User Attribute Management

Similar Messages

• How to do the new created field in User Attributes, show in Manager GTC

  Hello Guys,
  I have a Connector GTC working perfectly. Now I created a new field in User Attributes and I need make this field appear in "Modify Connector Configuration" of "Manage Generic Connector" without having to create a new Connector.
  If I create a new Connector this field is showed normally, but this connector has a lot of mapping between the existing fields, I need only that a new field is displayed.
  How to I do this?
  Thanks

  Not sure what version of OIM you are using but check Bug: 12812650
  -Bikash

• Change Reference Attribute - "Manager" for multiple users

  Hi,
  I have a scenario in which I have to create a workflow to change a reference value attribute - "Manager" for multiple users in one go. Is it possible to achieve this with workflow. If yes, then how?
  Regards,
  Manuj Khurana

  Hello,
  not out of the box, since in workflows and custom activities you can only access the reqestor and target object direcly.
  But you can develop your own custom activity that fits you need, or do it with powershell custom activity.
  I did a very similar thing, to be able to change users group membership from the user UI, so I have also edit objects other then requestor and target in a workflow.
  Since both (manager and member) are reference attributes you maybe find this article helpful:
  http://social.technet.microsoft.com/wiki/contents/articles/19615.fim-2010-r2-how-to-manage-group-membership-from-the-user-ui.aspx
  I used this powershell activity in my solution:
  http://fimpowershellwf.codeplex.com/
  Regards
  Peter
  Peter Stapf - ExpertCircle GmbH - My blog:
  JustIDM.wordpress.com

• Bhold-flowing user's Manager attribute to BHOLD core

  Hi,
  I have a requirement to flow all user's manager value into bhold core.This is for setting up attribute based attestation.The problem with manager is "it is a reference type attribute in both AD and metaverse", so i need to create a reference attribute
  in bhold core for the flows to happen from metaverse to bhold .
  But there is no reference attribute type in bhold.Please can anybody suggest how to create a reference attribute in bhold.
  Regards
  Shakti
  shakti

  Hello Shakti,
  Attestation in BHOLD is either "Application-based", "Role-based" (not Manager-based) or "File-based". If the Manager in your case is defined on OU-Level you can user Role-based Attestation.
  As per BHOLD Definition for Role-based Attestation:
  - the Steward's role must be available in the OU branch. that means in the specific OU or in one of the OUs above.  
  - there must be a Steward in the OU to be attested and must be linked to the Steward's role.
  In case this does not meet your environment, you can run File-based Attestation. The Definition file includes the Steward's Name seperated by the user Name to be attested. This works in any case. The file you need can then be produced by FIM (CSV-File Export
  MA).
  Hope this helps.
  Henry

• Extended Identity Manager User Attributes

  Howdy,
  I'm trying to add some attributes to the user accounts stored local to the Identity Manager. I went to the configure menu, and set up the attributes under the Identity Attributes tab. I set the attributes to be stored locally and saved them. I also made sure to indicate that the attributes should be available to the IDM admin and end user interfaces. However, the attributes do not show up when I list the users. When I go to the users attribute tab, it contains only the Account ID attribute. Shouldn't I be able to add a new attribute and edit it?
  Much thanks in advance for any help you may be able to provide.

  It is an XML object so I dont think it has a limit as such, though the system will get slower to checkout and checkin if you overextend it.
  there usually isn't any reason to extend it extensivly... I believe it stores most of that, if the querable flag is set at least, in the user attributes table
  if you need a lot of data connected to a user you could always have an extra table and store it in, you dont need to store everything in the user object unless you need it every time the user is checked in/out etc etc

• Oracle OIM Adding Custom Field like manager to user attributes

  Hi,
  I want to add a user custom attribute to the OIM user screen.
  I need the filed to behave like the "manager id" field - I need magnifier glass right to next to the field and I need to open user search to select a value.
  We are able to add user defined field but I can't find how to add the search capabilities.
  Thanks

  1-In the User Attributes page, from the Actions menu, select Create Attribute.
  2-In the Set Attribute Details :
  2.1-Category Name: Custom Attributes.
  2.2-Display Type: List of values(LOVs)
  2.3-
  LOV Type(´search capabilities' )
  2.3.1-System Generated
  2.3.2-Admin Configured
  2.3.3-By Query
  I hope this helps,
  Thiago Leoncio.

