OIM SPML

Similar Messages

• Building WSDL client for OIM SPML webservice

  Has any one created WSDL client for OIM SPML webservice,
  Any help is appreciated.
  Thanks,
  Pandu
  old thread -->
  add udfs to spml prov. request to oim
  ==========================
  Hi,
  I am provisioning users in OIM from by sending spml requests
  I used the sample client that comes in xellerate directory.
  How can I update spml requests to include UDFs to create user in him with udf s.
  Thanks
  Pandu
  Edited by: pandu345 on Aug 5, 2009 3:27 PM

  Hello there,
  There is a .NET web service client which is successfully able to access the weblogic application server wsdl from oim 9101 and it can see the complete user profile as a response from the same.
  1.) Now, there is a situation where oim needs to send some attribute values to that .NET web service client, after the data from their side comes to OIM and updates a single attribute values for e.g. PIN. How can we do that ?
  2.) and I want to add some UDFs into the existing SPML provisioning user profile. How can I do that ?
  3.) Also, how will OIM know that it was able to successfully send the attribute values to the web service client.
  http://download.oracle.com/docs/cd/E10391_01/doc.910/e10360/creategtc.htm#Toc153968032
  I have gone through this. I didnt found this in OIM 9101.
  Any ideas/references/clues/hints appreciated in this concern.
  Thanks in advance,
  - oidm.

• Character Encoding OIM - SPML

  Hello Forum,
  When I send a SearchRequest to OIM SPML Webservice, OIM returns this:
  HTTP/1.1 200 OK
  Server: Apache-Coyote/1.1
  X-Powered-By: Servlet 2.4; JBoss-4.0.3SP1 (build: CVSTag=JBoss_4_0_3_SP1 date=200510231054)/Tomcat-5.5
  Content-Type: text/xml;charset=utf-8
  Transfer-Encoding: chunked
  Date: Tue, 31 Jul 2012 12:03:28 GMT
  <?xml version="1.0" encoding="UTF-8"?>
  <ns6:attr name="Users.Last Name" xmlns:ns6="urn:oasis:names:tc:DSML:2:0:core"><ns6:value>P&_#_x_F_3;rtal</ns6:value></ns6:attr>
  As you can observe, spml webservice seems that is using HTML Character Entity References for enconding "ó" (I had to underscore because of the interpretation of the browser it is &#xF3 ; ). This is causing me some headache with the other side integrators, that argue that messages are not coming in UTF-8 encoding.
  We mantain that the message is still UTF-8, but somehow there's being an encoding. ¿Is this normal?¿Do we have any misconfiguration in our environment?
  The most curious thing, is that SOAPUi on raw view of the response, shows the encoded data P&#xF3 ;rtal, but in the XML view shows "Pórtal", so SOAPUi is reencoding accordingly the data.
  Is it possible that the spml message contains "ó" instead of its HTML Character Entity Reference encoding?
  Thanks in advanced.
  Xisco.
  Edited by: user10084309 on 31-jul-2012 5:48
  Edited by: user10084309 on 31-jul-2012 5:51

  Sorry, in the example I gave, the none-english letters looks like this:
  &# 1490;&# 1497;&# 1488;(I made the space between the # and the number delibertly to prevent it from being presented as a letter ...).

• OIM SPML lookup requests

  Hello.. Can SPML service in OIM return User Defiend Fields of a user as a response in a "Lookup" / "Search" operation? If so can we restrict the User Defined Fields that can be returned in the response? .. Thank you.

  Yes. It returns the UDF fields in the Lookup/Search responses. Do not know how to restrict only those UDF. :)

• OIM SPML WS client issue

  Hi...
  I have created an SPML WS client for OIM with eclipse and apache CXF. On running the AddRequest operation for a user I am getting the following error: UNSUPPORTED_EXECUTION_MODE.
  On reading the oracle documentation I have understood that this error occures when a synchronised service is called in asynchronised mode but I am not sure how to change the mode from the code before calling the service.
  Please let me know if u have come across similar situation...
  Thanks..

  import oracle.iam.wsschema.model.spmlv2.core.AddRequestType;
  import oracle.iam.wsschema.model.spmlv2.core.ExecutionModeType;
  import oracle.iam.wsschema.model.common.pso.ProvisioningObjectType;
  import oracle.iam.wsschema.model.common.pso.ProvisioningObjectType;
  SPMLService ss = new SPMLService(wsdlURL, SERVICE_NAME);
  SPMLRequestPortType port = ss.getSPMLServiceProviderSoap();
  ProvisioningObjectType pot = new ProvisioningObjectType();
  pot.setIdentity(user);
  AddRequestType art = new AddRequestType();
  art.setExecutionMode( ExecutionModeType.ASYNCHRONOUS );// Or change it to SYNCHRONOUS, as per your need
  art.setData(pot);
  AddResponseType response = port.spmlAddRequest(art);
  If it is helpful or correct, please mark it accordingly and also mark the question answered so that others too may get benefit.

