SPML Modify Request failure

Hi,
I am trying to trigger a SPML Modify request with the modification mode as Add.
But it always returns failure with an IAM # . No specifc reason as such.
Can any tell me as how the request identifies the User for the which the modify needs to apply , Is it purely based on PSO ID? I tried passing in the PSO Id as identity:orclguid
What is the value we need to pass for PSO id?

Hi ,
I use the OOTB SPML I suppose , I am totally new to this IDM .
We are using OIM 11g .
We have an usecase to create user and assign role to user from an externall application into OID , for this we are using the SPML webservice.
SPML takes the PSO Id to identify the user , So I am not able to find the attribute which I could pass on.
More over basic question , any resource I am created from SPML webservice , it creates a request in OIM and I am not sure how I can see the same in ODSM, So is this done by connectors and we need to have anconfiguration or mapping that needs to take care of the same?
So using SPML is the right approach to provision users to OID (create User,Grant Role to User)
I also do not see any Distingushed Name attribute in OIM , How wil the users i create using SPML go to the exact subtree I wish to insert. I am not able to find any docs which can help me , all the docs seems to be very generic
Thanks,
Robin

Similar Messages

  • SPML Client Modify Request

    Hi,
    I am trying to assign a user in OIM to a Role or group using the spml modify request webservice.
    I am creating a java procy for this webservice and then trying to invoke the same.
    I am not sure how to add membership to any role , i am trying with the following code. Please let me know if any one has already done the same.
          ((BindingProvider) port).getRequestContext().put(BindingProvider.USERNAME_PROPERTY,    
                                                                  OIMUSER);
          ((BindingProvider) port).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY,    
                                                                  OIMPW);
            ServiceHeaderType serviceHeader = new ServiceHeaderType();
            ModifyRequestType modReq = new ModifyRequestType();
            modReq.setExecutionMode(ExecutionModeType.ASYNCHRONOUS);
    //        modReq.se
    //        AddRequestType art = new AddRequestType();
    //        art.setLocale("en");
            Identity user = new Identity();
            MultiValuedString emailString = new MultiValuedString();
            emailString.getValue().add("[email protected]");
            user.setMail(emailString);
            ProvisioningObjectType pot = new ProvisioningObjectType();
            pot.setIdentity(user);
            Member member = new Member();
            PSOIdentifierType psoType = new PSOIdentifierType();
            psoType.setID("identity:505cf0daee022a41918851fb11f1a876");
            ModificationType mod = new ModificationType();
            mod.setModificationMode(ModificationModeType.ADD);
            CapabilityDataType capability = new CapabilityDataType();
            capability.setCapabilityURI("urn:oasis:names:tc:SPML:2:0:reference");
            capability.setMustUnderstand(true);
            oracle.iam.wsschema.model.common.pso.Member modsDataMember = new oracle.iam.wsschema.model.common.pso.Member();
            List<ReferenceType> modRef = new ArrayList<ReferenceType>();
            ReferenceType type = new ReferenceType();
            type.setTypeOfReference("memberOf");
            PSOIdentifierType rolePSOID = new PSOIdentifierType();
            rolePSOID.setID("E03CB5CBC5FE7E13E0400A0ABEB47C29");
            type.setToPsoID(rolePSOID);
            modRef.add(type);
            capability.getAny().add(modRef);
            modsDataMember.setIdentityPSOID("identity:505cf0daee022a41918851fb11f1a876");
            modsDataMember.setRolePSOID("E03CB5CBC5FE7E13E0400A0ABEB47C29");
            modReq.getCapabilityData().add(capability);
            modReq.setPsoID(psoType);
            mod.setData(pot);
            modReq.getModification().add(mod);
    //        pot.setMember(value);
            logger.severe("before  port.spmlAddRequest");
            ModifyResponseType response = port.spmlModifyRequest(modReq, new ServiceHeaderType());
    Please help with your solutions.

