Question on OIM 11gR2

Similar Messages

• Adding custom challenge questions in OIM 11gR2

  Friends,
  Can you please let me know the process to add new custom challenge questions in OIM 11gR2?
  Thanks

  Detailed steps have been given in my blog at the below url.
  http://srini-bellamkonda.blogspot.com/2012/11/adding-custom-challenge-questions-in.html
  Have a look and let me know if you have any questions.

• Custom challenge questions in OIM 11gR2

  Hi,
  Please let me know how to add custom challenge questions in OIM 11gR2?

  Follow the steps given in blog to add custom challenge questions.
  http://srini-bellamkonda.blogspot.com/2012/11/adding-custom-challenge-questions-in.html

• OIM 11gR2 Architecture question

  Hello,
  We're setting up our development environment for OIM 11gR2 and wanted to confirm the concept of configuring a virtual IP for two application servers (each app server containing SOA and OIM).  This virtual IP would be setup on a hardware load balancer and referenced by two webtier servers in a DMZ like network.  The load balancer would straddle the DMZ and the more protected network with the two app servers.  The VIP would be referenced in moduleconf files on the Webtier servers.
  Is this supported?  Have others done something like this?
  Thanks for any input.
  Ariel

  Ariel,
     As I understood your concern is not only , if it works or not, so trying to help you: To answer your 'supported' question, please raise a SR into metalink with your CSI # . This will allow you to have a very good and direct answer on your doubt.
  I hope this helps,
  Thiago Leoncio.

• Questions : - AD Connector in OIM 11gR2

  Hi,
  Please provide your suggestions on below queries (OIM 11gR2)
  1) How to create a new AD Group from OIM? We see a "AD group" resource object created with the connector installation. Will we have create an Application instance for "AD group" RO and AD IT resource instance to achieve the AD group creation?
  2) How to manage the memebers of the AD group from OIM?
  3) How to delete a AD group from OIM?
  Thanks in advance

  Hi,
  Please provide your suggestions on below queries (OIM 11gR2)
  1) How to create a new AD Group from OIM? We see a "AD group" resource object created with the connector installation. Will we have create an Application instance for "AD group" RO and AD IT resource instance to achieve the AD group creation?
  2) How to manage the memebers of the AD group from OIM?
  3) How to delete a AD group from OIM?
  Thanks in advance

• OIM 11gR2 - unable to suppress display of iPlanet process form

  OIM 11gR2 or 11.1.2
  SJSDS Connector 9.0.4
  I have configured the SJSDS connector, it resource, etc and am able to manually/directly provision iPlanet User to an OIM user through the identity interface.
  I have configured the process form to pre-populate all necessary fields.
  I have checked the Auto Save Form checkbox within the iPlanet User Process Definition.
  It is my expectation that when an administrator directly assigns the resource to a user they will not be presented with the process form. However, when we directly assign the resource, the process form is displayed causing the administrator to submit the form.
  I have double checked the documentation regarding Auto Save Form within the Developer's Guide for Oracle Identity Manager 11g Release 2 (11.1.2) - E27150-03 and the Oracle® Identity Manager Connector Guide for Sun Java System Directory Release 9.0.4 - E10446-12 and I believe my expectations are correct.
  1) Has anyone successfully suppressed the process form while direct or manually provisioning SJSDS through the identity interface?
  2) Could the Auto Save Form be only related to request-based provisioning?
  Thank you in advance.

  These are also good questions but I'll give details :-)
  1) Does that make the "Auto Save Form" checkbox useless? -
  NO, If you don't do this then your Provisioning will stuck into System Validation.
  2) Can you "Auto Save" the Application Instance form?
  NO, as per Oracle either hide these attributes or delete these attributes but there's no clean way to delete such things.
  Question For You:
  If you don't want to Auto Save your Application Instance Form then why did you create that.
  Workaround:
  If you don't want Application Instance then create one more Application Instance without any form

• OIM 11gR2: API to modify accounts

  Hi all,
  I would like to develop an event handler for OIM 11gR2 to modify a user account (for example Active Directory account) if some conditions are satisfied.
  I looked for proper API in Java API Reference for Oracle Identity Manager and I found the interface ProvisioningService.
  I already developed an event handler for test purpose that gets and prints account details and it works.
  My question is: can you provide me an example to use the API to modify an account correctly please?
  Thanks in advance,
  Daniele

  Find the act_key for this new organization and then use the UserManager api to update the act_key for all the accounts.

