ORM as a Resource in OIM

Similar Messages

• I have  to integrate a webservice based resource with OIM 9.1.0.2 ,

  I have to integrate a webservice based resource with OIM 9.1.0.2 , weblogic version 10.1.4.3
  I have following details for that resource:
  1) IP:
  2) port :
  3) Admin id:
  4)password:
  5) WSDL:
  Please guide me in integrating the resource.

  Hi,
  You can use the OOTB SPML GTC connector available in OIM, if you already have the target Webservice/WSDL available.

• More than one trusted resource for OIM 9.1.0.2

  Hi all,
  I just heard that in OIM 9.1.0.2 it is possible to have more than one trusted source, as it is not necessary to configure it to Xellerate User Resource Object. Is that correct?
  To configure OID Connector as Trusted Source on OIM 9.1.0.2 do I have to import its XML file?
  Regards
  Hossam

  From what i recall, the OID connector does not come with a second object for the trusted one. I think it comes with the Xellerate User object updated.
  To make a new trusted resource, create the resource object, check the trusted source box. On the recon fields, add in all your recon fields you want to use. On the recon action rules tab, set your rule for match not found to create a user, and entity match to link to user. Create a reconciliation rule for this object and the xellerate user object. Create a provisioning process defintion with no additional tasks. On the reconciliation field mappings tab, map all your recon fields to OIM user fields. You'll want to create any entity adapters/event handlers needed to provide required fields such as User Type, and User Role, and Organization and so on.
  Now when you get a recon event for this object, it will be a trusted object and can create new users for you and update the OIM profile.
  -Kevin

• What is a resource in OIM - really?

  I'm trying to understand what I can do with resources, and how they can be manipulated (especially through the API.)
  From the documents, "A resource object is a virtual representation of the target system, and contains all entities related to the external resource." Well, the 2nd part of that sentence seems to be overstating the case - you can create a resource type and create instances of that type, where the type will have user-defined attributes (url, username, etc.)
  But still, it seems that the purpose of a resource object is to represent a system, perhaps for the use of reconciliation, but also so that OIM can provision the resource object to users (or groups.)
  However, some of my coworkers believe that a resource is more than that. In particular, a resource could represent an arbitrary external entity (let's say, a bit absurdly, a particular automobile), and that there should also be ways to associate operations/permissions with that entity (in this case, "own", "drive", "ride-in", "fix", "sell"), and each operation/permission can be assigned to a user (or group.)
  I find no evidence of this type of fine-grained permission-oriented use of resources. Is there a way to handle this type of problem within OIM (9.0.3)? If so, how? Is there something more appropriate than resources?
  If it is possible to have operations defined on resources, how would you grant a user a subset of the operations?
  And a related question: the API provides what seems to be read-only access to Objects? Is it possible to create Objects through the API? And what is the relationship of Objects to ITResources?
  Many thanks for your thoughts and responses!

  An IT Resource Type Definition is a type of resource, whether its a database, unix server, Active Directory Domain, Exchange Server, and such.
  An IT Resource is a specific instance of a Type, which contains all the connection specific parameters that are passed onto the API calls. If you look at any of the APIs for active directory, it maps the values from the IT Resource to the connection parameters so it can create the connection to Active Directory.
  In your example of the automobile, lets say you find a java api, or create one to communicate with an automobile. You have a Type Definition called Automobile, and an IT Resource of specific automobile type, with all the connection parameters you will require when you run your APIs. You would also require a resource object of Automobile type, a process form for the main account, a child table for the permissions, or check boxes, whichever way you would want to select the access rights, and a provisioning process.
  So when a request is made for the automobile, the request would specify which specific instance on an IT Resource Lookup field, and however you have defined the access rights, they would select them. When the request is finalized, and provisioning, your APIs would use the IT Resource parameters to establish a connection, and then values from the process form to create the account with the specific rights defined on the form. Then close the connection.
  You could also create a generic resource object, that requires no it resource, and it would simply be a place holder for a physical object like a secure id token, or mobile phone. You could just have a provisioning task that requires manual interaction for someone to go in and actually mark the object as "Sent Out" or completed.
  Currently you cannot create an object through an API. They are only available during the Import, or creating with the design console.
  -Kevin

