Use OIM 11g UI directly for password resets
1. What is the best practice in using OIM for password resets? Two options that i have usually heard of are writing a custom app or UI and use OIM APIs for password resets. The other is use OIM UI directly.
Are there any other options.
2. Of the two options mentioned above, are there any concerns if we want to expose the OIM UI password reset link to internet- example, post the OIM UI link across the company's website which is available to everybody?
Regards,
Anand
People,
Any help will be really appreciated. I am looking for some suggestions in this regards. Thanks
Anand
Similar Messages
-
I want to change my Apple ID for IPad because forgot password and all email addresses changed so cannot get informations for password reset. What can I do?
I was wondering if you ever figured this out. I have the same issue. When I try to use the support communities, there are so many with the same problems and never seem to be any replys?? Not very helpful and I can not get Apple to return my emails.
-
How can I o create, modify or delete users using OIM 11g web services?
Hi,
I have a requirement to create, modify or delete users using OIM 11g web services.
The end users will be signing on to the online application, a user interface to request ids online. The user interface is the home grown application to request ids.
I want to integrate this user interface with OIM 11g. I generated the java classes using the out of the box wsdl file as mentioned in the Developer’s Guide for Oracle Identity Manager 11g. But I need to know how to create users using web server client from a given wsdl file? Is there a sample web service client program to create a user in OIM?
If you know of any document which I can follow or if you can give any details I really appreciate.
Thanks and Regards,
VirafHi Chong,
Were you able to figure out the approach? I am facing the same issue like this. I have created a web service where the input values are no. of days to extend user's end date and user's employee ID. Output will be true or false. But I am getting error while searching user in OIM DB. I think my web service is not to query OIM DB
Please let me know if you have worked on this senario.
Thanks,
Kalpana. -
How to create Authorization policy using OIM 11g API
Hi,
Could you please let me know how to create Authorization policy using OIM 11g API.
ThanksConstructing A Policy Programmatically
http://docs.oracle.com/cd/E27559_01/dev.1112/e27154/cons_policy_prog.htm#CHDHACBF
api ref for PolicyStore
http://docs.oracle.com/cd/E21764_01/apirefs.1111/e22649/oracle/security/jps/service/policystore/PolicyStore.html#createApplicationPolicy_java_lang_String_
something like below code to start with
try {
JpsContextFactory ctxFact;
ctxFact = JpsContextFactory.getContextFactory();
JpsContext ctx;
ctx = ctxFact.getContext();
PolicyStore ps = ctx.getServiceInstance(PolicyStore.class);
if (ps == null) {
// if no policy store instance configured in jps-config.xml
System.out.println("no policy store instance configured");
return;
ApplicationPolicy ap = ps.createApplicationPolicy("Trading", "Trading
Application","Trading Application.");
} catch (JpsException e) {
} -
Error while creating authorisation policy using OIM 11g API
Hi,
We have a requirement to create ‘Authorization Policies’ (assign Data Constraints, Permissions & Assignments) using OIM 11g API’s. I am using ‘oracle.iam.authzpolicydefn.api.PolicyDefinitionService & oracle.iam.authzpolicydefn.vo.AuthzPolicy’. But when I am trying to attach Entity/Feature (User Management) to authorisation policy, it is throwing exception. Below is the code snippet which I am trying to implement.
Line1: PolicyDefinitionService policyService = oimClient.getService(PolicyDefinitionService.class);
Line2: AuthzPolicy authPolicy = new AuthzPolicy();
Line3: authPolicy.setName("Test Authz Policy");
Line4: authPolicy.setDisplayName("Test Authz Policy Dsp Name");
Line5: authPolicy.setDescription("Test Authz Policy Description");
Line6: Feature feature = oimClient.getService(Feature.class);
Line7: Action featureAction = feature.getAction(FeatureManagerConstants.Features.USER_MGMT.getId());
Line8: List<Action> actions = new ArrayList<Action>();
Line9: actions.add(featureAction);
Line10: authPolicy.setActions(actions);
Line11: policyService.createPolicy(authPolicy);
Exception: oracle.iam.platform.utils.NoSuchServiceException: java.lang.ClassNotFoundException: oracle.iam.authzpolicydefn.api.FeatureDelegate
The above exception is throwing at Line6.
Let me know if anyone implemented.