• Can we use OID 11gR1 with the OAM/OIM 11gR2

  Hi,
  I am installing the IdM 11gR2. As OID does not comes with this pack. so can we use/install the OID which comes with the IdM 11gR1.
  Or is there any other option like OUD.
  Can we integrate the OUD 11gR2 with the OIM/OAM 11gR2 to manage the users/groups.? If yes, please share some document for it.
  Please suggest the best option as we are learning OIM/OIM 11gR2.
  Thanks
  Harry
  Edited by: Harry-Harry on Jan 28, 2013 12:59 AM
  Edited by: Harry-Harry on Jan 28, 2013 1:10 AM

  The latest OID in 11gR1 is 11.1.1.6
  It will support integration with 11gR2 OIM and OAM. Kishore already sent the certification matrix link.
  I am currently using OID 11.1.1.6 in above configuration and works fiine. Any other questions feel free to post your questions.

• OIM 11gR2 - Identity console - Search Users Page.  Need to add employee number by default.

  Hi,
  I am new to oim 11gR2.  I have a requirement , to add the employee number field in the user search box. I do not want to use the Add Fields button to add the employee number search field.
  When any user goes to the search page, they must find the employee number field in the search box in addition to the other default fields like lastname, firstname, etc.  Is it achievable? Thanks in advance.  
  If possible.... can you please provide the steps to achieve it?.. thanks

  Karthik Perath
  Thanks for the answer....... but I guess you misread the question.  I am able to add new fields as columns to the search results table.  My problem is I want to add the searchable field to the query form.  Also, I do not want to use the Add Fields button (because that is a part of Saved Search which is Personalization and limited only to the creator) , I want the newly added searchable field. for example Employee Number ( which is not there by default)  to be made available to all the end users of Identity Self Service system..... Hope you got the problem... 

• Webservice Client is not working in OIM 11gR2

  Hi,
  We have created a web client using Axis 1.6.2 and using it in OIM 11gR2 for Request Validator Plugin. But we are getting issue that org.apache.axiom.om.OMAbstractFactory. getOMFactory() is not found. When we checked the JARs in class path we found that OIM Already has lower version of axiom1.2.5 in its class path under oim.ear which doesn't contain this method however Axis1.6.2 contains the newer version which contain this method. Does anybody has any idea how to override OIM default classpath JAR file and force it to read the library files available under plugin?

  Hi
  I am facing similar issue but with Custom Adapter . I copied the axis jars under the JavaTasks folder but it does not help.
  I then copied them under the oim.ear/APP_INF/lib and restarted the OIM managed server but somehow even that does not help.
  I get following error.
  Caused by: java.lang.NoSuchMethodError: org/apache/axiom/om/OMAbstractFactory.getMetaFactory()Lorg/apache/axiom/om/OMMetaFactory;
          at org.apache.axiom.om.OMXMLBuilderFactory.createOMBuilder(OMXMLBuilderFactory.java:150)
          at org.apache.axiom.om.OMXMLBuilderFactory.createOMBuilder(OMXMLBuilderFactory.java:133)
          at org.apache.axiom.om.OMXMLBuilderFactory.createOMBuilder(OMXMLBuilderFactory.java:104)
          at org.apache.axis2.util.XMLUtils.toOM(XMLUtils.java:590)
          at org.apache.axis2.util.XMLUtils.toOM(XMLUtils.java:575)
          at org.apache.axis2.deployment.DescriptionBuilder.buildOM(DescriptionBuilder.java:97)
          at org.apache.axis2.deployment.AxisConfigBuilder.populateConfig(AxisConfigBuilder.java:90)
          at org.apache.axis2.deployment.DeploymentEngine.populateAxisConfiguration(DeploymentEngine.java:857)
          at org.apache.axis2.deployment.FileSystemConfigurator.getAxisConfiguration(FileSystemConfigurator.java:116)
          at org.apache.axis2.context.ConfigurationContextFactory.createConfigurationContext(ConfigurationContextFactory.java:64)
          at org.apache.axis2.context.ConfigurationContextFactory.createConfigurationContextFromFileSystem(ConfigurationContextFactory.java:210)
          at org.apache.axis2.client.ServiceClient.configureServiceClient(ServiceClient.java:151)
  Any pointer on how I can try to resolve it.
  Regards
  Abhinav

