OIM SPML lookup requests

Similar Messages

• Extending Modify Request OIM SPML Webservice

  can you please help me with any document related to enabling OIM web serives to other applications for modifying attributes in OIM.
  Modify Request it allows only OOTB default attributes i want to extend the schema for custom attributes. please let me know if have steps for it?

  I could not find examples on the modifyRequest. SPML Attributes and LDAP Mappings, and Oracle Identity Manager Attributes does talk about custom attributes and the addRequest example seems to contain section for User Defined Field. You may want to post this question to the Identity Management (MOSC) support forum.
  Jani Rautiainen
  Fusion Applications Developer Relations
  https://blogs.oracle.com/fadevrel/

• Building WSDL client for OIM SPML webservice

  Has any one created WSDL client for OIM SPML webservice,
  Any help is appreciated.
  Thanks,
  Pandu
  old thread -->
  add udfs to spml prov. request to oim
  ==========================
  Hi,
  I am provisioning users in OIM from by sending spml requests
  I used the sample client that comes in xellerate directory.
  How can I update spml requests to include UDFs to create user in him with udf s.
  Thanks
  Pandu
  Edited by: pandu345 on Aug 5, 2009 3:27 PM

  Hello there,
  There is a .NET web service client which is successfully able to access the weblogic application server wsdl from oim 9101 and it can see the complete user profile as a response from the same.
  1.) Now, there is a situation where oim needs to send some attribute values to that .NET web service client, after the data from their side comes to OIM and updates a single attribute values for e.g. PIN. How can we do that ?
  2.) and I want to add some UDFs into the existing SPML provisioning user profile. How can I do that ?
  3.) Also, how will OIM know that it was able to successfully send the attribute values to the web service client.
  http://download.oracle.com/docs/cd/E10391_01/doc.910/e10360/creategtc.htm#Toc153968032
  I have gone through this. I didnt found this in OIM 9101.
  Any ideas/references/clues/hints appreciated in this concern.
  Thanks in advance,
  - oidm.

• SPML Modify Request failure

  Hi,
  I am trying to trigger a SPML Modify request with the modification mode as Add.
  But it always returns failure with an IAM # . No specifc reason as such.
  Can any tell me as how the request identifies the User for the which the modify needs to apply , Is it purely based on PSO ID? I tried passing in the PSO Id as identity:orclguid
  What is the value we need to pass for PSO id?

  Hi ,
  I use the OOTB SPML I suppose , I am totally new to this IDM .
  We are using OIM 11g .
  We have an usecase to create user and assign role to user from an externall application into OID , for this we are using the SPML webservice.
  SPML takes the PSO Id to identify the user , So I am not able to find the attribute which I could pass on.
  More over basic question , any resource I am created from SPML webservice , it creates a request in OIM and I am not sure how I can see the same in ODSM, So is this done by connectors and we need to have anconfiguration or mapping that needs to take care of the same?
  So using SPML is the right approach to provision users to OID (create User,Grant Role to User)
  I also do not see any Distingushed Name attribute in OIM , How wil the users i create using SPML go to the exact subtree I wish to insert. I am not able to find any docs which can help me , all the docs seems to be very generic
  Thanks,
  Robin

