SPML Modify user workflow

Does anyone come across with this error from SPML request " <spml:errorMessage>ID 'id' is invalid. </spml:errorMessage>.
Im getting this error while im trying to modify user with SPML request. It is using custom form and custom workflow. The same workflow and form works fine for create user, but it is giving above error for modify user. I know that create and modify user uses same workflow and form.
If i use create user workflow (out-of-the-box), it works fine for create and modify user using SPML, but i customized .
Any suggestion is appriciated
-S-

I've usually seen errors like this when the accountId is null on a workflow view checkIn operation such as this snip below (note that id is an argument).
<Action application='com.waveset.session.WorkflowServices'>
          <Argument name='op' value='checkoutView'/>
          <Argument name='type' value='User'/>
          <Argument name='id'>
            <ref>accountId</ref>
          </Argument>What I'd suggest you try if possible is put a global error handler in your workflow like right at the top outside of any Activity such as Start and just below the variable declarations like this:
<Comments>
      Object containing information for registering a sunset date/time.
    </Comments>
      </Variable>
      <Variable name='error'>
        <Comments>Set in the event of unusual processing errors.</Comments>
      </Variable>
      <Variable name='options'>
        <Comments>Options to pass to the provisioning task regarding resource
              provisioning.
    </Comments>
      </Variable>
     <Transition to='end'>
<Comments>
 Terminate if we encounter unusual errors (not provisioning errors).
 </Comments>
<select>
<ref>error</ref>
<ref>WF_ACTION_ERROR</ref>
</select>
</Transition>
      <Activity id='0' name='start'>
        <Transition to='Rename'>
          <notnull>Then use the Workflow debugger to set a breakpoint on this <select> code and then you can trap the point in which the error occurs and inspect the variable namespace. If you don't want to use the debugger you could use the dumpView method:
<invoke name='dumpFile'>
         <ref>user</ref>
         <s>c:/temp/requestAccess-userView.xml</s>
</invoke> If you using activeSync and you're seeing this error I'd be tempted to breakpoint the activeSync userForm and simply step through the execution of the workflow until you find the error. Before the debugger was introduced debugging workflow errors was a world of pain.
HTH,
Paul

Similar Messages

Modify the Move User workflow to change AD location

All,
I what to move a user within an IDM organization and have it move the user within AD to different Organization UNIT.
I think that I can modify the Move User workflow and add an additional action to the Process Org Moves Activity. I want to clarify is this is what everyone else has been doing for department transfers.

You will need to specify RenameUserViewer as the type when checking out the view.
                <Action id='0' name='Checkout Rename View' application='com.waveset.session.WorkflowServices'>
                    <Argument name='op' value='checkoutView'/>
                    <Argument name='type' value='RenameUserViewer'/>
                    <Argument name='id' value='$(accountId)'/>
                    <Argument name='subject' value='$(WF_CASE_OWNER)'/>
                </Action>

Modify user roles through SPML?

Hi everyone,
I've been stuck for a few days now on trying to modify the assigned role of a user through SPML. I'll be brutally honest with everyone: I have no idea whatsoever of what I'm doing, I just gather information and try to chuck along.
Up to this point, I've been able to create users and search for users through SPML, and that's where everything falls down very rapidly. I'm using SPML 2.0 for creating users and SPML 1.0 for searching them.
The IDM server has a specific role implemented named ITACCESS, which launches a process that calls other servers and things like that once it is assigned to a user. My goal is thus to modify the "Roles assigned" value of a specific user to "ITACCESS", basically.
Am I wrong in thinking I can use SPML for this? What other ways of accessing the IDM server do I have available?
The server is configured with the regular spml.xml and spml2.xml (stock sample ones, not modified). I have tried simply sending an SPML 2.0 modifyRequest, but to no avail:
<modifyRequest xmlns='urn:oasis:names:tc:SPML:2:0' requestID='IDMConnector-01' executionMode='synchronous' returnData='data'>
<psoID ID='jlauwers'/>
<modification>
    <dsml:modification xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='roles' operation='replace'>
      <dsml:value>ITACCESS</dsml:value>
    </dsml:modification>
</modification>
</modifyRequest>
===========================
<modifyResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='success' requestID='IDMConnector-01'>
<pso>
    <psoID ID='jlauwers'/>
    <data>
      <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='objectclass'>
        <dsml:value>spml2Person</dsml:value>
      </dsml:attr>
      <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='accountId'>
        <dsml:value>jlauwers</dsml:value>
      </dsml:attr>
      <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='credentials'>
        <dsml:value>LighthouseFakePassword</dsml:value>
      </dsml:attr>
      <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='firstname'>
        <dsml:value>John</dsml:value>
      </dsml:attr>
      <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='lastname'>
        <dsml:value>Lauwers</dsml:value>
      </dsml:attr>
      <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='emailAddress'>
        <dsml:value>[email protected]</dsml:value>
      </dsml:attr>
    </data>
</pso>
</modifyResponse>Any help would be gladly appreciated.
Thanks for reading

