Request failed in OIM 11g

Similar Messages

• Customizing request datasets in OIM 11g

  Hi Friends,
  I have couple of questions/issues while customizing request datasets in OIM 11g. Can you please help me?
  1) I gave read-only="true" in my request dataset for one of the attribute, but I was still able to edit that attribute value while raising requests.
  2) I gave hidden="true" in my request dataset for one of the attribute, but I was still able to see that attribute while raising requests.
  3) I have around 90 attributes in my request dataset. Is there any way to display category type and under that category display the attrbitues i.e. just like attributes in user profile.
  4) As I have 90 attributes, I am expecting the format will be like first 45 will be shown in left panel(column) and remaining 45 in right panel (column). Instead of this , it is showing first 70 in left panel and the remaining 20 in right panel which is very ugly to see. Is there any way to show frist 45 on left side and remaining 45 on the right side? Please help me.

  Regarding the first two points:
  1) The read only property applies to the approver only, i.e. approver can read and not modify the attribute. It does not apply to the requester. I don't believe you can configure a read-only attribute in the data set.
  2) If you want to hide an attribute, you can restrict it in your request template.

• How to polulate data from lookup using request dataset in OIM 11g

  Hi,
  Using Request dataset in OIM 11g, I need to display one dropdown with the roles those need to come from Lookup.
  For Ex; I have 2 resources,i.e Resource A and Resource B. Resource A has 5 roles and Resource B has 3 Roles.
  While creating a request, If I select Resource A, then I should be able to get 5 Roles and if I select Resource B then I should be able to see corresponding 3 roles.
  Pls. note I have only one Look up definition , where I have roles for both Resource A and B.
  I have done simillar thing in OIM 10g , however I am unable to do it using OIM 11g Request dataset.
  Pls suggest.

  Hi BB,
  I am trying to follow up your response.
  You are suggestng to use prepopulate adapter for to populate respource object name, that means We have to just use an sql query from obj tabke to get the resource object name. right ?? it could be like below, what should I have entity-type value here ??
  <AttributeReference name="Field1" attr-ref="act_key"
  available-in-bulk="false" type="Long" length="20" widget="ENTITY" required="true"
  entity-type="????"/>
  <PrePopulationAdapter name="prepopulateResurceObject"
  classname="my.sample.package.prepopulateResurceObject" />
  </AttributeReference>
  <AttributeReference name="Field2" attr-ref="Field2" type="String" length="256" widget="lookup-query"
  available-in-bulk="true" required="true">
  <lookupQuery lookup-query="select lkv_encoded as Value,lkv_decoded as Description from lkv lkv,lku lku
  where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.xxx.BO.Field2'
  and instr(lkv_encoded,concat('$Form data.Field1', '~'))>0" display-field="Description" save-field="Value" />
  </AttributeReference>
  Then I need think about the 'Lookup.xxx.BO.Field2' format.
  Could you please let me know if my understanding is correct?? What is the entity-type value of the first attribute reference value?
  Thanks for your all help.

• Lookup codekey value in Request dataset in OIM 11g

  Hi,
  Below is my Attribute reference in Request dataset in OIM 11g.
  Could you please suggest what could be the possible Lookup code key values in lookup 'Lookup.AccountingControl.Roles'
  I tried giving CodeKey values as "ACCOUNTING CONTROL~" then Decode value as "Administrator" , However it does not give any value.
  So I think what I am giving as Codekey value is wrong based on below lookup query.
  What could be the correct value for CodeKey ? Thanks!!
  <AttributeReference name = "Role Name" attr-ref = "Role Name" type = "String" length = "256" widget = "lookup-query"
  available-in-bulk = "true"
  required = "true"
  primary = "true">
  <lookupQuery
  lookup-query = "select lkv_encoded as Value,lkv_decoded as
  Description from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and
  lku_type_string_key='Lookup.AccountingControl.Roles' and instr(lkv_encoded,concat('ACCOUNTING CONTROL','~'))>0"
  display-field = "Description"
  save-field = "Value"/>
  </AttributeReference>

  Yes..You were right.
  You resolved one of my issue. I have marked it as answered giving 10 pts ;-)
  I think I have already raised another forum question where I needed to pass this Accounting Control as dynamic and this is one Resource Obkect selected from previous page.
  You asked me to use Prepopulate adapter to get the Resource Object name.
  I have still some questions to solve that issue.I will put that question there. It would be great yo answer it.