• Automount lookup request tracing

  Hello all,
  I am getting lots of entries in my messages file for some process that is trying to access a nfs automount directory that doesn't exist.
  Is there a way I can track down what program is trying to access this.
  May  5 20:12:09 server1 automountd[22775]: [ID 801587 daemon.error] mynfsserver:/home/lib: No such file or directory
  May  5 20:12:09 server1 last message repeated 5 times
  May  5 20:15:58 server1 automountd[22775]: [ID 801587 daemon.error] mynfsserver:/home/lib: No such file or directory
  May  5 20:17:09 server1 last message repeated 17 times
  May  5 20:22:09 server1 automountd[22775]: [ID 801587 daemon.error] mynfsserver:/home/lib: No such file or directoryWe do have autofs and nfs on and do share some things under the /home share, but nothing under /home/lib. So something is trying to access that repeatedly.
  I turned on some automount debugging, but it doesn't show me what process or program is causing it.
  I ran a "ls -l /net/=9" to turn on debugging. Then I looked at "/var/svc/log/system-filesystem-autofs:default.log" logs and it shows some information:
  t14     LOOKUP REQUEST: Tue May  5 20:15:58 2009
  t14       name=lib[] map=auto_home opts=nobrowse path=/home direct=0
  t14       PUSH /etc/auto_home
  t14     getmapent_ldap called
  t14     getmapent_ldap: key=[ lib ]
  t14     ldap_match called
  t14     ldap_match: key =[ lib ]
  t14     ldap_match: ldapkey =[ lib ]
  t14       ldap_match: Requesting list for (&(objectClass=automount)(automountKey=lib)) in auto_home
  t14       ldap_match: __ns_ldap_list FAILED (2)
  t14       ldap_match: no entries found
  t14     ldap_match called
  t14     ldap_match: key =[ \2a ]
  t14     ldap_match: ldapkey =[ \2a ]
  t14       ldap_match: Requesting list for (&(objectClass=automount)(automountKey=\2a)) in auto_home
  t14       ldap_match: __ns_ldap_list OK
  t14       ldap_match: found: mynfsserver:/home/&
  t14     getmapent_ldap: exiting ...
  t14       POP /etc/auto_home
  t14       mapline: mynfsserver:/home/&
  t14
          mapline_to_mapent:
  t14       (,)    /lib -
  t14             me->map_fsw=mynfsserver:/home/lib
  t14              mntlevel=-1    modify=FALSE    faked=FALSE err=0
  t14
          hierarchical_sort:
          (, -1, )
  t14
          push_options (return)
          default options=nobrowse
          (, -1, nobrowse)
  t14
          parse_fsinfo:
  t14       (nfs,nfs)      /lib -nobrowse
                  mynfsserver:/home/lib
  t14             me->map_fsw=
  t14              mntlevel=-1    modify=FALSE    faked=FALSE err=0
  t14       node mountpoint        travpath=
  t14
          set_and_fake_mapent_mntlevel
          (, 0, nobrowse)
  t14
          modify_mapents:
  t14       (nfs,nfs)      /lib -nobrowse
                  mynfsserver:/home/lib
  t14             me->map_fsw=
  t14              mntlevel=0     modify=FALSE    faked=FALSE err=0
  t14       do_lookup1: action=0 wildcard=TRUE error=0
  t14     LOOKUP REPLY    : status=0But I really need to track down and stop the process or program from doing it.
  Thanks
  Steve

  Seems like a good target for dtrace. I'd start with the dtrace toolkit and take a look at 'opensnoop'. I'm hoping that your process is actually trying to open the file and not just stat it or something. Grep for your filesystem. I don't think you can pass the unmountable directory to the snoop because it'll want the full path to the file, and you don't know that.
  Darren

• Character Encoding OIM - SPML

  Hello Forum,
  When I send a SearchRequest to OIM SPML Webservice, OIM returns this:
  HTTP/1.1 200 OK
  Server: Apache-Coyote/1.1
  X-Powered-By: Servlet 2.4; JBoss-4.0.3SP1 (build: CVSTag=JBoss_4_0_3_SP1 date=200510231054)/Tomcat-5.5
  Content-Type: text/xml;charset=utf-8
  Transfer-Encoding: chunked
  Date: Tue, 31 Jul 2012 12:03:28 GMT
  <?xml version="1.0" encoding="UTF-8"?>
  <ns6:attr name="Users.Last Name" xmlns:ns6="urn:oasis:names:tc:DSML:2:0:core"><ns6:value>P&_#_x_F_3;rtal</ns6:value></ns6:attr>
  As you can observe, spml webservice seems that is using HTML Character Entity References for enconding "ó" (I had to underscore because of the interpretation of the browser it is &#xF3 ; ). This is causing me some headache with the other side integrators, that argue that messages are not coming in UTF-8 encoding.
  We mantain that the message is still UTF-8, but somehow there's being an encoding. ¿Is this normal?¿Do we have any misconfiguration in our environment?
  The most curious thing, is that SOAPUi on raw view of the response, shows the encoded data P&#xF3 ;rtal, but in the XML view shows "Pórtal", so SOAPUi is reencoding accordingly the data.
  Is it possible that the spml message contains "ó" instead of its HTML Character Entity Reference encoding?
  Thanks in advanced.
  Xisco.
  Edited by: user10084309 on 31-jul-2012 5:48
  Edited by: user10084309 on 31-jul-2012 5:51

