Upgrade Java Version for OIM

Description: Demonstrates how to upgrade Java version for the OIM 11g R2 PS3 stack. A symbolic link is used to reference the new JDK. The example shows upgrading from Sun JDK 6 Update 38 to Oracle JDK 7 Update 171 on a Linux machine.





Tested On: WebLogic 10.3.6, Oracle Identity Manager 11.1.2.3.0, SOA 11.1.1.9.0,  BI Publisher 11.1.1.9.0

References: How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products (Doc ID 1492980.1), All Java SE Downloads on MOS (Doc ID 1439822.1)

Customizing User Lifecycle Events

Tested On: Oracle Identity Manager 11.1.2.3
Description: Demonstrates how to customize user lifecycle events such enable, disable, lock, and unlock user operations in Oracle Identity Manager. A custom event handler has been implemented to execute process tasks on specified resources defined in a custom lookup. 

Lookup.User.Lock.AppInstDisplayNameToProcessTasks

For example, the lookup given above is used on user lock operation. Upon locking a user, the custom event handler reads from this lookup to execute the process tasks (Decode; Comma delimited value of process task names) for the corresponding application instance (Code Key; Application Instance Display Name).

Lock User: OpenLDAP and DBAT Locked
Badge Disabled

 
References:
http://docs.oracle.com/cd/E52734_01/oim/OMJAV/toc.htm
http://docs.oracle.com/cd/E27559_01/admin.1112/e27149/system_props.htm#OMADM885
http://oraclestack.blogspot.com/2015/12/oim-custom-resource-account-status.html

OIM Custom Resource Account Status

Description: Demonstrates how to create a custom status for any resource accounts.

Configure Password Policy for Application Instances

Version: Oracle Identity Manager 11.1.2.3.0
Description: Demonstrates how to create a password policy and attach it to a specific resource object. The password policy is applied to application instances that use that resource object.
References:
https://docs.oracle.com/cd/E52734_01/oim/OMUSG/pwdpolicy.htm#OMUSG5481
http://docs.oracle.com/cd/E52734_01/oim/OMADM/appinstance.htm#OMADM4925

Giving an OIM User System Administrator Privileges

Version: Oracle Identity Manager 11.1.2.3.0
Description: Demonstrates how to give an OIM user system administrator privileges.

Custom Error Message for Validation Handler

Tested On: Oracle Identity Manager 11.1.2.3.0
Description: Demonstrates how to create custom error messages or use out of the box error messages in a validation event handler.

OIM Connector: PeopleSoft Employee Reconcilation 11.1.1.5.0

Tested On: Oracle Identity Manager 11.1.2.3.0
Description: Demonstrates how to install and configure PeopleSoft Employee Reconciliation connector. This connector only uses trusted reconciliation (OIM users are created based on data from an authoritative source such as PeopleSoft).
References: https://docs.oracle.com/cd/E22999_01/index.htm
https://docs.oracle.com/cd/E22999_01/doc.111/e25370/toc.htm

OIM Reconciliation Event Data Validation Example

Tested On: Oracle Identity Manager 11.1.2.0 and Oracle Internet Directory 11.1.1.6.0 OIM connector
Description: Demonstrates how to configure validation of data during reconciliation. Most OIM connectors have this feature (Refer to the connector's documentation for specific instructions). The example given here validates a specific phone number format. A reconciliation event will not be created in OIM if validation fails.
References:  https://docs.oracle.com/cd/E22999_01/index.htm
https://docs.oracle.com/cd/E22999_01/doc.111/e28603/extnd_func.htm#BCGICJIB

OIM Reconciliation Event Data Transformation Example

Tested On: Oracle Identity Manager 11.1.2.0 and Oracle Internet Directory 11.1.1.6.0 OIM Connector
Description: Demonstrates how to manipulate reconciliation event data when running user reconciliation scheduled job for most Identity Connector Framework (ICF) connectors (Refer to the connector's documentation for specific instructions). The example given here uses the OID 11.1.1.6.0 connector (ODSEE/OUD/LDAPV3, Target System = OpenLDAP).
References: https://docs.oracle.com/cd/E22999_01/index.htm
https://docs.oracle.com/cd/E22999_01/doc.111/e28603/extnd_func.htm#BGBBBCGE

OIM: How to Allow Duplicate Emails

Version: 11.1.2.2.0 or later
Description: Shows how to allow duplicate email in Oracle Identity Manager. By default Oracle Identity Manager has a validation check on the out of the box E-mail user attribute to ensure the provided value is unique. Below is a validation error message when trying to use an email that is already taken by another user.