• How can i pass the logged in user attribute value into looku query ?

  HI,
  Is there any way to pass loggined in user attribute vallue to lookup query directrely in AD Child Group form.(Like '$Form data.UD_ADUSER_AD')
  Thanks in advance
  Edited by: 790561 on 5/12/2011 16:01

  loggined in user attribute vallue can be understood differently:
  - A requester raising a request and you want *Requestor's ID" there.
  - An approver logging in to the system for doing approvals.
  - A System admin logged in to the system for managing the *Forms, Requests' etc
  All the above cases are different and you would expect different values for all. If you requirement was the Requester then
  1) Either create a hidden attribute in the Process Form and pre-populate it from the Request Form. In your query use *$Form data.UD_ADUSER_DUMMYREQID')*
  2) Or directly capture the *$Requester Information.User Login$* attribute in the process form and do manipulations

• OIF11g - Help on sending user attributes in HTTP header

  Hello, I have a OIF11g setup configured for both IdP and SP. Upon successfull authentication against LDAP, I need to end some user attributes on the HTTP header to the SP application. I do no have OAM in my setup, so there is no option of Webgate or Policy Manager to do that. As far as I read the config doc, I'm in the impression that we need to write a custom authentication engine to accept user credentials and code to authenticate against LDAP and also add attributes to the response header.
  Before I go down that path, just wanted to confirm if anybody has done this with OIF?
  Thanks,
  Sunil.

  Bernhard:
  Actually the headers are not set to null. I have an intermediate index.jsp page which is the first page that is redirected to by the AM - it is this page which calls my LoginServlet.
  The value appears consistently on this index.jsp page but after it is forwarded to the LoginServlet it starts behaving inconsistently. I check the system.out log in my websphere /logs folder and that tells me that LoginServlet does not consistenly get these values from the header.
  The wierd part is that if I use cookies or attributes, it works perfectly - each time every time. However, only in the case of headers (which is the method i am required to do) it behaves inconsistently.
  ANY feedback/help on this would be really appreciated bern.. thanks..
  ~saahil

• OIM 11g: UDF disappears from User Attributes page

  Hi,
  I was modifying a user defined attribute using the 11.1.1.3 User Attributes configuration page. All I did was change its category to move it to another section of the user profile page. The last remaining field in the category 'disappeared'. It just went from the list of fields in the category. The field still exists on the USR object and still contains all the values. But it's gone from the UI.
  I exported the /file/User.xml from MDS and sure enough the missing attribute is not present in the User.xml file. It is there for the mapping to the back end column, and in another element. But the element that describes the field proper is not there. I've since added the attribute element back in manually and re-imported the metadata using the weblogic environment manager, but the field still does not appear.
  So, my question is does anybody know where else OIM stores the attribute details? Is it in the DB somewhere and merely mirrored in the MDS? What do I need to do to restore the field? (I can't add it in because it says it already exists.)
  Thanks

  PeachEye,
  I was unable to see the UDF's I had created on the user form until I set up a policy for them. Please check the policy around the UDF's.
  I am hoping this can help you.
  From Oracle documentation:
  User's Guide for Oracle Identity Manager
  11g Release 1 (11.1.1)
  E14316-03
  User-defined fields (UDFs) can be added by creating a policy and
  adding attributes in the self service user management
  administration policy in Oracle Identity Administration. To add
  the User defined attributes for view or modification under the
  Attributes tab, these UDFs need to be added to the modify user
  data set for self-service. Also, a custom policy needs to be created
  under self service user management to grant permission to view
  and/or modify these attributes.
  For details on authorization policies, refer "Creating and Managing
  Authorization Policies" on page 15-2.

