Request Approval Process exception in OIM 11g
Hi,
We have upgraded oim 9.1 to oim 11.1.1.5 and we did not have any request approvals in oim 9.1.
Now we are using oim 11g to develop request approval process. We have tried to raise a request for "Provisioning Resource" - Application Access and "Assign Role" - Business Role Request in OIM 11g environment. Both the Requests are failing with the same exception as below,
Error:
IAM-2050014:An error occurred while initiating approvals for request oracle.iam.platform.workflowservice.exception.IAMWorkflowException: Tasklist mapping failed for workflowdefinition: default/DefaultRequestApproval!1.0 due to javax.naming.NamingException: String index out of range: -1. The corresponding error message is {1}.
Any idea on the above error?
Thanks!!
you can follow these videos to see if you can get a basic manager approval working for a self request resource.
http://www.youtube.com/watch?v=KCA_cxKsi_o&feature=channel_video_title
Similar Messages
-
Using web services in Approval Work flow in OIM 11g
Hi All,
I am a new bie to OIM 11g. I have created an approval work flow and it is working fine.
Now my requirement is to use a web service in the approval work flow instead of directly embeding the java code in Java Embeding Activity. Can some body share me a document or url for the process of doing it.
Thanks in advance for the help.
Thanks,
PreetiIf you are using OIM 11gR2 please refer the below document. All steps are very clear with the screenshots.
http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/request.htm#autoId27
See section 21.3.5.7 Configuring the Human Task and BPEL Mappings
Also see this OBE tutorial for getting idea on Java embedding activity and assigning and retrieving data from global variables in SOA
http://www.oracle.com/webfolder/technetwork/tutorials/obe/fmw/oim/oim_11g/Request_Workflow_for_Self_Registration/request_workflow_for_self_registration.htm -
Creating approver only field in OIM 11g R2
Hi,
I need to create some fields in OIM 11g R2 request data set, so that those field will be visible only to approvers and they can only enter the data into it.
In 11g R1 I know how to create those field, but I don't know how to create the same type of field in OIM 11g R2.
Please helpHi ,
Thanks for your reply .. I am able to understand the scenario what you are trying to explain .. I tried to do the same ...but in my scenario ,this is the problem that I am facing ..
1)When a user modifies only his First Name then it works fine and gets auto approved .
2)When a user modifies only his Last Name then it works fine and goes for approval and waits till it gets approved.
3)Now the problem is when a user modifies both his First Name and Last Name and submits as a single request , how to handle this ? In this case the First Name should get committed and the Last Name should not get committed .. But he has submitted only a single request .. so how to handle this scenario ?How to divide a single request into two to commit one attribute and not commit another one ? -
Exception from OIM 11g login method
Hello All,
I installed OIM 11g on RHEL5 on WebLogic 10.3.3. I have written a sample client application which connects to OIM server to evaluate its various functionality.
<snippet>
System.setProperty("java.security.auth.login.config", "ABSOLUTE_PATH/authwl.conf");
System.setProperty("OIM.AppServerType","weblogic");
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
env.put(Context.PROVIDER_URL, "t3://HOST_NAME:7001");
OIMClient oimClient = new OIMClient(env);
try {
oimClient.login("xelsysadm", PASSWORD.toCharArray());
System.out.println("Got OIM Connection");
} catch (LoginException e) {
System.out.println("Got OIM Connection:"+e.getMessage());
</snippet>
In the above code snipped, the following exception is thrown by "oimClient.login("xelsysadm", PASSWORD.toCharArray());" line:
<EXCEPTION>
oracle.iam.platform.utils.NoSuchServiceException: java.lang.reflect.InvocationTargetException
at oracle.iam.platform.OIMClient.getServiceDelegate(OIMClient.java:197)
at oracle.iam.platform.OIMClient.getService(OIMClient.java:174)
at oracle.iam.platform.OIMClient.loginSessionCreated(OIMClient.java:209)
