Unable to authenticate users using Custom plugins in OAM 11g

Similar Messages

• Authenticate Users Using an LDAP Server

  Hi,
  I did implement 'Authenticate Users Using an LDAP Server' according the link blow below.
  [http://www.oracle.com/technology/products/database/application_express/howtos/how_to_ldap_authenticate.html]
  It works OK to specific DN String, example 'cn=%LDAP_USER%,OU=Menahel,OU=Cmp,DC=ho,DC=discount'.
  We have a lot of domain rules, mean the users not located at the same DN.
  Is it possibale to use general DN string (base root) like 'cn=%LDAP_USER%,*,*,DC=ho,DC=discount?
  Thanks in advance,
  Shay

  Augusto, one thing to check (since it caught me out) is that your LDAP entries conform to the right format, namely
  "cn=Bob" etc
  When I was integrating HTMLDB LDAP against a Sun One Directory Server, it had me scratching my head for ages, until I realised that the LDAP entries had been created in the format of -
  "uid=bob" rather than "cn=bob"
  This might not be your problem, but it's worth checking anyway ;)

• Error while Creating user using Custome form

  Hi,
  I created a custom form same as create user form
  updated in xlDefaultAdmin.properties,xlWebAdmin_en_US.properties,struts-config.xml
  on this custom every thing is working fine but when on submit(Create User) it gives me below error
  in Admin Console : You do not have permissions to perform this operation.
  in App server log: maoRejections:You do not have permission to insert this object.

  My response is based on the following assumptions:
  Your custom form is similar to that of CreateUser form in all manners. The logic at the back-end has been written by you as well. As soon as you get all the values you call the createUser API of OIM to create the user. You have wriiten your custom action classes as well.
  The insert error may be due to the reason that the user which you are using to create the user doesn't have sufficient permissions. In other words, if this is done through Java code then while instaniating the API, the user used must be missing these permissions.
  If the error is due to this permission for users then we can give these additional permissions to individual users, if in case its not and you have some other scenario then just give me more details, probably I can help you for it.
  Thanks
  Sunny

• Authenticate users using materialised veiw

  Hi guys,
  I'm wondering if i can authenticate users on login whether or not they exsist in a materialised view?? At the minute im authenticating whether they exist in active directory, but i want to authenticate whether they exist in a materialised view, can i do this so that it display the same error message in the same way.. 'invalid log in credentials' ??
  Thanks
  Stefan

  Just on that note is there anywhere i can find an example of code that check AD groups, at the minute i have a custauthentication function to check if a user exists in LDAP but i havent narrowed it down to specific groups.. is there any hints you can give me or even a link to an example?
  cheers guys

• How to deploy a custom plugin in OVD 11g/ODSM 11g?

  Hi,
  I created a sample plugin and trying to deploy it using ODSM. Looks like there is no facility to do it as we used to do it using OVD Manager GUI. I copied the plugin jar file under the existing pluigns directory. Restarted OVD servers, ODSM but i am still not seeing the custom plugin in ODSM. Any help is appreciated.
  Thanks,
  Ramnath

  Ok, I found a work around for this issue.
  I developed the plugin using OVD MAnager (10g), deployed it in OVD 10g server. Copied the deployed plugin into OVD 11g environment and it works!. So it is the only way to develope custom plugins in 11g by using OVD10g environment? Any other work around not involving 10g is highly appreciated.

• SecurID plugin on OAM 11g

  Hi all!
  Anybody knows if the SecurID plugin from OAM 10g can be used on OAM 11g?
  If no, is there (or will be) something equivalent on 11g?
  Regards

  Hi,
  I'm wondering about this too.
  And are there going to be possible to use a custom authentication method with OAM 11g?
  With OAM 10g there was a SDK available to create custom Access Gates, anything similar to that coming up?
  We used OAAM for OTP authentication (sms/email) but what if you want to use a secure token, from for example RSA or Entrust?
  Regards,
  Henrik