• Change form layout by User's Manager

  Hi all,
  1. I need change forms of provisioning e management for User's Manager/Administrator of Resource view only resources management by him.
  Eg.
  If Admin1 access User1 profile and go to resource profile, I need show only resources that he is Administrator.
  2. Are the some way to filter the resource profile by User's Manager/Administrator of Resource?
  Eg.
  In the User1 profile, Admin1 view information A/B/C (roles of resource) on the attribute profile(combobox/lookup) and Admin2 view only information B/C/D.
  Thanks in advance,
  Carlos

  Sorry, i have no idea. I would suggest you create an SR in metalink.oracle.com if you have purchased oracle support to find out what the variable is for.
  -Kevin

• Editing LDAP User attributes from UME interface

  Hi Gurus,
  We want to develop a solution with user management screens in WD. These screens will provide password reset and unlock functionality for users. Our users are stored in LDAP. Current connection to LDAP is in Read Only manner.
  I want to know
  1. How to enable the connection from UME to LDAP in read/write manner?
  2. What certificates need to be exchanged for write access? if any?
  3. What changes needs to be done in config file of UME?
  4. Which permissions should be granted for communication user to edit LDAP user attributes?
  Even after performing the change to read LDAP in read/write manner, will it be sure: If we lock user from UME, it will lock LDAP user? please comment.
  regards
  Kedar Kulkarni

  Hi,
  We are half way into our application between UME and LDAP. We have developed screens and tested in our internal server. In internal landscape, UME is connected to LDAP in read only fashion. So when we try to create User, it gets created in UME.
  But when we deploy same application into client landscape, we receive error as below:
  No data source feels responsible for principal. Please check the data source configuration
  Now we are not sure why this error is getting displayed.
  In client landscape there are 2 LDAPs connected to UME, with only one LDAP in read/ write access.
  Is there any way we can check which LDAP is being accessed by our code? Is there any concept of Default LDAP?
  Any code to access LDAP details will help us lot.
  regards
  Kedar Kulkarni

• Importing User attributes from OIM 9101 to 11g

  hi all,
  I need to import/create all the User attributes(UDFs) present in the OIM 9101 version to OIM 11g. Is there any way this can be achieved using deployment manager? Looking to avoid creating all of them manually again,as that would be a time consuming/error prone task.
  Looking forward to your replies.
  Thanks,
  Anuj.

  Hi,
  I think, you better create it manually in OIM11g and higher environments. The UDF import in 11g is unstable..some times it works..and some times it disappears..and when you try to create UDF after import, It will make your life hell.
  I really had very bad experience with OIM 11g UDF export/import.
  Regards,
  J