    Hi Pollicove,
    Thanks for your response. Yes I m using VDS 7.1 SP6. I tried the same code in different system, the SPML modification is working fine which is very weird.
    But now I m facing different problem with SPML search operation. I have a plain Java code acting as SPML client.
    When I do search I m getting below error in the response body.
    "<spml:searchResponse error="(MIC Identity store:82:ERROR:Incorrect syntax near '?'.)" requestID="A" result="urn:oasis:names:tc:SPML:1:0#success" xmlns:dsml="urn:oasis:names:tc:DSML:2:0:core" xmlns:spml="urn:oasis:names:tc:SPML:1:0"/>"
    If you check the query formation in VDS, it looks like below which is the root cause of the problem,
    "#1.5#C0000AC10EBD00070000002F270E32930004AAC32CBD22E0#1313655152780#com.sap.idm.vds.HeiSPMLTest.extension.main_listener_4389##com.sap.idm.vds.HeiSPMLTest.extension.main_listener_4389#######Thread[6,3,LDAP Sessions:main_listener_4389]##0#0#Debug##Plain###Together with basic template:SELECT $TOP$ mskey FROM mxi_values WHERE attr_id=(select attr_id from mxi_attributes where attrname='MSKEYVALUE' and is_id=?) AND (mskey in (SELECT mskey FROM mxi_values WHERE attr_id = (SELECT attr_id FROM mxi_attributes WHERE attrname='MX_ENTRYTYPE' and is_id=1) AND searchvalue  LIKE '*' ))#"
    Not sure why the IS ID is not passed. Do you have any idea what would the reason for this behavior.
    Thanks in advance.

  • Extending Modify Request OIM SPML Webservice

    can you please help me with any document related to enabling OIM web serives to other applications for modifying attributes in OIM.
    Modify Request it allows only OOTB default attributes i want to extend the schema for custom attributes. please let me know if have steps for it?

    I could not find examples on the modifyRequest. SPML Attributes and LDAP Mappings, and Oracle Identity Manager Attributes does talk about custom attributes and the addRequest example seems to contain section for User Defined Field. You may want to post this question to the Identity Management (MOSC) support forum.
    Jani Rautiainen
    Fusion Applications Developer Relations
    https://blogs.oracle.com/fadevrel/

  • Unable  to work with Workflow Variable through SPML launchProcess Request ?

    Hi,
    I am trying to work with launch process request, which worked well with no error message when I am just using the workflow call through SPML "launchProcess Request " call. But when trying to use any workflow variable then getting exceptions. I don't undertsand about the error message. Is this trying to convert the variable in SIM variable.
    <spml:extendedResponse xmlns:spml='urn:oasis:names:tc:SPML:1:0' xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' result='urn:oasis:names:tc:SPML:1:0#failure'>
    <spml:operationalAttributes>
    <dsml:attr name='errorMessages'>
    <dsml:value>Couldn't find method get4() in class java.lang.String</dsml:value>
    <dsml:value>java.lang.String.get4()</dsml:value>
    <dsml:value>Missing view id.</dsml:value>
    <dsml:value>Missing view id.</dsml:value>
    <dsml:value>Unable to checkin view, missing view id</dsml:value>
    <dsml:value>XPRESS <get> exception:</dsml:value>
    <dsml:value>Couldn't find method get3() in class java.lang.String</dsml:value>
    <dsml:value>java.lang.String.get3()</dsml:value>
    <dsml:value>Missing view id.</dsml:value>
    <dsml:value>Missing view id.</dsml:value>
    <dsml:value>Unable to checkin view, missing view id</dsml:value>
    <dsml:value>XPRESS <get> exception:</dsml:value>
    <dsml:value>Couldn't find method get2() in class java.lang.String</dsml:value>
    <dsml:value>java.lang.String.get2()</dsml:value>
    <dsml:value>Missing view id.</dsml:value>
    <dsml:value>Missing view id.</dsml:value>
    <dsml:value>Unable to checkin view, missing view id</dsml:value>
    <dsml:value>XPRESS <get> exception:</dsml:value>
    <dsml:value>Couldn't find method get1() in class java.lang.String</dsml:value>
    <dsml:value>java.lang.String.get1()</dsml:value>
    <dsml:value>Missing view id.</dsml:value>
    <dsml:value>Missing view id.</dsml:value>
    <dsml:value>Unable to checkin view, missing view id</dsml:value>
    <dsml:value>XPRESS <get> exception:</dsml:value>
    <dsml:value>Couldn't find method get0() in class java.lang.String</dsml:value>
    <dsml:value>java.lang.String.get0()</dsml:value>
    <dsml:value>Missing view id.</dsml:value>
    <dsml:value>Missing view id.</dsml:value>
    <dsml:value>Unable to checkin view, missing view id</dsml:value>
    </dsml:attr>
    Below is the code I am using .
    LighthouseClient client = new LighthouseClient();
         client.setUser("configurator");
         client.setPassword("configurator");
         String url = "http://xyz:8080/idm/servlet/rpcrouter2";
    client.setUrl(url);
         ArrayList mslist = new ArrayList();
         idlist.add("12345");
         System.out.println("UserList :- "+idlist);
         ExtendedRequest extReq = new ExtendedRequest();
         extReq.setOperationIdentifier("launchProcess");
         extReq.setAttribute("process", "TEST_WF");
         extReq.setAttribute("idList",idlist); //workflow Global variable
         ExtendedResponse res = (ExtendedResponse)client.request(extReq);
         if (res.getResult() .equals(ExtendedResponse.RESULT_SUCCESS))
         System.out.println("Workflow was successfully executed");
              } catch (Exception e) {System.out.println("Error : " + e.getMessage());}
    Please suggest me if I am using anything wrong. Its urgent... it halted my work.
    Regards,
    vinash.