• OIM 11gR2 user not provisioning to Active Directory (11.1.1.5 connector)

  Hello all,
  I'm trying to set up an OIM 11gR2 instance to work with Active Directory with the Active Directory 11.1.1.5.0 connector. I've full installed both OIM and AD on separate servers, and I've installed the AD 11.1.1.5 connector on OIM. I have configured Active Directory properly (connector on OIM and the connector server on the AD server-side), and have set up the two IT Resources on OIM. I can run, for example, the Active Directory Organization Lookup Recon job and have it return results in the Lookup window.
  My problem is that I cannot get it to provision to a user. I've created an Application Instance and Form for Active Directory, attached the Form, associated them with the appropriate resources (AD User), and added them to the Catalog, and then gone through the process of adding an account to the user, selecting the Application Instance, adding it to the cart, checking out, filling out the fields (Password, User ID, UPN, First Name, Last Name, Common Name, and Organization Name), and then submitting the request. This is all done as the xelsysadm admin user, but it still results with the account stuck on "Provisioning" because the "Create User" task failed due to a Connector Error (the reason stated is just a repeat of "Create Object" failed).
  Anyone know what I'm missing here?
  Thank you!
  Edited by: 939908 on Nov 12, 2012 6:36 AM

  Hey 833249, thanks for your reply
  The organization field attribute is filled in correctly, in that the OU I selected exists in AD.
  These are the errors listed in the connector server log:
  +11/9/2012 9:07:07 PM <ERROR>: Class-> ActiveDirectoryUtils Method -> GetDirectoryEntry, Message -> Exception occured during the creation of directory entry.+
  +11/9/2012 9:07:07 PM <ERROR>: Class-> ActiveDirectoryUtils Method -> GetDirectoryEntry, Message -> Exception Message : Logon failure: unknown user name or bad password.+
  +11/9/2012 9:07:08 PM <ERROR>: Class-> ActiveDirectoryUtils Method -> GetDirectoryEntry, Message -> Exception Stack Trace : at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)+
  at System.DirectoryServices.DirectoryEntry.Bind()
  at System.DirectoryServices.DirectoryEntry.get_NativeObject()
  at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.GetDirectoryEntry(String path, ActiveDirectoryConfiguration configuration) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line 1423
  +11/9/2012 9:07:08 PM <ERROR>: Class-> ActiveDirectoryConnector Method -> Create, Message -> Encountered Excetion: Unable to get the Directory Entry+
  +11/9/2012 9:07:08 PM <ERROR>: Class-> ActiveDirectoryConnector Method -> Create, Message -> Stack Trace: at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.GetDirectoryEntry(String path, ActiveDirectoryConfiguration configuration) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line 1456+
  at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.DirectoryEntryExists(String path) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line 1512
  at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.Create(ObjectClass oclass, ICollection`1 attributes, OperationOptions options) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line 219
  ConnectorServer.exe Error: 0 : Org.IdentityConnectors.Framework.Common.Exceptions.ConnectorException: Unable to get the Directory Entry
  at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.Create(ObjectClass oclass, ICollection`1 attributes, OperationOptions options) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line 368
  at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.CreateImpl.Create(ObjectClass oclass, ICollection`1 attributes, OperationOptions options) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 388
  at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.ConnectorAPIOperationRunnerProxy.Invoke(Object proxy, MethodInfo method, Object[] args) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 244
  at ___proxy1.Create(ObjectClass , ICollection`1 , OperationOptions )
  at Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.ProcessOperationRequest(OperationRequest request) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\Server.cs:line 609
  I'm not sure why the username/password error could be occurring, as those fields in the AD IT Resource are correct (I've run AD recon jobs that have connected properly). Is there something I'm missing?

