Saving/fetching extended user attribute

Similar Messages

• Extended user attributes (UME)

  Hi there
  I'd like to add some attributes to my application users.
  I've read about ume.admin.addattrs and ume.admin.self.addattrs and I got it working, I mean, I can see those attributes in the "user admin" of my was server.
  How can I read these values in my webdynpro application?
  I've tried through IUser interface but it didn't work.
  Is there any other way of adding attributes to WAS users?
  thanks in advance

  Hi Julio,
  Try this
  try {
       IUser user = UMFactory.getUserFactory().getUserByUniqueName(username);
       String salesOrg;
       final String[] attribute = user.getAttribute(
            "com.sap.security.core.usermanagement",
            "NAME_OF_CUSTOM_ATTRIBUTE_FOR_SALES_ORGANIZATION");
       if( attribute==null || attribute.length == 0 || !Utils.isNotEmpty(attribute[0]) ) {
       //manage error
            return;
       } else {
            salesOrg = attribute[0];
  } catch (final WDUMException e) {
       //manage exception
       return;
  Best regards, Maksim Rashchynski.

• Sun IDM 7.0, creating a new extended user object in the repository.

  I have tested a change to an existing UserForm used in Anonymous User Registration TaskDefinition. The customer would like to capture a new field of data from the user during the registration, and have it stored in the repository so that it may be used as a differentiators between groups for billing.
  Caveat:  I am not the guy that originally installed and originally configured the IDM server, nor am I a programmer.
  Having said that, I have poked around enough to me able to modify the UserForm to include the drop-down select code, but once saved during the registration process, it is lost once the account is approved.
  Is there a rather explicit procedure to create a new extended user attribute within the repository? Someplace where my data can be saved?
  Thank you in advance for any assistance you may offer.
  Edited by: Jonathan.Hawes on Oct 29, 2010 3:58 PM to correct some spelling

  In 7.X user extended attributes shall be first described in the UserUIConfig Configuration object.

• Resource Attributes not saving in Queriable User Extended Attributes

  Howdy,
  I added a few queriable user extended attributes to IDM. I originally added them in through the configure user attributes interface. I then edited the UserUIConfig to specify that they were queryable. I then edited the User Search Defaults form's getSearchableAttrs function to include these attributes. My added attributes now show up in the search user form, etc., just like I expected them to. Next I configured a new resource adapter for a database table that contained some values I wanted to use to populate these queriable attributes. I wrote a correlation rule, and ran reconciliation on the new resource. It matched up the account entries and automatically matched and linked the account information. So far so good. However, the user extended attributes I defined are not getting populated with the data from the new resource. The mapped resource attributes are treated as part of the user view, but only under the given resource, not as a queriable attribute. I really want to be able to use the find user interface with these datafields. Does anyone know why my data is ot making it into the queriable fields? Do I need to write another rule or workflow? Any advice would be most helpful.
  Thanks!
  Jim

  Queryable attributes refer to attributes stored in the IDM user object, and so need to be referenced as such.
  If you want attribute 'foo' in resource 'bar' to be stored as a Queryable attribute, you need to define it like so in your User Form :
  <Field name='accounts[Lighthouse].foo'>
      <Expansion>
            <ref>accounts[bar].foo</ref>
      </Expansion>
  </Field>This should pull the value from the resource attribute and put it in the IDM attribute. If you refer to it as a global.foo everywhere, that might work (but I find globals to be problematic).
  Let me know if it works...
  Jason

• Extended Identity Manager User Attributes

  Howdy,
  I'm trying to add some attributes to the user accounts stored local to the Identity Manager. I went to the configure menu, and set up the attributes under the Identity Attributes tab. I set the attributes to be stored locally and saved them. I also made sure to indicate that the attributes should be available to the IDM admin and end user interfaces. However, the attributes do not show up when I list the users. When I go to the users attribute tab, it contains only the Account ID attribute. Shouldn't I be able to add a new attribute and edit it?
  Much thanks in advance for any help you may be able to provide.

  It is an XML object so I dont think it has a limit as such, though the system will get slower to checkout and checkin if you overextend it.
  there usually isn't any reason to extend it extensivly... I believe it stores most of that, if the querable flag is set at least, in the user attributes table
  if you need a lot of data connected to a user you could always have an extra table and store it in, you dont need to store everything in the user object unless you need it every time the user is checked in/out etc etc

• Saving Extended User Right Forms

  Hi,
  I'm attempting to bring my office up to date by using forms on computers.  Currently we still the type writer for some forms.  I fought to get Adobe Acrobat Pro and now that I have it I'm not sure it's doing what I want.  Suggestions on how to use this program better or get the 'right program are appreciated' (no disrespect to the Adobe Team).  I converted a form that was created from Word Document into a PDF.  I then Extended User rights.  I have the form made but everytime I go to save the form, I have to Save As: that is to say I just can't save the stuff I filled-in, in the same file and a new file is created.  With MS Word, even though I can't tab between forms, I don't have to make a new file.  Am I doing something wrong, is it possible to just hit Save in a fillable form and not have to create a new document or version?
  In the office, I am the only one with Adobe Pro 9 and the other people in the office mainly have Adobe Reader and not acrobat, so I want to save the forms using Adobe Reader.
  Thank you for your insights.  I've been researching this but no answer has come my way.
  Ricardo
  P.S. I am not trying to collect data from them, I just need forms to fill out and print and also save in the computer.