• Create user from trsuted recon fails in oim 11g

  Hi,
  Create user functionality is failing in OIM 11g becasue i am missing one field mapping and that is Role. I dont know which attribute of trusted recon should be mapped to OIM Role field. What mapping am i missing? I am getting below error in logs:
  Caused by: oracle.iam.platform.entitymgr.MissingRequiredAttributeException: [Role]
  at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.checkRequired(EntityManagerImpl.java:1510)
  at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:265)
  at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:241)
  at sun.reflect.GeneratedMethodAccessor2787.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMetho
  [2013-12-27T06:04:46.066-08:00] [oim_server1] [ERROR] [] [oracle.iam.reconciliation.impl] [tid: [ACTIVE].ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: b33006816923ec25:17564607:14333cadc4a:-8000-0000000000001f29,0] [APP: oim#11.1.2.0.0] The following exception occurred: {0}[[
  oracle.iam.reconciliation.exception.CreateException: oracle.iam.platform.kernel.EventFailedException: IAM-3051103:The create operation on user entity failed in action stage.:
  at oracle.iam.reconciliation.impl.EntityTypeHandler.create(EntityTypeHandler.java:98)
  at oracle.iam.reconciliation.impl.EntityTypeHandler.applyRule(EntityTypeHandler.java:76)
  at oracle.iam.reconciliation.impl.EntityTypeHandler.process(EntityTypeHandler.java:49)
  at oracle.iam.reconciliation.impl.ActionEngine.processEvent(ActionEngine.java:176)
  Caused by: oracle.iam.platform.kernel.EventFailedException: IAM-3051103:The create operation on user entity failed in action stage.:
  at oracle.iam.identity.usermgmt.utils.UserManagerUtils.createEventFailedException(UserManagerUtils.java:278)

  Role is nothing but User Type(Full-Time Employee, Contractor...etc)

• Issue with deleting a group using Request APIs in OIM 11g R1

  Hi,
  I am facing an issue with Request Based provisioning in OIM 11g R1.
  I am currently testing a scenario where i have imported a data set for 'Modify Provisioned Resource' and am able to add a group/entitlement to an already provisioned resource by using the following code :
          RequestBeneficiaryEntityAttribute childEntityAttribute= new RequestBeneficiaryEntityAttribute();
          childEntityAttribute.setName("AD User Group Details");
          childEntityAttribute.setType(TYPE.String);
          List<RequestBeneficiaryEntityAttribute> childEntityAttributeList=new ArrayList<RequestBeneficiaryEntityAttribute>();
          RequestBeneficiaryEntityAttribute attr = new RequestBeneficiaryEntityAttribute("Group Name", <group>,                                                                       RequestBeneficiaryEntityAttribute.TYPE.String);
          childEntityAttributeList.add(attr);
          childEntityAttribute.setChildAttributes(childEntityAttributeList);
          childEntityAttribute.setAction(RequestBeneficiaryEntityAttribute.ACTION.Add);
          beneficiaryEntityAttributeList = new ArrayList<RequestBeneficiaryEntityAttribute>();   
          beneficiaryEntityAttributeList.add(childEntityAttribute);
          beneficiarytEntity.setEntityData(beneficiaryEntityAttributeList);
  This works fine for adding a group but if i try to remove a group by changing the action to Delete in the same code, the request fails. The only change made is in the following line:
  childEntityAttribute.setAction(RequestBeneficiaryEntityAttribute.ACTION.Delete);
  Could you please suggest where can this possibly be wrong.
  Thanks for your time and help

