Use of Orchestration in OIM 11g

Hi,
Can anyone help me in understanding the concept of orchestration in OIM 11g?
I have seen using orchestration in eventhandlers. I don't have any idea on this. Can you please elobrate it's uses?
Thanks,
Saravanan

An orchestration is automated management of operations in Oracle Identity Manager. In case of event handlers, at what stage (pre-process/post-process etc) that event handler is about to be executed, on what object(user/role/resource etc) and in what order it is to be executed, are all handled by orchestration. Orchestration also holds data during these operations as well.
You can use doc referred above by Nayan to use the orchestration. I hope this helps.
regards,
GP

Similar Messages

  • How to polulate data from lookup using request dataset in OIM 11g

    Hi,
    Using Request dataset in OIM 11g, I need to display one dropdown with the roles those need to come from Lookup.
    For Ex; I have 2 resources,i.e Resource A and Resource B. Resource A has 5 roles and Resource B has 3 Roles.
    While creating a request, If I select Resource A, then I should be able to get 5 Roles and if I select Resource B then I should be able to see corresponding 3 roles.
    Pls. note I have only one Look up definition , where I have roles for both Resource A and B.
    I have done simillar thing in OIM 10g , however I am unable to do it using OIM 11g Request dataset.
    Pls suggest.

    Hi BB,
    I am trying to follow up your response.
    You are suggestng to use prepopulate adapter for to populate respource object name, that means We have to just use an sql query from obj tabke to get the resource object name. right ?? it could be like below, what should I have entity-type value here ??
    <AttributeReference name="Field1" attr-ref="act_key"
    available-in-bulk="false" type="Long" length="20" widget="ENTITY" required="true"
    entity-type="????"/>
    <PrePopulationAdapter name="prepopulateResurceObject"
    classname="my.sample.package.prepopulateResurceObject" />
    </AttributeReference>
    <AttributeReference name="Field2" attr-ref="Field2" type="String" length="256" widget="lookup-query"
    available-in-bulk="true" required="true">
    <lookupQuery lookup-query="select lkv_encoded as Value,lkv_decoded as Description from lkv lkv,lku lku
    where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.xxx.BO.Field2'
    and instr(lkv_encoded,concat('$Form data.Field1', '~'))>0" display-field="Description" save-field="Value" />
    </AttributeReference>
    Then I need think about the 'Lookup.xxx.BO.Field2' format.
    Could you please let me know if my understanding is correct?? What is the entity-type value of the first attribute reference value?
    Thanks for your all help.

  • Issue with deleting a group using Request APIs in OIM 11g R1

    Hi,
    I am facing an issue with Request Based provisioning in OIM 11g R1.
    I am currently testing a scenario where i have imported a data set for 'Modify Provisioned Resource' and am able to add a group/entitlement to an already provisioned resource by using the following code :
            RequestBeneficiaryEntityAttribute childEntityAttribute= new RequestBeneficiaryEntityAttribute();
            childEntityAttribute.setName("AD User Group Details");
            childEntityAttribute.setType(TYPE.String);
            List<RequestBeneficiaryEntityAttribute> childEntityAttributeList=new ArrayList<RequestBeneficiaryEntityAttribute>();
            RequestBeneficiaryEntityAttribute attr = new RequestBeneficiaryEntityAttribute("Group Name", <group>,                                                                       RequestBeneficiaryEntityAttribute.TYPE.String);
            childEntityAttributeList.add(attr);
            childEntityAttribute.setChildAttributes(childEntityAttributeList);
            childEntityAttribute.setAction(RequestBeneficiaryEntityAttribute.ACTION.Add);
            beneficiaryEntityAttributeList = new ArrayList<RequestBeneficiaryEntityAttribute>();   
            beneficiaryEntityAttributeList.add(childEntityAttribute);
            beneficiarytEntity.setEntityData(beneficiaryEntityAttributeList);
    This works fine for adding a group but if i try to remove a group by changing the action to Delete in the same code, the request fails. The only change made is in the following line:
    childEntityAttribute.setAction(RequestBeneficiaryEntityAttribute.ACTION.Delete);
    Could you please suggest where can this possibly be wrong.
    Thanks for your time and help