• OIM SPML provisioning task generic connector

  We need to know how could get a custom message response from generic connector. Right now we are using a message like:
  <addResponse status="Error">
  <psoID ID="150">
  <targetID ID="IDDESTINO"/>
  <containerID ID="ContainerID"/>
  </psoID>
  </addResponse>
  We want to process the message with different status code because with the generic connector always get success when we response with a good formed spml response. We have tryed changing the status to different codes without success.
  Is there some sample code or more information to this issue anywhere?
  Regards

  Hi,
  Thanks a lot for reply. For SPML through web service(custom), I am using Generic connector and when I am trying to create a user using this connector it is hiiting the web service with the request
  <addRequest xmlns="urn:oasis:names:tc:SPML:2:0" xmlns:dsml="urn:oasis:names:tc:DSML:2:0:core">
  <targetID ID="Target5"/>
  <containerID ID="1"/>
  <data>
  <dsml:attr name="objectclass">
  <dsml:value>userobject</dsml:value>
  </dsml:attr>
  <dsml:attr name="lastName">
  <dsml:value>sh</dsml:value>
  </dsml:attr>
  <dsml:attr name="firstName">
  <dsml:value>abc1</dsml:value>
  </dsml:attr>
  </data>
  </addRequest>
  Of course, I want to add more attibute in this one.....but I didnt find any way to add more attribute in this message...or no ways to modify this request.
  With above request it is hiiting the web service and from web service I am returing following reponse as byte array:
  <addResponse status="success">
  <psoID ID="ash">
  <targetID ID="Target5"/>
  <containerID ID="1"/>
  </psoID>
  </addResponse>
  but as the response it is giving following on OIM server window:
  Response: GCPROV.null
  Response Description: An unknown response was received
  Error Details
  Setting task status... "GCPROV.null" does not correspond to a known Response Code. Using "UNKNOWN".
  Can anyone pls help me to figure out this. Also how can I modify SPML message to send more info to the target.
  Thanks in advance

• Extending Modify Request OIM SPML Webservice

  can you please help me with any document related to enabling OIM web serives to other applications for modifying attributes in OIM.
  Modify Request it allows only OOTB default attributes i want to extend the schema for custom attributes. please let me know if have steps for it?

  I could not find examples on the modifyRequest. SPML Attributes and LDAP Mappings, and Oracle Identity Manager Attributes does talk about custom attributes and the addRequest example seems to contain section for User Defined Field. You may want to post this question to the Identity Management (MOSC) support forum.
  Jani Rautiainen
  Fusion Applications Developer Relations
  https://blogs.oracle.com/fadevrel/

• OIM SPML web service - password encryption

  Hi,
  The following document explains about "addRequest" operation that can be used for creating new user in OIM.
  http://docs.oracle.com/cd/E10391_01/doc.910/e10366/appx_b.htm#CHDFIIED
  The "Users.Password" attribute has a plain text value specified in the example.
  Does the plain text value work or do we need to encrypt the password?
  Even if plain text value works, for security is there any way to encrypt the password?
  Ravi

  Thanks! That worked well. The only concern would be now to merge these two - modifyrequest and searchrequest xml files. I pursued by searching the psoID by providing the value of SSN for a particular user. Then this psoID should be provided as a input to modifyrequest.xml.
  Any clues on that?

• GTC connectors and SPML compliant

  Hi
  I am trying to integrate a target application using GTC connector transport providers as web services and Format providers as SPML and even i have to create a dummy web service which is compliant with SPML so that it can be integrated with OIM.
  can any one pl help me to create a Dummy webservice compliant OIM SPML?
  Web services shud be created using Java.The web service needs to store data the in txt file and send a response to OIM.