at oracle.iam.platform.OIMClient.login(OIMClient.java:136)
at oracle.iam.platform.OIMClient.login(OIMClient.java:129)
at GetOIMServerConnection.main(GetOIMServerConnection.java:24)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at oracle.iam.platform.OIMClient.getServiceDelegate(OIMClient.java:193)
... 5 more
Caused by: oracle.iam.platform.utils.NoSuchServiceException: javax.naming.NameNotFoundException: While trying to lookup 'ejb.stateless.ClientLoginSessionService#oracle.iam.platformservice.api.ClientLoginSessionServiceRemote' didn't find subcontext 'stateless'. Resolved 'ejb' [Root exception is javax.naming.NameNotFoundException: While trying to lookup 'ejb.stateless.ClientLoginSessionService#oracle.iam.platformservice.api.ClientLoginSessionServiceRemote' didn't find subcontext 'stateless'. Resolved 'ejb']; remaining name 'stateless/ClientLoginSessionService#oracle/iam/platformservice/api/ClientLoginSessionServiceRemote'
at oracle.iam.platformservice.api.ClientLoginSessionServiceDelegate.<init>(Unknown Source)
... 10 more
Caused by: javax.naming.NameNotFoundException: While trying to lookup 'ejb.stateless.ClientLoginSessionService#oracle.iam.platformservice.api.ClientLoginSessionServiceRemote' didn't find subcontext 'stateless'. Resolved 'ejb' [Root exception is javax.naming.NameNotFoundException: While trying to lookup 'ejb.stateless.ClientLoginSessionService#oracle.iam.platformservice.api.ClientLoginSessionServiceRemote' didn't find subcontext 'stateless'. Resolved 'ejb']; remaining name 'stateless/ClientLoginSessionService#oracle/iam/platformservice/api/ClientLoginSessionServiceRemote'
at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:234)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
at weblogic.jndi.internal.ServerNamingNode_1033_WLStub.lookup(Unknown Source)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:405)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:393)
at javax.naming.InitialContext.lookup(InitialContext.java:392)
at org.springframework.jndi.JndiTemplate$1.doInContext(JndiTemplate.java:132)
at org.springframework.jndi.JndiTemplate.execute(JndiTemplate.java:88)
at org.springframework.jndi.JndiTemplate.lookup(JndiTemplate.java:130)
at org.springframework.jndi.JndiTemplate.lookup(JndiTemplate.java:155)
... 11 more
Caused by: javax.naming.NameNotFoundException: While trying to lookup 'ejb.stateless.ClientLoginSessionService#oracle.iam.platformservice.api.ClientLoginSessionServiceRemote' didn't find subcontext 'stateless'. Resolved 'ejb'
at weblogic.jndi.internal.BasicNamingNode.newNameNotFoundException(BasicNamingNode.java:1139)
at weblogic.jndi.internal.BasicNamingNode.lookupHere(BasicNamingNode.java:247)
at weblogic.jndi.internal.ServerNamingNode.lookupHere(ServerNamingNode.java:182)
at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:206)
at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:214)
at weblogic.jndi.internal.RootNamingNode_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:589)
at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:477)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:473)
at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
</EXCEPTION>
Any idea what's going wrong here?
Thanks in Advance,
ShyamThis issue is resolved by making following change in the client code:
replace
env.put(Context.PROVIDER_URL, "t3://HOST_NAME:7001");
by
env.put(Context.PROVIDER_URL, "t3://HOST_NAME:OIMServer_BOOTSTRAP_PORT/oim"); -
How to create Approval Policies using API - OIM 11g R2
Hi,
Could you please let me know how to create the Approval Policies using java API code in OIM 11g R2.
ThanksHi Karthik,
Thanks for sharing the link. Could you please let me know how to specify the rule condition while creating the Approval Policy using the API given in this link. -
Error creating a role from the process task adapter - OIM 11g R2 PS1
I have a requirement to create an OIM role dynamically when a resource account is created. Also once the role is created, I need to assign that role to the user dynamically. Following code works perfectly fine if I replace the Platform with OIMClient and run it remotely. It fails when I run it from OIM:
Exception:
An exception occurred while performing the operation.
