsNativeQuery no
ITResourceName OID IT Resource
ResourceObjectName OID User
XLDeleteUsersAllowed false
UserContainer cn=Users,dc=ad,dc=infosys,dc=com
Keystore [NONE]
Organization Xellerate Users
Xellerate Type End-User Administrator
Role Consultant
TrustedSource true
PageSize 100
but still the users are not reconciled
the command prompt shows the following :
16:52:00,047 INFO [OID] tcTskOIDUserReconciliation LDAP RECONCILIATION CLASS In
stance Created
16:52:00,109 INFO [OID] Parameter Variables passed into tcUtilLDAPOperations:t
cUtilLDAPOperations(): Login Variables are:: are sServerName = 10.76.118.72, sPo
rtNo = 389, sPrincipalDN = cn=orcladmin,cn=Users,dc=ad,dc=infosys,dc=com, sProvi
derURL = ldap://10.76.118.72:389,
16:52:00,109 INFO [OID] Parameter Variables passed into tcUtilLDAPOperations:c
onnectToLDAP(s): are pContainerContext = ,
16:52:00,109 INFO [OID] Parameter Variables passed into tcUtilLDAPOperations:c
onnectToLDAP(s) provider URL before encoding: are sProviderURL = [ldap://10.76.1
18.72:389/],
16:52:00,109 INFO [OID] Parameter Variables passed into tcUtilLDAPOperations:c
onnectToLDAP(s) provider URL After encoding: are sProviderURL = [ldap://10.76.11
8.72:389],
16:52:00,140 INFO [OID] tcUtilLDAPOperationsParameter Variables passed are: pSe
archBase = [cn=Users,dc=ad,dc=infosys,dc=com], pFilterExpression = [(&(&(&(&(&(&
(objectclass=top)(objectclass=person))(objectclass=organizationalPerson))(object
class=inetOrgPerson))(objectclass=orclUser))(objectclass=orclUserV2))(modifyTime
stamp>=20100113111800Z))], pIsRelative = [true], pAttrNames = [[Ljava.lang.Strin
g;@9cba32]
16:52:00,140 INFO [OID] >>Next Page
what does pContainercontext implies? -
OID Trusted reconciliation failed
Hi,
I am trying to do trusted reconciliation from OID. Reconciliation task is failed and following are the error logs found:
ERROR QuartzWorkerThread-1 XL_INTG.OID - ====================================================
ERROR QuartzWorkerThread-1 XL_INTG.OID - Exception at com.thortech.xl.integration.OID.schedule.tasks.tcTskOIDUserReconciliationprocessBatch(): [B cannot be cast to java.lang.String
ERROR QuartzWorkerThread-1 XL_INTG.OID - ====================================================
I am trying to reconcile the OOTB fields (cn,sn,givenName,userPassword) and 2 user defined fields (text based).
Can anyone let us know when this casting exception will be thrown?
- Kalyan MutyaYep mappings are poor, I created an entity adapter for the EMP_TYPE & USR_TYPE, users are reconciling.
There is still an issue with the reconciliation.
I can provision all attributes on the OIM user account to their coresponding OID attributes, but when I reconcile I process all attributes, but the xellerate user only links the default ones
LastName
Organization
First Name
User ID
Xellerate Type
Email
Role
I have checked and rechecked the mappings, This is on 9.0.3.1672 using the 9.0.4.1 connector.
Any ideas? -
Problem OIM OID Ldap Sync Configuration in 11g.
Hi Team,
I am doing OIM and OID LDAP Sync configuration There It is failed in "Configuration Process" Step.
and also in weblogic OIM Maganaged server in ADMIN mode not in running mode.
please find the both logs.