  Make sure you are exporting the Generic Connector type object, and not the Resource Object. There are configurations that only come when you export this way. Otherwise you only get the resource and process definition workflow, and none of the configurations.
  You might also need to export the provider definition as well and import.
  -Kevin

• Escape & symbol in GTC connector

  I am new to OIM.
  My client is using an OIM SPML GTC to send provisioning commands to a remote system. However, the input data has special characters, specifically the ampersand (&) symbol in it that are not being appropriately escaped or quoted, and there are downstream parsing issues.
  Can somebody suggest some quick fixes for this?
  I cannot update the connector via OIM’s 4GL GTC editor. Can I edit the GTC java code to insert into it quotes/escapes as necessary.
  Would it be the best way to prevent the parsing errors?
  Any other suggestions on how I could accomplish this? Can I write an entity adapter that will take care of this on data pre-insert?
  Any help would be appreciated.
  Thanks

  I am new to OIM.
  My client is using an OIM SPML GTC to send provisioning commands to a remote system. However, the input data has special characters, specifically the ampersand (&) symbol in it that are not being appropriately escaped or quoted, and there are downstream parsing issues.
  Can somebody suggest some quick fixes for this?
  I cannot update the connector via OIM’s 4GL GTC editor. Can I edit the GTC java code to insert into it quotes/escapes as necessary.
  Would it be the best way to prevent the parsing errors?
  Any other suggestions on how I could accomplish this? Can I write an entity adapter that will take care of this on data pre-insert?
  Any help would be appreciated.
  Thanks

• Error while calling SPML web service call in OIM 11g

  Hi,
  While testing the SPML web service call, I am getting the "failure in security check" errors.
  And I have attached the request and responce .
  Request:
  <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Header xmlns:ns1="urn:names:spml:ws:header">
  <ns1:ServiceHeader>
  <ns1:serviceId/>
  </ns1:ServiceHeader>
  <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:UsernameToken>
  <wsse:Username>xelsysadm</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">XXXXXXXX</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  </soap:Header>
  <soap:Body xmlns:ns2="http://xmlns.oracle.com/idm/identity/spmlv2custom/Username">
  <ns2:validateUsernameRequest xmlns:ns3="urn:oasis:names:tc:SPML:2:0" requestID="12345" executionMode="synchronous" locale="en" policyURI="http://www.sample.com/string/string">
  <ns2:capabilityData mustUnderstand="true" capabilityURI="urn:oasis:names:tc:SPML:2:0:reference"/>
  <ns2:username>TCS1000</ns2:username>
  </ns2:validateUsernameRequest>
  </soap:Body>
  </soap:Envelope
  Response:
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
  <env:Header/>
  <env:Body>
  <env:Fault xmlns:ns0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <faultcode>ns0:FailedCheck</faultcode>
  <faultstring>FailedCheck : failure in security check</faultstring>
  <faultactor/>
  </env:Fault>
  </env:Body>
  </env:Envelope>
  I have attached the log file from OIM
  ####<Apr 26, 2012 10:27:13 AM EDT> <Error> <oracle.wsm.resources.enforcement> <corwloimhd01> <dev-oim_oim_server01> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <214014dca901f288:-460ab67b:136eeab0662:-7ffd-0000000000000838> <1335450433058> <WSM-07501> <Failure in Oracle WSM Agent processRequest, category=security, function=agent.function.service, application=spml-xsd, composite=null, modelObj=SPMLService, policy=oracle/wss11_saml_or_username_token_with_message_protection_service_policy, policyVersion=1, assertionName={http://schemas.oracle.com/ws/2006/01/securitypolicy}wss11-username-with-certificates.>
  ####<Apr 26, 2012 10:27:13 AM EDT> <Notice> <Stdout> <corwloimhd01> <dev-oim_oim_server01> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <214014dca901f288:-460ab67b:136eeab0662:-7ffd-000000000000083d> <1335450433058> <BEA-000000> <<Apr 26, 2012 10:27:13 AM EDT> <Error> <oracle.wsm.resources.enforcement> <WSM-07501> <Failure in Oracle WSM Agent processRequest, category=security, function=agent.function.service, application=spml-xsd, composite=null, modelObj=SPMLService, policy=oracle/wss11_saml_or_username_token_with_message_protection_service_policy, policyVersion=1, assertionName={http://schemas.oracle.com/ws/2006/01/securitypolicy}wss11-username-with-certificates.>>
  Please help me how to solve this issue.
  Thanks in advance
  Siva

  Your business logic has to be implemented by using OIM APIS. oimclient.jar..
  you can then expose these business functions accordingly using a webservice or rest ...
  for business logic refer:-
  http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/apis.htm#OMDEV734
  You will basicsally have to deal with UserManager class for managing users.
  java API:
  http://docs.oracle.com/cd/E27559_01/apirefs.1112/e28159/toc.htm

• Questions about SPML Web Service ( OIM 9.1 )