  Hi BB,
  I am trying to follow up your response.
  You are suggestng to use prepopulate adapter for to populate respource object name, that means We have to just use an sql query from obj tabke to get the resource object name. right ?? it could be like below, what should I have entity-type value here ??
  <AttributeReference name="Field1" attr-ref="act_key"
  available-in-bulk="false" type="Long" length="20" widget="ENTITY" required="true"
  entity-type="????"/>
  <PrePopulationAdapter name="prepopulateResurceObject"
  classname="my.sample.package.prepopulateResurceObject" />
  </AttributeReference>
  <AttributeReference name="Field2" attr-ref="Field2" type="String" length="256" widget="lookup-query"
  available-in-bulk="true" required="true">
  <lookupQuery lookup-query="select lkv_encoded as Value,lkv_decoded as Description from lkv lkv,lku lku
  where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.xxx.BO.Field2'
  and instr(lkv_encoded,concat('$Form data.Field1', '~'))>0" display-field="Description" save-field="Value" />
  </AttributeReference>
  Then I need think about the 'Lookup.xxx.BO.Field2' format.
  Could you please let me know if my understanding is correct?? What is the entity-type value of the first attribute reference value?
  Thanks for your all help.

• Creating a request type in OIM 11g R2

  Hi All,
  I came to know that the request templates have been removed from OIM 11g R2 . I have the below scenario,
  1)When an end user logs into Identity console and access his self profile through the 'My Information' link.
  2)If he tries to modify some of his attributes(say First Name) the approval policy should not get triggered and should be auto approved and committed to the database
  3)For some of the attributes(say Last Name) approval policy has to be triggered and request has to be created and wait for the approval .
  4)Now that request templates are removed , Can I create a new request type like 'Modify Custom attributes' similar to 'Modify User Profile' for this scenario to be achieved ?
  Please let me know how the above scenario is going to work in OIM 11g R2 ?
  Regards,
  Senthil.

  Hi ,
  Thanks for your reply .. I am able to understand the scenario what you are trying to explain .. I tried to do the same ...but in my scenario ,this is the problem that I am facing ..
  1)When a user modifies only his First Name then it works fine and gets auto approved .
  2)When a user modifies only his Last Name then it works fine and goes for approval and waits till it gets approved.
  3)Now the problem is when a user modifies both his First Name and Last Name and submits as a single request , how to handle this ? In this case the First Name should get committed and the Last Name should not get committed .. But he has submitted only a single request .. so how to handle this scenario ?How to divide a single request into two to commit one attribute and not commit another one ?

• How to assign approvaal policy for a request template in OIM 11g

  When I request for resource in OIM 11g, It's always going for Default approval of xelsysadm.
  I want this Request level approval must go to "Beneficiary Manager approval". While requesting I am selecting request template (which I created) for Provision resource as Request type.I have already set "Beneficiary Manager approval" as request level approval for this request template.
  I have created one approval policy, How can I assign this approval Policy to request template so that When i submit this request , it should go to my Manager approval.
  Regards,
  J

  Hi Rajiv,
  I do not need approval of Operational level. I want to stop the approval process after request level approval.
  Here you are saying to create a new approval policy and set as AUTO Approval as true. There are some default approval policies which comes with OIM 11g and one of the approval policy is trigeering the Operaional level approval. So I think I do not need to create new approval policy and I can use exsting approval policy and modify as you suggested selecting AUTO APPROVAL and create approval rule as request template=="XYZ".
  I am not sure which default approval policy trigeering the Operational approval now. Can you pls tell me that?
  Can you pls confirm that, there is only way to restrict Opertional Approval by selecting "AUTO APPROVAL" true and put the approval rule as request template=="XYZ"
  Thanks Rajiv for your help all the time.

• Can approver modify user's request form in OIM 11g?

  Dear All,
  In OIM 10g, the approver of a request can modify user's request form, we just need to configure the permission in OIM. But, can we do it in OIM 11g?
  If can, how can i configure it?
  really need your help guys,, :D
  Thank you,
  --herry                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

  Hi user12841694,
  Thanks for the suggestion. But, the data (field) that can be modified by the approver is very limited. We cannot attach multi-valued attribute there (like Child Form).
  Regards,
  ---herry

• Create user request from api OIM 11g r2

  Hi,
  I need to read a database and raise a request for creating uses. After  approval the user needs to be created in OIM 11g R2.
  I want to write a scheduled task which will read database columns and rasie a request to create users.
  I dont want to use UnauthenticatedSelfService api.
  Please suggest a way to achive that. any pointer / sample coede / suggestion  is helpful.