Hi everyone,
I have had some amazing help and have finally been able to resolve this issue.
For future reference:
There is no need to change any attribute mapping or anything complicated, the following code and XML demonstrates an example to change assign a new role to a user in Sun IDM:
LighthouseClient client = new LighthouseClient();
client.setUrl("http://idmserver:8080/servlet/rpcrouter2");
client.setUser("administrator");
client.setPassword("administrator");
ModifyRequest req = new ModifyRequest();
SpmlResponse modifyResponse = new ModifyResponse();
// enable server side trace
req.setOperationalAttribute("trace", "true");
// Set the objectclass
req.setOperationalAttribute("objectclass", "userview");
// Set the IDM Username
req.setIdentifier("user:someuser");
java.util.ArrayList al = new java.util.ArrayList();
al.Add("NewRole");
// Create, build and add a Modification to the request
Modification m = new Modification("waveset.roles", al);
req.addModification(m);
modifyResponse = client.request(req);
if (modifyResponse.getResult().Equals(SpmlResponse.RESULT_SUCCESS))
     Log.append("Modification succeeded");
else
     Log.append("Modification not completed");The following is the typical XML exchange:
<spml:modifyRequest xmlns:spml='urn:oasis:names:tc:SPML:1:0' xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core'>
<spml:operationalAttributes>
    <dsml:attr name='trace'>
      <dsml:value>true</dsml:value>
    </dsml:attr>
    <dsml:attr name='objectclass'>
      <dsml:value>userview</dsml:value>
    </dsml:attr>
    <dsml:attr name='session'>
      <dsml:value>AAAFJgAAILoAAAUGH4sIAAAAAAAAAMVaW2+jOBh9n1+B1Ic8rdpcmklH6UiEkK41BBCEVtqXiBI36y0BxGVGmV+/BnLB2DFgHqZP6fkcn2Nsvpszt7P3/6CXSoF7gM8DeXdAAUrS2E3DeCDF0N0ZgX98HqRxBgdSUg7eoAMMs/R5MJ4+5H8DyQ/3KFiHu5c4zKLnwR1Y3s0mTxNlPBrLT8PJZDKefvvr61AdrR5m34aj4UxVV6uJMsPgajXD33eTVPY8mCT53M+D4Wgyefw6epg+PE1Hg+9fJGluxijwUOT6Sf4vBoxCiwU/pPQY4e84CcSS0a6kr62Etbz7GxMVo4qVVKbzvDALUok9Ldu4Q0nku0e9GOOArbxcA/3FMhxzKyuK4eibEuokJF+lxFXDG8GR5Niq1UPXK4K/pHILShkVgMP6CtS3groTmYZXVMydnNmqCIdOA/amoLPF+CQ8juYs0c4TFgbJCn1ITkngTYsp/t9ahqYKLElxI/cd+ShFNQmkoUmDIpvyAmhgA0REGPHeDdBvN0VhQKqoWZpkGNaLrIN/5A0wdAEdZugjr/4grmATu2loQBF6AHK2Qzfo66bG0+AsQR8pFkzCLPZqKipokwBLtQ3HUvpwS4WRreBia6tjW2AiaqjXsuULKfgqWhnFl7Xjc4T4/oT3XIXxgeY8oW14V4a17sZdRKE1TF0p/0TEpgraFKDW6kYuPomFRAcoYfCB9lRovBg6piI4TyoDjwMqOUgV7TKhgtO8FBLBm4A4T0exVHmjdg/gVCwVC6P46QV58soMITeMvNUYuq4qfQLJmbPuzGm8hQwhN35mojw5w9BCg5g/r3PVXPpNcwdBIo79wlv17TWwjYTOHv7MQTjdGtiCuLvrdaJd/dUmIF49YC6FXu0l9GGNkoA4lEtVU3tQguWaRXuFm6nxWBH6KA5/ogT7lxp/HecKMC3jFdjY5Qi408BHwSe5zVWIt826BvQfIpRukqB9UCMlQC6tbNvgRWCtauC+++T5IiAOqarLC03kfKGE4iQx3sYCW4zVgjkTQUpAHE4Lr3QtQGni7fsVxjt2Y+GWlSPExLv8ZlhLgYaC8q8b7KHEl9QwiOdT/5b1F7WPQBy9YNqgjz+Gu4O2uumjDhyiME6J00NAHG6wNg1rI+SFQo/yQleI74UMRcALyVHuYvN+F7Mvd8PKa8yZuRvOO2E5husOS94YHd9bnEicmS/nAGPSFeRtPE4uLiq6nscim6K4z1lWO/5zfiWkoZpr13VUbe204DxcTIZ8jULMHtdtO+9oXAOWeMfrnPSxVLFtLfLC3moYnUimqYUW0X5kNRsm+gQMQ8tUuXu34I/l6ba51qSyhD/TEhDvWGqa8bbNR+fde9XuRrzI/E/+dQJvBEfWwtF+9LhOKFib7zoahzUp7HnrUfAz+ic03iREtJNSPgG6zKPxxkchWPAVTIyqj8abFIjWf1WmehHItrVUIlQOnhjZNeENY7OeHtVheRRY9RrL0nhMhCu3ExtVqtJ4swaxorVgYhSQNN6kQLSULPefUU8yDI2Hgqos5/fkLfnciIqu50ng2o3KT+VnNUjjo/QJjzjY4CiTn0awHEg/XT/DhHc2jiX0Lf54OJ1N1YdRfouvPD4NF4+Lp/wWfzw7Pwdq8uLHATjh85FXJH8XCiU8HNxgJ2kowC9nkML4w/Xg5Xnen/TO7y/LmN+ffq/w/cv/lfR9TrogAACMAwenmPTYv5nNkZAnqXXTe+MZ/Q==</dsml:value>
    </dsml:attr>
</spml:operationalAttributes>
<spml:identifier type='urn:oasis:names:tc:SPML:1:0#GUID'>
    <spml:id>user:someuser</spml:id>
</spml:identifier>
<spml:modifications>
    <dsml:modification name='waveset.roles' operation='replace'>
      <dsml:value>NewRole</dsml:value>
    </dsml:modification>
</spml:modifications>
</spml:modifyRequest>
========================
<spml:modifyResponse xmlns:spml='urn:oasis:names:tc:SPML:1:0' xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' result='urn:oasis:names:tc:SPML:1:0#success'>
<spml:operationalAttributes>
    <dsml:attr name='session'>
      <dsml:value>AAAFJwAAILoAAAUHH4sIAAAAAAAAAMVaW2+jOBh9n1+BNA95WrW5tE1H6UiEkK41BBCEVtqXihK36y0BxGVGnV+/xuSCwbHBPEyf0vM5PsfYfDdn4Rav/8EgVyJ/Dx9G6m6PIpTlqZ/H6UhJob+zovDzYZSnBRwpWTV4i/YwLvKH0fT2uvwbKWH8jqJNvHtM4yJ5GH0Fq6/z2f1Mm06m6v14NptNb7/9dTfWJ+vr+bfxZDzX9fV6ps0xuF7P8ff9LFeDAGZZOffDaDyZzW7uJtc3d9Prm9H3L4qysFMUBSjxw6z8FwMW0eLANyX/TPB3vAxiyWhX0TdWwlre1YWJyCiyktp0QRAXUa6wp2UbdyhLQv/TJGM88KKuNsB8dCzPflE1zfLMbQX1ElKuUuGq4Y3gSPJc3Rmg6wnBX0q1BZWMGsBhfQL6M6HuRWbgFZG5syNbHeHQGcDdEjpXjk/B49qcFdp7QmJQnDiE9JQULloM+f/FsQxdYkman/ivKEQ5akigDSINmmqrS2CALZARYaXvfoR++zmKI1pFwyKSYTmPqgn+UbfAMiV02HGIguaDOIMidtsygCb1ANRihy7QN03C0+CtwBApDsziIg0aKmqoSICju5bnaEO4FWJkKzjZuup4IZiMmtZr2fGFlHwVnaLFV3Tj86T4/oT3XMfpvs15QLvwri1n04+bRKENzH2l/ETFphoqClAbfauST3Ih0QNaHL2h91ZoPBl6piI4T6oCjwdqOUgd7TOhhtO8HFLBm4I4T0dzdHWr9w/grVgqF0bx04vK5JUZQi4YeauxTFPXhgSSI2fTmbfxDjKk3PiRqeXJGYYOGuT8eZOr4dIvmnsIknHsJ966b2+AXST09vBHDsrpNsAOxP1dr5fsmq82BfHqAXsl9WqvYAgblBTEoVzphj6AEqw2LNozLKbGY2XokzT+iTLsXxr8TZwrwHasJ+BilyPhTqMQRR/0Ntch3jabBjB/yFD6WYbeowYpBXJpVdcFjxJr1SP/NaTPFwVxSHVTXRoy5wtlLU4a420scOVYHVgyUaQUxOF08Eo3EpQ23r5fcbpjNxYuWTlCbLzLz5azkmgoaP/60TtU+JIEg3g+9W/VfNSHCMTRC+YCffwx3B109e0QdWCfxGlOnR4K4nCDjW05WykvFActL3SG+F7I0iS8kJqULrbsdzH7chesvMacXbrhshNWYrjucNSt1fO9xYnEkfl0DjCmnEHexuPk4qSi73kk2VSL+5hldeM/5ldSGuq5dlNH3dZNC87D5WSo5yjE7HFdtvOOxjlgyXe8jkkfSxXb1iEvHKyG0Ylkmjpoke1H1rNhqk/AMHRMlft3C/5Ynu7aG0OpSvgjLQXxjqVhWM8v5eiye6+7/YiXRfjBv07gjeDIWnrGjwHXCYRVfNchHCZSOPDWg/Az+idtXCREtpNSPYF2mdfGhY9CsuAjTIyqr42LFMjWf3WmZhHItnVUIlUOHhjZNeEFo1jPgOqwOgqseo1lER4T6crtwNYqVdu4WINc0UqYGAVkGxcpkC0lq/1n1JMMg/BQtCrLxRV9S76wEtL1PAjc+En1qfqsR3n6qXzATxxscJQpTyNYjZSfflhgwq8ujiXtW/zp+HZ+q19Pylt87eZ+vLxZ3pe3+NP58Tm0Jic/DsAJX4gCkvydKLR4v/ejnWKgCL+cUQ7TNz+Ap+d5ddC7uDotY3F1+L3C9y//A9c39n66IAAAcSF27Dd5WEeyXvWz8UvVSYrS48Y=</dsml:value>
    </dsml:attr>
</spml:operationalAttributes>
</spml:modifyResponse>HTH,