- Kalyan MutyaIf you are using JDeveloper , can you able to get class after giving "." .If yes no than it is the problem with the jar file you are using .Check whether you can able to import oracle.iam.authzpolicydefn.api.Feature.
Thanks ,
Animesh anand -
I had created a new icloud id. Now i dont remember my email id for password reset.
i had created a new icloud id. Now i dont remember my email id for password reset. The icloud id has not been verified yet. The verification email link is also not working. Can someone suggest me how to recover my account.
Try contacting the Apple account security team for your country: Apple ID: Contacting Apple for help with Apple ID account security.
-
Can I spedify the SMTP to use for Password Reset Service?
I'd like to be able to specify what mail server to use when access manager is sending out mail. The password reset service is currently looking to localhost, port 25 for the mail server when trying to send out mail. Is it possible to change this?
Thanks.I believe the parameters com.iplanet.am.smtphost and com.iplanet.am.smtpport in the AMConfig.properties control this.
-
Encryption algrothim used for Password reset question and answer
We are trying to write a custom interface to the Password reset service.
The interface is supposed to allow the user to enter a question and answer, then using SAM SDK write the value to the iplanet-am-user-password-reset-question-answer.
The problem is SAM saves the values encrypted, so do any one know the encryption algorithm used and what is key or they are specified.
ThnaksOnly you and Apple know your secret question. See if changing the password via email will allow access to your account.. Then you can chnag yur secret question. See:
http://support.apple.com/kb/HE36 -
OIM 11g R1 - Container for Roles
Hi,
is it possible to create container for roles?
For Example:
Container1: RoleA, RoleB, RoleC
Container2: RoleV, RoleY, RoleZ
The reason is, i want to create authorization policies, which allows the user to assign specials roles. The problem is, that a lot of roles will be added during the operation. This means, if a new role will be created, i have to edit the authorization policy
The best way is, i assign a Role-Container to the authorization policy. If i create a new role, i add the role to the special container.
Is this possible in OIM 11g R1?
Edited by: 960944 on Apr 3, 2013 5:18 AMYes, you can do that using authorization policy.
Try this:
Create a Role called 'X'
Create a Authorization Policy of Role Management Entity Type called 'X Role Authz Policy' and under the Permission tab:
Grant Modify Role Membership, Search for ROle, View Role Detail and View Role Membership
Under Data Constraints: Add all the roles that a user can self assign except SYS ADMIN role.
Under Assignemnt: Add Role 'X'
Save and apply to test it.
You can have a look at the default Role Management All Users Policy for reference.
Regards,
Sunny -
E-mail notification for password reset
Hello,
We recently activated the e-mail notification of user requests password reset in SRM Portal.
After the password reset, the recipients will receive this message:
Dear <user>,
Your password has been reset. Your new password is <password>.
Is it possible to modify this message?
Thank you!Hi,
I think the mail is sent from workflow.
Please check which workflow is triggered in SWI2_FREQ transaction.
For example,
Workflow WS10000224 has task TS10008202 and task called method RESETPASSWORDANDMAIL of Business Object BUS4101.
Please check Business Object BUS4101 and method ResetPasswordANDMail.
The method calls FM BBP_GENERATE_PASSW_MAIL.
Some text objects are used in this FM.
001 New password for procurement system
002 This is an automatic generated email. Please don't reply!
003 Dear employee,
004 your new password in the procurement system is:
005 Please change it as soon as possible.
006 User account for procurement system
007 your user account in the procurement system is:
I can not find your text in this FM.
>Dear <user>,
>Your password has been reset. Your new password is <password>.
Regards,
Masa -
Not receiving email for password reset
I cant remember my password so I tried to click on the link for Skype to send me a link, but havent received anything.??? I can login on my laptop because I dont have to input the password, and I can see that my email is correct. However I cant reset my password cause I cant receive any skype links, i checked my junk folder to no avail.please help because I cant login to skype .thank youAndrew
Howdy bbbfrombermudadunes,
If you are not receiving your password reset email from Apple, I would suggest that you troubleshoot using the steps in this article -
If you didn't receive your verification or reset email - Apple Support
Thanks for using Apple Support Communities.
