Saturday, December 27, 2014

Propagating User Attributes to User Resource Accounts

Tested On: Oracle Identity Manager 11.1.2.2.0
Description: Shows how to propagate attributes from OIM User Profile to user resource accounts.

Sample Scenario
OIM User Attribute: First Name
Active Directory Process Form Field: First Name
Whenever the First Name OIM User Attribute is modified, the changes will also be pushed down to the First Name attribute on Active Directory.
References: http://docs.oracle.com/cd/E40329_01/dev.1112/e27150/promgt.htm#OMDEV2509

Thursday, December 25, 2014

Adding Attributes to an ICF Connector for Reconciliation

Version: Oracle Identity Manager 11.1.2.2.0
Description: Shows how to add an attribute to an Identity Connector Framework (ICF) OIM connector for reconciliation in general. The Database Application Tables (DBAT) 11.1.1.5.0 connector is used as an example. Refer to here for setting up the DBAT connector.

Reconciliation Event
Data Flow: Target Data -> Recon Fields -> Process Form
References: https://docs.oracle.com/cd/E22999_01/index.htm
https://docs.oracle.com/cd/E22999_01/doc.111/e20277/extnd_func.htm#CDEJFECH

Tuesday, December 23, 2014

Update Child Process Form via API

Version: Oracle Identity Manager 11.1.2.2.0
Description: Uses the Oracle Identity Manager API to make updates (add, delete, and modify) on a resource account child form.
Reference: http://docs.oracle.com/cd/E40329_01/apirefs.1112/e28159/toc.htm

Monday, December 22, 2014

Adding Attributes to an ICF Connector for Provisioning

Version: Oracle Identity Manager 11.1.2.2.0
Description: Shows how to add a resource attribute to an Identity Connector Framework (ICF) OIM connector for provisioning in general. The Database Application Tables (DBAT) 11.1.1.5.0 connector is used as an example. Refer to here for setting up the DBAT connector.
References: https://docs.oracle.com/cd/E22999_01/index.htm
https://docs.oracle.com/cd/E22999_01/doc.111/e20277/extnd_func.htm#CDEJFECH

Wednesday, December 17, 2014

OIM 11g R2 API: Resource Account Parent Form Modifications

Tested On: Oracle Identity Manager 11.1.2.2.0
Description: Contains sample code to make modifications to a specific resource account parent form using the ProvisioningService API.
Referencehttp://docs.oracle.com/cd/E40329_01/apirefs.1112/e28159/toc.htm


Monday, December 15, 2014

OIM Managed Bean Example: Custom Password Reset

Tested On: Oracle Identity Manager 11.1.2.2.0, WebLogic 10.3.6, JDeveloper 11.1.1.7.0
Description: Demonstrates how to setup and deploy a custom managed bean, and apply UI customization that triggers the bean. The example given here is a custom password reset managed bean. You can download the project here. Below are the results of the completing this tutorial:






Referenceshttp://docs.oracle.com/cd/E40329_01/dev.1112/e27150/uicust.htm#OMDEV4804
http://docs.oracle.com/cd/E40329_01/dev.1112/e27150/facesutils.htm#OMDEV5216
http://fusionsecurity.blogspot.com/2013/09/oim-reset-password-customization-example.html

Sunday, December 14, 2014

OIM Custom Validation Event Handler Example

Tested On: Oracle Identity Manager 11.1.2.2.0
Description: A custom validation event handler that validates if  the "Telephone Number" (USR_TELEPHONE_NUMBER) user attribute has the proper format. The event handler is triggered on modification of "Telephone Number" user attribute.


Referencehttp://docs.oracle.com/cd/E27559_01/dev.1112/e27150/oper.htm#OMDEV4778

Friday, December 12, 2014

Developing Managed Beans: JDeveloper Project Template

Tested On:  JDeveloper 11.1.1.7.0, Oracle Identity Manager 11.1.2.2.0
Description: Shows how to setup a JDeveloper project template for managed bean development.
Referenceshttp://docs.oracle.com/cd/E40329_01/dev.1112/e27150/uicust.htm#OMDEV4804

Wednesday, December 10, 2014

How to Export MDS Files Through WLST

Tested On: Oracle Identity Manager 11.1.2.2.0, WebLogic 10.3.6
Description: Demonstrates how to export configuration files from Metadata Store through WebLogic Scripting Tool command line interface.
Prerequisites: Oracle Identity Manager and WebLogic servers must be running.
Referenceshttp://docs.oracle.com/cd/E28271_01/web.1111/e13813/custom_mds.htm