    Hi BB,
    I am trying to follow up your response.
    You are suggestng to use prepopulate adapter for to populate respource object name, that means We have to just use an sql query from obj tabke to get the resource object name. right ?? it could be like below, what should I have entity-type value here ??
    <AttributeReference name="Field1" attr-ref="act_key"
    available-in-bulk="false" type="Long" length="20" widget="ENTITY" required="true"
    entity-type="????"/>
    <PrePopulationAdapter name="prepopulateResurceObject"
    classname="my.sample.package.prepopulateResurceObject" />
    </AttributeReference>
    <AttributeReference name="Field2" attr-ref="Field2" type="String" length="256" widget="lookup-query"
    available-in-bulk="true" required="true">
    <lookupQuery lookup-query="select lkv_encoded as Value,lkv_decoded as Description from lkv lkv,lku lku
    where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.xxx.BO.Field2'
    and instr(lkv_encoded,concat('$Form data.Field1', '~'))>0" display-field="Description" save-field="Value" />
    </AttributeReference>
    Then I need think about the 'Lookup.xxx.BO.Field2' format.
    Could you please let me know if my understanding is correct?? What is the entity-type value of the first attribute reference value?
    Thanks for your all help.

  • USER LOGIN GENERATION USING EVENT HANDLER IN OIM 11G

    Hi
    I am looking to generate user logins in OIM 11g (11.1.1.5) using event handlers. Can anyone guide me with the process and which API need to be used?
    Regards

    You have to write your custom class which implements oracle.iam.identity.usermgmt.api.UserNamePolicy. Then you have to register the plugin which will contain the plugin.xml and class file of your custom code.
    More in this metalink ID 1228035.1

  • Sending email notification  using email template in OIM 11g

    HI all
    I want to send an email to the user in OIM 11 g using API's
    I have created a email template using oim 11g's design console.
    now i want to access that email template from design console and send mail to user.
    previously in OIM 9i there was class com.thortech.xl.dataobj.util.tcEmailNotificationUtil;
    which was having utilities method like send-email etc.where we were able to access the email template from design console and send mail to user.
    I want such API's to send mail to user in OIM 11g.Iam unable to find the tcEmailNotificationUtil class in OIM 11g;
    Thanks in advance
    Bipin patil

    Thanks kuldeep
    I have one single question,.
    I have gone through the 11g docs but it is not present in the oim 11g docs any reasons for it .

  • How to execute vb script with out using Remote manager in oim 11g r2

    Hi Currently,
    i have a requirement to execute  vb script (present on a remote machine in which connector server is installed) from oim machine while using Exchange connector (11.1.1.6).
    This can be achieved by using remote manager,but i dont want to use remote manager.
    Hence decided to use Action scripts.
    As per connector configuration,
    i have configured Action scripts in Lookup.Exchange.UM.Configuration lookup definition, by means of three entries
    After Create Action Language      Shell
    After Create Action Target           Resource
    After Create Action File              /home/scripts/Disable.bat
    Disable.bat has the following ,
    Powershell.exe -File C:\scripts\Setup.vbs
    -%Log on Name%
      Exit
    As Setup.vbs is expecting a parameter of log on name, i was providing the same.
    But while creating the user,as this script gets called, getting the following error and hence 'create User' is getting failed.
    Problem while PowerShell execution System.Management.Automation.RemoteException: This task does not support recipients of this type. The specified recipient XXXXXXXXXXX...XXXXX is of type UserMailbox. Please make sure that this recipient matches the required recipient type for this task.
    While provisioning the user to Exchange , i have selected 'Recepient type' as 'User Mail box' explicitly, but still getting the error.
    Please provide any pointers to resolve the issue.
    Thanks in advance
    Kumar