*********************************Weblogic Logs**********************************************
Enter username to boot WebLogic server:weblogic
Enter password to boot WebLogic server:
<28-Sep-2012 14:07:44 o'clock BST> <Info> <Management> <BEA-141107> <Version: We
bLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 2011 1398638 >
<28-Sep-2012 14:07:47 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
r state changed to STARTING>
<28-Sep-2012 14:07:47 o'clock BST> <Info> <WorkManager> <BEA-002900> <Initializi
ng self-tuning thread pool>
<28-Sep-2012 14:07:48 o'clock BST> <Notice> <Log Management> <BEA-170019> <The s
erver log file E:\Oracle\Middleware\user_projects\domains\IAM_domain\servers\oim
server1\logs\oimserver1.log is opened. All server side log events will be writ
ten to this file.>
28-Sep-2012 14:07:56 oracle.security.am.common.nap.util.NAPLogger log
SEVERE: Failed to communicate with any of configured Access Server, ensure that
it is up and running.
<28-Sep-2012 14:07:57 o'clock BST> <Notice> <Security> <BEA-090082> <Security in
itializing using security realm myrealm.>
<28-Sep-2012 14:08:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
r state changed to STANDBY>
<28-Sep-2012 14:08:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
r state changed to STARTING>
<28-Sep-2012 14:08:20 o'clock BST> <Warning> <oracle.jps.upgrade> <JPS-06003> <C
annot migrate credential folder/key ADF/anonymous#oimBpelCredKey.Reason oracle.s
ecurity.jps.service.credstore.CredentialAlreadyExistsException: JPS-01007: The c
redential with map ADF and key anonymous#oimBpelCredKey already exists..>
<28-Sep-2012 14:08:21 o'clock BST> <Warning> <oracle.adf.share.ADFContext> <BEA-
000000> <Automatically initializing a DefaultContext for getCurrent.
Caller should ensure that a DefaultContext is proper for this use.
Memory leaks and/or unexpected behaviour may occur if the automatic initializati
on is performed improperly.
This message may be avoided by performing initADFContext before using getCurrent
To see the stack trace for thread that is initializing this, set the logging lev
el of oracle.adf.share.ADFContext to FINEST>
<28-Sep-2012 14:08:24 o'clock BST> <Error> <Deployer> <BEA-149205> <Failed to in
itialize the application 'oim [Version=11.1.1.3.0]' due to error oracle.iam.plat
form.utils.OIMAppInitializationException:
OIM application intialization failed because of the following reasons:
oim-config.xml was not found in MDS Repository.
Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
Password for OIMSchemaPassword is not seeded in CSF.
Password for xell is not seeded in CSF.
Password for DataBaseKey is not seeded in CSF.
Password for JMSKey is not seeded in CSF.
Password for .xldatabasekey is not seeded in CSF.
Password for default-keystore.jks is not seeded in CSF.
Password for SOAAdminPassword is not seeded in CSF.
oracle.iam.platform.utils.OIMAppInitializationException:
OIM application intialization failed because of the following reasons:
oim-config.xml was not found in MDS Repository.
Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
Password for OIMSchemaPassword is not seeded in CSF.
Password for xell is not seeded in CSF.
Password for DataBaseKey is not seeded in CSF.
Password for JMSKey is not seeded in CSF.
Password for .xldatabasekey is not seeded in CSF.
Password for default-keystore.jks is not seeded in CSF.
Password for SOAAdminPassword is not seeded in CSF.
at oracle.iam.platform.utils.OIMAppInitializationListener.preStart(OIMAp
pInitializationListener.java:145)
at weblogic.application.internal.flow.BaseLifecycleFlow$PreStartAction.r
un(BaseLifecycleFlow.java:282)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
dSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
120)
at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListene
rAction.invoke(BaseLifecycleFlow.java:199)
Truncated. see log file for complete stacktrace
Caused By: oracle.iam.platform.utils.OIMAppInitializationException:
OIM application intialization failed because of the following reasons:
oim-config.xml was not found in MDS Repository.
Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
Password for OIMSchemaPassword is not seeded in CSF.
Password for xell is not seeded in CSF.
Password for DataBaseKey is not seeded in CSF.
Password for JMSKey is not seeded in CSF.
Password for .xldatabasekey is not seeded in CSF.
Password for default-keystore.jks is not seeded in CSF.