  Sorry, in the example I gave, the none-english letters looks like this:
  &# 1490;&# 1497;&# 1488;(I made the space between the # and the number delibertly to prevent it from being presented as a letter ...).

• Anticipating content lookup requests

  We're in the process of trying to roll out OSD to production. Too many content location requests can peg the MP.
  We're aware of CPU spikes related to large numbers of content lookup requests associated primarily with software update deployments. Of primary concern is when we make updates available to 20,000 computers.
  What we see is that even when we deploy the content to the collection off hours (say 1am) , the desktops will download content off-hours. Then, beginning around 8am we see a steady progression in the number of clients checking in. What we are trying to work
  towards is being able to predict how many content lookups we anticipate at any given points.
  We know that at any minute where we attempt to process more than 3,000 content lookups in the same minute, the SQL processor gets pegged, and the MP log states a timeout - which could potentially impact OSD.
  Has anyone else attempted to track when clients enter the environment, how many content location requests are placed per minute/hour etc?  <cough cough> GARTH JONES? </cough cough> We can attempt to archive the SQL table with the policy
  timestamp, and check for differences, but this is not necessarily a reflection of whether you needed content or not. I am not aware of any way to track content location requests short of trying to logscrape mp_Location.log..
  If this was possible, the next step would be to try and say 'collections X has 12,000 machines, Y has 3000 machines, and Z has 200 machines, so we expect 15,200 machines to request content on Monday morning. Based on historical averages, we expect x . minute,
  with the threshold of 3,000/minute being exceeded between 8:54am and 9:09am. '
  Thoughts?
  Will

  None if there are no active deployments for all clients ;-)
  You cannot really predict that as there are too many variable parameters. Plus it's not only content location requests that put load on the MP / SQL.
  Torsten Meringer | http://www.mssccmfaq.de
  Funny guy.
  We are being asked to be able to predict when anticipated load will exceed the SQL ability to process all requests without any SQL timeouts, so we will patch something together - was just hoping someone else had already started trying to do something similar.
  Will

• OIM self registrtaion Request

  Hi Friends,
  This is regarding OIM self registration.
  I know that when a request is submitted from Self registration ( create request ) form OIM saves the request number associated with that Request in REQ, RQD tables. Now I would like write a event handler which checks the email id associated with the requestnumber before saving the request to REQ, RQD tables. i.e. on pre_insert. I came to know that tcRequestOperationsIntf API can be used to do this kind of operation...
  Can somebody help in finding the exact method which helps in checking the data(mail id, first name, last name) associated with a request. Does hash table concept work?
  Thank you in advance!!!!
  Edited by: VAYANAKA on Jul 22, 2011 8:59 AM
  Edited by: VAYANAKA on Jul 22, 2011 9:09 AM

  Hi,
  I am writing an pre-insert event handler on tcREQ. When a self reg request is submitted, I want to know the user details before saving( on PRE-INSERT) the User details to REQ table. The API you suggested would fetch the details from REQ table. My requirement is to compare the the mail id submitted by some user in the self reg form with the mail ids present in REQ/RQD tables.
  I wrote small piece of code which prints the user details submitted by a self reg request before saving to REQ table, could not print (find )email address. The consolidated data value attribute is saving only userid, firstname, lastname...
  " <Data><Users><User><UserLogin>test100</UserLogin><FirstName>test100</FirstName><LastName>test100</LastName></User></Users></Data> "
  As per the xml , "REQ_CONSOLIDATED_DATA_VALUE" is having only userid, firstname, lastname fields. Can anybody please let me whether "REQ_CONSOLIDATED_DATA_VALUE" field value can be customized so that other fields like EMail, mobile number etc. can also be saved in it?.....
  Edited by: VAYANAKA on Jul 26, 2011 12:23 AM

• Unable  to work with Workflow Variable through SPML launchProcess Request ?

