Tested On: Oracle Identity Manager 11.1.2.3.0
Description: A custom scheduled task used to create reconciliation events for a specific resource object using data from a database table. Trusted or target resource object can be used as long as the required fields are provided.
Showing posts with label Oracle Identity Manager 11g R2 Development. Show all posts
Showing posts with label Oracle Identity Manager 11g R2 Development. Show all posts
Thursday, July 7, 2016
Sunday, May 22, 2016
OIM Scheduled Job Multi-threading Example
Tested On: Oracle Identity Manager 11.1.2.3.0
Description: Demonstrates using multi-threading in an Oracle Identity Manager scheduled job. The scheduled task example applies changes to OIM users using data given from a CSV file. A thread is created per data entry in CSV file and uses OIM API service to apply changes to the OIM user.
References:
https://blogs.oracle.com/OIM11gR2/entry/oim_11g_multi_thread_approach
Description: Demonstrates using multi-threading in an Oracle Identity Manager scheduled job. The scheduled task example applies changes to OIM users using data given from a CSV file. A thread is created per data entry in CSV file and uses OIM API service to apply changes to the OIM user.
References:
https://blogs.oracle.com/OIM11gR2/entry/oim_11g_multi_thread_approach
Sunday, January 3, 2016
SOA Workflow Service Client Example: Fetch and Reassign Request Tasks
Tested On: Oracle Identity Manager 11.1.2.3.0 and Oracle SOA 11.1.1.9.0
Description: Demonstrates how to setup a remote SOA Workflow Service client and use its APIs. Fetching all the requests of a given user and reassigning a task to a different user used are demonstrated as examples. The examples given here can be manually done via OIM Identity Self Service page.
References:
http://www.oracle.com/technetwork/middleware/soasuite/documentation/index-099743.html
http://docs.oracle.com/cd/E12839_01/apirefs.1111/e10660/oracle/bpel/services/workflow/query/ITaskQueryService.html#queryTasks_oracle_bpel_services_workflow_verification_IWorkflowContext__java_util_List__java_util_List__oracle_bpel_services_workflow_query_ITaskQueryService_AssignmentFilter__java_lang_String__oracle_bpel_services_workflow_repos_Predicate__oracle_bpel_services_workflow_repos_Ordering__int__int_http://docs.oracle.com/cd/E28280_01/dev.1111/e10224/bp_worklistcust.htm#SOASE10447
https://beatechnologies.wordpress.com/2011/08/24/using-java-apis-for-oracle-human-workflows/
https://kaustavdassoa.wordpress.com/2013/10/31/bpm-worklist-sample-reassign-or-delegate-task/
Description: Demonstrates how to setup a remote SOA Workflow Service client and use its APIs. Fetching all the requests of a given user and reassigning a task to a different user used are demonstrated as examples. The examples given here can be manually done via OIM Identity Self Service page.
 |
| Identity Self Service: Inbox containing tasks generated by OOTB SOA Composites |
 |
| Reassigning task via Identity Self Service |
 |
| WebLogic EM Console: SOA Composite Instances |
References:
http://www.oracle.com/technetwork/middleware/soasuite/documentation/index-099743.html
http://docs.oracle.com/cd/E12839_01/apirefs.1111/e10660/oracle/bpel/services/workflow/query/ITaskQueryService.html#queryTasks_oracle_bpel_services_workflow_verification_IWorkflowContext__java_util_List__java_util_List__oracle_bpel_services_workflow_query_ITaskQueryService_AssignmentFilter__java_lang_String__oracle_bpel_services_workflow_repos_Predicate__oracle_bpel_services_workflow_repos_Ordering__int__int_http://docs.oracle.com/cd/E28280_01/dev.1111/e10224/bp_worklistcust.htm#SOASE10447
https://beatechnologies.wordpress.com/2011/08/24/using-java-apis-for-oracle-human-workflows/
https://kaustavdassoa.wordpress.com/2013/10/31/bpm-worklist-sample-reassign-or-delegate-task/
Thursday, December 31, 2015
OIM API: Manual Complete Provisioning Tasks
Tested On: Oracle Identity Manager 11.1.2.3.0
Description: Demonstrates how to mark rejected provisioning tasks as "manual complete" status via Oracle Identity Manager API. Provisioning tasks can also be marked manual completed through the Identity Self Service page.