• Broken OIM installation after creating user attribute

  Hi All,
  I tried to create a new user attribute with a list of values. I assume that I specified some of the required values incorrectly as I obtained an error message from the OIM application. Now however, I am not able to login into the OIM application even after restarting OIM. The error that I am getting in the console is as follows:
  <Jan 12, 2012 1:06:21 PM SAST> <Error> <oracle.iam.identity.usermgmt.impl> <IAM-3051235> <An error occurred while searching for the user attributes.
  oracle.iam.configservice.exception.InvalidLookupException: An exception occurred while retrieving the look-up values: The look-up code 123 is invalid.
  at oracle.iam.configservice.impl.EntityUtil.getAttribute(EntityUtil.java:666)
  at oracle.iam.configservice.impl.EntityUtil.getAttributes(EntityUtil.java:743)
  at oracle.iam.configservice.impl.EntityUtil.getAttributes(EntityUtil.java:780)
  at oracle.iam.configservice.impl.RDBMSDAO.getAttributes(RDBMSDAO.java:1158)
  at oracle.iam.configservice.impl.ConfigManagerImpl.getAttributes(ConfigManagerImpl.java:784)
  at oracle.iam.identity.usermgmt.impl.UserManagerImpl.hasUnsearchableAttributes(UserManagerImpl.java:4819)
  at oracle.iam.identity.usermgmt.impl.UserManagerImpl.search(UserManagerImpl.java:1607)
  at oracle.iam.identity.usermgmt.impl.UserDetailsProviderImpl.getUserDetails(UserDetailsProviderImpl.java:125)
  at oracle.iam.platform.auth.impl.util.AuthenticationContextUtilForEJB.setUserPreferences(AuthenticationContextUtilForEJB.java:137)
  at oracle.iam.platform.auth.impl.util.AuthenticationContextUtilForEJB.setAuthenticationContextInEJB(AuthenticationContextUtilForEJB.java:93)
  at oracle.iam.scheduler.api.SchedulerServiceEJB.startx(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
  at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
  at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
  at $Proxy250.startx(Unknown Source)
  at oracle.iam.scheduler.api.SchedulerService_lp8yuv_SchedulerServiceRemoteImpl.__WL_invoke(Unknown Source)
  at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
  at oracle.iam.scheduler.api.SchedulerService_lp8yuv_SchedulerServiceRemoteImpl.startx(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
  at $Proxy179.startx(Unknown Source)
  at oracle.iam.scheduler.api.SchedulerServiceDelegate.start(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at Thor.API.Base.SecurityInvocationHandler$1.run(SecurityInvocationHandler.java:68)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
  at weblogic.security.Security.runAs(Security.java:41)
  at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
  at Thor.API.Base.SecurityInvocationHandler.invoke(SecurityInvocationHandler.java:79)
  at $Proxy249.start(Unknown Source)
  at oracle.iam.scheduler.webapp.SchedulerStartupServlet.startScheduler(SchedulerStartupServlet.java:99)
  at oracle.iam.scheduler.webapp.SchedulerStartupServlet.init(SchedulerStartupServlet.java:46)
  at weblogic.servlet.internal.StubSecurityHelper$ServletInitAction.run(StubSecurityHelper.java:283)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
  at weblogic.servlet.internal.StubSecurityHelper.createServlet(StubSecurityHelper.java:64)
  at weblogic.servlet.internal.StubLifecycleHelper.createOneInstance(StubLifecycleHelper.java:58)
  at weblogic.servlet.internal.StubLifecycleHelper.<init>(StubLifecycleHelper.java:48)
  at weblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl.java:539)
  at weblogic.servlet.internal.WebAppServletContext.preloadServlet(WebAppServletContext.java:1985)
  at weblogic.servlet.internal.WebAppServletContext.loadServletsOnStartup(WebAppServletContext.java:1959)
  at weblogic.servlet.internal.WebAppServletContext.preloadResources(WebAppServletContext.java:1878)
  at weblogic.servlet.internal.WebAppServletContext.start(WebAppServletContext.java:3153)
  at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1508)
  at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:482)
  at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
  at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
  at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
  at weblogic.application.internal.flow.ScopedModuleDriver.start(ScopedModuleDriver.java:200)
  at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:247)
  at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
  at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
  at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
  at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:27)
  at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:636)
  at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
  at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:205)
  at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:58)
  at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:161)
  at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:79)
  at weblogic.deploy.internal.targetserver.BasicDeployment.activate(BasicDeployment.java:184)
  at weblogic.deploy.internal.targetserver.BasicDeployment.activateFromServerLifecycle(BasicDeployment.java:361)
  at weblogic.management.deploy.internal.DeploymentAdapter$1.doActivate(DeploymentAdapter.java:51)
  at weblogic.management.deploy.internal.DeploymentAdapter.activate(DeploymentAdapter.java:200)
  at weblogic.management.deploy.internal.AppTransition$2.transitionApp(AppTransition.java:30)