  Hi,
  I am trying to work with launch process request, which worked well with no error message when I am just using the workflow call through SPML "launchProcess Request " call. But when trying to use any workflow variable then getting exceptions. I don't undertsand about the error message. Is this trying to convert the variable in SIM variable.
  <spml:extendedResponse xmlns:spml='urn:oasis:names:tc:SPML:1:0' xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' result='urn:oasis:names:tc:SPML:1:0#failure'>
  <spml:operationalAttributes>
  <dsml:attr name='errorMessages'>
  <dsml:value>Couldn't find method get4() in class java.lang.String</dsml:value>
  <dsml:value>java.lang.String.get4()</dsml:value>
  <dsml:value>Missing view id.</dsml:value>
  <dsml:value>Missing view id.</dsml:value>
  <dsml:value>Unable to checkin view, missing view id</dsml:value>
  <dsml:value>XPRESS <get> exception:</dsml:value>
  <dsml:value>Couldn't find method get3() in class java.lang.String</dsml:value>
  <dsml:value>java.lang.String.get3()</dsml:value>
  <dsml:value>Missing view id.</dsml:value>
  <dsml:value>Missing view id.</dsml:value>
  <dsml:value>Unable to checkin view, missing view id</dsml:value>
  <dsml:value>XPRESS <get> exception:</dsml:value>
  <dsml:value>Couldn't find method get2() in class java.lang.String</dsml:value>
  <dsml:value>java.lang.String.get2()</dsml:value>
  <dsml:value>Missing view id.</dsml:value>
  <dsml:value>Missing view id.</dsml:value>
  <dsml:value>Unable to checkin view, missing view id</dsml:value>
  <dsml:value>XPRESS <get> exception:</dsml:value>
  <dsml:value>Couldn't find method get1() in class java.lang.String</dsml:value>
  <dsml:value>java.lang.String.get1()</dsml:value>
  <dsml:value>Missing view id.</dsml:value>
  <dsml:value>Missing view id.</dsml:value>
  <dsml:value>Unable to checkin view, missing view id</dsml:value>
  <dsml:value>XPRESS <get> exception:</dsml:value>
  <dsml:value>Couldn't find method get0() in class java.lang.String</dsml:value>
  <dsml:value>java.lang.String.get0()</dsml:value>
  <dsml:value>Missing view id.</dsml:value>
  <dsml:value>Missing view id.</dsml:value>
  <dsml:value>Unable to checkin view, missing view id</dsml:value>
  </dsml:attr>
  Below is the code I am using .
  LighthouseClient client = new LighthouseClient();
       client.setUser("configurator");
       client.setPassword("configurator");
       String url = "http://xyz:8080/idm/servlet/rpcrouter2";
  client.setUrl(url);
       ArrayList mslist = new ArrayList();
       idlist.add("12345");
       System.out.println("UserList :- "+idlist);
       ExtendedRequest extReq = new ExtendedRequest();
       extReq.setOperationIdentifier("launchProcess");
       extReq.setAttribute("process", "TEST_WF");
       extReq.setAttribute("idList",idlist); //workflow Global variable
       ExtendedResponse res = (ExtendedResponse)client.request(extReq);
       if (res.getResult() .equals(ExtendedResponse.RESULT_SUCCESS))
       System.out.println("Workflow was successfully executed");
            } catch (Exception e) {System.out.println("Error : " + e.getMessage());}
  Please suggest me if I am using anything wrong. Its urgent... it halted my work.
  Regards,
  vinash.

  hi,
  in java code you set variable:
  extReq.setAttribute("my_email", "[email protected]");in express code of your workflow (you also can see it in your debugger if you set a breakpoint a the beginning of your workflow):
  <ref>my_email</ref>

• OIM SPML

  Hi,
  I am looking for the capabilities of OIM 11g SPML webservice but couldnt find the details. Can any one let me know if SPML webservice supports request based provisioning operation?
  Thanks in Advance.