    As far as I know Oracle and MySQL are two different products.
    Why do you clutter an Oracle forum with MySQL questions?
    If MySQL is such a tremendous RDBMS, like many people state (as 'free' means per definition better),
    why don't you visit a MySQL forum where fellow MySQL aficionados can answer you MySQL questions?
    In short, why don't you stop abusing Oracle forums?
    Sybrand Bakker
    Senior Oracle DBA

  • Direct provisioing using API in OIM 11g

    Hi Experts,
    I am facing couple of issues.
    *1)* I am trying to provision a resource direcly using API's in OIM 11g. Here I do not have any object form for this resource but I have a process form with some pre-population adapters.
    And I am trying to use the below code for direct provisioining.
    Hashtable objectHash = new Hashtable();
    objectHash.put("Objects.Name", objectName);
    tcResultSet objectResultSet = objIntf.findObjects(objectHash);
    long objectKey = objectResultSet.getLongValue("Objects.Key");
    com.thortech.xl.vo.ResourceData data = userIntf.provisionResource(userKey, objectKey);
    long userObjectInstanceKey = Long.parseLong(data.getOiuKey());
    long objectInstanceKey = Long.parseLong(data.getObiKey());
    And I am getting nulls for the attributes userObjectInstanceKey & objectInstanceKey .
    Please let me know how to provision a resource which has no object form but has some pre-population adapters using API .
    *2)* I am trying to provision a resource direcly using API's in OIM 11g. Here I do have an object form for this resource which has one of the attribute as of type lookup.
    ResourceData data = userIntf.provisionResource(userKey, resourceKey);
    long userObjectInstanceKey = Long.parseLong(data.getOiuKey());
    long objectInstanceKey = Long.parseLong(data.getObiKey());
    Hashtable objectHash = new Hashtable();
    objectHash.put("UD_ADGROUP_NAME",groupName);
    In this case I am getting objectInstanceKey properly but it is not seeting lookup field value but it is setting all other fields on the object form correctly.
    How to set a field of type lookup on the object form while provisioing a resource directly using API's.
    Thanks a lot for your help.

    947670 wrote:
    Hi Pallavi,
    I am not populating any object form. I am trying for direct provisioning a resource thru OIM API's.
    Hence, I need populate all of the process form fields inorder to skip the approval flow. So, I was using setProcessFormData method.
    Here is what happening.
    1) My resource has a request dataset which has only one field called "Group Name".
    2) My resource has a process form with the fields name UD_GROUP_NAME, UD_GROUP_DESCRIPTION, UD_GROUP_OWNER.
    3) When I use the below code, I was able to populate the fields UD_GROUP_DESCRIPTION, UD_GROUP_OWNER (Because pre-populate adapters are getting invoked) as they did not exist on the request data.
    tcFormInstanceOperationsIntf formInstanceOps=Platform.getService(tcFormInstanceOperationsIntf.class);
    ResourceData data = userIntf.provisionResource(userKey, resourceKey);
    long userObjectInstanceKey = Long.parseLong(data.getOiuKey());
    long objectInstanceKey = Long.parseLong(data.getObiKey());
    Hashtable objectHash = new Hashtable();
    objectHash.put("*UD_ADGROUP_NAME*",groupName);
    formInstanceOps.setProcessFormData(objectInstanceKey, objectHash);
    4) I am having this issue only with the fields that are exist on the request dataset. Since, UD_GROUP_NAME exist on the request dataset, even if I try to set some value in the process form, it is not taking.
    Using API's, I am not able to populate any of the attributes on the process form that are exist on the request dataset.
    How to solve this issue.1. Check the process form field name.
    2. Use tcUserOperationsIntfAPI Method provisionObject(userKey,ObjectKey)
    userIntf.provisionObject(userKey, objectKey);
    3. Get the process-instance key.
    tcResultSet objResultSet = userIntf.getObjects(userKey);
                   int objCount = objResultSet.getRowCount();
                   for (int count = 0; count < objCount; count++) {
                        objResultSet.goToRow(count);
                        if (objResultSet.getStringValue("Objects.Name").equalsIgnoreCase(resourceObjectName)){
                             processInstanceKey = objResultSet.getLongValue("Process Instance.Key");
    4. Use tcFormInstanceOperationsIntf API method setProcesFormData(processInstanceKey,dataMap)
    Hope this helps you.