    hi,
    in java code you set variable:
    extReq.setAttribute("my_email", "[email protected]");in express code of your workflow (you also can see it in your debugger if you set a breakpoint a the beginning of your workflow):
    <ref>my_email</ref>

  • Error while raising modify request for AD resource

    Hi,
    Getting below error in log, while raising modify request for AD resource, UI shows error while retrieving resource entity details.
    <Oct 19, 2011 2:15:45 AM CDT> <Error> <oracle.iam.requesttemplate.agentry.operations> <BEA-000000> <The "itresource-type" property is missing for attribute reference AD Remote Manager ITResource, which is of type itresource-lookup.>
    I verified the datasets for AD Remote Manager ITResource, comparing with our other environments. It is proper and we are not using AD Remote Manager ITResource anywhere.
    <AttributeReference name="AD Remote Manager ITResource" attr-ref="AD Remote Manager ITResource" type="Long" length="10" widget="itresource-lookup" required="false" available-in-bulk="true"/>
    Please let me know how to resolve this issue.
    Thanks in Advance.
    Edited by: 856226 on Oct 19, 2011 4:55 AM

    Hi,
    I think you should post this in an other forum, somewher in the Fusion stack, maybe Identy Management. This forums is ment for the Oracle database. So please post in a forum underneath https://forums.oracle.com/forums/category.jspa?categoryID=13&start=0
    Herald ten Dam
    http://htendam.wordpress.com

  • Getting error while raising modify request for AD resource in OIM11g

    Hi,
    Getting below error in log, while raising modify request for AD resource, UI shows error while retrieving resource entity details.
    <Oct 19, 2011 2:15:45 AM CDT> <Error> <oracle.iam.requesttemplate.agentry.operations> <BEA-000000> <The "itresource-type" property is missing for attribute reference AD Remote Manager ITResource, which is of type itresource-lookup.>
    I verified the datasets for AD Remote Manager ITResource, comparing with our other environments. It is proper and we are not using AD Remote Manager ITResource anywhere.
    <AttributeReference name="AD Remote Manager ITResource" attr-ref="AD Remote Manager ITResource" type="Long" length="10" widget="itresource-lookup" required="false" available-in-bulk="true"/>
    Please let me know how to resolve this issue.
    Thanks in Advance

    Hi,
    I think you should post this in an other forum, somewher in the Fusion stack, maybe Identy Management. This forums is ment for the Oracle database. So please post in a forum underneath https://forums.oracle.com/forums/category.jspa?categoryID=13&start=0
    Herald ten Dam
    http://htendam.wordpress.com

  • ISE Alarm : Critical : Profiler SNMP Request Failure : Server

    Ok, so this alarm is coming in repeatedly and is now on my projects list.  I get email alerts from the server that list thr NAD IP as the endpoint device and the Endpoint IP address is correct.  I've checked the settings and the endpoint is not listed as a NAD in ISE (ver 1.2).
    Profiler SNMP Request Failure
    Details :
    Profiler SNMP Request Failure : Server=xxx-xxx-xxx; NAD Address=10.253.124.194; Endpoint IP Address=10.253.124.194
    Description :
    SNMP request times out, or SNMP community/user auth data is incorrect.
    Suggested Actions :
    Please ensure if SNMP is running on the NAD and verify that SNMP configuration on ISE matches on NAD
    *** This message is generated by Cisco Identity Services Engine (ISE) ***
    Has anyone seen this come in before?
    PS - Why is the IOS for ISE so cut down?  Looks like something you would get from an Apple product.
    Thanks,
    Clark

    Hello,
    Please follow below CiscoLink:
    http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_mnt.html
    Profiler SNMP Request Failure
    Either the SNMP request timed out or the SNMP community or user authentication data is incorrect.
    Ensure that SNMP is running on the NAD and verify that SNMP configuration on Cisco ISE matches with NAD.
    Also ensure what snmp version device is using.
    Thanks,