java.lang.NullPointerException
at oracle.iam.request.impl.RequestEngine.startOrchestrationFromPreProcess(RequestEngine.java:5516)
at oracle.iam.request.impl.RequestEngine.triggerOperation(RequestEngine.java:5439)
at oracle.iam.request.impl.RequestEngine.doOperation(RequestEngine.java:5154)
at oracle.iam.impl.OIMServiceImpl.doOperation(OIMServiceImpl.java:43)
at sun.reflect.GeneratedMethodAccessor6238.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at com.sun.proxy.$Proxy943.doOperation(Unknown Source)
public static User searchUserByLogin(String login) {
List<User> users = null;
Set<String> retAttrs = new HashSet<String>();
retAttrs.add(UserManagerConstants.AttributeName.USER_KEY.getId());
SearchCriteria criteria;
criteria = new SearchCriteria(UserManagerConstants.AttributeName.USER_LOGIN.getId(), login, SearchCriteria.Operator.EQUAL);
try {
UserManager userManager = Platform.getService(UserManager.class);
users = userManager.search(criteria, retAttrs, null);
} catch (AccessDeniedException ade) {
// handle exception
} catch (UserSearchException use) {
// handle exception
if (users.size() > 0) {
return users.get(0);
} else {
return null;
public static boolean grantRole(String usrLogin, String roleKey) throws oracle.iam.platform.authz.exception.AccessDeniedException, UserMembershipException, ValidationFailedException, RoleGrantException {
RoleManager roleMgr = (RoleManager) Platform.getService(RoleManager.class);
adpLogger.debug("Entering grantRole(1): User - " + usrLogin + " Role - " + roleKey);
Set userKeys = new HashSet();
User user = searchUserByLogin(usrLogin);
userKeys.add(user.getEntityId());
if (!roleMgr.isRoleGranted(roleKey, user.getEntityId(), false)) {
RoleManagerResult result = roleMgr.grantRole(roleKey, userKeys);
adpLogger.debug("Role granted " + result.getStatus());
} else {
adpLogger.debug("Role is already granted");
return true;
public static String createOrUpdateRole(String usrLogin, String roleName) throws oracle.iam.platform.authz.exception.AccessDeniedException, RoleSearchException, ValidationFailedException, RoleAlreadyExistsException, RoleCreateException, RoleGrantException, UserMembershipException {
adpLogger.debug("Entering createOrUpdateRole(1) Role " + roleName);
RoleManager roleMgr = (RoleManager) Platform.getService(RoleManager.class);
SearchCriteria criteria;
criteria = new SearchCriteria(RoleManagerConstants.ROLE_NAME, roleName, SearchCriteria.Operator.EQUAL);
Set<String> ret = new HashSet<String>();
User user = searchUserByLogin(usrLogin);
List<Role> roles = new ArrayList<Role>();
roles = roleMgr.search(criteria, ret, null);
String grpKey = "";
if (roles.size() > 0) {
adpLogger.debug("Role already exists. Role ID " + roles.get(0).getEntityId());
grpKey = roles.get(0).getEntityId();
} else {
Role role = new Role(new HashMap());
role.setName(roleName);
RoleManagerResult result = roleMgr.create(role);
adpLogger.debug("Role created with ID " + result.getEntityId());
grpKey = result.getEntityId();
return grpKey;
It fails at RoleManagerResult result = roleMgr.create(role); line in createOrUpdateRole() method.
Has anyone ever run into this kind of issue?
ThanksCan you please try after making organization for a particular role and user are same ?
For new role creation publish the particular group to organization.
Regards
Shashank k -
OIM 11g Approval Workflow Notification Configuration
Dear All,
Is there any documentation guide or tutorial or step by step guide about how to configure approval workflow notification in oim 11g?
In my case, a request must be approve by 3 (three) level of approver, "Requester Manager" --> "Application Business Owner" --> "Application Administrator". On each level, a notification need to be sent to the approver contains all information about the requester and the resource that requested.
How can i configure the notification since approval processes are in SOA composite and the development of the workflow is using JDeveloper?