  You should apply the Extended User Rights as the last step in the process
  of creating the file. Once you do that, it creates a sort of signature on
  the file which prevents you from editing it further, unless you remove
  those rights. So get the file working the why you want it, apply the
  rights, and then save it under a new name. You can then publish the version
  of the file with the Reader rights, and continue working on the one without
  them.
  On Sat, Feb 11, 2012 at 2:01 AM, New at AdobeAcrobat Pro

• Accessing user attributes from a pipeline component

  Hello,
  I'm using WLCS & WLPS 3.1. I use webflow and I have implemented the page
  transition myself to work with the portal. Everything is working fine.
  I'm planning to implement a complex step of a business process as a pipeline
  component. For various reasons, this PC will be implemented as an EJB. To
  perform its job, this PC needs to get information about the user that is
  currently logged in. More specifically, it needs to lookup custom attributes
  from the user profile (i.e. user property set).
  So my question is : is this possible directly from the PC, or do I have to
  populate the pipeline session with required information in the input
  processor?
  Thank you for your advice
  Nicolas

  Hello Ture,
  Thanks for both posts.
  Nicolas
  "Ture Hoefner" <[email protected]> wrote in message
  news:[email protected]..
  ... To perform its job, this PC needs to get information about the userthat
  is
  currently logged in. More specifically, it needs to lookup customattributes
  from the user profile (i.e. user property set).
  So my question is : is this possible directly from the PC, or do I haveto
  populate the pipeline session with required information in the input
  processor?Hello Nicolas,
  I have not tried this myself. I think that the disconnect between the
  pipeline session and the portal session is probably the fact that theattributes
  in the portal session have their keys "fixed up" by prepending the portal
  request URI. This is made possible by the
  com.beasys.commerce.foundation.flow.jsp.DefaultDestinationDeterminer,which the
  PortalDestinationDeterminer extends. It puts a "TRAFFIC.URI" attributeinto the
  each request that goes through the FlowManagerServlet for the portal. Inthe
  Acme exampleportal, the "SERVICEMANAGER.USER" attribute is put into theportal
  HttpSession as "exampleportal.SERVICEMANAGER.USER".
  If you want to get to the cached profile from your portal from yourpipeline
  component (PC) then you would have to know that the name is "fixed up" tobe
  "exampleportal.CACHED_PROFILE". There are probably several different waysyou
  could get the "TRAFFIC.URI" information to your PC.
  Ture Hoefner
  BEA Systems, Inc.
  2590 Pearl St.
  Suite 110
  Boulder, CO 80302
  www.bea.com

• BPM 11g :: Active Directory custom user attribute binding

  Hello everyone,
  I'm having a special requirement from a customer who needs to make available on BPM an extended AD attribute (from the AD connected to WLS realm). As known, the standard user class does not have the possibility to read from extended User AD attributes but only from the standard ones.
  Does anyone know how to map a “UserExtendedAttribute1” from the AD to a “MyUserMappedAttribute” on BPM?
  Many thanks

  Hi,
  Please find the below link for video tutorial on adding a custom attribute to user class and viewing it from user properties in ADUC,
  http://www.youtube.com/watch?v=__92mHwyZ3Q
  Regards,
  Gopi
  www.jijitechnologies.com

• User attributes for LDAP

  Hi guys,
  Currently we have an error for LDAP attribute .
  distinguishedName = (String) user.getTransientAttribute("ldap.distinguished_name");
  user is of type IUser.
  and it return null
  where could i find the list of user attributes in LDAP? currently we have LDAP 8.8.1.

  Don,
  you might should have a look at a LDAP Browser (eg. http://www-unix.mcs.anl.gov/~gawor/ldap/ ) which helps a lot to find out how the structure of your LDAP server is and which attributes you can access.
  1) Start the tool
  2) click onto the "Quick Connect"
  3) enter you LDAP server
  4) press "Fetch DNs"
  5) Uncheck "Anonymous bind"
  6) Enter your user credentials
  7) Browse your LDAP structure
  It helped me a lot to get the correct settings for the DBMS_LDAP calls.
  Patrick
  My APEX Blog: http://www.inside-oracle-apex.com
  The ApexLib Framework: http://apexlib.sourceforge.net
  The APEX Builder Plugin: http://apexplugin.sourceforge.net/ New!