  • Sending email to user using the notification template in OIM 11g

    Hi all
    I have created a Notification Template using web console in OIM 11g.
    Iam able to access the contents from notification template in my java code.
    But iam not able to find the correct api's to send email to user using the notification template
    (like tcEmailNotificationUtil using this class we can connect to email template created in design console and creating IT resourse we can send email to user using the method sendEmail).
    Waiting for your help and pointers
    Thanks and Regards
    Bipin patil

    Thanks GP!.
    But i have the same doubt here.
    "The Notification Event is defined through a XML file that must be loaded into MDS database." - in which path and in what name it should be.
    Because under /metadata/iam-features-notification, i couldnt see any event Xml present. I thought atleast we could see the existing OOB notification template's event xml files.
    Please let me know if you are aware.
    Thanks,
    Amudha

  • Reconciliation of "change password on next logon" from AD fails in OIM 11g

    Hello,
    We have a use case on our OIM 11g project where we create a user in Active Directory and check *"User must change password at next logon"* box in AD.
    We have setup AD as Trusted and Target resource (using connector 9.1.1.7), where users coming from AD will be created in OIM and password changes in OIM will be sent to AD. Also we use the password synchronization module (9.1.1.5) to synchronize the passwords from AD to OIM when they are changed in AD.
    What we noticed is the "User must change password at next logon" is synchronized to the "AD Resource", but unlike the regular attributes it is not accessible normally because it's a system attribute.
    What we expect is the user logging in to OIM will be prompted to change the password, but nothing happens when the newly reconciled user logs in (i.e. normal self-service page is shown). Same thing applies when we set the flag on an existing user also.
    Did anyone get this working properly?
    P.S. In a previous version it used to be the opposite where the user was constantly prompted for the password, even though it was changed in AD already, after changing the password using Alt+Crtl+Delete the user was still prompted to change when logging in to OIM. Oracle suggested we upgrade to 11.1.1.5.1 (most recent patch set) but now the reverse happens - we never get change password prompt now.
    Thanks,
    -JP
    Edited by: JacekP on Oct 17, 2011 8:10 AM

    Yeah, you're right, unfortunately we have dual authorative password model, where a user can change the password from OIM when he is accessing a OIM through a web interface or from his Windows machine through the domain controller. We need the use case to work fully both ways ideally.
    A plan-B solution is to use a directory synchronization mechanism outside of OIM that would connect OID and AD, but we would prefer not to.

  • SPML Webservice in OIM 11g

    Has anyone ever used SPML webservices in OIM 11g r1 or r2 ?
    My requirement is to invoke SPML webservice for creating a user from a third party application. pls help
    Can you please provide a working sample ?
    Thanks

    Has anyone ever used SPML webservices in OIM 11g r1 or r2 ?
    My requirement is to invoke SPML webservice for creating a user from a third party application. pls help
    Can you please provide a working sample ?
    Thanks

  • OIM 11g r2: SOA  workflows for two level approval.

    HI Experts,
    I am using SOA workflows in OIM 11g r2. The requirement is to have a two level approval for a role (which provisions Oracle DBUM connector at present) : first for Manager and second for the Role owner.
    I have created and deployed the composite with name AddAccessApproval but need to find how to use this for two level approval.
    There is option for serial approval but how to pass it to Role owner.
    Any help in this regard is appreciated.
    Many Thanks,
    Arvind