  You can use OOTB SPML. Only issue with OOTB SPML is that it doesn't support reconciliations. You would need to add custom webservices for this.
  Regards,
  GP

• OIM SPML provisioning task generic connector

  We need to know how could get a custom message response from generic connector. Right now we are using a message like:
  <addResponse status="Error">
  <psoID ID="150">
  <targetID ID="IDDESTINO"/>
  <containerID ID="ContainerID"/>
  </psoID>
  </addResponse>
  We want to process the message with different status code because with the generic connector always get success when we response with a good formed spml response. We have tryed changing the status to different codes without success.
  Is there some sample code or more information to this issue anywhere?
  Regards

  Hi,
  Thanks a lot for reply. For SPML through web service(custom), I am using Generic connector and when I am trying to create a user using this connector it is hiiting the web service with the request
  <addRequest xmlns="urn:oasis:names:tc:SPML:2:0" xmlns:dsml="urn:oasis:names:tc:DSML:2:0:core">
  <targetID ID="Target5"/>
  <containerID ID="1"/>
  <data>
  <dsml:attr name="objectclass">
  <dsml:value>userobject</dsml:value>
  </dsml:attr>
  <dsml:attr name="lastName">
  <dsml:value>sh</dsml:value>
  </dsml:attr>
  <dsml:attr name="firstName">
  <dsml:value>abc1</dsml:value>
  </dsml:attr>
  </data>
  </addRequest>
  Of course, I want to add more attibute in this one.....but I didnt find any way to add more attribute in this message...or no ways to modify this request.
  With above request it is hiiting the web service and from web service I am returing following reponse as byte array:
  <addResponse status="success">
  <psoID ID="ash">
  <targetID ID="Target5"/>
  <containerID ID="1"/>
  </psoID>
  </addResponse>
  but as the response it is giving following on OIM server window:
  Response: GCPROV.null
  Response Description: An unknown response was received
  Error Details
  Setting task status... "GCPROV.null" does not correspond to a known Response Code. Using "UNKNOWN".
  Can anyone pls help me to figure out this. Also how can I modify SPML message to send more info to the target.
  Thanks in advance

• OIM 11g R1 Request Template issue

  Hi All,
  We are facing an issue with implementing the Request Management of OIM 11g R1 11.1.1.5 for Create User.
  OIM already provides OOTB CreateUserDataSet.xml and a ‘Create User’ Request Template.
  We have changed(customized) the OOTB CreateUserDataSet.xml at the same location in MDS and have created one our own Request Template – ‘Create Custom’.
  We have also added Attribute Restrictions in the ‘Create Custom’  request template for mandatory fields like – ‘Organization’, ‘User Type’ & ’Design Console Access’.
  The issue we are facing is –“After some time(not immediately) the Request Template gets corrupt and does not open thus rendering the Request Process for Create User inoperable.”
  Below is the the log error of the OIM Web console error after we are trying to open ‘Create Custom’ by clicking on the Request Template.
  <ADF_FACES-60096:Server Exception during PPR, #8
  oracle.iam.platform.utils.MinLimitException: size < minimum limit
                  at oracle.iam.platform.canonic.model.Values.setMinLimit(Values.java:187)
                  at oracle.iam.requesttemplate.agentry.operations.OpenActor.renderAttributeRestrictionsTab(OpenActor.java:829)
                  at oracle.iam.requesttemplate.agentry.operations.OpenActor.prepare(OpenActor.java:198)
                  at oracle.iam.consoles.faces.utils.CanonicUtils.prepareOperation(CanonicUtils.java:169)
                  at oracle.iam.consoles.faces.utils.CanonicUtils.prepareOperation(CanonicUtils.java:179)
                  at oracle.iam.consoles.faces.render.canonic.UICursor$TableActionListener.processAction(UICursor.java:855)
                  at javax.faces.event.ActionEvent.processListener(ActionEvent.java:88)
  Any help in solving above issue, workarounds or knowing that is it an OIM bug will be greatly helpful.
  Note* I have noticed(through Export) that in a corrupted Request Template the Organization Name that I have restricted to a Constant, has the- Organization Name's Text as value in exported xml. If I change it back to ACT KEY and import it back in OIM the Template is again restored until next corruption
  Thanks already
  Regards,
  Nitin Tewari