  at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:261)
  at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:220)
  at weblogic.management.deploy.internal.ConfiguredDeployments.activate(ConfiguredDeployments.java:169)
  at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:123)
  at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:180)
  at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:96)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
  <Jan 12, 2012 1:06:21 PM SAST> <Error> <oracle.iam.platform.auth.impl> <IAM-0060010> <Error while loading mapping plugin
  oracle.iam.platform.utils.userpreferences.UserDetailsException: Invalid number of users 0 entries returned for user ID OIMINTERNAL.
  at oracle.iam.identity.usermgmt.impl.UserDetailsProviderImpl.getUserDetails(UserDetailsProviderImpl.java:135)
  at oracle.iam.platform.auth.impl.util.AuthenticationContextUtilForEJB.setUserPreferences(AuthenticationContextUtilForEJB.java:137)
  at oracle.iam.platform.auth.impl.util.AuthenticationContextUtilForEJB.setAuthenticationContextInEJB(AuthenticationContextUtilForEJB.java:93)
  at oracle.iam.scheduler.api.SchedulerServiceEJB.startx(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
  at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
  at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
  at $Proxy250.startx(Unknown Source)
  at oracle.iam.scheduler.api.SchedulerService_lp8yuv_SchedulerServiceRemoteImpl.__WL_invoke(Unknown Source)
  at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
  at oracle.iam.scheduler.api.SchedulerService_lp8yuv_SchedulerServiceRemoteImpl.startx(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
  at $Proxy179.startx(Unknown Source)
  at oracle.iam.scheduler.api.SchedulerServiceDelegate.start(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at Thor.API.Base.SecurityInvocationHandler$1.run(SecurityInvocationHandler.java:68)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
  at weblogic.security.Security.runAs(Security.java:41)
  at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
  at Thor.API.Base.SecurityInvocationHandler.invoke(SecurityInvocationHandler.java:79)
  at $Proxy249.start(Unknown Source)
  at oracle.iam.scheduler.webapp.SchedulerStartupServlet.startScheduler(SchedulerStartupServlet.java:99)
  at oracle.iam.scheduler.webapp.SchedulerStartupServlet.init(SchedulerStartupServlet.java:46)
  at weblogic.servlet.internal.StubSecurityHelper$ServletInitAction.run(StubSecurityHelper.java:283)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
  at weblogic.servlet.internal.StubSecurityHelper.createServlet(StubSecurityHelper.java:64)
  at weblogic.servlet.internal.StubLifecycleHelper.createOneInstance(StubLifecycleHelper.java:58)
  at weblogic.servlet.internal.StubLifecycleHelper.<init>(StubLifecycleHelper.java:48)
  at weblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl.java:539)
  at weblogic.servlet.internal.WebAppServletContext.preloadServlet(WebAppServletContext.java:1985)
  at weblogic.servlet.internal.WebAppServletContext.loadServletsOnStartup(WebAppServletContext.java:1959)
  at weblogic.servlet.internal.WebAppServletContext.preloadResources(WebAppServletContext.java:1878)
  at weblogic.servlet.internal.WebAppServletContext.start(WebAppServletContext.java:3153)
  at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1508)
  at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:482)
  at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
  at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
  at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
  at weblogic.application.internal.flow.ScopedModuleDriver.start(ScopedModuleDriver.java:200)
  at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:247)
  at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
  at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
  at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
  at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:27)
  at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:636)
  at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
  at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:205)
  at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:58)
  at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:161)
  at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:79)
  at weblogic.deploy.internal.targetserver.BasicDeployment.activate(BasicDeployment.java:184)
  at weblogic.deploy.internal.targetserver.BasicDeployment.activateFromServerLifecycle(BasicDeployment.java:361)
  at weblogic.management.deploy.internal.DeploymentAdapter$1.doActivate(DeploymentAdapter.java:51)
  at weblogic.management.deploy.internal.DeploymentAdapter.activate(DeploymentAdapter.java:200)
  at weblogic.management.deploy.internal.AppTransition$2.transitionApp(AppTransition.java:30)
  at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:261)
  at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:220)
  at weblogic.management.deploy.internal.ConfiguredDeployments.activate(ConfiguredDeployments.java:169)
  at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:123)
  at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:180)
  at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:96)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
  >
  Any assistance will be appreciated. I need this resolved ASAP...
  Thanks,
  user10233157