1. Execute wlst.sh located in "$MW_HOME/Oracle_IDM1/common/bin" directory.



2. Connect to WebLogic Administration Server via WLST.

connect('WL_USER','PASSWORD','t3://WL_HOSTNAME:WL_PORT');

# Example
connect('weblogic', 'Password1','t3://localhost:7001');




3. Export metadata of an application.

# SyntaxexportMetadata(application, server, toLocation [, docs]
 [, restrictCustTo] [, excludeCustFor] [, excludeAllCust] [, excludeBaseDocs]
 [, excludeExtendedMetadata] [, excludeSeededDocs]
 [, fromLabel][, toLabel] [, applicationVersion] [, remote] [, tenantName])


#==========================
# Examples
# listApplications() = List all applications
#==========================

# OIM Configuration Files
exportMetadata(application='OIMMetadata', server='oim_server1', toLocation='/home/oracle/mds_backup/oim_metadata');


# OIM Self-Service UI Files
exportMetadata(application='oracle.iam.console.identity.self-service.ear', server='oim_server1', toLocation='/home/oracle/mds_backup/oim_self_service_ui');


# OIM Sysadmin UI Files
exportMetadata(application='oracle.iam.console.identity.sysadmin.ear', server='oim_server1', toLocation='/home/oracle/mds_backup/oim_sysadmin_ui');

# Export Single OIM file
exportMetadata(application='OIMMetadata', server='oim_server1', toLocation='/home/oracle/mds_backup/oim_main_config',docs='/db/oim-config.xml');


Tuesday, December 9, 2014

How to Unregister an OIM Plugin

Version: Oracle Identity Manager 11.1.2.2.0
Description: Shows how to remove a custom plugin such as an event handler or scheduled task from Oracle Identity Manager via API.
package com.blogspot.oraclestack.utilities;

import java.util.Hashtable;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.login.LoginException;
import oracle.iam.platform.OIMClient;
import oracle.iam.platform.pluginframework.PluginException;
import oracle.iam.platformservice.api.PlatformService;
import oracle.iam.platformservice.api.PlatformUtilsService;
import oracle.iam.platformservice.exception.InvalidCacheCategoryException;
import oracle.iam.platformservice.exception.PlatformServiceAccessDeniedException;


/**
 * Removes a single plugin. This does not remove an entire zip plugin.
 * Query the OIM.PLUGINS table to get ID and VERSION.
 */
public class UnRegisterPlugin
{
    // Substitute these values accordingly 
    public static final String OIM_HOSTNAME = "localhost";
    public static final String OIM_PORT = "14000";
    public static final String OIM_PROVIDER_URL ="t3://" + OIM_HOSTNAME + ":" + OIM_PORT;
    public static final String OIM_USERNAME = "xelsysadm";
    public static final String OIM_PASSWORD = "Password1";
    public static final String OIM_CLIENT_HOME ="/home/oracle/jdeveloper/mywork/OracleIdentityManager/Resources/oimclient";
    public static final String AUTHWL_PATH =OIM_CLIENT_HOME + "/conf/authwl.conf";
    public static final String PLUGIN_ID = "com.blogspot.oraclestack.eventhandlers.SetMiddleNamePreprocessEH";
    public static final String PLUGIN_VERSION = "1.0";
   
    public static void main(String[] args) 
    {
        OIMClient oimClient = null;


        try
        {
            //Set system properties required for OIMClient
            System.setProperty("java.security.auth.login.config", AUTHWL_PATH);
            System.setProperty("APPSERVER_TYPE", "wls");

            // Create an instance of OIMClient with OIM environment information
            Hashtable env = new Hashtable();
            env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL,"weblogic.jndi.WLInitialContextFactory");
            env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, OIM_PROVIDER_URL);
            oimClient = new OIMClient(env);

            // Login to OIM with the approriate credentials
            oimClient.login(OIM_USERNAME, OIM_PASSWORD.toCharArray());

            // Remove single plugin
            PlatformService service = oimClient.getService(PlatformService.class);
            service.unRegisterPlugin(PLUGIN_ID, PLUGIN_VERSION);
           