  Excellent! Thank you very much!
  Edited by: 958794 on May 22, 2013 10:37 AM

• OIM 11g R2 - Request ID while submitting catalog

  Hi,
  May I know how I can make OIM to generate a request ID (in other words,OIM through request approval flow) ,while submitting a provisioning request through a catalog?.Thanks.

  login as an end user and request for account. Request Id will be generated automatically.
  In case of R2 , if you raise request using admin user(xelsysadm--SYSTEM ADMINISTRATOR) it act as direct provisioning. therefore no such request will be generated. If you raise request using end user, request ID will be generated.
  All this decision taken by catalog engine.

• How to display Checkbox instead dropdown in OIM 11g using request dataset

  Hello,
  I am trying to display as check boxes instead of dropdown in requestor screen using request dataset.
  It still shows dropdown. Here is my request dataset.
  Is there anything wrong??
  <?xml version='1.0' encoding='UTF-8'?>
  <request-data-set xmlns="http://www.oracle.com/schema/oim/request" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" operation="PROVISION" entity="ACCOUNTING CONTROL" name="ProvisionResourceACCOUNTING CONTROL" xsi:schemaLocation="http://www.oracle.com/schema/oim/request">
  <AttributeReference available-in-bulk="true" length="20" widget="*checkbox*" type="*Boolean*" attr-ref="Instance" name="Instance" required="true">
  <lookupValues encoded-value="Dev" decoded-value="ACCOUNTING CONTROL (DEV)"/>
  <lookupValues encoded-value="QA" decoded-value="ACCOUNTING CONTROL (QA)"/>
  <lookupValues encoded-value="PRD" decoded-value="ACCOUNTING CONTROL (PRD)"/>
  </AttributeReference>
  </request-data-set>
  Thanks!!!

  What are you trying to achieve here? If you are using checkboxes than you can't have multiple options to it but would rather have to put static values.
  Something like:
  <AttributeReference name="Field1" attr-ref="Dev" available-in-bulk="false" type="Boolean" length="30" widget="checkbox" required="false"/>
  <AttributeReference name="Field2" attr-ref="QA" available-in-bulk="false" type="Boolean" length="30" widget="checkbox" required="false"/>
  <AttributeReference name="Field3" attr-ref="PRD" available-in-bulk="false" type="Boolean" length="30" widget="checkbox" required="false"/>
  AFAIK OIM does not allow for a multiselect box in dataset.
  -BB

• OIM 11g R1 - Request Type Description Customization (Translation)

  Hello Experts,
  I'd like a little help to know if it is possible to customizate the following:
  OIM is using Browser locale to change the language on Web Console.
  Does any one know how to change the translation to the Request Type description (the list from where we need to choose) when we are creating a Request?
  Example:
  Self-Request Resource = Recurso de Auto-Solicitação (in Brasilian Portuguese - we'd like to change it)
  Self De-Provision Resource = Autocancelar Provisionamento de Recurso (in Brasilian Portuguese - we'd like to change it)
  We work with OIM 11g R1.
  Thanks.

  Excellent! Thank you very much!
  Edited by: 958794 on May 22, 2013 10:37 AM