• Getting users disabled/deleted with disabled resources in OIM

  Hi,
  Consider following use case related to OIM:
  To get the Users deleted or disabled on a particular date with their 'AD User' resources which are in disabled state.
  By means of built in reports i can get the users disabled or deleted for particular date.... how do i get the disabled AD User resource for each user....
  i can go for scheduler task but how to proceed on that?

  the exact requirement here is to get the users/deleted a day before along with their 'AD User' resources which are disabled
  getObjectsByTypeStatus(long plUserKey, java.lang.String psObjectType, java.lang.String psStatus)
  Gets a list of all the objects of the specified type that have been provisioned for a user and are in the specified status.
  What i can make out here is that:
  i need to write some logic that would give users disabled/deleted say yesterday... after this i would loop in these user keys into getObjectsByTypeStatus that would give resources disabled for each user.
  Am i correct?
  Now how do i get the users disabled/deleted yesterday. This is realised by default Users Disabled/Users deleted report.
  But how do i use it in my scheduler
  Edited by: Chhavi Saluja on Jun 30, 2010 1:20 AM

• How to invoke a Java Custom Code after creating a resource in OIM Console

  Greetings.
  I want to invoke a custom code after creating the resource "OID User" on the OIM Administration Console. For example invoke a custom code that creates The Form's resource access descriptor (RAD) on the OID.
  I have read the Developer's Guide for Oracle Identity Manager book but I don't get how to solve my requirement.
  Should I use a "Java Task" on the design Console?
  Could Anybody provide me the detailed steps to do that?
  Thanks
  Ramiro Ortíz.

  Greetings.
  I want to invoke a custom code after creating the resource "OID User" on the OIM Administration Console. For example invoke a custom code that creates The Form's resource access descriptor (RAD) on the OID.
  I have read the Developer's Guide for Oracle Identity Manager book but I don't get how to solve my requirement.
  Should I use a "Java Task" on the design Console?
  Could Anybody provide me the detailed steps to do that?
  Thanks
  Ramiro Ortíz.

• OIA 11.1.1.3 - Unable to import Access Policies, Resources from OIM 11g

  Hi,
  I have successfully integrated OIA on tomcat with OIM on weblogic. Also all the Roles and Users of OIM have been imported into OIA.
  Can anyone of you suggest me what needs to configured on OIM to have the Access Policies, Resources and entitlements to be imported into OIA.
  PS : I have noted some changes to be carried out with OIM Form designer in the Design Console as per the Preferred method. Unfortunately, I am unable to go ahead in configuring the following as the Properties described do not show up to me.
  The user guide says -
  For each Resource, the following properties need to be added to some identified feed for accounts, policies, and entitlements imports:
  AccountName - Identifies the unique account in the target system
  ITResource - Identifies the unique IT Resource field for the target system
  Entitlement - Identifies the account attribute designated for privileges
  Please help with this issue.
  Thank you,
  Bhaskar

  Thanks for the reply EvgeniyA, but this is a new environment which has not been released to the users yet. So this cannot be because of SERVERTHREADS and AGTSVRCONNECTIONS. Also the older version worked fine without all those settings defined in essbase.cfg. Anyways even if we consider that this was because of those parameters, I have defined those in the essbase.cfg and still not luck. Still get the same errors. Any other thoughts anyone?
  Thanks,
  Ted.

• Custom tabs under userprofile - resources in OIM 11g

  Currently in OIM 11g user's available resource accounts are shown as a list under resources tab.
  Is there any way we can customize this page to display one more layer of tabs below it, and fliter the resource accounts to be disaplyed under each sub-tab?

  For OIM 11g R2, we don't have any composer and all. You need to understand the OIM UI then you need to proceed with Customization.
  Steps:
  http://www.oracle.com/webfolder/technetwork/tutorials/obe/fmw/oim/oim_11g/customize_oim_ui_selfservice_tabs/customize_oim_ui_selfservice_tabs.htm
  Pointers: http://docs.oracle.com/cd/E23943_01/doc.1111/e14309/uicust.htm#BABIGCJA

• Disabling resources via OIM API. Which appKey?