Many Thanks for your help.Hi
Please go through the link, You can configure notification any time based on you requirement. You have to get emails to whom you want to sent, just set this mail in a variable. Use this variable as to ,..
http://docs.oracle.com/cd/E23943_01/dev.1111/e10224/bp_notif.htm#BABEDFCC
Thanks,
Kuldeep -
OIM 11G, DSML integration failing with null pointer exception
Hi,
we are facing the similar probelm while sending a request from TIBCO BW to OIM 11G (Which is weblogic)
The below request from TIBCO is not working and thowing a NULL POINTER EXCEPTION
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header>
<ns:OIMUser xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns="http://xmlns.oracle.com/OIM/provisioning" xmlns:ns0="http://schemas.xmlsoap.org/soap/envelope/">
<ns:OIMUserId>xelsysadm</ns:OIMUserId>
<ns:OIMUserPassword>Welcome123</ns:OIMUserPassword>
</ns:OIMUser>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<ns0:processRequest xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns0="http://xmlns.oracle.com/OIM/provisioning">
<sOAPElement xmlns="">
<ns:modifyRequest xmlns:ns="urn:oasis:names:tc:SPML:2:0" xmlns:ns0="http://schemas.xmlsoap.org/soap/envelope/" returnData="data">
<ns:psoID ID="Users:21"/>
<ns:modification name="Users.User ID" operation="add">
<ns:value>Richard1</ns:value>
</ns:modification>
</ns:modifyRequest>
</sOAPElement>
</ns0:processRequest>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
But if we change the <sOAPElement xmlns=""> to <sOAPElement> (removing the empty namespace) we can able to fire this soap.
Could you please let me know are there any patch, workaround for this issue.
Thanks
MadhuI don't think OIM 11g supports DSML profile and may be that's the reason you are getting NPE.
See: http://docs.oracle.com/cd/E14571_01/doc.1111/e14309/spmlapi.htm#CHDCBJAI
It states:
"SPML has two profiles: the XSD profile and the DSML profile. This release of Oracle Identity Manager makes use of the XSD profile." -
Approval Task Title -OIM 11g R2
Hi,
How can we pull data related to resource being requested, UDFs as part of the Approval task title in SOA composite?
Thanks.Follow below document to know more about OIM 11g Approval (It's for OIM 11g R1) or you can also follow OIM 11g R2 Developer's Guide:
http://www.oracle.com/webfolder/technetwork/tutorials/obe/fmw/oim/oim_11g/Request_Workflow_for_Self_Registration/request_workflow_for_self_registration.htm -
Hi,
Can you pl.guide me how to config Travel Request approval process.
Thanks in advancehi
you have to assign the Approval role to the approring authoriity user id.
activate the event linkage for workflow
assign the User ID. -
How to delete Justification field in OIM 11g screen
Hi,
I have one requirement to remove the Justification field in last screen while submitting the request for a resource in OIM 11g
any idea how to do it?
Thanks for your help.Please try this:
OIM Advanced -> System Management -> System Configuration -> Search: *just*
"Indicator to skip the justification page" -> Value: true -> SAVE
Managed object: Deployment Manager/System Property/SkipRequestJustificationStep
NOTE: I'm checking on 11.1.1.5.5, but I wouldn't expect it to be different
Yash -
Hi All,
I am newbie to OIM. I have a requirement with 2 levels of approvals in OIM 11g.
*1st level:* In the first level the Approver will be selected by the user(self service) from the drop down present in the custom UI.
*2nd level:* For the 2nd level Approval the 1st level appover should have the ability to select the next approver from a drop down list. The 2nd level approvers belong to a particular group.
All the approvers should be stored in a lookup table in OIM. When a user raises a request the custom application should get the values from the lookup table and populate the drop down for 1st level approvers. 2nd level approvers sholud be populated in the drop down during the 1st level approval process.
can any one suggest me the steps to achieve this.
ThanksTask assignment in SOA are done via human task assignment i.e. the .task component in BPEL. Now this task assignment can use various features to compute whom to assign the task to.
1. Static: This is when you specify the group name or the user name directly into the task.
2. Dynamic : This is when you assign the approver to be a variable and in your SOA workflow before task assignment you assign value to this variable.
