Monday, December 2, 2013

Revoking OIM Accounts using OIM API

Version: Oracle Identity Manager 11g R2
Description: Given here is sample Java code that revokes all User accounts (resource object instances) in OIM. Modify the class variables to match your OIM environment.

Code Overview:
  1. Login to OIM remotely using the OIM Client.
  2. Get the ProvisioningService service.
  3. Connect to the OIM Schema and query the the OIU (Object Instance User Mapping) table. This table contains the account id needed for the revoke method given in the ProvisioningService ops.
import Thor.API.Security.XLClientSecurityAssociation; 
import com.thortech.xl.client.dataobj.tcDataBaseClient; 
import com.thortech.xl.dataaccess.tcDataProvider; 
import com.thortech.xl.dataaccess.tcDataSet; 
import com.thortech.xl.dataaccess.tcDataSetException; 
import java.util.Hashtable; 
import java.util.logging.Level; 
import java.util.logging.Logger; 
import javax.security.auth.login.LoginException; 
import oracle.iam.platform.OIMClient; 
import oracle.iam.platform.authopss.exception.AccessDeniedException; 
import oracle.iam.provisioning.api.ProvisioningService; 
import oracle.iam.provisioning.exception.AccountNotFoundException; 
import oracle.iam.provisioning.exception.GenericProvisioningException; 

public class RevokeDatabaseAccounts 
{ 
 public static final String OIM_HOSTNAME = "localhost"; 
 public static final String OIM_PORT = "14000"; 
 public static final String OIM_PROVIDER_URL = "t3://"+ OIM_HOSTNAME + ":" + OIM_PORT; 
 public static final String OIM_USERNAME = "xelsysadm"; 
 public static final String OIM_PASSWORD = "Password1"; 
 public static final String OIM_CLIENT_HOME = "/home/oracle/Oracle/Middleware/Oracle_IDM1/designconsole"; 
 public static final String AUTHWL_PATH = OIM_CLIENT_HOME + "/conf/authwl.conf"; 

 public static void main(String[] args) throws AccountNotFoundException, AccessDeniedException, GenericProvisioningException, tcDataSetException 
 { 
    OIMClient oimClient = null; 
    tcDataProvider dbProvider = null; 

    try 
    { 
       //Set system properties required for OIMClient 
       System.setProperty("java.security.auth.login.config", AUTHWL_PATH); 
       System.setProperty("APPSERVER_TYPE", "wls"); 

       // Create an instance of OIMClient with OIM environment information 
       Hashtable env = new Hashtable(); 
       env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL, "weblogic.jndi.WLInitialContextFactory"); 
       env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, OIM_PROVIDER_URL); 
       oimClient = new OIMClient(env); 

       // Login to OIM with the approriate credentials 
       oimClient.login(OIM_USERNAME, OIM_PASSWORD.toCharArray()); 

       ProvisioningService provService = oimClient.getService(ProvisioningService.class); 

       //Establish connection to OIM Schema through the OIMClient 
       XLClientSecurityAssociation.setClientHandle(oimClient); 
       dbProvider = new tcDataBaseClient(); 

       
       String query = "SELECT OIU_KEY FROM OIU"; //Query all accounts 
       tcDataSet accountsDataSet = new tcDataSet(); //store result set of query 
       accountsDataSet.setQuery(dbProvider, query); 
       accountsDataSet.executeQuery(); 
       int numRecords = accountsDataSet.getTotalRowCount(); 

       //iterate through each account 
       for(int i = 0; i < numRecords; i++) 
       { 
          accountsDataSet.goToRow(i); 
          long accountId = accountsDataSet.getLong("OIU_KEY"); 
          provService.revoke(accountId); //revoke account 
       } 
    } 

    catch (LoginException ex) 
    { 
       Logger.getLogger(RevokeDatabaseAccounts.class.getName()).log(Level.SEVERE, null, ex); 
    } 

    finally 
    { 
       // Logout user from OIMClient 
       if(oimClient != null) 
          oimClient.logout(); 
    } 
  } 
Posted by at
Labels:

1 comment:

  1. kooeenamFebruary 21, 2024 at 12:53 AM

    Hi nice one, but i want to disable a particular user in AD. How can i do this.

    ReplyDelete

Subscribe to: Post Comments (Atom)