Unable to modify user password through OAM identity system console.

HI,
I am trying to reset the password of a user through OAM Identity console.
I had logged in through orcladmin(admin), and tried to update the password for users, as well as orcladmin also.
After clicking save, its giving me error "Modify User Entry Failed" and password is not updated in LDAP
Also note that I am able to modify any other attribute of that user like last name, title, firstname etc through identity console.
Its only user password attribute which is not geting updated.
I am user OVD, which is integrated with OID & AD for user store.
Also I tried to set "Access Attribute control" for modifying user password, but that didnt help.
Kinldy suggest if you have came across this kind of issue.
Regards,
Ankit.

HI,
Thanks for the replies.
As my OVD is integrated with OID & AD both, I am picking up the users from OID for update.
Also the SSL is configured betveen OVD & AD, but still AD user password is also not successfull.
Niether of two is working.
I am not able to create a user through Identity System console, as I had not configured workfllow.
I believe for updating user attibute, workflow defination need not to be define.
Also As I had mentioned before, I am able to modify all the other attributes other than user password.
Also Schema is extended properly.
Thanks & Regards,
Ankit

Calling Create User Workflow

Hi all,
Is it possible that the Create User workflow can be called from another user defined workflow?
If possible then how it can be called and what are the arguments that we have to pass it so that using this the user can be created.
Thanks