  Hi gurus!
  I'm developing my own scheduler tasks that use the OIM API to manage users and their resources. I'm working with OIM version 9.0.3
  One of these tasks has to disable a provisioned resource for an user, by using the tcUserOperationsIntf.enableAppForUser() method. This method has two parameters: the user key and the app key. So, before the invokation, I have to find them.
  I know how to get the user key, but I don't know which object key must I choose between the OBI_KEY, ORC_KEY and OIU_KEY.
  I've tried to do it with obi_key and oiu_key, and sometimes works with obi_key and sometimes with oiu_key. What is the difference between these two keys?
  This is my code:
       tcResultSet users = findUser(userLogin); //this method uses the tcUserOperationsIntf.findUsers() api method
       if (users != null) {
  tcResultSet resources = findResource("resource_name"); // this method uses the tcObjectOperationsIntf.findProvisionableObjects() api method
  long userKey = users.getLongValue("Users.Key");
  long resourceKey = resources.getLongValue("Objects.Key");
       tcResultSet resource = findResourceByUser(userKey, resourceKey, "Objects.Key"); //this method uses the tcUserOperationsIntf.getObjects() api method
  if (resource != null) {
  long obiKey = resource .getLongValue("Object Instance.Key");
  String status = resource .getStringValue("Objects.Object Status.Status");
  long oiuKey = recurso.getLongValue("Users-Object Instance For User.Key");
  if ("Disabled".equals(status)) {
  userUtil.enableAppForUser(userKey, oiuKey); //userUtil is an instance of tcUserOperationsIntf
  Edited by: bucle on 25-nov-2008 4:49

  What these are is roughly explained in the API Usage Guide for Meta Data mapping.
  OBI = Object Instance : There are lots of object instances including users.
  OIU = Object Instance for User : These are the object instances that actually belong to a user, for example a provisioned resource.
  You want the OIU which is returned by the getObjects method as the first value.
  Edited by: user809225 on 25-Nov-2008 14:09

• Delete Access Issue for a Provisioned Resource in OIM..

  Thank you for the help provided for revoking the resource.I am able to revoke the resource from the User profile details.
  But I have to revoke the resource from the delete access in the same way as I have done for add access for provisioning a resource(means I have to follow the proper flow from approval work flow ,the flow must go to provisioning work flow and from there GIA analyst group should be able to revoke the resource
  (GIA analyst should be able to revoke the resource which has been provisioned and which is provided in the open task ).
  Plz provide the way to overcome the revoking issue.

  Thank you for the information you provided.I have done changes in the rule designer as per the way you told, but still I am not able to revoke the resource.Its completing the approval flow in approval details but Resource is not getting de-provisioned.Please suggest me what needs to be done.
  Plz give me the clear view how to revoke the resource through delete access flow .

• Creation of 2 IT resources in OIM 11g administration console

  Hello,
  I have created IT resource type definition in design console named "MyLDAP" & then created
  IT resource in administration console where i gave "MyLDAP " in IT resource type field & got
  created , but when i tried to create another IT resource in administration console with same
  IT resource type definition i.e. MyLDAP it gives me following message on administration console
  as "DOBJ.SVR_CANT_MAKE_MUTI_IT_TYPE Cannot make multiple instances of this type" , so i
  think we can't create IT resource which is already created with IT resource type definition, in my
  case "MyLDAP".
  Can someone provide some pointers on this issue ?
  Thank-You
  Rahul Shah

  Open the Design Console and look for the IT Resource Definition you want to use (MyLDAP in your case).
  You will see that during the creation you didn't check the flag below:
  *Insert Multiple [ ]*
  You have just to activate the check and save it.

• Provision Resource through OIM APIS

  I am using the OIMClient and the new APIs to provision a resource
  I am using the Provisioning Service provision() method. For the Account details how should the AccountData be initialized. It says int he APIs that the AccountData constructor is only for already provisioned accounts.
  Please suggest if there is any other way this can be done.