• Pre populate adapter in OIM 11gr2 not triggered in database

  Hello,
  Folowing is the steps for creation of pre populated adapter in OIM
  ** we have created one form in OIM which is provisioned to Database**
  Steps
  · Installed GTC connector for Database Web App 9.*
  · Created new user and Table in Database
  · Created IT resource for Database
  · Created Sandbox, App Instance and Form, published sandbox
  · Started catalog synchronization job scheduler
  · Created user and and request account to app instance.
  * select application instance to catalog and checkout.
  ** we have created adapter as per the following link
  http://idmrockstar.com/blog/2009/08/how-to-create-a-prepopulate-adapter-in-oim/
  create a pre populated adapter that will populate the firstname of user in email using java class
  source code:
  public class AdapterClass{
  public String email( String fname )
  return fname;
  Steps:
  1) In the design console I have open the Adapter Factory and create a new adapter name :firstname
  adapter type: pre-populate rule generator
  click on save
  2) select variable list tab:
  variable name:Firstname
  type:String
  Map to : Resolve at runtime
  click on save
  3) select Adapter Task tab
  * click add and select logical task
  * select SET VARIABLE and click continue
  * Operand Type:variable
  * Operand Qualifier : FIrstname
  click save and save the adapter
  4) compile the java class into jar file and move the jar file into OIM_HOME\server\JavaTasks
  5)Create a new Adapter with the following"
  Adapter name:Email
  Adapter type: Pre-populate rule Generator
  click save
  6) select variable list tab:
  variable name: var1
  Type:String
  Map to:Resolve at runtime and click save
  7) select Functional Task tab:"
  select java click continue
  select the following information:
  Task name:email
  Api source: JavataskJar:Adapterclass.jar( the jar file which you have create)
  application api: adapteclass
  click save
  8) In the Application method parameters,select the first input: String
  Cange Map to:Adapter variables
  Set the name to:var1 and click save
  9) select the output:STring
  change map to:Adapter variables
  set name to: return variable
  10) click save and save the adapter and click on Build
  Adapter is now build the next step isto join it to the form
  ** join the adapter to the form**
  Steps:
  1) click on form designer and search the related form which we have created
  2) In the respective form click on create a new version and create a new version
  3) and then click on Pre populate tab and click on ADD
  4)select adapter field to firstname
  Rule : default
  Adapter : Firstname
  and click on save
  5) In the adapter variable field click on firstname and fill the following
  map to: Process data
  Qualifier : firstname
  6) Repeat steps 3 to 5 to map the email adapter
  7) click on save.
  Now we have done with all the steps and now we have created one User submit the user
  we have click on request acounts ---> search the catalog and select the application instance (select the app instance "database provisioning") ---> add to cart ---> and check out ---> fill the form leaving email field --> ready to submit ---> submit
  now we have check this user in database but still pre populated fields are not reflected. since this not working so we have found the other three links
  Re: OIM 11gR2 - Prepopulate Field Empty Problem
  http://fusionsecurity.blogspot.in/2013/01/populating-request-attributes-in-oim.html
  http://identityandaccessmanager.blogspot.in/2011/07/prepopulate-adapter-in-oim-11g.html
  according to these links they mention to implements the prepopulationadapter interface into the java class and create the plugin.xml for the class which we have used in jar.
  so we prepared a plugin.xml
  <?xml version="1.0" encoding="UTF-8" ?>
  <oimplugins xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <plugins pluginpoint="oracle.iam.request.plugins.PrePopulationAdapter">
  <plugin pluginclass= "com.oracle.demo.iam.prepop.plugin.UserLoginPrePop" version="1.0" name="UserLoginPrePop">
  <metadata name="PrePopulationAdapater">
  <value> My_users::email</value>
  </metadata>
  </plugin>
  </plugins>
  </oimplugins>
  and the java class which implements "PrePopulationAdapter".
  they mention to put that jar into one directory named "lib"and paste the xml and lib folder into the OIM_HOME\server\plugin
  BUt we stuck on how to configure the adapter or what is the next steps for the above process. or there is something that we have missed in the process
  please do reply its urgent
  Regards,
  Tushar Palekar

  hii i have followed all your steps regarding the pre populated adapter ,but no luck.
  java code :
  package com.oracle.demo.iam.prepop.plugin;
  import java.io.Serializable;
  import oracle.iam.request.plugins.PrePopulationAdapter;
  import oracle.iam.request.vo.RequestData;
  public class Userfname implements PrePopulationAdapter {
  public Serializable prepopulate(RequestData requestData){
  String fname = "xyz";
  System.out.println("Returning fname ==== " + fname );
  return fname ;
  2)i have create a jar for this code and paste it into lib folder.
  3) i have create a plugin.xml
  <?xml version="1.0" encoding="UTF-8" ?>
  <oimplugins xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <*plugins pluginpoint="oracle.iam.request.plugins.PrePopulationAdapter">*
  *<plugin pluginclass= "com.oracle.demo.iam.prepop.plugin.Userfname" version="1.0" name="Userfname">*
  *<metadata name="PrePopulationAdapater">*
  *<value>register::LAST_NAME</value>*
  *</metadata>*
  *</plugin>*
  *</plugins>*
  *</oimplugins>*
  4)i register the plugin using ant -f  pluginregistration.xml register
  5)i have restartthe oim server and then i create a user using the same app instatnce in which i have create the form(ie.register),and
  request acount-->select app instance ---> add to cart
  but the last name xyz as per the java code is not reflected in the dadbase table.
  please help
  tushar palekar