You need to create a user view, modify the attributes you want and then check in the user view. This will spawn the create process with the view you just manipulated.
Something like this:
<Activity id='0' name='Create View'>
<Comments>Initialize a new view.</Comments>
<Action id='0' application='com.waveset.session.WorkflowServices'>
<Argument name='op' value='createView'/>
<Argument name='type' value='User'/>
<Argument name='id' value='accountId'/>
<Return from='view' to='user'/>
</Action>
<Transition to='activity1'/>
<WorkflowEditor x='156' y='88'/>
</Activity>
<Activity id='1' name='activity1'>
<Action id='0'>
<expression>
<block/>
</expression>
</Action>
<Transition to='Checkin View'/>
<WorkflowEditor x='265' y='82'/>
</Activity>
<Activity id='2' name='Checkin View'>
<Comments>Commit an updated view.</Comments>
<Action id='0' application='com.waveset.session.WorkflowServices'>
<Argument name='op' value='checkinView'/>
<Argument name='view' value='$(user)'/>
</Action>
</Activity>

OAM - Create User Workflow

Hi experts !
I am creating "Create User" workflow using QuickStart . However, when i edit the workflow and set the participants for both "Initial Step" and "Error Reporting" to "Anyone", and try to save the workflow after saving the steps, it prompts "Please set participants for step(s) : 1,3". when i try to verify if the participants have in fact been set to Anyone, the check box next to Anyone is again blank.
Please help me out.
Regards

Has this workflow been executed a couple of times? I mean, do you see any open tickets for this WF definition? In that case, you need to close/delete all open tickets and then try modifying the participants.
-shetty2k

SPML Modify Request failure

Hi,
I am trying to trigger a SPML Modify request with the modification mode as Add.
But it always returns failure with an IAM # . No specifc reason as such.
Can any tell me as how the request identifies the User for the which the modify needs to apply , Is it purely based on PSO ID? I tried passing in the PSO Id as identity:orclguid
What is the value we need to pass for PSO id?

Hi ,
I use the OOTB SPML I suppose , I am totally new to this IDM .
We are using OIM 11g .
We have an usecase to create user and assign role to user from an externall application into OID , for this we are using the SPML webservice.
SPML takes the PSO Id to identify the user , So I am not able to find the attribute which I could pass on.
More over basic question , any resource I am created from SPML webservice , it creates a request in OIM and I am not sure how I can see the same in ODSM, So is this done by connectors and we need to have anconfiguration or mapping that needs to take care of the same?
So using SPML is the right approach to provision users to OID (create User,Grant Role to User)
I also do not see any Distingushed Name attribute in OIM , How wil the users i create using SPML go to the exact subtree I wish to insert. I am not able to find any docs which can help me , all the docs seems to be very generic
Thanks,
Robin

After 10.1.2 upgrade, Create/Modify User/Group requires re-authentication

I have 3 systems - 2 were 9.x (AS10g R1) upgraded to 10.x (AS10g R2), 1 was installed as 10.x. On the two upgraded systems, after a Portal user logs in (with administration privileges), navigates to the "Administration" tab and clicks either the "Create New User", "Modify User", "Create New Group" or "Modify Group" links, they are prompted for a username and password again. On the system installed with 10.x, this does not happen. Submitted iTar was unresolved. Has anyone seen this before?
Thanks in advance.

Please read this whole message before doing anything.
This procedure is a diagnostic test. It’s unlikely to solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.
The purpose of the test is to determine whether the problem is caused by third-party software that loads automatically at startup or login, by a peripheral device, by a font conflict, or by corruption of the file system or of certain system caches.
Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards, if applicable. Start up in safe mode and log in to the account with the problem. You must hold down the shift key twice: once when you boot, and again when you log in.
Note: If FileVault is enabled, or if a firmware password is set, or if the boot volume is a Fusion Drive or a software RAID, you can’t do this. Ask for further instructions.
Safe mode is much slower to boot and run than normal, with limited graphics performance, and some things won’t work at all, including sound output and Wi-Fi on certain models. The next normal boot may also be somewhat slow.
The login screen appears even if you usually login automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.
Test while in safe mode. Same problem?
After testing, reboot as usual (not in safe mode) and verify that you still have the problem. Post the results of the test.