  Try this:
  //Account profile data - need not be set if all data is coming from prepop adapters
    HashMap parentData = new HashMap();
    parentData.put("UD_ADUSER_UID","Larry.Jones");
    parentData.put("UD_ADUSER_FNAME","Larry");
    parentData.put("UD_ADUSER_LNAME","Jones");
  //Construct account data VO with process form key sdk_key=15
    AccountData objAccountData = new AccountData("15", null, parentData);
  //Construct account VO with app instance and account data VO
    Account objAccount = new Account(appInstance, objAccountData);
    //Provision the account to user with usr_key=6
    long oiuKey = provisioningService.provision("6", objAccount);

• AD resource assignment - OIM

  When I assign AD resource as xelsysadm - I can see the list of AD fields that will be populated for the user in AD (and ability to select group(s) that will be assigned to the user)
  I end-user requests AD resource from self-service (request new resource) then no fields are available for user to pre-populate. Why? How can I change this?
  thank you for your feedback

  I misunderstood what problem you were having. Sorry about that.
  If you mark the "allow all" on the RO you will make it possible for anyone to request the AD RO in the request interface.
  More info: http://download.oracle.com/docs/cd/B31081_01/idmgr/b25940/resmgt.htm#BCEEIFGD

• How to delete old resource objects in OIM

  I'm working with OIM Version: 9.1.0.1866.70 and I've recently been told that we are not going to be using a certain resource object anymore.  I've looked and gone through the design console but I don't see any option for deleting an entire resource.  Is there even a way to delete a resource in OIM?  I can turn off self-requestable but our numerous provisioning admins will still have the ability to grant the defunct resource.  Is this available in a later version of OIM?

  Hi,
  This is a forum for discussion about application development in C/C++/Fortran. I think you want to raise your question in a forum about identity management. This one looks more promising:
  Identity Management
  Regards,
  Darryl.

• OIM 11g R1 - Modifying a Resource Erases Custom Process Task ???

  I've created a Generic Resource in OIM that uses the Database Applications Table connector 9.1.0.5.0.
  Then I add my own process tasks through Design Console under "Process Management -> Process Definitions". On each custom process task I've attached my own custom adapters, which I created through "Development Tools -> Adapter Factory" in Design Console. These custom adapters use methods from my Java code. My Java jar file is located in "Oracle_IDM1/server/JavaTasks".
  Now here is the issue:
  Whenever I modify this resource in OIM under "Configuration -> Manage Generic Connector" (E.g Changing reconciliation type from Full to Incremental), all my custom process tasks get deleted.
  What is the reason for this? Is there a solution for this problem?

  This is indeed a major flaw for GTC. Below I found this issue in a Oracle doc.
  Doc Link: http://docs.oracle.com/cd/E14571_01/doc.1111/e14309/aptrouble.htm
  Below is a description of this issue from the Oracle documentation
  Summary:
  Customization work done on objects of a generic technology connector would be overwritten if you perform a Manage Generic Technology Connector operation.
  Description:
  You can use the Design Console to customize connector objects that are automatically created during generic technology connector creation. However, after you customize connector objects, if you perform a Manage Generic Technology Connector operation, then all the customization done on the connector objects would be overwritten. Therefore, Oracle recommends that you to apply one of the following guidelines:
  Do not use the Design Console to modify generic technology connector objects.
  The exception to this guideline is the IT resource. You can modify the parameters of the IT resource by using the Design Console. However, if you have enabled the cache for the GenericConnector and GenericConnectorProviders categories, then you must purge the cache either before or after you modify IT resource parameters. See "Purging the Cache" in the Oracle Fusion Middleware System Administrator's Guide for Oracle Identity Manager for information about running the PurgeCache utility.
  If you use the Design Console to modify generic technology connector objects, then do not use the Manage Generic Technology Connector feature to modify the generic technology connector.
  Connector objects that are automatically created are not deleted even if the generic technology connector creation process fails.