• Creating users using custom made class/UI in portal

  This is what i have to achieve,
  I need to create an interface in portal which will,
  1. Create users in the OID where the users extend a class which i have created in OID with my custom attributes.
  2. Then create them in portal and then assign them to default groups which will depend on a parameter in the user creation form.
  From reading various documents in Metalink and OTN i have understood that the wwsec_api package allows us to do all this except that it is all for a user which will extend a predefined set of classes.
  So i decided to do this
  1.Make entries into the OID using the DBMS_LDAP package using commands like
  emp_vals(1) := p_first_name;
  DBMS_LDAP.populate_mod_array(emp_array,DBMS_LDAP.MOD_ADD,'firstName',emp_vals);
  retval := DBMS_LDAP.add_s(emp_session,emp_dn,emp_array);
  2.Fire the wwsec_api.add_portal_user to create the portal user and then activate and assign him to the default group after running the provsyns.sql file
  The problem i face is that i get errors when i execute the said procedure from any other schema other than portal.
  When the procedure is recreated in the portal schema and executed it works fine.
  So i decided to create the entire package in the portal schema itself.
  Now the problem i face is that the proc would execute fine on the sql prompt but fail when called from the form created in portal based on this procedure.
  I found out that the execution fails when the wwsec_api.xxx calls are made.
  The exceptions are not specific and have the error code 1 => user defined exception
  To have a workaround for this i directly inserted into the wwsec_person$ table with no values for the GUID column( I know this is not recommended but i gave it a try)
  The insert worked fine but i still had to set his default group.I tried updating the rows for the user to set the default_group column but there seems to be a trigger on it which causes the update to fail.
  Also when i check up the wwsec_person$ table there two rows for each user that i created ,one without the GUID/default_group and the other with the GUID/default_group.I guess this is because of the trigger.
  If i try using the wwsec_api.set_defaultgroup api, the proc fails.
  It is quite interesting to note that all the steps mentioned above, grant access to the user to portal.
  But the place it fails is while setting the default group for the same which is of prime importance to me.
  Also because I am inserting directly into the tables i have also to delete them when the user is deleted, this is because i again cannot execute the delete_portal_user in the wwsec_api package from the browser.
  Surprisingly the wwsec_api.create_list function works fine.
  Once i have created the users all the manipulations like changing group memberships etc become easy as i just modify the required details in the OID itself.
  What i need is a proper/safe way to do what i have just mentioned above.
  Please help out ASAP as this is urgent.
  Regards,
  KK

  Based on your requirements, you should go about things a little differently...
  You have written your custom DBMS_LDAP code to create and populate the user entry including your custom objectclasses - good.
  You don't need to create the user profile in the Portal schema at all.
  To set the default group, just set the orcldefaultprofilegroup attribute in the user entry in OID. This should be set to the DN of the default group.
  When the user logs on, his profile will automatically be created, and the default group will also sync up with the user entry in OID (patch required - 2830252).
  Also, you should have DIP provisioning running so that updates to the orcldefaultprofilegroup attribute in OID are subsequently conveyed to the portal schema. It will also take care of automatically deleting the user profile from the portal if the user is removed from OID.
  Please see the Portal Configuration Guide on how to enable and activate the Directory Integration Platform (DIP) provisioning integration between OID and Portal

• Unable to authorize user using AccessControlService and user.roles and user.privileges are not set properly

  Hi,
  I am trying to enable/disable a feature based on user.roles.
  Added a constraint for that feature as below,
      <adfmf:constraints>
        <adfmf:constraint property="user.roles" operator="contains" value="manager" id="c1"/>
      </adfmf:constraints>
  In this case, Users have manager role should be able to access this feature.
  My AccessControlService response is
  {"userId" : "sales_mgr","roles" : [ "manager","MOO_OPPORTUNITY_SALES_MANAGER_DUTY","ZBS_ENT_SALES_MANAGER_DUTY"],"privileges" : [ "managerPriv","ZSF_DEFINE_SALES_FORECAST_PRIV","MOO_MANAGE_OPPORTUNITY_GROUP_SPACE_PRIV"]}
  Repsonse has "manager" as one such role.
  After adding constraint to the feature, am unable to access it.
  I tried many possibilities like  operator="contains" or "not" or "equal", but no use.
  I don't know what is going wrong. Appreciate you help.
  Thanks.

  If you are on 11.5.10 or greater or standalone 2.6.4 if you pass the responder value to wf_notification.respond API it should be updated in wf_notifications.responder column. The comments is now updated in wf_comments table against the notification id and not wf_notifications.user_comment column.
  Thanks, Vijay