HELP - Modify user group by bulk un CUCM 8.6

Hi guys,
I am having problem by update/modify user group on CUCM.
There are already some users within user group with admin privileges. That should be changed, so I created a group with some privileges and then I tried to change the usergroup by bulk. but the bulk ADDS the usergroup to the correct and maintain both.
After that I decided to have 2 rows, for the same user, one for the group with empty space (to delete it), and another with the new usergroup. But CUCM does not either do that. it sills maintain the user group..
Does anyone has successfully changed the user group by bulk?
I will appreciate your advices.
Update Users - Custom File
Begin Time : 04/29/2015 13:46:41
Query :
Update Users in CUCM_1L_Template.csv
Failure Details :
users Error Code Error Description
******** NO ERROR FOUND ********
Result Summary :
UPDATE for 2 USERS passed.
UPDATE for 0 USERS failed.
End Time : 04/29/2015 13:46:41
Kind Regards.
Juan Gerardo Hernandez
CCNP Voice

That's correct, what you're seeing is WAD, this topic has been discussed plenty of times before, the only option you have is SNR

OIM 11g Modify User Profile for Updating End Date

Hi Gurus!
We have an OIM implementation where users may request the creation of other users by means of a Create User request template. In this template we set the End Date to be 3 months after the request date.
In order for the requester to extend the period of a user's OIM user account (along with its provisioned resources) we customized a Modify User Profile by displaying the End Date field and automatically populate it again to 3 months after the request date. Also we developed a custom event handler to enable the user when it is disabled and the End Date is updated to a future date.
This Modify User Profile is working great when the user is still enabled (the End Date is still in the future), however, when the End Date has passed (and the user is Disabled) the requester is not able to see the user when selecting the Modify User Profile request template.
Is there a way to allow requesters to also see disabled users in the Modify User Profile request template?
Thank you in advance.
Regards,

Hi Kevin,
thanks for your reply!
But, in this case, when the user is already disabled due to his End Date, how can a requester, through the Self Service TAB, enable it?
The Enable User request template does not work since when trying to enable the user, OIM sees the End Date is already passed and the DataSet validation throws an exception.
The only way I saw was providing a Modify User Profile Request template to change the End Date and developing a custom event handler to enable the user upon the extension of the End Date...
How can, in this situation, a requester enable the user and extend its End Date?
Thank you!
Regards,

Can approver modify user's request form in OIM 11g?

Dear All,
In OIM 10g, the approver of a request can modify user's request form, we just need to configure the permission in OIM. But, can we do it in OIM 11g?
If can, how can i configure it?
really need your help guys,, :D
Thank you,
--herry

Hi user12841694,
Thanks for the suggestion. But, the data (field) that can be modified by the approver is very limited. We cannot attach multi-valued attribute there (like Child Form).
Regards,
---herry

Modify User Postprocess event handler

Hi All,
Can some one tell me how to fetch complete set of user data in orchestration while i trigger my update event handler.?
eg
I have a event handler which is working fine on create user operation.(populates a custom udf Country based on employee type and another filed called city)
Now in my update if i update my city country shd be updated,but orchestration only returns values for the fields which are updated and not all,my employee type is returned as NULL,which makes my code to fail
Can anyone tell me how to get the existing data in orchestration?
I hope I am able to explain my scenario
Thanks

You can get all the attributes from Identity array or User
Check this
Re: EventHandler - How to get user Key
To modify user attribute
Urgent help required: Event Handlers
You can get lots of post related to you question.
HTH

How to add a new tab on modify user form

Hi,
In OIM11g, we can assign roles to a user using a tab named Roles in the modify user form. I want to add a new custom tab alongside all the already present tabs.
The new custom attribute functions the same as 'Roles' in OIM.
Does OIM11g provide any functionlity to do so?
Thanks..