    I've run into the same error with oim 11gr2 bp04:
    <Mar 18, 2013 11:07:09 AM CDT> <Notice> <Stdout> <BEA-000000> <<Mar 18, 2013 11:07:09 AM CDT> <Error> <oracle.soa.services.identity>
    <BEA-000000> <<oracle.tip.pc.services.identity.jps.AuthenticationServiceImpl.authenticateUser()> authentication FAILED>>
    <Mar 18, 2013 11:07:09 AM CDT> <Notice> <Stdout> <BEA-000000> <<Mar 18, 2013 11:07:09 AM CDT> <Error> <oracle.soa.services.identity>
    <BEA-000000> <<.> Identity Service Authentication failure.
    Identity Service Authentication failure.
    Either the user name or password is incorrect. Check the error stack and fix the cause of the error. Contact Oracle Support Services if error is not fixable.
    ORABPEL-10528
    Identity Service Authentication failure.
    Identity Service Authentication failure.
    Either the user name or password is incorrect. Check the error stack and fix the cause of the error. Contact Oracle Support Services if error is not fixable.
         at oracle.tip.pc.services.identity.jps.JpsProvider.authenticateUser(JpsProvider.java:2337)
    Caused By: javax.security.auth.login.LoginException: [Security:090304]Authentication Failed: User SOAAdminPassword javax.security.auth.login.FailedLoginException:
    [Security:090302]Authentication Failed: User SOAAdminPassword denied
         at oracle.security.jps.internal.jaas.module.authentication.JpsUserAuthenticationLoginModule.login(JpsUserAuthenticationLoginModule.java:71)
         ...Did you find what the issue is? I'm finding scant information about this user named "SOAAdminPassword" (who makes up these usernames :-/).

  • How to give design console access to the user from OIM GUI - OIM 11g R2

    Hi,
    Could you please let me know if there is any way to give Design Console access to a normal user in OIM 11g R2.
    I tried by giving the access from backend by using DB command and I was able to give the design console access to the user.
    But I need to give design console access to the user from OIM Interface.
    Please let me know how to achieve this functionality.
    Thanks

    I have already used this approach by directly modifying the user record in DB.
    I am looking if it is possible to give Design console access from OIM GUI, the way we use to give in OIM 11g R1.

  • How to obtain Role name in OIM 11g using API's

    Hello,
    I have a scenario in which I create Role/Group in OIM 11g & it gets provisioned in AD [=works fine] & other part is when i delete role in OIM 11g then it should
    get deleted from AD.I have written postprocess event handler to achieve this.
    In role creation part i get all parameters using "orchestration.getParameters();" , but when i delete role then "orchestration.getParameters();" is empty,so i am
    not able to get role name.
    Is there a way to get role name while deleting roles using API ?
    Thanks,
    Rahul Shah

    Hi Raghav,
    Following is my code :
    tcRODetails = orgOpInterface.getObjects(organizationKey);
    for(int i = 0;i < tcRODetails.getRowCount();i++){
    tcRODetails.goToRow(i);
    // resourceName=AD Group
    if(resourceName.equalsIgnoreCase(tcRODetails.getStringValue("Objects.Name"))&&
    tcRODetails.getStringValue("Objects.Object Status.Status").equalsIgnoreCase("Provisioned")||
    tcRODetails.getStringValue("Objects.Object Status.Status").equalsIgnoreCase("Enabled")) {
    System.out.println("<<<FOUND>>>");
    processKey = tcRODetails.getLongValue("Process Instance.Key");
    provisionObjectKey = tcRODetails.getLongValue("Objects.Key");
    tcProcessSet = oimFormUtility.getProcessFormData(processKey);
    for(int j=0;j<tcProcessSet.getRowCount();j++){
    tcProcessSet.goToRow(j);
    if(grpName.equalsIgnoreCase(tcProcessSet.getStringValue("UD_ADGRP_NAME"))){
    System.out.println("MATCH FOUND!!!!!");
    orgOpInterface.removeObjectAllowed(organizationKey,provisionObjectKey);
    break;
    & i get following error :
    <Mar 22, 2012 1:54:43 PM IST> <Error> <XELLERATE.APIS> <BEA-000000> <Class/Method: tcOrganizationOperationsBean/removeObjectAllowed encounter some problems: Object with key=7 is not already set as an allowed object for Organization with key=1>
    Thanks
    Rahul Shah