  user10233157 wrote:
  Yes Bikash:-) can you log in into Design Console? If yes, recreate the Lookup.
  -Bikash

• How to modify user attributes in Microsoft IAS or Active Directory??

  Anyone have an idea?? What I'm trying to do is to authenticate management access to an ACE 4710 against a Microsoft IAS server.
  According to the document below:
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/security/guide/aaa.html#wp1519045
  it sounds like I need to be able to modify user attributes similar to what I know is doable in ACS. I base my assumption on this because of the following statement in the link above:
  "Step 3 Go to the User Setup section of the Cisco Secure ACS HTML interface and double-click the name of an existing user that you want to define a user profile attribute for virtualization. The User Setup page appears.
  Step 4 Under the TACACS+ Settings section of the page, configure the following settings:
  •Click the Shell (exec) check box.
  •Click the Custom attributes check box.
  •In the text box under the Custom attributes, enter the user role and associated domain for a specific context in the following format:
  shell:<contextname>=<role> <domain1> <domain2>...<domainN>"
  Is something like this possible in IAS??
  I have the authentication piece working for the ACE however when I login, I'm assigned an ACE defined default role of 'network-monitor' which gives me only read-only access. The way I'm interpreting what needs to be done to resolve this is to have the authentication server send an attribute value that states that the user is in the role 'Admin' in which case I'll have unlimited access to my ACE.
  Make sense?? Any thoughts??
  Thanks in advance.
  -Lloyd

  Lloyd,
  It is possible via Radius and not TACACS. On the same link if you scroll down, you will see option of doing it via Radius.
  "Defining Private Attributes for Virtualization Support in a RADIUS Serve"
  Find attached the doc that explains about setting up user attributes on IAS.
  Regards,
  ~JG
  Do rate helpful posts

• Adding additional user attributes in WLS 7 security

  We are using WebLogic Sever 7.0.
  We would like to use the WLS 7 security with built in embedded LDAP
  server. By default, it provides facility to store username, password
  and description for Users. We would like to extend it so that we can
  manage more information about user such as phone number, email address
  etc.
  I have been reading WLS 7 security related documents regarding custom
  authentication providers. I do not read to write new authentication
  provider from scratch. Whatever we get by default would be fine. I
  just would like to add more attributes for user and manage it through
  WLS 7 console.
  I would really appreciate if someone kindly advise of the steps needed
  to accomplish this.
  Please do not tell me to just read the documentation, as I have
  already been reading WLS 7 security documents for 2 days now and can't
  figure it out.

  [email protected] (Narendra Khatri) wrote in message news:<[email protected]>...
  We are using WebLogic Sever 7.0.
  We would like to use the WLS 7 security with built in embedded LDAP
  server. By default, it provides facility to store username, password
  and description for Users. We would like to extend it so that we can
  manage more information about user such as phone number, email address
  etc.
  I have been reading WLS 7 security related documents regarding custom
  authentication providers. I do not read to write new authentication
  provider from scratch. Whatever we get by default would be fine. I
  just would like to add more attributes for user and manage it through
  WLS 7 console.
  I would really appreciate if someone kindly advise of the steps needed
  to accomplish this.
  Please do not tell me to just read the documentation, as I have
  already been reading WLS 7 security documents for 2 days now and can't
  figure it out.Hello Narendra,
  I work for OctetString and we are the developers of the LDAP Directory
  that is embedded in WLS 7. We provide a suite of Virtual Directory
  capabilities that would allow you to extend the attributes in the WLS
  directory. Please visit our web site at www.octetstring.com for more
  infomration or feel free to contact me at 847-466-1322.