            // Purge Cache
            PlatformUtilsService platUtilOps = oimClient.getService(PlatformUtilsService.class);
            platUtilOps.purgeCache("ALL");
        }

        catch (PlatformServiceAccessDeniedException ex) {Logger.getLogger(RegisterPlugin.class.getName()).log(Level.SEVERE, null, ex);}                               
        catch (PluginException ex) {Logger.getLogger(RegisterPlugin.class.getName()).log(Level.SEVERE, null, ex);}
        catch (LoginException ex) {Logger.getLogger(RegisterPlugin.class.getName()).log(Level.SEVERE, null, ex);}
        catch (InvalidCacheCategoryException e) {Logger.getLogger(RegisterPlugin.class.getName()).log(Level.SEVERE, null, e);}

        finally
        {
            // Logout user from OIMClient
            if (oimClient != null) { oimClient.logout(); }
        }
    }
}

Saturday, December 6, 2014

Custom Preprocess Event Handler to Set Middle Name

Version: Oracle Identity Manager 11.1.2.2.0
Description:  A preprocess event handler which sets the user's middle name using the first letter of the user's first name if the user does not have a value for middle name. The event handler triggers on the creation of an OIM User.
Referencehttps://docs.oracle.com/cd/E40329_01/dev.1112/e27150/oper.htm#OMDEV4768

Tuesday, December 2, 2014

Disabling OOTB OIM Event Handlers

Description: Shows you how to disable an out of the box event handler in Oracle Identity Manager.
** USE AT YOUR OWN RISK **   
References: https://docs.oracle.com/cd/E21764_01/doc.1111/e14309/utils.htm#OMDEV2810
http://docs.oracle.com/cd/E40329_01/dev.1112/e27150/uploadutil.htm#OMDEV4859
Tested On: Oracle Identity Manager 11.1.2.2.0

1. Figure out the metedata file you would like to export. Execute the following SQL query on the MDS schema to obtain all the predefined event handlers:

SELECT * FROM mds_paths WHERE path_fullname LIKE '%EventHandlers.xml%';

2. Export the event handler XML file from MDS via EM console or weblogicExportMetadata.sh. Refer Import and Export Metadata using EM Console for step by step instructions.

3. Keep a backup copy of the original XML file.

4. Modify the XML file. Given below is an example of commenting out one of the predefined event handler from "/metadata/iam-features-passwordmgmt/event-definition/EventHandlers.xml" file:

<?xml version='1.0' encoding='UTF-8'?>
<eventhandlers xmlns="http://www.oracle.com/schema/oim/platform/kernel" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.oracle.com/schema/oim/platform/kernel orchestration-handlers.xsd">
<validation-handler class="oracle.iam.passwordmgmt.eventhandlers.ResetPasswordValidationHandler" entity-type="User" operation="RESET_PASSWORD" name="ResetPasswordValidationHandler" order="FIRST" sync="TRUE"/>
<validation-handler class="oracle.iam.passwordmgmt.eventhandlers.UserPasswordValidationHandler" entity-type="User" operation="CREATE" name="CreateUserPasswordValidationHandler" order="1020"/>
<validation-handler class="oracle.iam.passwordmgmt.eventhandlers.UserPasswordValidationHandler" entity-type="User" operation="CHANGE_PASSWORD" name="UserPasswordValidationHandler" order="2"/>
<!--<action-handler class="oracle.iam.passwordmgmt.eventhandlers.ResetPasswordPreProcessHandler" entity-type="User" operation="RESET_PASSWORD" name="ResetPasswordPreProcessHandler" stage="preprocess" sync="TRUE" order="9900"/>-->
<action-handler class="oracle.iam.passwordmgmt.eventhandlers.ResetPasswordActionHandler" entity-type="User" operation="RESET_PASSWORD" name="ResetPasswordActionHandler" order="FIRST" stage="action" sync="TRUE"/>
<postprocess-handler class="oracle.iam.passwordmgmt.eventhandlers.PasswordNotificationHandler" entity-type="User" operation="RESET_PASSWORD" name="ResetPasswordNotificationHandler" order="FIRST" stage="postprocess" sync="TRUE"/>
<postprocess-handler class="oracle.iam.passwordmgmt.eventhandlers.PasswordNotificationHandler" entity-type="User" operation="CREATE" name="CreateUserPasswordNotificationHandler" order="1180" stage="postprocess" sync="TRUE"/>
<postprocess-handler class="oracle.iam.passwordmgmt.eventhandlers.PasswordNotificationHandler" entity-type="User" operation="CHANGE_PASSWORD" name="PasswordNotificationHandler" order="THIRD" stage="postprocess" sync="TRUE"/>
</eventhandlers>

5. Import the modified XML file into MDS via EM console.

6. Purge the cache or restart the OIM server for changes to take effect.

7. You can query the ORCHEVENTS table from the OIM schema to see the trigger points of each event handler process.