  • Creation of a Request in OIM 11G using API's

    Hi Friends,
    I am trying to create a request using OIM 11g API's.
    I am trying to do this for EBS Responsibility resource and this resource has a request dataset has EBS-IT-Resource-Instance, application name, responsibility name, start date and security group. Please note application name, responsibility name, start date and security group are in child form.
    I am trying to populate the request dataset using the below code.
    List<RequestBeneficiaryEntityAttribute> entityAttrList;
    RequestBeneficiaryEntity entity = null;
    entityAttrList = new ArrayList<RequestBeneficiaryEntityAttribute>();
    entity = new RequestBeneficiaryEntity();
    tcITResourceInstanceOperationsIntf tcITResourceIntf = Platform.getService(tcITResourceInstanceOperationsIntf.class);
    HashMap searchcriteria = new HashMap<String, String>();
    searchcriteria.put("IT Resources.Name", "EBSHF-APPS12");
    tcResultSet resultSet = tcITResourceIntf.findITResourceInstances(searchcriteria);
    long itResourceKey=resultSet.getLongValue("IT Resources.Key");
    entityAttrList.add(this.getAttrLong("eBusiness Suite Instance Name",itResourceKey));
    entityAttrList.add(this.getAttr("Application Name","3~300"));
    entityAttrList.add(this.getAttr("Responsibility Name", "3~300~52281"));
    entityAttrList.add(this.getAttr("Security Group", "3~0"));
    entity.setEntityKey(getResourceKey("Oracle eBusiness Responsibility"));
    entity.setEntityType(RequestConstants.RESOURCE);
    entity.setEntitySubType("Oracle eBusiness Responsibility");
    entity.setEntityData(entityAttrList);
    private RequestBeneficiaryEntityAttribute getAttr(String name, String value)
    RequestBeneficiaryEntityAttribute attr = null;
    attr = new RequestBeneficiaryEntityAttribute(name, value, RequestBeneficiaryEntityAttribute.TYPE.String);
    return attr;
    private RequestBeneficiaryEntityAttribute getAttrLong(String name, long value)
    RequestBeneficiaryEntityAttribute attr = null;
    attr = new RequestBeneficiaryEntityAttribute(name, value, RequestBeneficiaryEntityAttribute.TYPE.Long);
    return attr;
    My code is working fine and a request is getting created. But when I try to open the request dataset(object form) for the newly created request, I am getting null exceptions.
    If I did not populate the fields that are in the child form application name, responsibility name and security group which are highlighted above, then I am able to view the form with the correct IT-Resource-Instance name after request creation.
    So, I am thinking I am doing something wrong while populating child form data in the request dataset.
    Can you please provide me some code snippet to populate the child using 11G API'S?