  • Modifying request before approval

    Hello Friends,
    I want to allow modification to the request before Manager Approval. Once it is approved user/admin should not be able to modify request. how to achieve this. If have any sample code snippet, then please, give me.
    Thanks and Regards
    DB

    Buddy Your requirement is little bit complex. You want to give permission to modify Request i.e. form before manager approval but after manager approval you don't want this.
    I think it wouldn't be possible because you can give access to any group level not at user level.
    Even there's no API for updating these permissions of this form. Even if you get this API, it's not going to fulfill your requirement. Because it will update permissions for group. If in the meanwhile if some other user raise request then it will work differently for him and you can see undesired results.
    So may be if you go for its action classes then you can find some way.
    All I have written as per my understanding. There may be some other way, someone can update the thread.
    Anyways it's a nice requirement which showed me OIM Limitation.

  • Modify request in productive system

    Hi expert,
    Users want to modify requests in productive system. These request are been created in development and transported in production.
    And, in fact, I would like to retransport request modified in production to development.
    No problemes for authorization but I would like to know, what configuration to do in productive system (order BEx, parameters in rsa1/ transport connection).
    I tried to create :
    - a transport request for BEx
    - object changeability : everithing changeable for query element
    But changes are not registered in the BEx transport request.
    Thanks in advance for your help.
    Daniel

    Hi Daniel,
    In your systems you have something called a Transport Route. This is a route that it says to a request where it would be transported. I think your productive system may be closed for modifications from transaction SCC1, but you allowed BEx modifications from the object changeability customizing, but this won't collect your modifications in a request, because of SCC1 customizing (and that´s correct). That's how SAP works.
    So, if you want to transport from PRD to DEV, you may need to create a new transport route from PRD to DEV, but that's not a good option, and i think basis people wouldn't be neither. Then, you should manually copy BEx modifications from PRD to DEV, and to leave the system consistent, then transport it to PRD in a request. If you want to have always the systems consistent, then you should disable object changeability to BEx objects, and always make modifications in DEV and transport them to PRD.
    Hope it helps.
    Regards,
    Diego Lombardini

  • Modifiable Request Status after changing SID

    Hi All,
    I need to change DEV Systemu2019 SID but there is some modifiable change requests (There are many records in TLock Table). DEV System is the Transport Controller.
    Should all change requests be released before changing SID or System Copy process doesnu2019t related to this issue.
    Is there any possibility for change request loss during this process?
    Any Idea will be greatly appreciated.
    Thanks in advance,
    Sanaz.

    Thank you for the reply.
    I have done a test scenario as follows:
    - SAP Fresh Installation
    - Restore DEV DB
    - System Copy
    Now there is no record in TLOCK table.
    Does it mean that I had to release all modifiable requests before this scenario?
    Any idea regarding this issue will be greatly appreciated,
    Sanaz.

  • Request Failure on IASr2 startup on W2k.

    I am having problems restarting IASr2 on W2k. Before I shut down the machine, I do the Stop HTTP server 2, Stop HTTP Server 1, Alter System Checkpoint, and then I go into W2k services and shutdown IASDB(no errors)...
    When I reboot and do the Start HTTP server 1 or 2, I am getting this error:"Request failure -- 0 of 3 processes started." or sometimes "...1 of 4 processes started".
    My only solution right now is to restore from a coldbackup, and then re-apply my work and the data.
    Why can't IASr2 tolerate a simple planned reboot of W2k? I thought it was supposed to be a high-availability product. This is a pristine install per Oracle install procedures.
    Any ideas?

    Dear sandeepchoudhary21,
    thank you for you explanation, but this is the output
    Build Type....................................... DATA + WPS
    so do i have to enable data encrytion on dtls license ?
    http://www.cisco.com/en/US/docs/wireless/controller/5700/software/release/3se/lwap/configuration_guide/b_ap-config_32se_5700_cg_chapter_011.html
    thank you very much

  • RE: Workbench Request, Customizing Request , Modifiable  Request

    Hi can any body clearly explain me the Workbench Request, Customizing Request , Modifiable  Request  , and what is the difference between all these , and when we will use each of these ?

    HI ,
    1. Workbench Request:
    Whenever you create a new development a workbench request is created and you can transport this to any other client with Transport manager.
    These are related to the Development tasks
    Workbench requests contain changes to client-independent tables.
    generally Cross-Client changes & Higher level changes.
    2. Customizing Request:
    These related to the system configuration done by functional team.
    Customizing requests contain changes to client-dependent tables.
    these are mainly Client specific request (e.g. new Sales Document type) & are at Lower level as compared to Workbench requests.