  Here are links to creating a request for a role and a resource.  https://java.net/projects/openptk/sources/svn/show/branches/Oracle/OIM11g/examples/java/OIMClient/src/oim/client/request?rev=1402
  I would suggest you start with these and modify the parameters to be for a user.  You will have to try some trial and error to get it working, unless someone already has it available.  And so far, no one who is posting does.  Give it a shot.  You can always create an SR with oracle and ask for assistance.
  -Kevin

• Reconciliation of "change password on next logon" from AD fails in OIM 11g

  Hello,
  We have a use case on our OIM 11g project where we create a user in Active Directory and check *"User must change password at next logon"* box in AD.
  We have setup AD as Trusted and Target resource (using connector 9.1.1.7), where users coming from AD will be created in OIM and password changes in OIM will be sent to AD. Also we use the password synchronization module (9.1.1.5) to synchronize the passwords from AD to OIM when they are changed in AD.
  What we noticed is the "User must change password at next logon" is synchronized to the "AD Resource", but unlike the regular attributes it is not accessible normally because it's a system attribute.
  What we expect is the user logging in to OIM will be prompted to change the password, but nothing happens when the newly reconciled user logs in (i.e. normal self-service page is shown). Same thing applies when we set the flag on an existing user also.
  Did anyone get this working properly?
  P.S. In a previous version it used to be the opposite where the user was constantly prompted for the password, even though it was changed in AD already, after changing the password using Alt+Crtl+Delete the user was still prompted to change when logging in to OIM. Oracle suggested we upgrade to 11.1.1.5.1 (most recent patch set) but now the reverse happens - we never get change password prompt now.
  Thanks,
  -JP
  Edited by: JacekP on Oct 17, 2011 8:10 AM

  Yeah, you're right, unfortunately we have dual authorative password model, where a user can change the password from OIM when he is accessing a OIM through a web interface or from his Windows machine through the domain controller. We need the use case to work fully both ways ideally.
  A plan-B solution is to use a directory synchronization mechanism outside of OIM that would connect OID and AD, but we would prefer not to.

• Request Payload OtherDetails -OIM 11g R2

  Hi,
  I have followed link to set data element in paylod:
  http://bbagaria.blogspot.com/2011/08/how-to-extend-payload-from-oim-to-soa.html
  I had a requirement of showing up 3 attributes on request which i have set like:
  detailtype.setName(“Custom Attribute1”);
  detailtype.setValue(“Custom VALUE1”);
  detailtype.setName(“Custom Attribute2”);
  detailtype.setValue(“Custom VALUE2”);
  detailtype.setName(“Custom Attribute3”);
  detailtype.setValue(“Custom VALUE3”);
  detailtypesList.add(detailtype);
  payload.setOtherDetails(otherDetails);
  Now what should i do inorder to retrieve in Task Title section of approval task? All I can see in my configuration under OtherDetails section is Name and Value -should I manually create these custom Attributes/values in approval task and redeploy the composite or is there any way to retrieve them during run time on task Title?
  Thanks

  Hi ,
  Thanks for your reply .. I am able to understand the scenario what you are trying to explain .. I tried to do the same ...but in my scenario ,this is the problem that I am facing ..
  1)When a user modifies only his First Name then it works fine and gets auto approved .
  2)When a user modifies only his Last Name then it works fine and goes for approval and waits till it gets approved.
  3)Now the problem is when a user modifies both his First Name and Last Name and submits as a single request , how to handle this ? In this case the First Name should get committed and the Last Name should not get committed .. But he has submitted only a single request .. so how to handle this scenario ?How to divide a single request into two to commit one attribute and not commit another one ?