    Hi Bikash,
    After referring your code, i made changes in mine. Here is my updated code.
    RequestBeneficiaryEntityAttribute parantAttr=null;
    List<RequestBeneficiaryEntityAttribute> entityAttrList;
    RequestBeneficiaryEntity entity = null;
    entity = new RequestBeneficiaryEntity();
    parantAttr=this.getAttrLong("eBusiness Suite Instance Name", itResourceKey);
    RequestBeneficiaryEntityAttribute mid1 = new RequestBeneficiaryEntityAttribute();
    List <RequestBeneficiaryEntityAttribute> childAttributesList = new ArrayList<RequestBeneficiaryEntityAttribute>();
    childAttributesList.add(this.getAttr("Application Name", "3~555"));
    childAttributesList.add(this.getAttr("Responsibility Name", "3~555~22862"));
    childAttributesList.add(this.getAttr("Security Group", "3~0"));
    mid1.setChildAttributes(childAttributesList);
    mid1.setAction(RequestBeneficiaryEntityAttribute.ACTION.Add);
    entityAttrList = new ArrayList<RequestBeneficiaryEntityAttribute>();
    entityAttrList.add(parantAttr);
    entityAttrList.add(mid1);
    But when I try to run this, it is getting failed saying "RequestServiceException: IAM-2050033:Invalid attribute name null. No corresponding reference was found in the data set ProvisionResourceOracle eBusiness Responsibility".
    Here is my request data set for your reference.
    <AttributeReference name="eBusiness Suite Instance Name" attr-ref="eBusiness Suite Instance Name" type="Long" length="50" widget="itresource-lookup" required="true" available-in-bulk="true" itresource-type="eBusiness Suite UM"/>
    <AttributeReference available-in-bulk="true" length="10" widget="text" type="String" attr-ref="UD_EBH_RSCP" name="EBS HR Foundation User Responsibilities">
    <AttributeReference name="Application Name" attr-ref="Application Name" type="String" length="256" widget="lookup-query" available-in-bulk="true" required="true">
    <lookupQuery lookup-query="select lkv_encoded as Value,lkv_decoded as Description from lkv lkv, lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and lkv_encoded like concat('$Form data.eBusiness Suite Instance Name', '~%')" display-field="Description" save-field="Value"/>
    </AttributeReference>
    <AttributeReference name="Responsibility Name" attr-ref="Responsibility Name" type="String" length="256" widget="lookup-query" available-in-bulk="true" required="true" primary="true">
    <lookupQuery lookup-query="select lkv_encoded as Value,lkv_decoded as Description from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Responsibility' and lkv_encoded like concat('$Form data.Application Name','~%')" display-field="Description" save-field="Value"/>
    </AttributeReference>
    <AttributeReference name="Security Group" attr-ref="Security Group" type="String" length="256" widget="lookup-query" available-in-bulk="true" required="true">
    <lookupQuery lookup-query="select lkv_encoded as Value,lkv_decoded as Description from lkv lkv, lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.SecurityGroup' and lkv_encoded like concat('$Form data.eBusiness Suite Instance Name', '~%')" display-field="Description" save-field="Value"/>
    </AttributeReference>
    I am not sure why it is not referencing to the attribute. In your blog, it is saying your code is to set process form. But i am trying to create a request using API's. so, I need some code snippet to populate request dataset. Do you think, this will serve both?
    Thanks for your help.

  • Error while creating authorisation policy using OIM 11g API

    Hi,
    We have a requirement to create ‘Authorization Policies’ (assign Data Constraints, Permissions & Assignments) using OIM 11g API’s.  I am using ‘oracle.iam.authzpolicydefn.api.PolicyDefinitionService & oracle.iam.authzpolicydefn.vo.AuthzPolicy’.  But when I am trying to attach Entity/Feature (User Management) to authorisation policy, it is throwing exception.  Below is the code snippet which I am trying to implement.
    Line1: PolicyDefinitionService policyService = oimClient.getService(PolicyDefinitionService.class);
    Line2: AuthzPolicy authPolicy = new AuthzPolicy();
    Line3: authPolicy.setName("Test Authz Policy");
    Line4: authPolicy.setDisplayName("Test Authz Policy Dsp Name");
    Line5: authPolicy.setDescription("Test Authz Policy Description");
    Line6: Feature feature = oimClient.getService(Feature.class);
    Line7: Action featureAction = feature.getAction(FeatureManagerConstants.Features.USER_MGMT.getId());
    Line8: List<Action> actions = new ArrayList<Action>();
    Line9: actions.add(featureAction);
    Line10: authPolicy.setActions(actions);
    Line11: policyService.createPolicy(authPolicy);
    Exception: oracle.iam.platform.utils.NoSuchServiceException: java.lang.ClassNotFoundException: oracle.iam.authzpolicydefn.api.FeatureDelegate
    The above exception is throwing at Line6.
    Let me know if anyone implemented.
    - Kalyan Mutya

    If you are using JDeveloper , can you able to get class after giving "." .If yes no than it is the problem with the jar file you are using .Check whether you can able to import oracle.iam.authzpolicydefn.api.Feature.
    Thanks ,
    Animesh anand

Maybe you are looking for