Reference: http://docs.oracle.com/cd/E52734_01/oim/OMADM/system_props.htm#OMADM884

Creating Cascaded Lookups on Application Instance Form

Tested On: Oracle Identity Manager 11.1.2.2.0
Description: Demonstrates how to create cascaded lookups on an application instance form. With cascaded lookups, an application instance form can have a lookup field dependent on another lookup field (E.g. When a particular State is selected, display the cities available only for that State). Below are screen shots.

State: California

State: Texas

References: http://docs.oracle.com/cd/E27559_01/admin.1112/e27149/customattr.htm#OMADM5034

Determine Execution Order of OIM Event Handlers

Version: Oracle Identity Manager 11.1.2.2.0
Description: Shows how to check the execution order of out of the box and custom event handlers for a given entity type and operation. A mbean is invoked from Oracle Enterprise Manager to list existing event handlers and their order.
Reference: http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/oper.htm#OMDEV5147

OIM UI: Making Field Required

Version: Oracle Identity Manager 11.1.2.2.0
Description: This post shows how to make a UI field on a resource process form required.
Reference: http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/uicust.htm#OMDEV2742

Propagating User Attributes to User Resource Accounts

Tested On: Oracle Identity Manager 11.1.2.2.0
Description: Shows how to propagate attributes from OIM User Profile to user resource accounts.

Sample Scenario
OIM User Attribute: First Name
Active Directory Process Form Field: First Name
Whenever the First Name OIM User Attribute is modified, the changes will also be pushed down to the First Name attribute on Active Directory.
References: http://docs.oracle.com/cd/E40329_01/dev.1112/e27150/promgt.htm#OMDEV2509

Adding Attributes to an ICF Connector for Reconciliation

Version: Oracle Identity Manager 11.1.2.2.0
Description: Shows how to add an attribute to an Identity Connector Framework (ICF) OIM connector for reconciliation in general. The Database Application Tables (DBAT) 11.1.1.5.0 connector is used as an example. Refer to here for setting up the DBAT connector.

Reconciliation Event
Data Flow: Target Data -> Recon Fields -> Process Form

References: https://docs.oracle.com/cd/E22999_01/index.htm
https://docs.oracle.com/cd/E22999_01/doc.111/e20277/extnd_func.htm#CDEJFECH

Adding Attributes to an ICF Connector for Provisioning

Version: Oracle Identity Manager 11.1.2.2.0
Description: Shows how to add a resource attribute to an Identity Connector Framework (ICF) OIM connector for provisioning in general. The Database Application Tables (DBAT) 11.1.1.5.0 connector is used as an example. Refer to here for setting up the DBAT connector.
References: https://docs.oracle.com/cd/E22999_01/index.htm
https://docs.oracle.com/cd/E22999_01/doc.111/e20277/extnd_func.htm#CDEJFECH

Disabling OOTB OIM Event Handlers

Description: Shows you how to disable an out of the box event handler in Oracle Identity Manager.
** USE AT YOUR OWN RISK **   
References: https://docs.oracle.com/cd/E21764_01/doc.1111/e14309/utils.htm#OMDEV2810
http://docs.oracle.com/cd/E40329_01/dev.1112/e27150/uploadutil.htm#OMDEV4859
Tested On: Oracle Identity Manager 11.1.2.2.0

1. Figure out the metedata file you would like to export. Execute the following SQL query on the MDS schema to obtain all the predefined event handlers:

SELECT * FROM mds_paths WHERE path_fullname LIKE '%EventHandlers.xml%';

2. Export the event handler XML file from MDS via EM console or weblogicExportMetadata.sh. Refer Import and Export Metadata using EM Console for step by step instructions.

