Description: This article demonstrates how to implement a target delete reconciliation using the OIM APIs. The methods from oracle.iam.reconciliation.api.ReconOperationsService are used . The code given here can be further developed to become a schedule task. The Database Application Table Connector is used here. Follow the guide given here to setup the connector in OIM.
Steps for Implementation:
1. Get all the users from your target system along with their attributes, mainly the ones for OIM account rule matching. Users data must be put into an array of hashmaps with each hashmap containing a single user's data. (Key= attributeNameInTarget, Value=attributeValueInTarget)
2. Get the ReconOperationsService service. Call methods from ReconOperationsService.
3. provideDeletionDetectionData(java.lang.String objectName, java.util.Map[] paoAccountDataList)
4. getMissingAccounts(java.lang.String objectName, java.util.Set accountsFound)
5. deleteDetectedAccounts(Thor.API.tcResultSet poDetectedAccounts)
6. processReconciliationEvent(long rceKey)
import Thor.API.Exceptions.tcAPIException;
import Thor.API.Exceptions.tcDataNotProvidedException;
import Thor.API.Exceptions.tcIDNotFoundException;
import Thor.API.Exceptions.tcMultipleMatchesFoundException;
import Thor.API.tcResultSet;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.ResultSetMetaData;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Set;
import javax.security.auth.login.LoginException;
import oracle.iam.platform.OIMClient;
import oracle.iam.reconciliation.api.ReconOperationsService;
public class OIMTargetDeleteReconciliation
{
public static void main(String[] args)
{
OIMClient oimClient = null;
Connection targetCon = null;
PreparedStatement pst = null;
ResultSet rs = null;
try
{
ArrayList<HashMap<String,String>> targetUsers = new ArrayList<HashMap<String,String>>();
String resourceName = "DBAT_TEST_GTC";
//Connection to the Target System (MySQL Database)
String targetURL = "jdbc:mysql://localhost:3306/dbat_test";
String targetUsername = "root";
String targetPassword = "Password1";
String queryUsers = "SELECT * FROM users";
targetCon = DriverManager.getConnection(targetURL, targetUsername, targetPassword);
pst = targetCon.prepareStatement(queryUsers);
rs = pst.executeQuery();
int numColumns = rs.getMetaData().getColumnCount();
ResultSetMetaData metaData = rs.getMetaData();
//Iterate all users from the target system
while(rs.next())
{
HashMap<String,String> user = new HashMap();
//Iterate all user's attributes and store into HashMap
for(int i = 1; i < numColumns; i++)
{
String columnName = metaData.getColumnName(i);
String value = rs.getString(columnName);
user.put(columnName, value);
}
targetUsers.add(user);
//System.out.printf("User: %s\n", user);
}
System.out.printf("Users: %s\n", targetUsers);
//Connection to OIM
String ctxFactory = "weblogic.jndi.WLInitialContextFactory";
String oimServerURL = "t3://localhost:14000";
String authwlConfigPath = "/home/oracle/Oracle/Middleware/Oracle_IDM1/designconsole/config/authwl.conf";
String username = "xelsysadm";
String password = "Password1";
System.setProperty("java.security.auth.login.config", authwlConfigPath);
Hashtable<String,String> env = new Hashtable<String,String>();
env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL, ctxFactory);
env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, oimServerURL);
oimClient = new OIMClient(env);
oimClient.login(username, password.toCharArray());
//Target Delete Reconciliation Imitation
//Conditions: OIM User who has a target resource instance in OIM
//and that target resource no longer exist in the target system.
//Action: Users that meet the above conditions will have their
//target resource marked as "Revoked"
ReconOperationsService reconOps = oimClient.getService(ReconOperationsService.class);
HashMap[] arrayConversion = targetUsers.toArray(new HashMap[targetUsers.size()]);
Set usersInOIMAndTarget = reconOps.provideDeletionDetectionData(resourceName,arrayConversion);
System.out.println(usersInOIMAndTarget); //Print ORC Key of each user who is in OIM and target system
tcResultSet missingAccounts = reconOps.getMissingAccounts(resourceName, usersInOIMAndTarget);
//determine if any accounts that are no longer in target system need to be revoked in OIM
if(!missingAccounts.isEmpty())
{
long[] eventKeysDeleted = reconOps.deleteDetectedAccounts(missingAccounts); //generates the delete events
for(long eventKey: eventKeysDeleted)
{
System.out.println(eventKey);
reconOps.processReconciliationEvent(eventKey); //process the event; rule matching; revoke account
//reconOps.closeReconciliationEvent(eventKey); //You may want to close the event
}
}
}
catch (tcDataNotProvidedException e) {e.printStackTrace();}
catch (tcIDNotFoundException e) {e.printStackTrace();}
catch (tcMultipleMatchesFoundException e) {e.printStackTrace();}
catch (tcAPIException e) {e.printStackTrace();}
catch (SQLException e) {e.printStackTrace();}
catch (LoginException e) {e.printStackTrace();}
finally
{
try{if(oimClient != null) {oimClient.logout();}} catch(Exception e) {}
try{if(targetCon != null) {targetCon.close();}} catch(Exception e) {}
}
}//end main method
}
Here are screenshots of a delete reconciliation event.
No comments:
Post a Comment