Best,
Brett L -
IdM Anonymous user sessions for password resets
I am currently working on an update to a self service password reset customization through the IdM anonymous user interface. I am having issues with SIM not closing the anonymous sessions, once a user attempts an anonymous reset. Anytime one of the idm/user/anon****.jsp pages are accessed SIM logs in as the "Reset" user, so then any user that tries to go back to update their challenge questions, gets "...view acess denied to subject Reset...", as if SIM doesn't relize they are back in their user session. Question:
1. If I use any anon***.jsp pages for any process/workflow launches, for self service, must I handle the logoff of that anonymous session? Currently it looks like a custom logoff and redirect is working, but I was wondering if this is the preferred way to approach this?Yes, solved a long time ago but yes, I did find a fix for this. Turns out we had multiple issues but did work through them.
First, make sure the LDAP user is NOT Directory Manager or Admin or ANY other ID used for multiple purposes such as a privileged user that also makes changes via other tools. I created a new user in LDAP only for IDM purposes and give it the permissions needed: uid=idmsync,..... The permissions we gave were in essence the same as Directory manager as IDM is used in our case to manage LDAP as well.
Then add in the listening resource to exclude any changes from the uid=idmsync user.
In the changelog stream then all changes by IDM come down as idmsync. But other changes will come through as directory manager or someone else. But by filtering idmsync changes you prevent an infinite loop. eg. IDM sets LDAP generates change to IDM sets LDAP generates change to IDM... However other user changes will be processed without the infinite looping.
From an efficiency perspective, we also spent time refining the active sync forms. But all worked well by production turnover, which was well over a year ago. -
Security question feature required for password reset
Hi,
When ever SAP user forgets his password and he wants to reset his password, We need an option in logon screen to request the user to enter the answer for the security question and when he enters the correct answer, his ID should get reset and a new password should be mailed to his email id.
Appreciate your Ideas on this one.
ThanksWild solution...
1) Create a New User ID, which will be used for Just resetting the password based on the security question. This ID will have a password which everybody will know.
This ID will have only few authorizations.
2) Create a Custom Program which will take the User ID and the Question. Also some way of storing the Answer in some table (encrypted).
Based on the ID, the question of the user will be displayed. Based on the Input by the user, the answer will be checked.
3) If the answer is correct, reset the password and send a mail to the user id of the user. (Solution for resetting the password needs some analysis) The custom table will store user id, question, answer and the email id to which the email has to be sent.
Reward Points if useful.
Regards,
Abhishek Jolly -
OIM 11g - Mail Notification for multiple resources
User will be provisioned to 5 target system through access policies.So instead of sending 5 different mail notifications to the manager on the Create User task about the account creation, is it possible to send one consolidated mail about the provisioned resources in OIM 11g.
Hi,
How abt for the following requirement for sending single mail for multiple resources provisioned.
We have 3 Access Policies which is defined as follows.
1) Policy 1 -> R1,R2,R3 Resources
2) Policy 2 -> R3,R5 Resources
3) Policy 3 -> R1,R4 Resources
In such a case we will not be able to put dependencies on Resources and adding a task for sending email. -
Creating access policy using OIM 11g APIs
Is there a way to create an access policy using API? I see that there is AccessPolicyService but it only supports evalutePoliciesForUser. I need a way to add and modify policies.
I'm using OIM 11.1.1.5
Edited by: DJ on May 21, 2012 11:53 AMFYI, I hope the following links might be helpful, if you did not come across them before:
OIM API for Create Access Policy:
http://otndnld.oracle.co.jp/document/products/id_mgmt/idm_904/doc_cd/javadocs/operations/Thor/API/Operations/tcAccessPolicyOperationsIntf.html
Example Code for OIM API Creation of Access Policy
http://learnidm.blogspot.co.uk/2011_08_01_archive.html
Thanks,
Krish.
Maybe you are looking for
-
How to find the user that deleted a sapscript
Hi Is there a way to find out who deleted a sapscript in our Production system. Thanks
-
HP Pavilion dv6-7080se recovery error
when i run recovery a message apper to me and say : windows faild to start a recent hardware or software change might be the cause to fix the problem : 1 - insert ur windows instllation disc and restart ur computer 2 - chosse ur language settings a
-
HT2905 Can't remove duplicates in iTunes library
I just downloaded the newest verion of iTunes and there is no option to "display duplicates" under the "file" tab. Any ideas? Thanks!
-
Where can I get a stylus for a PRS-950 reader?
The stylus on my 2 year old e-reader has broken & I need to know where I can get a new one. Thx, Paul
-
100 percent button not working
I followed the tutorial exactly to create a 100 percent width slideshow. When selecting the hero image, however, the new 100 percent button on the control panel does not light up. Any help?