• OIDSchemaException: Unable to provision user using OID Java API

  Hello,
  I'm new to OID and am writing java code for User provisioning in OID.
  I went through the documents available and found that I have to have my Application Registered and Provisioning Configuration done for User Provisioning.
  Hope I did that correctly using the Oracle Directory manager console. But still when I try to create a user as follows, I'm getting OIDSchemaException.
  Configuration cfg = new Configuration ("us");
  UserFactory factory = UserFactoryBuilder.createUserFactory(getLdapConnection().getConnection(), cfg);
  ModPropertySet mpSet = new ModPropertySet();
  mpSet.addProperty("cn", user.getFirstName());
  mpSet.addProperty("sn", user.getLastName());
  mpSet.addProperty("uid", user.getUserName());
  mpSet.addProperty("userPassword", user.getUserPassword());
  IdmUser idmUser = factory.createUser(mpSet);
  The link provided for sample Code in http://docs.oracle.com/cd/B14099_19/idmanage.1012/b14087/orcl_ext.htm#sthref222
  is broken. Can you please help me by providing a sample java application with code. I can go through the samples and check if I'm doing anything wrong.
  Thank you,
  Sivakumar Manicka
  [email protected]

  Hi Fred,
  Thank you for your reply.
  This is the exact error.
  Does it means the xlsysadm password is wrong?
  If so where would the be changed?
  Response: AUTHENTICATION_ERROR
  Response Description: Invalid / Incorrect Admin Password
  Assigned to: System Administrator[XELSYSADM]
  Thanks.

• PPTP VPN on Mac OS X Sever 10.3.9 - Unable to Authenticate Users

  When attemping to connect to a VPN that I've set up on an Xserve running OS X server 10.3.9, Internet Connect shows 'Contating Server' -> 'Negotiating' -> 'Disconnecting' and then reports that authentication failed.
  After much reading on these and other forums I believe I've figured why I'm having this issue and that would be that none of the users on the xserve have 'Open Directory' type passwords. So what I'm hoping is that someone here can help with how in fact I could add a user and set their password to OD type.
  I've read on these boards that you can have a user with an OD password type without having the server be an 'Open Directory Master/Replica'. Is this true? And in any case, is anyone able to tell me the simplest way of setting up a user with an Open Directory password?
  Powerbook G4 12" 1Ghz   Mac OS X (10.4.6)  

  Thanks for that, using root with NeST did the trick, it gave root an OD password and enabled me to set other users' passwords to that type also.
  As I'm new at setting up VPN's, I have a further question, but to briely explain my setup: I have an Xserve (static ip: 192.168.1.100), which is the server that is running the vpn and is connected to an Airport Basestation (192.168.1.1), and also a web server (static ip: 192.168.1.240). So my question is how do I enable access to the webserver over the VPN? Currently when I connect to the vpn I can't access the webserver, not can I ping its ip (nor any other ip on the remote network for that matter).
  In the 'Client Information' tab of the VPN service 'DNS servers' is set to: 192.168.1.1, 'Search Domains' is blank, and there are no routing definitions.
  Powerbook G4 12" 1Ghz   Mac OS X (10.4.6)  

• I'm unable to Order a photo book in Iphoto 9.  Iphoto is "unable to authenticate user" or "enable 1-click ordering" even after the Apple ID has Express Ordring turned on.  Who else is having this issue today?

  We've been on the phone with Apple for over 4 hours.  Been shifted to many people.  Created New Accounts.  Reset and rebooted everything, but still our accounts are unable to use 1-Click ordering.  How hard have we worked on this book?

  We got our book ordered late Friday.  Unfortunately the issue caused us a big delay and was very stressful.  Everyone on Tech Support, or misdirected to Sales Support was very pleasant and tried to be helpful.

• Javax.jms.JMSSecurityException: JMSRemoteServer: unable to authenticate use

  Trying to create a subscriber connection to the demoTopic, Ive set the user up in the principals.xml file(which btw works in 10.1.2 OAS) but doenst work in 10.1.3.1. Does anyone know where else I may need to setup security? I tried using the oc4jadmin as user/password, this also fails. HELP?
  STACK TRACE
  javax.jms.JMSSecurityException: JMSRemoteServer: unable to authenticate user "admin".
       at com.evermind.server.jms.JMSUtils.make(JMSUtils.java:1072)
       at com.evermind.server.jms.JMSUtils.toJMSSecurityException(JMSUtils.java:1128)
       at com.evermind.server.jms.JMSRemoteServer.readLogin(JMSRemoteServer.java:711)
       at com.evermind.server.jms.TCPJMSRemoteServer.initializeConnection(TCPJMSRemoteServer.java:137)
       at com.evermind.server.jms.TCPJMSRemoteServer.initializeConnection(TCPJMSRemoteServer.java:110)
       at com.evermind.server.jms.TCPJMSRemoteServer.<init>(TCPJMSRemoteServer.java:68)
       at com.evermind.server.jms.EvermindConnection.<init>(EvermindConnection.java:122)
       at com.evermind.server.jms.EvermindTopicConnection.<init>(EvermindTopicConnection.java:68)
       at com.evermind.server.jms.EvermindTopicConnectionFactory.unprivileged_createTopicConnection(EvermindTopicConnectionFactory.java:96)
       at com.evermind.server.jms.EvermindTopicConnectionFactory.access$000(EvermindTopicConnectionFactory.java:41)
       at com.evermind.server.jms.EvermindTopicConnectionFactory$1.execute(EvermindTopicConnectionFactory.java:78)
       at com.evermind.server.jms.InContainerProxy.doSecureOp(InContainerProxy.java:157)
       at com.evermind.server.jms.EvermindTopicConnectionFactory.createTopicConnection(EvermindTopicConnectionFactory.java:75)
       at com.peoplesoft.pt.integrationgateway.listeningconnector.jms.SubscriberTopic.createTopicConnection