• Adding additional user attributes in WLS 7 security

  We are using WebLogic Sever 7.0.
  We would like to use the WLS 7 security with built in embedded LDAP
  server. By default, it provides facility to store username, password
  and description for Users. We would like to extend it so that we can
  manage more information about user such as phone number, email address
  etc.
  I have been reading WLS 7 security related documents regarding custom
  authentication providers. I do not read to write new authentication
  provider from scratch. Whatever we get by default would be fine. I
  just would like to add more attributes for user and manage it through
  WLS 7 console.
  I would really appreciate if someone kindly advise of the steps needed
  to accomplish this.
  Please do not tell me to just read the documentation, as I have
  already been reading WLS 7 security documents for 2 days now and can't
  figure it out.

  [email protected] (Narendra Khatri) wrote in message news:<[email protected]>...
  We are using WebLogic Sever 7.0.
  We would like to use the WLS 7 security with built in embedded LDAP
  server. By default, it provides facility to store username, password
  and description for Users. We would like to extend it so that we can
  manage more information about user such as phone number, email address
  etc.
  I have been reading WLS 7 security related documents regarding custom
  authentication providers. I do not read to write new authentication
  provider from scratch. Whatever we get by default would be fine. I
  just would like to add more attributes for user and manage it through
  WLS 7 console.
  I would really appreciate if someone kindly advise of the steps needed
  to accomplish this.
  Please do not tell me to just read the documentation, as I have
  already been reading WLS 7 security documents for 2 days now and can't
  figure it out.Hello Narendra,
  I work for OctetString and we are the developers of the LDAP Directory
  that is embedded in WLS 7. We provide a suite of Virtual Directory
  capabilities that would allow you to extend the attributes in the WLS
  directory. Please visit our web site at www.octetstring.com for more
  infomration or feel free to contact me at 847-466-1322.

• Copy user attribute from different user to user currently being edited

  Dear all,
  I'm somehow stuck with a requirement I've to implement.
  I've to copy some user attributes from one user to another. I learned that I should be able to use "getResourceObject" for
  this and I tried to implement this in my user form:
  <Field name='otherUser_actvtGrps'>
  <Display class='Text'>
  <Property name='title' value='otherUser_actvtGrps'/>
  </Display>
  <Default>
  <set name='otheruser'>
  <invoke name='getResourceObject' class='com.waveset.ui.FormUtil'>
  <select>
  <ref>context</ref>
  <ref>:display.session</ref>
  </select>
  <s>SAP_System_A</s> <!-- the resource ID -->
  <s>User</s>
  <s>TemplateUser</s> <!-- this is the AccountID that i need as source -->
  <null/>
  </invoke>
  <ref>otheruser.user.attributes.activityGroups</ref> <!-- this is the attribute from the source user I want to copy/read -->
  </set>
  </Default>
  </Field>
  But this does not return anything..
  Any ideas what I did wrong ?
  Many many thanks for any help/ideas !
  Best regards
  Joerg

  Do you know where to get some docs about the topics you mentioned ?
  1. Your adapter might not to support Resource Objects of type User.ResourceReference manual, the "Resource Object Management" section in each adapter chapter. Also the resource description in XML has the ObjectTypes section, for example, for Active Directory adapters:
    <ObjectTypes>
      <ObjectType name="Group" nameKey="UI_RESOURCE_OBJECT_TYPE_GROUP" icon="group">
        <ObjectClasses operator="AND">
          <ObjectClass name="Group"/>
        </ObjectClasses>
        <ObjectFeatures>
          <ObjectFeature name="create"/>
          <ObjectFeature name="update"/>
          <ObjectFeature name="delete"/>
        </ObjectFeatures>
        <ObjectAttributes idAttr="distinguishedName" displayNameAttr="samAccountName" descriptionAttr="description" objectClassAttr="objectclass">
          <ObjectAttribute name="cn" type="string"/>
          <ObjectAttribute name="sAMAccountName" type="string"/>
  2. You can fetch the complete user view with all resource account information.You will find many examples in IdM XPRESS samples.
  Get user view using LighthouseContext and user accountId
  <invoke name='getView'>
    <invoke name='getLighthouseContext'>
      <ref>WF_CONTEXT</ref>
    </invoke>
    <concat>
      <s>UserViewer:</s>
      <ref>accountId</ref>
    </concat>
    <Map>
    </Map>
  </invoke>Or with WorkflowServices (see BusinessAdministration manual):
  <Action id='0' application='com.waveset.session.WorkflowServices'>
    <Argument name='op' value='getView'/>
    <Argument name='viewId'>
      <concat>
        <s>User:</s>
        <ref>accountId</ref>
      </concat>
    </Argument>
    <Return from='view' to='user'/>
  </Action>
  3. You can fetch resource account info directly using ResourceAdapter API (not too well documented way).Example in Java:
      LighthouseContext ctx = <get context here>;
      // Get resource object
      Resource res = (Resource) ctx.getObject(Type.RESOURCE, <resource name>);
      // Pack resource and user accountId into a ResourceInfo object
      WSUser user = new WSUser();
      ResourceInfo info = new ResourceInfo();
      info.setAccountId(accountId);
      info.setResource(res);
      info.setAttributes(null);
      user.setResourceInfo(new ResourceInfo[] {info});
      // Rertrieve ResourceAdapter object
      ResourceAdapter ra = ResourceOp.findAdapter(res, res.getCache());
      // Get account info into the 'user' object
      WSUser result = ra.getUser(user);
      // Now you can get account status from ResourceInfo ...
      info = result.getResourceInfo(res);
      // ... and account attributes from WSAttributes
      WSAttributes attributes = result.getWSAttributes();
      ...