References:
https://docs.oracle.com/cd/E52734_01/oim/OMJAV/toc.htm
Description: Demonstrates how to mark rejected provisioning tasks as "manual complete" status via Oracle Identity Manager API. Provisioning tasks can also be marked manual completed through the Identity Self Service page.
 |
| Identity Self Service Home Page |
 |
| Provisioning Tasks |
https://docs.oracle.com/cd/E52734_01/oim/OMJAV/toc.htm
Monday, December 21, 2015
Customizing User Lifecycle Events
Tested On: Oracle Identity Manager 11.1.2.3
Description: Demonstrates how to customize user lifecycle events such enable, disable, lock, and unlock user operations in Oracle Identity Manager. A custom event handler has been implemented to execute process tasks on specified resources defined in a custom lookup.
For example, the lookup given above is used on user lock operation. Upon locking a user, the custom event handler reads from this lookup to execute the process tasks (Decode; Comma delimited value of process task names) for the corresponding application instance (Code Key; Application Instance Display Name).
References:
http://docs.oracle.com/cd/E52734_01/oim/OMJAV/toc.htm
http://docs.oracle.com/cd/E27559_01/admin.1112/e27149/system_props.htm#OMADM885
http://oraclestack.blogspot.com/2015/12/oim-custom-resource-account-status.html
Description: Demonstrates how to customize user lifecycle events such enable, disable, lock, and unlock user operations in Oracle Identity Manager. A custom event handler has been implemented to execute process tasks on specified resources defined in a custom lookup.
 |
| Lookup.User.Lock.AppInstDisplayNameToProcessTasks |
 |
| Lock User: OpenLDAP and DBAT Locked Badge Disabled |
References:
http://docs.oracle.com/cd/E52734_01/oim/OMJAV/toc.htm
http://docs.oracle.com/cd/E27559_01/admin.1112/e27149/system_props.htm#OMADM885
http://oraclestack.blogspot.com/2015/12/oim-custom-resource-account-status.html
Tuesday, December 15, 2015
User Preprocess Event Handler Template
Tested On: Oracle Identity Manager 11.1.2.3.0
Description: A sample template for creating user preprocess event handlers is given here. Both execute() methods, one for processing single event and the other for processing bulk events, are implemented. The example given here is a preprocess event handler on user lock operation. Also, a test driver is provided to perform lock on a single user and on multiple users.
References: https://docs.oracle.com/cd/E52734_01/oim/OMDEV/oper.htm#OMDEV3085
https://docs.oracle.com/cd/E52734_01/oim/OMJAV/toc.htm
Description: A sample template for creating user preprocess event handlers is given here. Both execute() methods, one for processing single event and the other for processing bulk events, are implemented. The example given here is a preprocess event handler on user lock operation. Also, a test driver is provided to perform lock on a single user and on multiple users.
References: https://docs.oracle.com/cd/E52734_01/oim/OMDEV/oper.htm#OMDEV3085
https://docs.oracle.com/cd/E52734_01/oim/OMJAV/toc.htm
Friday, November 20, 2015
OIM API: Calling Process Task Instance On User Resource Account
Tested On: Oracle Identity Manager 11.1.2.3.0
Description: Demonstrates how to call a provisioning task on a user's resource account via Oracle Identity Manager API. Below are screen-shots to manually add a process task instance call to a resource account via Oracle Identity Manager Self Service User Interface.