3. Keep a backup copy of the original XML file.

4. Modify the XML file. Given below is an example of commenting out one of the predefined event handler from "/metadata/iam-features-passwordmgmt/event-definition/EventHandlers.xml" file:

<?xml version='1.0' encoding='UTF-8'?>
<eventhandlers xmlns="http://www.oracle.com/schema/oim/platform/kernel" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.oracle.com/schema/oim/platform/kernel orchestration-handlers.xsd">
<validation-handler class="oracle.iam.passwordmgmt.eventhandlers.ResetPasswordValidationHandler" entity-type="User" operation="RESET_PASSWORD" name="ResetPasswordValidationHandler" order="FIRST" sync="TRUE"/>
<validation-handler class="oracle.iam.passwordmgmt.eventhandlers.UserPasswordValidationHandler" entity-type="User" operation="CREATE" name="CreateUserPasswordValidationHandler" order="1020"/>
<validation-handler class="oracle.iam.passwordmgmt.eventhandlers.UserPasswordValidationHandler" entity-type="User" operation="CHANGE_PASSWORD" name="UserPasswordValidationHandler" order="2"/>
<!--<action-handler class="oracle.iam.passwordmgmt.eventhandlers.ResetPasswordPreProcessHandler" entity-type="User" operation="RESET_PASSWORD" name="ResetPasswordPreProcessHandler" stage="preprocess" sync="TRUE" order="9900"/>-->
<action-handler class="oracle.iam.passwordmgmt.eventhandlers.ResetPasswordActionHandler" entity-type="User" operation="RESET_PASSWORD" name="ResetPasswordActionHandler" order="FIRST" stage="action" sync="TRUE"/>
<postprocess-handler class="oracle.iam.passwordmgmt.eventhandlers.PasswordNotificationHandler" entity-type="User" operation="RESET_PASSWORD" name="ResetPasswordNotificationHandler" order="FIRST" stage="postprocess" sync="TRUE"/>
<postprocess-handler class="oracle.iam.passwordmgmt.eventhandlers.PasswordNotificationHandler" entity-type="User" operation="CREATE" name="CreateUserPasswordNotificationHandler" order="1180" stage="postprocess" sync="TRUE"/>
<postprocess-handler class="oracle.iam.passwordmgmt.eventhandlers.PasswordNotificationHandler" entity-type="User" operation="CHANGE_PASSWORD" name="PasswordNotificationHandler" order="THIRD" stage="postprocess" sync="TRUE"/>
</eventhandlers>

5. Import the modified XML file into MDS via EM console.

6. Purge the cache or restart the OIM server for changes to take effect.

7. You can query the ORCHEVENTS table from the OIM schema to see the trigger points of each event handler process.

Deleting Application Instances

Description: Oracle Identity Manager has a schedule job that cleanup application instances that have been soft-deleted.
Tested On: Oracle Identity Manager 11.1.2.2.0
References: Oracle® Fusion Middleware Administrator's Guide for Oracle Identity Manager 11g Release 2 (11.1.2.2.0): Managing Application Instances
Oracle® Fusion Middleware Administrator's Guide for Oracle Identity Manager 11g Release 2 (11.1.2.2.0): Managing the Scheduler

Installing and Configuring Database Application Tables Connector

Description: This post will show you how to install and configure the Database Application Tables Connector. Oracle Database is used as an example for the target system.
Version: Database Application Tables 11.1.1.5.0
References: Oracle Identity Manager Identity Connectors Documentation Release 11.1.1
Oracle® Identity Manager Connector Guide for Database Application Tables Release 11.1.1

Export and Import MDS Using EM Console

Description: MDS can be exported and imported via EM console. The export / import utilities in EM console can be used to backup MDS, to migrate all the customization done on the Identity Self-Service and Identity System Administration User Interfaces (E.g. User Form, Application Instance Form, User Profile, etc.), and to apply MDS configuration changes.
Tested On: OIM 11.1.2.2.0, WebLogic 10.3.6