  Was anyone ablle to answer this question as we have a customer running into the same issue.

• OAM 11g: Error while importing Custom Authentication Plug-in.

  We are trying to create a sample custom authentication plugin in OAM 11g as per the 11.1.1.5.0 doc.
  But while trying to import the plugin via oamconsole (system configuration->Plugins->Import Plugin) we receive an error "Invalid XML Structure".
  Do we have to embed the XSD (XML Schema Definition) as well ?
  -------------------------SamplePlugin.java-------------------------------------
  import oracle.security.am.plugin.ExecutionStatus;
  import oracle.security.am.plugin.MonitoringData;
  import oracle.security.am.plugin.PluginConfig;
  import oracle.security.am.plugin.authn.AuthenticationContext;
  import oracle.security.am.plugin.authn.AuthenticationException;
  import oracle.security.am.plugin.authn.AbstractAuthenticationPlugIn;
  import java.util.Map;
  import java.util.logging.Level;
  class SamplePlugin extends AbstractAuthenticationPlugIn {
       private static final String CLASS_NAME = "FirstTestClass";
       public ExecutionStatus initialize (PluginConfig config){
            super.initialize(config);
            if(LOGGER.isLoggable(Level.FINE)){
                 LOGGER.logp(Level.FINE,CLASS_NAME,"initialize","Entering initialize");
            return ExecutionStatus.SUCCESS;
       @Override
       public String getDescription() {
            // TODO Auto-generated method stub
            return null;
       @Override
       public Map<String, MonitoringData> getMonitoringData() {
            // TODO Auto-generated method stub
            return null;
       @Override
       public String getPluginName() {
            // TODO Auto-generated method stub
            return null;
       @Override
       public int getRevision() {
            // TODO Auto-generated method stub
            return 0;
       @Override
       public ExecutionStatus process(AuthenticationContext arg0)
                 throws AuthenticationException {
            if(LOGGER.isLoggable(Level.FINE)){
                 LOGGER.logp(Level.FINE,CLASS_NAME,"initialize","Entering process");
            return ExecutionStatus.SUCCESS;
       @Override
       public void setMonitoringStatus(boolean arg0) {
            // TODO Auto-generated method stub
       @Override
       public boolean getMonitoringStatus() {
            // TODO Auto-generated method stub
            return false;
  -------------------------SamplePlugin.java-------------------------------------
  ------------------------SamplePlugin.xml--------------------------------
  <?xml version="1.0" encoding="UTF-8" ?>
  <Plugin name="SamplePlugin" type="Authentication">
  <author>Self</author>
  <email>[email protected]</email>
  <creationDate>09:41:22, 2012-02-05</creationDate>
  <version>1</version>
  <description>SamplePlugin</description>
  <interface>oracle.security.am.plugin.authn.AbstractAuthenticationPlugIn</interface>
  <implementation>SamplePlugin</implementation>
  </Plugin>
  ------------------------SamplePlugin.xml--------------------------------
  ------------------------MANIFEST.MF--------------------------------
  Manifest-Version: 1.0
  Ant-Version: Apache Ant 1.8.2
  Bundle-Version: 1.0.0.qualifier
  Bundle-Name: SamplePlugin
  Bundle-Activator: SamplePlugin
  Bundle-ManifestVersion: 2
  Created-By: 1.6.0_24-b07 (Sun Microsystems Inc.)
  Import-Package: org.osgi.framework;version="1.3.0",oracle.security.am.
  plugin,oracle.security.am.plugin.authn,oracle.security.am.plugin.api,
  oracle.security.am.common.utilities.principal,oracle.security.idm,jav
  ax.naming,javax.sql,java.management,javax.security.auth
  Bundle-SymbolicName: SamplePlugin
  Bundle-RequiredExecutionEnvironment: JavaSE-1.6
  ------------------------MANIFEST.MF--------------------------------
  Contents of SamplePlugin.jar
  1. SamplePlugin.xml
  2. SamplePlugin.class
  3. META-INF/
  MANIFEST.MF