• Develop pre-populate adapter in request dataset in OIM 11G

  Hi Friends,
  I have a field say UD_TEMP_FORM_FIELDA on the process form which is going to be populated based on the value of a field SAY UD_TEMP_FORM_FIELDB on the request dataset.
  So my request dataset will have only one field which is UD_TEMP_FORM_FIELDB.
  And my process form will have two fields UD_TEMP_FORM_FIELDA and UD_TEMP_FORM_FIELDB.
  And I developed a pre-populate adapter on the process form to populate UD_TEMP_FORM_FIELDA field based on the value of UD_TEMP_FORM_FIELDB during provisioning. But pre-population is not at all getting triggered during provisioning. I believe I need to put UD_TEMP_FORM_FIELDA also on the request dataset and pre-populate its value in request dataset itself and pass the value from request data set to process form. Is this correct?
  If so, as per the documentation, we need to create a request dataset with pre-pop adapter in the below format.
  <AttributeReference name="Domain" attr-ref="domain" available-in-bulk="true" type="String" length="20" widget="text">
  <PrePopulationAdapter classname="oracle.iam.request.DomainPrepopulateAdapter"/>
  </AttributeReference
  As we are specifying only the class name in the above statement,
  1) How to pass the value of UD_TEMP_FORM_FIELDB to this class.
  2) Which method in the class will execute
  3) How to Registert this class.
  Can you please provide me some steps/urls for the above requirement?
  Thanks,
  Mike

  Hi Nishith,
  Thanks for your response.
  As per my requirement I am going to keep UD_TEMP_FORM_FIELDA (Group Owner) and UD_TEMP_FORM_FIELDB (AD Group Name) in the child forms and I am going to use the below pre-populate adapter code to get the value for UD_TEMP_FORM_FIELDA based on value of UD_TEMP_FORM_FIELDB.
  My question is:
  If I raise a request with only one value in the child form, then the below code will code work. But, If I add more than one value say AD groups in the child form while raising a request, this code is going to retrieve same owner value for all AD groups as it will go by FOR loop.
  How to pre-populate the individual owner for the individual AD group given in the child form? Please let me know.
  public class PrepopEBSRespValue implements PrePopulationAdapter {
  public Serializable prepopulate(RequestData requestData) throws RequestServiceException,
  tcAPIException,
  tcInvalidLookupException,
  tcColumnNotFoundException {
  List<Beneficiary> beneficiaries = null;
  List<RequestBeneficiaryEntity> benEntities = null;
  List<RequestBeneficiaryEntityAttribute> benAttrs = null;
  String ownerValue="";
  beneficiaries = requestData.getBeneficiaries();
  if (beneficiaries != null && !beneficiaries.isEmpty())
  for (oracle.iam.request.vo.Beneficiary beneficiary : beneficiaries)
  benEntities = beneficiary.getTargetEntities();
  if (benEntities != null && benEntities.size() > 0)
  for (oracle.iam.request.vo.RequestBeneficiaryEntity benEntity : benEntities)
  benAttrs = benEntity.getEntityData();
  if (benAttrs != null && benAttrs.size() > 0)
  for (oracle.iam.request.vo.RequestBeneficiaryEntityAttribute benAttr : benAttrs)
  if(benAttr.hasChild())
  java.util.List <oracle.iam.request.vo.RequestBeneficiaryEntityAttribute> list = benAttr.getChildAttributes();
  java.util.Iterator iterator = list.iterator();
  while(iterator.hasNext())
  oracle.iam.request.vo.RequestBeneficiaryEntityAttribute attribute =(oracle.iam.request.vo.RequestBeneficiaryEntityAttribute)iterator.next();
  String attrName=attribute.getName();
  if (attrName.equalsIgnoreCase("Owner"))
  String lookupName="Lookup.Owner.values";
  System.out.println("Getting decoded value for the given code key..");
  String attrValue=attribute.getValue().toString();
  HashMap searchcriteria = new HashMap();
  searchcriteria.put("Lookup Definition.Lookup Code Information.Decode", attrValue);
  Thor.API.Operations.tcLookupOperationsIntf lookupIntf=Platform.getService(Thor.API.Operations.tcLookupOperationsIntf.class);
  tcResultSet result = lookupIntf.getLookupValues(lookupName,searchcriteria);
  for(int i=0;i<result.getRowCount();i++)
  result.goToRow(i);
  ownerValue = result.getStringValue("Lookup Definition.Lookup Code Information.Code Key");
  System.out.println("Decoded Value::"+ownerValue);
  return (Serializable) ownerValue;
  }