Password for SOAAdminPassword is not seeded in CSF.
at oracle.iam.platform.utils.OIMAppInitializationListener.preStart(OIMAp
pInitializationListener.java:145)
at weblogic.application.internal.flow.BaseLifecycleFlow$PreStartAction.r
un(BaseLifecycleFlow.java:282)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
dSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
120)
at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListene
rAction.invoke(BaseLifecycleFlow.java:199)
Truncated. see log file for complete stacktrace
>
<28-Sep-2012 14:08:24 o'clock BST> <Warning> <Munger> <BEA-2156203> <A version a
ttribute was not found in element application in the deployment descriptor in E:
\Oracle\Middleware\Oracle_IDM1\server\apps\spml-xsd.ear/META-INF/application.xml
. A version attribute is required, but this version of the Weblogic Server will
assume that the JEE5 is used. Future versions of the Weblogic Server will reject
descriptors that do not specify the JEE version.>
<28-Sep-2012 14:08:24 o'clock BST> <Warning> <Munger> <BEA-2156203> <A version a
ttribute was not found in element application in the deployment descriptor in E:
\Oracle\Middleware\user_projects\domains\IAM_domain\servers\oim_server1\tmp\_WL_
user\spml-xsd\s8d2b9/META-INF/application.xml. A version attribute is required,
but this version of the Weblogic Server will assume that the JEE5 is used. Futur
e versions of the Weblogic Server will reject descriptors that do not specify th
e JEE version.>
<28-Sep-2012 14:08:24 o'clock BST> <Emergency> <Deployer> <BEA-149259> <Server '
oim_server1' in cluster 'OIM_Cluster' is being brought up in administration stat
e due to failed deployments.>
Loading xalan.jar for XPathAPI.
14:08:30 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] -
----------------- NEXAWEB SERVER LICENSE ------------------
- Customer ID : 122
- License type : Enterprise
- Max unique IPs : unlimited
- Max XUL sessions : unlimited
- Max CPUs/server : unlimited
- Clustering allowed : true
- Expiration date : none
Nexaweb Technologies Inc.(C)2000-2004. All Rights Reserved.
Nexaweb Technologies Inc.
10 Canal Park
Cambridge, MA 02141
Tel: 617.577.8100. Email: [email protected]
14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] - Clustering is OFF.
14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] - Servlet Engine: WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PD
T 2011 1398638 Oracle WebLogic Server Module Dependencies 10.3 Thu Mar 3 14:37:5
2 PST 2011 Oracle WebLogic Server on JRockit Virtual Edition Module Dependencies
10.3 Thu Feb 3 16:30:47 EST 2011
14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] - Servlet API Version: 2.5
14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] - Nexaweb Server Info = Nexaweb Server 3.3.1072
14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] - Nexaweb Server initialized successfully.
<28-Sep-2012 14:08:34 o'clock BST> <Notice> <Log Management> <BEA-170027> <The S
erver has established connection with the Domain level Diagnostic Service succes
sfully.>
<28-Sep-2012 14:08:34 o'clock BST> <Notice> <Cluster> <BEA-000197> <Listening fo
r announcements from cluster using unicast cluster messaging>
<28-Sep-2012 14:08:34 o'clock BST> <Notice> <Cluster> <BEA-000133> <Waiting to s
ynchronize with other running members of OIM_Cluster.>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
ult[2]" is now listening on 127.0.0.1:14000 for protocols iiop, t3, CLUSTER-BROA
DCAST, ldap, snmp, http.>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
ult[3]" is now listening on 0:0:0:0:0:0:0:1:14000 for protocols iiop, t3, CLUSTE
R-BROADCAST, ldap, snmp, http.>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
ult[1]" is now listening on fe80:0:0:0:0:5efe:a2f:f22a:14000 for protocols iiop,
t3, CLUSTER-BROADCAST, ldap, snmp, http.>
<28-Sep-2012 14:09:04 o'clock BST> <Warning> <Server> <BEA-002611> <Hostname "UK
SHWTOAP03A.skandia.co.uk", maps to multiple IP addresses: 10.47.242.42, 0:0:0:0:
0:0:0:1>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
ult" is now listening on 10.47.242.42:14000 for protocols iiop, t3, CLUSTER-BROA
DCAST, ldap, snmp, http.>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000330> <Start
ed WebLogic Managed Server "oim_server1" for domain "IAM_domain" running in Prod
uction Mode>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
r state changed to ADMIN>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000360> <Serve
r started in ADMIN mode>
**********************************OIM OID Ldap Sync Configuration Logs****************************
[2012-09-28T14:49:11.171+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