  I build the Plugin.jar file similarly as above(followed the same steps)..
  But when i log into OAM and trying to import the plugin (System Configuration->Plugins- Import Plugin) the browser goes to hung state and i see below error in logs (domain log and in diag log)
  I see the jar file created in this location (\Middleware\user_projects\domains\IAMdomain\oam\plugins)
  Please let me know if you have any idea..Thanks!
  ####<Feb 29, 2012 1:10:03 PM PST> <Warning> <oracle.adf.controller.internal.metadata.MetadataService> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-00000000000003fe> <1330549803273> <BEA-000000> <ADFc: /WEB-INF/adfc-config.xml: >
  ####<Feb 29, 2012 1:10:03 PM PST> <Warning> <oracle.adf.controller.internal.metadata.MetadataService> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-00000000000003fe> <1330549803274> <ADFC-52024> <ADFc: Duplicate managed bean definition for 'accessCheck' detected.>
  ####<Feb 29, 2012 1:10:03 PM PST> <Warning> <oracle.adfinternal.view.faces.renderkit.rich.RegionRenderer> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000402> <1330549803479> <ADF_FACES-60099> <The region component with id: pt1:_lar has detected a page fragment with multiple root components. Fragments with more than one root component may not display correctly in a region and may have a negative impact on performance. It is recommended that you restructure the page fragment to have a single root component.>
  ####<Feb 29, 2012 1:10:33 PM PST> <Error> <javax.enterprise.resource.webcontainer.jsf.application> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000593> <1330549833253> <BEA-000000> <java.lang.NullPointerException
  javax.faces.el.EvaluationException: java.lang.NullPointerException
       at org.apache.myfaces.trinidad.component.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:51)
       at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
       at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:190
  ####<Feb 29, 2012 1:10:33 PM PST> <Warning> <oracle.adfinternal.view.faces.lifecycle.LifecycleImpl> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000593> <1330549833316> <BEA-000000> <ADF_FACES-60098:Faces lifecycle receives unhandled exceptions in phase INVOKE_APPLICATION 5
  javax.faces.FacesException: #{FileProcessor.doUpload}: java.lang.NullPointerException
       at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:118)
       at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:190)
       at oracle.adf.view.rich.component.rich.RichPopup$BroadcastContextCallback.invokeContextCallback(RichPopup.java:666)
       at org.apache.myfaces.trinidad.component.UIXComponentBase.invokeOnComponent(UIXComponentBa
  >
  ####<Feb 29, 2012 1:10:33 PM PST> <Error> <oracle.oam.admin.console.policy> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000593> <1330549833361> <OAM-400016> <Failed to authenticate the user
  javax.servlet.ServletException: java.lang.NullPointerException
       at javax.faces.webapp.FacesServlet.service(FacesServlet.java:277)
  ####<Feb 29, 2012 1:10:34 PM PST> <Warning> <oracle.adf.view.rich.component.fragment.UIXRegion> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-000000000000059a> <1330549834008> <ADF_FACES-00009> <Error processing viewId: /plugin-taskflow/authplugins URI: /oracle/security/am/taskflows/authplugin.jsff actual-URI: /oracle/security/am/taskflows/authplugin.jsff.
  javax.el.ELException: java.lang.NullPointerException
       at javax.el.BeanELResolver.getValue(BeanELResolver.java:266)
       at com.sun.faces.el.DemuxCompositeELResolver._getValue(DemuxCompositeELResolver.java:173)
       at oracle.adfinternal.view.faces.renderkit.rich.PanelCollectionRenderer$PanelCollectionHelper._encodeAll(PanelCollectionRenderer.java:728)
       at oracle.adfinternal.view.faces.renderkit.rich.PanelCollectionRenderer$PanelCollectionHelper.access$500(PanelCollectionRenderer.java:537)
       at oracle.adfinternal.view.faces.renderkit.rich.PanelCollectionRenderer.encodeAll(PanelCollectionRenderer.java:402)
       at oracle.adf.view.rich.render.RichRenderer.encodeAll(RichRenderer.java:1396)
       at org.apache.myfaces.trinidad.render.CoreRenderer.encodeEnd(CoreRenderer.java:335)
       at org.apache.myfaces.trinidad.component.UIXComponentBase.encodeEnd(UIXComponentBase.java:767)
       at javax.faces.component.UIComponent.encodeAll(UIComponent.java:937)
  ####<Feb 29, 2012 1:10:34 PM PST> <Warning> <oracle.adfinternal.view.faces.lifecycle.LifecycleImpl> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-000000000000059a> <1330549834020> <BEA-000000> <ADF_FACES-60098:Faces lifecycle receives unhandled exceptions in phase RENDER_RESPONSE 6
  javax.faces.FacesException: javax.el.ELException: java.lang.NullPointerException
       at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._renderResponse(LifecycleImpl.java:804)
       at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:294)
       at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:214)