  I need to launch a provisioning process on a target by using a generic connector (Web Service).
  Scenario:
  ==========
  Host A is where the OIM server is installed. A generic connector is defined here.
  Host B is the target where users must be created. A webservice (axis) is installed here.
  Requirements:
  ===========
  OIM server (Host A) sends a request to WebService (Host B). The Web service receives, process and sends a response with the result to the OIM server.
  Version 9.0.3
  ==============
  On Version 9.0.3 I got the expected results but a problem appeared: there wasn't feedback error control because the web service response could'nt be processed.
  I followed the next steps:
  1º deploy axis on application server
  2º write SendWSResponse.jws including public method "doProvisioning". Copy this file to ..\server\default\deploy\axis.war\
  3º compile SendWSResponse.jws (from a browser)
  4º Create generic connector (for reconciliation and provisioning). Definition of parameters and mappings.
  Note: In 9.0.3 version only three parameters were required for Web Service Definition:
  Web Service URL=http://host:8080/axis/SendWSResponse.jws
  Operation Name = doProvisioning
  SPML-->Target ID=4201
  Version 9.1
  ==============
  On the new version, the connector definition is more complicated. Also they have added an ear-application or web service (OIMSpmlWS) related to this connector .
  The first question is:
  Is this ear-application addressed to process the reponses that are sent by the target?
  The second question is:
  Must I install the OIMSpmlWS on Host B? and if the answer is affirmative, how can I include the logic to my provisioning process.
  And the most important?
  How might the connector be configured and the webServices in this usual scenario?
  Many thanks in advance

  There is no "sample" WSDL file, there is THE WSDL file. It is located in the OIMSpmlWS.ear EAR file, in spmlws.war WAR file in the directory WEB-INF/wsdl.

• SPML web service provisioning from OIM 9.1.0.1 using the OOTB GTCframework

  Hello there,
  There is a .NET web service client which is successfully able to access the weblogic application server wsdl from oim 9101 and it can see the complete user profile as a response from the same.
  1.) Now, there is a situation where oim needs to send some attribute values to that .NET web service client, after the data from their side comes to OIM and updates a single attribute values for e.g. PIN. How can we do that ?
  2.) and I want to add some UDFs into the existing SPML provisioning user profile. How can I do that ?
  3.) Also, how will OIM know that it was able to successfully send the attribute values to the web service client.
  http://download.oracle.com/docs/cd/E10391_01/doc.910/e10360/creategtc.htm#Toc153968032
  I have gone through this. I didnt found this in OIM 9101.
  Any ideas/references/clues/hints appreciated in this concern.
  Thanks in advance,
  - oidm.

  In the entire thread many experts have given nice queries in different formats...
  The best approach would be to open up the SQL Developer, connect with the OIM Database and experiment with all sorts of SQL queries provided by all the experts..
  Learn some SQL techniques, like Inner Join etc...
  Then you yourself will be able to figure out what you need, in exactly which format, for which users and for whom you have to restrict
  Then not only this question, you would be able to solve dozens of similar such issues yourself...
  And trust me, nothing can match that...
  Just in case, you are not familiar with SQL Developer,
  http://www.oracle.com/technetwork/developer-tools/sql-developer/downloads/index.html
  Oracle SQL Developer 3.2.1 (3.2.10.09.57)
  September 24, 2012
  The Disabled DATE will be the creation date of that entry in the UPA_FIELDS table when Users.Status changed to Disabled.
  SELECT USR.USR_LOGIN, UPA_FIELDS.CREATE_DATE
  FROM UPA_FIELDS
  WHERE UPA_FIELDS.FIELD_NAME='Users.Status'
  AND UPA_FIELDS.FIELD_NEW_VALUE='Disabled'
  AND UPA_FIELDS.UPA_USR_KEY=USR.USR_KEY
  AND USR.USR_LOGIN NOT IN ('XELSYSADM', 'XELOPERATOR', 'WEBLOGIC');

• Query regarding SPML in OIM

  Hi All,
  I am working on SPML module of OIM. Really appreciate if someone could tell me the madness behind my curiosity 
  1.     Through SPML can we set/recover User’s Challenge Question answer? I went through the search query response and couldn’t able to locate any attribute against which these values have been set.
  2.     Another issue is that if I didn’t provide any organization to user while self-registration it doesn’t get provisioned with success result. I was expecting here that request should go to Admin Pending items but couldn’t able to locate it. Can’t we achieve the Self-registration type scenario that OIM provides by default through SPML?
  3.     How can we assign the target resources to user (LDAP, RCAF etc) through SPML so that user’s account gets provisioned in these resources? Also if we want to trigger some process (Workflow), how can this be done using SPML.
  Thanks
  Amit

  Any clue??

• SPML Webservice OIM 11g - Urgent

  Hi All,
  I would need to create/update/delete user in OIM using SPML Webservice.
  Please help in providing the steps to do this.
  I have gone through the OIM11g documentation, but haven't got any steps to deploy webservice.
  It would be great if someone can provide sample code for this.
  Thanks in Advance,
  rag

  Any suggestions please..!!!
  Experts please reply...