[OIM_CONFIG] Updating Ldap Sync Configuration
[2012-09-28T14:49:11.171+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: configurationLdap] ENTRY
[2012-09-28T14:49:11.171+01:00] [as] [TRACE] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: oracle.as.install.oim.config.util.LdapSync] [SRC_METHOD: configurationLdap] Create the Database connection
[2012-09-28T14:49:11.171+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: createDBConnection] ENTRY
[2012-09-28T14:49:11.296+01:00] [as] [TRACE] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: oracle.as.install.oim.config.util.LdapSync] [SRC_METHOD: configurationLdap] isLIBOVD:true
[2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: closeDBConnection] ENTRY
[2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: closeDBConnection] RETURN
[2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: configurationLdap] RETURN
[2012-09-28T14:49:11.312+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
Updated LDAP Server Details in mds schema
[2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: configurationLdap] RETURN
[2012-09-28T14:49:11.812+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [OIM_CONFIG] Updated LDAPContainerRules.xml.
[2012-09-28T14:49:11.812+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: mdsMetadata] [SRC_METHOD: loadEventhandler] RETURN
[2012-09-28T14:49:14.687+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
[OIM_CONFIG] Created jobs using seedSchedulerData. Log location C:\Program Files\Oracle\Inventory\logs
[2012-09-28T14:49:14.687+01:00] [as] [ERROR] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] File not found[[
java.io.FileNotFoundException: File not found
at java.util.zip.ZipFile.open(Native Method)
at java.util.zip.ZipFile.<init>(ZipFile.java:117)
at java.util.jar.JarFile.<init>(JarFile.java:135)
at java.util.jar.JarFile.<init>(JarFile.java:72)
at oracle.as.install.oim.config.util.RoleSODJarUtil.updateFile(RoleSODJarUtil.java:32)
at oracle.as.install.oim.config.OIMConfigManager.configureOIM(OIMConfigManager.java:783)
at oracle.as.install.oim.config.OIMConfigManager.doExecute(OIMConfigManager.java:538)
at oracle.as.install.engine.modules.configuration.client.ConfigAction.execute(ConfigAction.java:335)
at oracle.as.install.engine.modules.configuration.action.TaskPerformer.run(TaskPerformer.java:87)
at oracle.as.install.engine.modules.configuration.action.TaskPerformer.startConfigAction(TaskPerformer.java:104)
at oracle.as.install.engine.modules.configuration.action.ActionRequest.perform(ActionRequest.java:15)
at oracle.as.install.engine.modules.configuration.action.RequestQueue.perform(RequestQueue.java:63)
at oracle.as.install.engine.modules.configuration.standard.StandardConfigActionManager.start(StandardConfigActionManager.java:158)
at oracle.as.install.engine.modules.configuration.boot.ConfigurationExtension.kickstart(ConfigurationExtension.java:81)
at oracle.as.install.engine.modules.configuration.ConfigurationModule.run(ConfigurationModule.java:83)
at java.lang.Thread.run(Thread.java:662)
[2012-09-28T14:49:14.687+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
[OIM_CONFIG] Failed configuration step Configure OIM Server
[2012-09-28T14:49:14.702+01:00] [as] [ERROR] [] [oracle.as.install.engine.modules.configuration.standard.StandardConfigActionManager] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] One or More configurations failed. Exiting
[2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:CONFIG
[2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:INTERVIEW
[2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:INSTALL
[2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:COPY
[2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:LINK
[2012-09-28T14:49:14.765+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Setting valueOf(IS CONFIGURATION SUCCESSFUL) to:false. Value obtained from:USER
[2012-09-28T15:11:21.461+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine] [tid: 11] [ecid: 0000JcD2jfD9pYjpp0_AiY1GPQHh000002,0] Setting valueOf(IS CONFIGURATION SUCCESSFUL) to:false. Value obtained from:USER
[2012-09-28T15:11:27.914+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine] [tid: 11] [ecid: 0000JcD2jfD9pYjpp0_AiY1GPQHh000002,0] Setting valueOf(IS CONFIGURATION SUCCESSFUL) to:false. Value obtained from:USER
Regards,
Ravi.Your log files too give some hint... Please verify whether following files like .xldatabasekey are present in your environment:-
OIM application intialization failed because of the following reasons:
oim-config.xml was not found in MDS Repository.
Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
Password for OIMSchemaPassword is not seeded in CSF.
Password for xell is not seeded in CSF.
Password for DataBaseKey is not seeded in CSF.
Password for JMSKey is not seeded in CSF.
Password for .xldatabasekey is not seeded in CSF.
Password for default-keystore.jks is not seeded in CSF.
Password for SOAAdminPassword is not seeded in CSF.
I doubt whether OIM is properly installed in your environment otherwise .xldatabasekey would have been present in <DOMAIN_HOME>/config/fmwconfig..
Also, as far as Weblogic starting in ADMIN mode is concerned, you may try to do the following...
ps -eaf| grep AdminServer
Kill the process
Then remove the lok file. i.e. Lock files...
rm -rf /home/oracle/Oracle/Middleware/user_projects/domains/oimdomain/servers/oim_server1/tmp/*oim_server1.lok*
rm -rf /home/oracle/Oracle/Middleware/user_projects/domains/oimdomain/servers/soa_server1/tmp/*soa_server1.lok*
rm -rf /home/oracle/Oracle/Middleware/user_projects/domains/oimdomain/servers/AdminServer/tmp/*AdminServer.lok*
After that
Take the backup of /home/oracle/Oracle/Middleware/user_projects/domains/<DOMAIN_HOME>/servers/AdminServer/data/ldap/ldapfiles (I mean CUT this folder and save it in Backup folder..
Share the result with us.... -
OIM 11gR2 provisioning with GTC
Hello,
We are curently implementing Oracle Identity Manager 11gR2, and we are having difficulties with the implementation of the provisioning from OIM to the Target Systems exposed through a webservice on Oracle Service Bus.
We are using the Generic Technology Connectors as a basis of working. And initially we have created a GTC with only reconciliation Transport & Format Providers:
Connector Name TargetSystem1
Transport Provider (Provisioning):
Format Provider (Provisioning):
Transport Provider (Reconciliation): Database Application Tables Reconciliation
Format Provider (Reconciliation): Database Application Tables Reconciliation
We have configured the Process Definition of TargetSystem1 with all the operations (Create User, Update User, Enable User, Disable User, Delete User, etc.) connected with custom Java implementations, that are working just fine is we trigger them form Eclipse. The “Create User” task has only “Required for Completion”, “Allow Cancelation while Pending” and “Allow multiple instances” check boxes set to CHECKED; it also has all the fields in Integration TAB mapped, Responses mapped, but when we create a User in OIM and provision it with an account on the TargetSystem1_GTC Application Instance, the provisioning process in not accessing the “Create User” task to make the provisioning in the target system. The user that we are trying to provision has the account Status set to “Provisioning” and the Account Type set to “Unknown”. We have also checked the logs of OSB, but there is no activity there, because no request from OIM is being received.
After we investigated more closely the Oracle documentation for the Generic Technology Connectors we discovered that if we do not select Transport & Format Providers during the GTC creation, then the corresponding steps are not performed and they are not initialized, thus the provisioning cannot be done. The documentation also states that if we need to create custom providers in order to make the Provisioning with the GTC, but unfortunately we have no knowledge or any examples on how to do such custom providers for the provisioning of Users from OIM on the target systems via the Oracle Service Bus.