• Custom plugin based on user role membership

  Hi all,
  I would like to develope a custom plugin that generates account userid (on process form) with different syntax against role membership.
  With "syntax" I mean name.surname.random_number for employee users and surname.company.random_number for example.
  I'll try to explain the scenario more in details:
  1. I create a user identity through a request
  2. After user identity has created successfully, I assign a role to the user. Since roles are associated with access policies, role assignment triggers provisioning on target system.
  3. The custom plugin that I would like to develope shuold be able to generate proper userid against role membership. For example if I assigned the role "Project Manager" the custom plugin should generate the account userid with name.surname.random_number format; viceversa if I assigned the role "External Reseller" the custom plugin should generate the account userid with surname.company.random_number format.
  Looking for custom plugin based on role membership in forum, I found a couple of threads about this subject:
  - Email notifications after role grant
  - Re: OIM 11g Role Membership Event Handlers.
  I tried to implement what explained in the threads, but I would be sure about what I've done.
  Here what I've done:
  1. created plugin.xml file
  2. created EventHandler.xml metadata file
  3. developed a java calss for testing pourpose
  4. copied the custom plugin class to OIM server for example in $MIDDLEWARE_HOME/OIMPlugins/lib
  NOTE: during this operation I have exactly mantained the same directory structure of custom java package.
  For example custom plugin class is under my.custom.plugin java package and I have copied custom java class under $MIDDLEWARE_HOME/OIMPlugins/lib/my/custom/plugin folder
  5. created a zip file containing custom plugin class (always with its directory structure) and plugin.xml file
  6. copied the zip file to $OIM_HOME/server/plugins
  7. edited ant.properties file (under $OIM_HOME/server/plugin_utility) setting wls.home and oim.home variables
  8. built the wlfullclient.jar (only the first time)
  9. registered the custom plugin
  10. created the custom plugin dataset file
  11. imported it in OIM database using "weblogicImportMetadata" utility
  12. purged cache using "PurgeCache" utility
  NOTE: all the steps above was executed using the system user running OIM process
  test java class
  package com.zeropiu.sky.custom.eventhandlers;
  import java.io.Serializable;
  import java.util.HashMap;
  import com.thortech.util.logging.Logger;
  import oracle.iam.platform.kernel.spi.ConditionalEventHandler;
  import oracle.iam.platform.kernel.spi.PostProcessHandler;
  import oracle.iam.platform.kernel.vo.AbstractGenericOrchestration;
  import oracle.iam.platform.kernel.vo.BulkEventResult;
  import oracle.iam.platform.kernel.vo.BulkOrchestration;
  import oracle.iam.platform.kernel.vo.EventResult;
  import oracle.iam.platform.kernel.vo.Orchestration;
  import oracle.iam.platform.context.ContextManager;
  import java.util.Set;
  public class TestUserAnonimi implements PostProcessHandler, ConditionalEventHandler {
       private static final Logger logger = Logger.getLogger("com.zeropiu.sky.custom.eventhandlers");
  private static final String className = "TestUserAnonimi";
       @Override
       public void initialize(HashMap<String, String> arg0) {
            // TODO Auto-generated method stub
            String methodName = "initialize";
            System.out.println("###### " + className + " - " + methodName);
       @Override
       public boolean isApplicable(AbstractGenericOrchestration abstractGenericOrchestration) {
            // TODO Auto-generated method stub
            String methodName = "isApplicable";
  System.out.println("###### " + className + " - " + methodName + " - STARTED");
  System.out.println("###### " + className + " - " + methodName + " - ContextManager.getContextType(): " + ContextManager.getContextType());
  System.out.println("###### " + className + " - " + methodName + " - ContextManager.getContextSubType(): " + ContextManager.getContextSubType());
  System.out.println("###### " + className + " - " + methodName + " - abstractGenericOrchestration.getOperation(): " + abstractGenericOrchestration.getOperation());