• OIM 11G : Selecting Multiple RO's in Single "Self Request Resource" Failing

  Hello Everyone,
  OIM 11G : End User "Self Request Resource" failing when user selects 2 or more resources in a Single Self Request Resource Request
  1) On OIM 11G, I have created 2 resource objects, workflow, process forms.
  2) Created the separate request dataset xml and imported into OIM repository
  3) Now if an end user creates a request , "Self Request Resource" and selects one of the resource
  4) Form defined as per request dataset shows up perfectly for the application on Resource Attributes page which comes next.
  5) Only Problem that I am seeing is when End User selects 2 resources in one single request
  Both the resource request dataset has been correctly configured because selecting only 1 works not both when both are selected in same request.
  Thanks,
  Deepak

  Hello Experts,
  on OIM 11G
  I am getting the above issue when an end user does a "self request resource" and selects 2 Resource Objects.
  On the Next Page, attribute form defined as per the request dataset.xml does not show up.
  Both the RO's are seen on top breadcrumbs but with a blank form. I can navigate to the next RO Resource Data Details again with a blank form.
  Though the attribute form as per request dataset comes up properly if I select any 1 of the 2 RO's and make "self request resource". everything goes fine.
  I have followed the documentation thoroughly to import the datasets etc and can see request dataset in MDS_PATHS table (DEV_MDS user).
  If anybody has also faced a similar issue or tested that selecting 2 RO's in 1 single "self request resource" works , pls let me know.
  Thanking in advance,
  Deepak

• OIM 11g R1 Request Template issue

  Hi All,
  We are facing an issue with implementing the Request Management of OIM 11g R1 11.1.1.5 for Create User.
  OIM already provides OOTB CreateUserDataSet.xml and a ‘Create User’ Request Template.
  We have changed(customized) the OOTB CreateUserDataSet.xml at the same location in MDS and have created one our own Request Template – ‘Create Custom’.
  We have also added Attribute Restrictions in the ‘Create Custom’  request template for mandatory fields like – ‘Organization’, ‘User Type’ & ’Design Console Access’.
  The issue we are facing is –“After some time(not immediately) the Request Template gets corrupt and does not open thus rendering the Request Process for Create User inoperable.”
  Below is the the log error of the OIM Web console error after we are trying to open ‘Create Custom’ by clicking on the Request Template.
  <ADF_FACES-60096:Server Exception during PPR, #8
  oracle.iam.platform.utils.MinLimitException: size < minimum limit
                  at oracle.iam.platform.canonic.model.Values.setMinLimit(Values.java:187)
                  at oracle.iam.requesttemplate.agentry.operations.OpenActor.renderAttributeRestrictionsTab(OpenActor.java:829)
                  at oracle.iam.requesttemplate.agentry.operations.OpenActor.prepare(OpenActor.java:198)
                  at oracle.iam.consoles.faces.utils.CanonicUtils.prepareOperation(CanonicUtils.java:169)
                  at oracle.iam.consoles.faces.utils.CanonicUtils.prepareOperation(CanonicUtils.java:179)
                  at oracle.iam.consoles.faces.render.canonic.UICursor$TableActionListener.processAction(UICursor.java:855)
                  at javax.faces.event.ActionEvent.processListener(ActionEvent.java:88)
  Any help in solving above issue, workarounds or knowing that is it an OIM bug will be greatly helpful.
  Note* I have noticed(through Export) that in a corrupted Request Template the Organization Name that I have restricted to a Constant, has the- Organization Name's Text as value in exported xml. If I change it back to ACT KEY and import it back in OIM the Template is again restored until next corruption
  Thanks already
  Regards,
  Nitin Tewari

  Excellent! Thank you very much!
  Edited by: 958794 on May 22, 2013 10:37 AM