• Custom User Attributes

  Hi,
  1. How to add custom attributes to the Portal User. Like his SSN or some other info which is more specific to the client project.
  2. How to set up a greeting for the logged in user like "Welcome <logged in user>" - "Welcome Portal30" or "Welcome User1". The edit defaults for banner has a greeting which can appear at the desired position, but how to write a pl/sql code to get the user using the api's.
  Thanks
  Nitin Thakkar
  [email protected]

  1. In the current release, user attributes are not extendable. In the 9iAS V2 timeframe we are moving to an LDAP based model for managing users which will provide this extensibility.
  2. In 3.0.8 of the portal (9iAS 1.0.2.1), you can use page templates to define your banner to include data such as the user name. In that case, you define your banner as html in the template and turn off the default banner on the page.

• Fetch a multivalued attribute using Data Bean

  Hello,
  I am trying to fetch employee user related information using Data Bean.
  Here employee has position as a multivalued attribute.
  Currently when I fetch record for an employee I get information only for one position.
  I want to fetch the whole list of position's assigned to this employee.
  Can any one please help me on how to achieve this?
  Thanks,
  Harshal

  Please read the Bookshelf on GetMVGBusComp.
  http://docs.oracle.com/cd/E14004_01/books/OIRef/OIRef_Interfaces_Reference11.html#wp1185173

• Fetch a resource attribute using Last name

  Hi All,
  I need to fetch a resource attribute 'employeeID' from AD, all I know is only Last Name (I don't know the accountId). How can I acheive this?
  Is it possible through EXPRESS or do I need to write a java program.
  Please share your ideas.
  Thanks in advance

  It is possible (with XPRESS) but the search criteria of Last Name will result in lots of erroneous matches. If at all possible, find additional or alternative search criteria to narrow down the field.
  Here's some example code for retrieving results from an Active Directory resource. It was written to be used in the Form context (changes would be required if you were executing from a Workflow context).
                <defvar name='results'>
                  <invoke name='getResourceObjects' class='com.waveset.ui.FormUtil'>
                    <ref>:display.session</ref>
                    <s>person</s>
                    <s>Active Directory Resource Adapter</s>
                    <map>
                      <s>searchContext</s>
                      <ref>baseDN</ref>
                      <s>searchAttrsToGet</s>
                      <List>
                        <String>cn</String>
                      </List>
                      <s>searchFilter</s>
                      <concat>
                        <s>(sn=</s>
                        <ref>lastnameValue</ref>
                        <s>)</s>
                      </concat>
                      <s>searchScope</s>
                      <s>oneLevel</s>
                    </map>
                  </invoke>
                </defvar>baseDN specifies where in the AD tree to start searching (e.g. "cn=Users,dc=Acme,dc=com")
  lastnameValue is the lastname you're searching on (e.g. "Smith")
  results will be a List of the cn attributes that came back from the search (specified in the List under searchAttrsToGet). You need to put logic around the results to handle the List appropriately.
  Use standard LDAP-style search filters in the searchFilter section if you need to add additional qualifiers.
  Jason

• Anyconnect profiles using by using different extended key attributes

  Hi,
  I have an anyconnect VPN with workstations located in the same OU in Active Directory.  The current anyconnect deployment uses seperate OUs to determine what profile is applied to the client.
  I'm looking for a solutiuon to enable machines to be located in a single OU & still have the ability to apply different profiles to machines.
  The only way I can think of doing this is using machine certificates in Active Directory & configuring different extended key attributes.
  Any advice/suggestions or information on the best way of doing this would be greatly appreciated

  Resolved my own issue today. The error does nothing to describe the actual cause. The user's private key was corrupted (uncertain as to how). The certificate GUI in Windows showed it was okay, but running "certutil -store -user my" showed the error "Missing stored keyset" on the certificate in question.
  The resolution was to delete the certificate and enroll for a new one, with a new key pair.