  System.out.println("###### " + className + " - " + methodName + " - Printing ContextManager parameters");
  HashMap allContextManagerPairs = ContextManager.getAllValuesFromCurrentContext();
  Set<String> allContextManagerParams = allContextManagerPairs.keySet();
  String[] parameters = allContextManagerParams.toArray(new String[allContextManagerParams.size()]);
  for (int i = 0; i < parameters.length; i++) {
            System.out.println("###### " + className + " - " + methodName + " - Context parameter " + i + ": " + parameters[i] + " - Object type is: " + Utils.getObjectType(ContextManager.getValue(parameters)));
  System.out.println("###### " + className + " - " + methodName + " - ENDED");
  return true;
       @Override
       public boolean cancel(long arg0, long arg1,     AbstractGenericOrchestration arg2) {
            // TODO Auto-generated method stub
            String methodName = "cancel";
            System.out.println("###### " + className + " - " + methodName);
            return false;
       @Override
       public void compensate(long arg0, long arg1, AbstractGenericOrchestration arg2) {
            // TODO Auto-generated method stub
            String methodName = "compensate";
            System.out.println("###### " + className + " - " + methodName);
       @Override
       public EventResult execute(long arg0, long arg1, Orchestration orchestration) {
            // TODO Auto-generated method stub
            String methodName = "Eventresult execute";
            System.out.println("###### " + className + " - " + methodName);
            return null;
       @Override
       public BulkEventResult execute(long arg0, long arg1, BulkOrchestration arg2) {
            // TODO Auto-generated method stub
            String methodName = "BulkEventResult execute";
            System.out.println("###### " + className + " - " + methodName);
            return null;
  plugin.xml file
  <?xml version="1.0" encoding="UTF-8"?>
  <oimplugins xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <plugins pluginpoint="oracle.iam.platform.kernel.spi.EventHandler">
  <plugin pluginclass="com.zeropiu.sky.custom.eventhandlers.TestUserAnonimi" version="1.0" name="TestUserAnonimi">
  </plugin>
  </plugins>
  </oimplugins>
  EventHandler.xml metadata file
  <?xml version='1.0' encoding='UTF-8'?>
  <eventhandlers xmlns="http://www.oracle.com/schema/oim/platform/kernel" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.oracle.com/schema/oim/platform/kernel orchestration-handlers.xsd">
  <action-handler class="com.zeropiu.sky.custom.eventhandlers.TestUserAnonimi" entity-type="RoleUser" operation="CREATE" name="TestUserAnonimi" stage="preprocess" order="1007" sync="FALSE" />
  </eventhandlers>When I assign a role to a user through OIM web interface, I can see in OIM log file all System.out.println contained in initialize(), isApplicable() and BulkEventResult execute() methods. Is it correct? Can I implement my custom plugin logic now, or my starting point is wrong?
  ###### TestUserAnonimi - initialize
  ###### TestUserAnonimi - isApplicable - STARTED
  ###### TestUserAnonimi - isApplicable - ContextManager.getContextType(): ADMIN
  ###### TestUserAnonimi - isApplicable - ContextManager.getContextSubType():
  ###### TestUserAnonimi - isApplicable - abstractGenericOrchestration.getOperation(): CREATE
  ###### TestUserAnonimi - isApplicable - Printing ContextManager parameters
  ###### TestUserAnonimi - isApplicable - Context parameter 0: origuser - Object type is: java.lang.String
  ###### TestUserAnonimi - isApplicable - Context parameter 1: oimuser - Object type is: java.lang.String
  ###### TestUserAnonimi - isApplicable - Context parameter 2: RESOLVED_LOCALE - Object type is: java.lang.String
  ###### TestUserAnonimi - isApplicable - Context parameter 3: counter - Object type is: java.lang.String
  ###### TestUserAnonimi - isApplicable - Context parameter 4: TIME_ZONE - Object type is: java.lang.String
  ###### TestUserAnonimi - isApplicable - Context parameter 5: ipaddress - Object type is: java.lang.String
  ###### TestUserAnonimi - isApplicable - ENDED
  ##### TestUserAnonimi - BulkEventResult execute
  Thanks,
  Daniele
  Edited by: 886636 on Jan 24, 2012 2:53 AM
  Edited by: 886636 on Jan 24, 2012 2:53 AM