We have installed a second GTC with both provisioning and reconciliation Transport & Format Providers:
Connector Name: TargetSystem2
Transport Provider (Provisioning): Web Services
Format Provider (Provisioning): SPML
Transport Provider (Reconciliation): Database Application Tables Reconciliation
Format Provider (Reconciliation): Database Application Tables Reconciliation
The Web Services and SPML options were the only options that we could select from the out of the box connectors that are installed, and we did not find any other connectors in the download section of Oracle for this product, that can accommodate such communication. So, we configured the provisioning accordingly, and modified the “Create User” task from the TargetSystem2_GTC Process Definition, in order to use our custom adaptor instead of the adpTargetSystem2_GTC adapter that was preset when the TargetSystem2_GTC is created. But this does not help us, because the provisioning is not done, and the “Create User” task is not used. The user that we are trying to provision has the account Status set to “Provisioning” and the Account Type set to “Unknown”.
Next we tried to see if the GTC can be used to communicate directly with the OSB, using the Web Services Transport Provider and SPML Format Provider, and we did not make any modifications to the after the normal installation of the TargetSystem2 GTC. In this case the we can see that the OSB is being accessed by OIM, but unfortunately this case does not help us also, because the operations implemented on the OSB webservice have a different structure then the one SPML expects as default:
Caused by: com.thortech.xl.gc.exception.XSDValidationException: The SOAP response does not contain a valid SPML response type. Should be one of these -->addResponse modifyResponse deleteResponse resumeResponse suspendResponse setPasswordResponse
Do you have any suggestion on how to make the provisioning process work?
Edited by: user1717356 on 22.10.2012 03:22Hi,
I think you need to put this check only for few attributes?
If Yes, then lets suppose you want to have a check for Country Field in Database which once modified by target Admin, then OIM should know.
1) Create one dummy field CountryDummy (Hidden) in OIM TargetProcess form and dont map it to any target attributes. This dummy field will only store values populated from OIM user profile to -> DB Connector Process Form.
2) On success of "Reconcilation Update Recievced", Put a custom process task which does a comparison with "CountryDummy" & "Country" and inform Admin using email notifications that this mismatch has been found.
HTH,
~J -
I always hear these things from Oracle, OAM, OIM, OID and OVD. are they the same thing? if not, I belive they are related since people always mention them together, then, what's relationship? please clarify
I'm new to Oracle identity management products. please let me know if there are any others products closely relate to above in this family.
ThanksHi,
Each and every thing performs specific role,It will interdependent you can say when it comes to implementation.
OAM->oracle access manager=performing authentication and authorization of web based and non webbased resources by protecting them.
OIM->oracle identity manager =managing identities of organisation,integrating and provisioning(giving access) to various application and single sign on.
OID->oracle internet directory=its one of the directory server like sun directory server,AD for managing user data.
OVD->oracle virtual directory=its a virtual directory server which provides only view from multiple directory servers.
Please go through oracle docs for more info.
Thanks,
Ragu.
Maybe you are looking for
-
How to get data from multiple tables
Hello Everyone, I need to read data from a few tables (VBAK, VBAP, VBUK, VBUP etc.) because I'd like to get all open Sales Orders. I've tried to use RFC_READ_TABLE but it looks like it can read only 1 table at a time. I've tried to read data from ind
-
HT4993 how to factory unlock Iphone 5 Sprint
How to factory unlock iphone 5 Sprint carrier
-
Disabling Bonjour causes MAJOR issues with Itunes
In case anyone doesn't know, Itunes now ships with a service called Bonjour, which shares your files without asking you, online and via bluetooth. Disabling this service makes Itunes completely unusable, therefore we are being FORCED to share our per
-
Is it o.k. to use original iPhone dock for iPhone 4S?
I've still had my original iPhone dock. I connected my new iPhone 4S to the original dock. It is working good to syncing on iTune with no problem I think... If this works, can I use this original dock with iPhone 4S? As I know, new iPhone 4S dock is
-
ACE - Port-channel High Availability
We have configured two ACEs with high Availability. ACEs link with our cores, switches cat6500, through a port-channel, ACE's ports G1/1 and G1/2. High availability works fine if some vlan down but it doesn't work if an interface down, only if both i