• Steps to develope user name generation event handler in OIM 11gR2

  Friends,
  Can you please provide me steps to develop user name generation event handler in oim 11gR2?
  Thanks,
  Chakri

  Thanks for providing the detailed steps. This is waht i was looking for.
  I will follow these steps and let you know the results.
  Thanks for your support.

• Replicating the app functionality from OIM 10g to OIM 11gR2

  Hi,
  I have a resource object with an object form and a process form and approval, provisioning configured in OIM 10g design console. Provisioning is manual provisioning assigned to a particular group based on a task assignment adapter. For replicating the same in OIM 11gR2 i followed the following steps.
  1. Created a Resource object in Design console.
  2. Created a dummy IT Resource ( Since while creating app instance it is having IT Resource as Mandatory field. * Is there any way to skip this as i do not have any IT resource in my original app as it is going for manual provisioning?)*
  3. Created a process form in Design Console with the same fields as present in my 10g app process form.
  4. Now i need to Create an app instance and select the created resource object and IT resoource. Also i need to create a form associated with the app instance in which i will add the fields as present in the object form in my 10g app. ( Here i am not understanding how data will flow from object form to process form since there is no data flow mapping here)
  5. Other steps like creating the SOA composite with human tasks and deploying it and after that creating approval policies is pretty much clear.
  Please clarify whether the steps are correct and also the queries which i have posted in between. Thanks in advance.
  Regards,
  Durgaprasad
  Edited by: Durgaprasad on Jan 17, 2013 3:38 AM

  Thanks Gyanprakash. Wll disconnected resource trigger our custom approval process if we select the resource name properly in scope in operational level approval policy. Have you tried a disconnected resource with your custom approval process. Because i read the following lines in admin guide
  Oracle Identity Manager supports provisioning of disconnected resources by using the SOA worklist for manual provisioning of disconnected resources. After the role-based provisioning decision or SOA request approval is complete and the corresponding application instance is determined to be a disconnected application instance, a new SOA workflow is started. This new SOA workflow is assigned to the manual provisioning administrator.
  So i thought disconnected app instance will have its own approval process configured during the creation and it will route accordingly. So just wanted to clarify how to make disconnected app instance to trigger our approval. will approval policay take care of it as i am going to select the name of the disconnected app in the scope field.

• Need information on OAM 11gR2 protecting OIM 11gR2

  Hi All,
  I need to implement a solution wherein I have to protect OIM 11gR2 application using OAM 11g2.
  So in this case the identity store for OIM is the normal Oracle database and we have used the generic LDAP connector to provision the users to a LDAP directory which is the identity store for OAM.
  I have gone through the OIM integration with OAM and it talks about a lot of steps involving extension of the identity store for both OIM and OAM,(Integrating Access Manager and Oracle Identity Manager - 11g Release 2 (11.1.2))
  In my case I don't need the features like centralized password management functionality...we only want to protect the OIM application.
  So is it possible to enable SSO without
  1)Externalizing the identity store of OIM to the LDAP directory which is the identity store for OAM,and hence not running the LDAP sync utility
  Also can you please guide me to a document that specifies the steps.
  Thanks

  Hi Thiago,
  Thanks for your replies.
  Yes, I followed certification matrix and tried to install 11.1.1.6 only on wlserver 10.3.6.
  Can you please eloborate on the below points? Or If there are any urls for detailed steps, please provide them.
  -What you have to do:
  +2.1-On Application Server Navigator you can create types of connection:+
  +2.2-Integrated WLS option+
  +2.3-Standalone WLS option+
  +2.4-This first option you can install a local standalone WLS 10.3.6 server on your environment, then create a separate "integrated WLS" connection to the standalone server.+
  +2.5-Then go to your Application's properties through the Application menu -> Application Properties -> Run -> Bind to Integration Application Server option you can the brand new option created WLS server connection to work with your application.+
  +3.0- Don't forget that you need to install the ADF Runtimes for the server to be able to work with ADF applications+