3. External Routing: This is when you assign a java code inside the .task to do all the assignment and escalations. When using this you can have complex implementations done.
What I meant by looping is that you will need to call this .task two times, first time of the first approver and second time (if the first approves it) for the second approver. Thus when you are inside the loop you need to get the appropriate value from the payload (payload is sent from OIM to SOA when you submit/approve the request) and set it into the appropriate variable so that .task reads that variable and assigns the task to that person.
I would recommend going through the BPEL developers guide for better understanding. Start with a simple process and see how it behaves when it runs and then pile on top of it.
-Bikash -
Hi Expert/All,
May I have assistance regarding the OIM 11g?
Currently, I already create one approval (only 1 level approval) for some resource in OIM 11g, then I'm continue to test the resource with two below way:
1. If I'm try to add "New Resource" directly by xelsysadm via manage user menu (without approval process), the provisioning process was successfully creating new account in the target system.
2. The wierd is if I'm try to test Self-service request by user, after approval by last level approval, then there is no provisioning activity by OIM system, it is like OIM do nothing. The request status is show "Obtaining Template Approval" and history approval is complete by manager user (only 1 level approval)
My question is, does it still required any configuration for completing the provisioning process after the approval process?
Thanks,
Ricky RHi Kevin,
Thanks for the information, but it still do nothing, OIM did not continue the provisioning account to target system event I already assign SYSTEM ADMINISTRATOR roles to the user and manager. How I can trace this logs? currently I'm just look at the oim_server1.log at <OIM_DOMAIN>/severs/oim_server1/logs. Is there any other log file can we use to trace the app server logs?
Thanks,
Ricky R -
Approval process creation steps using JDeveloper in OIM 11g R2
Hi,
Please help me to create approval process creation using JDeveloper and how to use the approval process in OIM provision in OIM 11g R2.
Thanks in Advace,
srinirefer developer's guide to get the detailed steps. http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/request.htm#BABFFJDH
Also refer OBE tutorial http://www.oracle.com/webfolder/technetwork/tutorials/obe/fmw/oim/oim_11g/Custom_Approval_Process_for_Resource_Request/custom_approval_process_for_resource_provision.htm#t3
There will be slight changes in the steps as this OBE is for 11gR1.
High level steps:
Create a new application using the following command
ant -f <OIM_HOME>/server/workflows/new-workflow/new_project.xml.
It will be created in OIM_HOME/workflows/new-workflow/process-template/ directory
Openthe .jws file in jdeveloper and edit the default human task and add whatever logic is needed.
Then deploy the composite after which you need to create an approval policy and link the SOA composite created
Edited by: Durgaprasad on Apr 24, 2013 1:55 AM -
Can approver modify user's request form in OIM 11g?
Dear All,
In OIM 10g, the approver of a request can modify user's request form, we just need to configure the permission in OIM. But, can we do it in OIM 11g?
If can, how can i configure it?
really need your help guys,, :D
Thank you,
--herryHi user12841694,
Thanks for the suggestion. But, the data (field) that can be modified by the approver is very limited. We cannot attach multi-valued attribute there (like Child Form).
Regards,
---herry
Maybe you are looking for
-
Hello @ all, I have a problem. I want to establish a connection from ABAP to an EJB to transfer data from the EJB to ABAP. I found a class which can help me solving that problem. The class name is "CL_EJB_JAVA_OBJECT_METHODS". But there is no Documen
-
Getting FBAPIErrorDomain Error 1500 on FB/Messenger when I share.
when I try to send a picture, on messenger, I get this error message. How to fix or correct?
-
I am unable to access the web with links shown in my emails. This is a fairly recent problem (within the last 10 days). Are you aware of any updates that may have changed my settings?
-
Customizing ALBPM worklist based on Role
All, I need an example - and some guidance - on building a custom worklist that would only take effect when a specific role logs into the workspace - they'd see a customized inbox. Is this going to require a servlet filter or am I over-complicating t
-
Hello, I have been having problem with Workshop 8.1 debug. When I run again a servlet in degub mode, Workshop just terminated abruptly. I have re-install the Workshop, but still having the same problem. below from the Workshop error log: Unexpected S