  • SPML Modify user workflow

    Does anyone come across with this error from SPML request " <spml:errorMessage>ID 'id' is invalid. </spml:errorMessage>.
    Im getting this error while im trying to modify user with SPML request. It is using custom form and custom workflow. The same workflow and form works fine for create user, but it is giving above error for modify user. I know that create and modify user uses same workflow and form.
    If i use create user workflow (out-of-the-box), it works fine for create and modify user using SPML, but i customized .
    Any suggestion is appriciated
    -S-

    I've usually seen errors like this when the accountId is null on a workflow view checkIn operation such as this snip below (note that id is an argument).
    <Action application='com.waveset.session.WorkflowServices'>
              <Argument name='op' value='checkoutView'/>
              <Argument name='type' value='User'/>
              <Argument name='id'>
                <ref>accountId</ref>
              </Argument>What I'd suggest you try if possible is put a global error handler in your workflow like right at the top outside of any Activity such as Start and just below the variable declarations like this:
    <Comments>&#xA;      Object containing information for registering a sunset date/time.&#xA;    </Comments>
          </Variable>
          <Variable name='error'>
            <Comments>Set in the event of unusual processing errors.</Comments>
          </Variable>
          <Variable name='options'>
            <Comments>Options to pass to the provisioning task regarding resource&#xA;              provisioning.&#xA;    </Comments>
          </Variable>
         <Transition to='end'>
    <Comments>&#xA; Terminate if we encounter unusual errors (not provisioning errors).&#xA; </Comments>
    <select>
    <ref>error</ref>
    <ref>WF_ACTION_ERROR</ref>
    </select>
    </Transition>
          <Activity id='0' name='start'>
            <Transition to='Rename'>
              <notnull>Then use the Workflow debugger to set a breakpoint on this <select> code and then you can trap the point in which the error occurs and inspect the variable namespace. If you don't want to use the debugger you could use the dumpView method:
    <invoke name='dumpFile'>
             <ref>user</ref>
             <s>c:/temp/requestAccess-userView.xml</s>
    </invoke> If you using activeSync and you're seeing this error I'd be tempted to breakpoint the activeSync userForm and simply step through the execution of the workflow until you find the error. Before the debugger was introduced debugging workflow errors was a world of pain.
    HTH,
    Paul

  • Notify via email upon concurrent request failure

    Hi,
    I would like suggestions on the best way to solve the problem of being able to notify user(s) via email upon the failure of a concurrent request. Apps has the built-in ability to notify upon completion, not just upon failure. I want to limit the need for any user/passwd info being exchanged.
    So far, my best bet I think is a dbms_job.
    Any suggestions other than writing a shell script to login to the database and check on fnd_concurrent_requests?
    Seems like this would be a good feature to add for Apps.

    All you need is to create a trigger as below
    CREATE OR REPLACE TRIGGER sgldba.sgl_concurrent_request_status
    after insert or update on apps.fnd_concurrent_requests
    for each row
    WHEN (new.status_code in ('E','G','T'))
    begin
    insert into sgldba.sgl_concurrent_request_track values (
    :new.request_id,
    :new.status_code,
    :new.actual_start_date,
    :new.actual_completion_date);
    end sgl_concurrent_request_status;
    I am having the trigger to update a table sgldba.sgl_concurrent_request_track with the request_id , status_code , actual start date , actual completion date .
    You can proceed further by adding addition information to the trigger like sending mail
    Regards

  • ARQ: Manager/Role Owner can modify request details even after submitting the request???

    Hi All,
    I have noticed that after Submitting (Approving) a request, manager or role owner can still modify the user details (field are editable) like role validity date etc in a request. This is quite weird!
    Although, after submitting a request by a requester, all field are disabled.
    Has any one encountered with this problem? How can I control this?
    Please advise.
    Regards,
    Faisal

    Alessandro,
    Thanks for your reply.
    Yes, I got it and that is why I got confused.
    This EUP I have defined and the desired fields are visible and editable and seems to be working fine.
    However, the problem is, even after submitting a request, manager and role owner is able to edit the values in the fields which is incorrect!
    Actually, once a request is submitted, I believe request should be only display mode!
    You know what, this is working absolutely fine with requester. Meaning, once a requester submits a request, then all fields are disabled and values in them can not be modified any more.
    But I am not sure why this is not happening with managers/role owners.
    Please advise.
    Regards,
    Faisal

Maybe you are looking for