Have you seen the 11g tutorial thing about adding a Custom ADF tabs in OIM Self Service Console at
http://apex.oracle.com/pls/apex/f?p=9830:37:3242381082783477::NO:RIR:IR_PRODUCT,IR_PRODUCT_SUITE,IR_PRODUCT_COMPONENT,IR_RELEASE,IR_TYPE,IRC_ROWFILTER,IR_FUNCTIONAL_CATEGORY:,,,OIM_11g,,,
Is that any help?
Also, more general advice on customising OIM 11g is available at:
http://download.oracle.com/docs/cd/E14571_01/doc.1111/e14309/uicust.htm
Try metalink too because there may be examples of how to do stuff with OIM 11g there.
Good luck

Authorization Policy for Modify user in OIM 11gR2

Hi Experts,
Requirement: I want the users in particular org not to modify certain user attributes and users from other org should be allowed to modify user.
I have created user1 whose organization is org1 and role is role1. I have also created user user2 under same org and same role. I assigned the Admin Role "User Administrator" role to user2.
So If user2 from same org1 tries to modify certain attributes then OIM should throw error message. I have completed till this.
But when the user from diff org say org2 with Admin Role "User Administrator" tries to modify user, OIM is not allowing to modify user which should not be the case.
I want the Auth Policy to trigger only for Org1. I have specified the below condition for my custom policy in OES admin console but it is not triggering.
The condition is
IF ( OrclOIMTargetEntity = 'true' AND OrclOIMUserOrganizations = 'true' AND STRING_AT_LEAST_ONE_MEMBER_OF(OrclOIMUserOrganizations,['25','1000000']) = true )
What am I missing?
Any help is much appreciated.

Hi
Can anyone let me know the steps to restrict modify user operation for the users belonging to specific organization in OIM 11gR2. The condition which I specified under Authorization Policy in APM console is not triggering at all.
Thanks!

IAM-3056160:Modify User Profile request cannot set or change attribute Job Code, since it is not defined in the corresponding data set.

I am trying to modify the value of the field "Job Code" through API I am getting the following error.(OIM11gr2). I do not get this error when updating the other fields. There is a field by the name USR_JOB_CODE in the database. When I poked around I found that there is no Job Code field in the User Form. Any ideas?
IAM-3056160:Modify User Profile request cannot set or change attribute Job Code, since it is not defined in the corresponding data set.:Modify User Profile:Job Code
oracle.iam.identity.exception.ValidationFailedException: IAM-3056160:Modify User Profile request cannot set or change attribute Job Code, since it is not defined in the corresponding data set.:Modify User Profile:Job Code
       at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:237)
       at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
       at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
       at oracle.iam.identity.usermgmt.api.UserManager_nimav7_UserManagerRemoteImpl_1036_WLStub.modifyx(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
       at java.lang.reflect.Method.invoke(Unknown Source)
       at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
       at $Proxy2.modifyx(Unknown Source)
       at oracle.iam.identity.usermgmt.api.UserManagerDelegate.modify(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke

THanks for your reply. Here is the snippet from User.xml that contains info about job code.
<entity-attribute>Job Code</entity-attribute>
<target-field>usr_job_code</target-field>
<field name="usr_job_code">
<type>string</type>
<required>false</required>
</field>
<attribute name="Job Code">
<type>string</type>
<required>false</required>
<searchable>true</searchable>
<multi-valued>false</multi-valued>
<MLS>false</MLS>
<multi-represented>false</multi-represented>
<attribute-group>Basic</attribute-group>
<metadata-attachment>
<metadata>
<name>multi-valued</name>
<value>false</value>
<category>properties</category>
</metadata>
<metadata>
<name>user-searchable</name>
<value>true</value>
<category>properties</category>
</metadata>
<metadata>
<name>category</name>
<value>Preferences</value>
<category>properties</category>
</metadata>
<metadata>
<name>bulk-updatable</name>
<value>true</value>
<category>properties</category>
</metadata>
<metadata>
<name>read-only</name>
<value>false</value>
<category>properties</category>
</metadata>
<metadata>
<name>visible</name>
<value>true</value>
<category>properties</category>
</metadata>
<metadata>
<name>encryption</name>
<value>CLEAR</value>
<category>properties</category>
</metadata>
<metadata>
<name>display-type</name>
<value>TEXT</value>
<category>properties</category>
</metadata>
<metadata>
<name>system-controlled</name>
<value>false</value>
<category>properties</category>
</metadata>
<metadata>
<name>max-size</name>
<value>512</value>
<category>properties</category>
</metadata>
<metadata>
<name>custom</name>
<value>false</value>
<category>properties</category>
</metadata>
</metadata-attachment>
</attribute>
I am able to retrieve the value of the Job Code attribute without any problem with the following code.
System.out.println("JOB Code: "+user.getAttribute("Job Code"));

SPML Modify user workflow

Similar Messages

Maybe you are looking for