  Probably I don't explain myself clearly....sorry for that!
  Anyway you are right, the role of the user can change after the user is initially provisioned.
  I'll try to summarize to be sure to have understood your answer and to explain my scenario more in details:
  1. After user identity creation, I'll assign the role "Project Manager". Before role assignment the user has not any role. So using a pre-populate adapter I can retrieve the assigned role and compose the right userid.
  2. After step 1, I need to assign another role to the user, the new role should be "External Reseller" for example. In this case the user has a role already. What I would is: basing on the role that I'm assigning (External Reseller), the pre-populate should compose the right userid. Obviously this second userid will be different from the first one and this means a new account will be created for the user. At the moment I don't care to deprovisioning the first userid.
  Is it possible with pre-populate adapter?
  Sorry again for my not very clear explanations.
  Daniele
  Edited by: 886636 on Jan 24, 2012 4:10 AM

• Acrobat PDF reader for Internet Explorer may be unloading/unabling custom plugin

  Hi,
  My question is basically to understand what is happening in this situation so that I can find where is the problem and how to solve it.
  We have used Acrobat 6.0 SDK to develop our custom plugin. This plugin is basically wrapper to few basic tools  (note, stamp, text ) etc.. provided by Acrobat 6.0 SDK. We have also developed PDFViewer.dll to view PDF document within Internet Explorer. So when user load document within our website this PDFViewer loaded with the custom plugin and user can use those tools.
  We are installing this plugin under <Acrobat X>/Plug_ins/<Company Name>/MyPlugin.API.
  In our web site we are giving list of documents and when user click on a document it will load the PDFViewer and custom plugin. We are loading Acrobat.exe in advance so that we can load quickly.  Now the problem happens when user open any other PDF in different tab or instance of Internet explorer. ?How?
  Consider in a internet explorer user logged in our web site and then he/she can see let's say 10 documents. 1.pdf, 2.pdf, 3.pdf, etc...
  Now when user select document 1.pdf we are loading that PDF in the IE within our PDFViewer with custom plugin. (Here I have seen that behind the scene Acrobat.exe is loaded in the processed using task manager)/  If at this time if user opens another instance of Internet explorer or another tab and open a PDF document it opens PDF in the standard Adobe Reader PDF viewer for Internet Explorer resides at (C:\Program Files\Common Files\Adobe\Acrobat\ActiveX).
  If at this time user goes back to our site and tried to work on 1.pdf our custom plugin works fine BUT if user opens any other document (let's say 2.pdf) the plug in stops working basically looks like it is not loaded.
  This issue only happens if user opens a document in another internet tab or explorer instance and open PDF which resulted in to open Acrobat Activex for internet explorer. If user opens a PDF document out side of internet explorer it is not creating any problem because at that time ActiveX does not loaded.
  So my guess is something is going on when ActiveX for PDF is get loaded into Internet Explorer.
  I want to know more what is happening and why it is happening. Due to this behavior our web site users can't use any other web site which opens PDF documents because then they have to log off and log back in our web site.
  Please we need immediate help.
  I am open to provide more details with screen captures.
  Thanks,
  Twinkle

  Hi,
  Thanks.
  So I want to make sure this is because with Acrobat 9 - the new way to deal with PDF's?  Because as per my knowledge it was working fine with Acrobat 8.
  Moreover, if I am understanding correctly and I have tested too, the order is important here, right? If I will load PDF in IE first and then I will work on my web site it is not creating problem but if I will launch my web site first and then open PDF within IE in different tab it is creating problem because they are using same interface and when AcroPDF instantiating overriding and failed to load plug_in
  Here I have seen that both Acrobat.exe and AcroPDF.dll is using same Acrobat.dll pointing to same memory addresses and that's why problem is happening.
  IT would be great if you can provide any other way to "hook" adobe because the bottom line I have to use AcroExch.App from SDK.
  One last question, I have seen that if I am opening a PDF in Internet Explorer in a different tab (not in my web app) while pressing SHIFT key and the move to my web site and load different document it is working fine, so the question is what different is happening when we open PDF in IE with pressing SHIFT key and without pressing SHIFT key. IS AcroPDF.dll behaves differently while opening PDF with SHIFT key pressed?
  Thanks for all your help.
  Twinkle