References: http://docs.oracle.com/cd/E52734_01/oim/OMJAV/toc.htm
Description: Demonstrates how to call a provisioning task on a user's resource account via Oracle Identity Manager API. Below are screen-shots to manually add a process task instance call to a resource account via Oracle Identity Manager Self Service User Interface.
 | |||
| Click >> for more options -> Resource History |
 |
| Click "Add Task" button |
 |
| Select a Process Task -> Click "Add" |
 |
| Confirm Add Task |
 |
| Provisioning Task Executed |
References: http://docs.oracle.com/cd/E52734_01/oim/OMJAV/toc.htm
Saturday, October 24, 2015
OIM API: Change User's Application Instance Account Password
Version: Oracle Identity Manager 11.1.2.3.0
Description: Demonstrates using Oracle Identity Manager API to change a user's resource account password.
References:
http://docs.oracle.com/cd/E52734_01/oim/OMJAV/toc.htm
http://docs.oracle.com/cd/E52734_01/index.html
Description: Demonstrates using Oracle Identity Manager API to change a user's resource account password.
References:
http://docs.oracle.com/cd/E52734_01/oim/OMJAV/toc.htm
http://docs.oracle.com/cd/E52734_01/index.html
Saturday, August 29, 2015
Change Password Validation Event Handler: Adding Custom Password Requirements
Tested On: Oracle Identity Manager 11.1.2.3.0
Description: Demonstrates how to add custom password requirements which are not covered by out of the box Oracle Identity Manager password policy. Implementation is handled by creating a custom validation event handler on change password operations. The example given here validates that the new password does not contain the user's middle name and email.
References: https://docs.oracle.com/cd/E52734_01/oim/OMDEV/oper.htm#OMDEV3085
http://docs.oracle.com/cd/E52734_01/oim/OMUSG/pwdpolicy.htm#OMUSG5478
http://docs.oracle.com/cd/E27559_01/apirefs.1112/e28159/oracle/iam/platform/Platform.html#getServiceForEventHandlers_java_lang_Class__java_lang_String__java_lang_String__java_lang_String__java_util_HashMap_
Description: Demonstrates how to add custom password requirements which are not covered by out of the box Oracle Identity Manager password policy. Implementation is handled by creating a custom validation event handler on change password operations. The example given here validates that the new password does not contain the user's middle name and email.
 |
| Validation on First Login Password Change |
 |
| Validation on Forgot Password |
 |
| Validation on Admin Changing User Password |
References: https://docs.oracle.com/cd/E52734_01/oim/OMDEV/oper.htm#OMDEV3085
http://docs.oracle.com/cd/E52734_01/oim/OMUSG/pwdpolicy.htm#OMUSG5478
http://docs.oracle.com/cd/E27559_01/apirefs.1112/e28159/oracle/iam/platform/Platform.html#getServiceForEventHandlers_java_lang_Class__java_lang_String__java_lang_String__java_lang_String__java_util_HashMap_
Tuesday, August 11, 2015
OIM Reconciliation Event Data Validation Example
Tested On: Oracle Identity Manager 11.1.2.0 and Oracle Internet Directory 11.1.1.6.0 OIM connector
Description: Demonstrates how to configure validation of data during reconciliation. Most OIM connectors have this feature (Refer to the connector's documentation for specific instructions). The example given here validates a specific phone number format. A reconciliation event will not be created in OIM if validation fails.
References: https://docs.oracle.com/cd/E22999_01/index.htm
https://docs.oracle.com/cd/E22999_01/doc.111/e28603/extnd_func.htm#BCGICJIB
Description: Demonstrates how to configure validation of data during reconciliation. Most OIM connectors have this feature (Refer to the connector's documentation for specific instructions). The example given here validates a specific phone number format. A reconciliation event will not be created in OIM if validation fails.
References: https://docs.oracle.com/cd/E22999_01/index.htm
https://docs.oracle.com/cd/E22999_01/doc.111/e28603/extnd_func.htm#BCGICJIB
Friday, August 7, 2015
OIM Reconciliation Event Data Transformation Example
Tested On: Oracle Identity Manager 11.1.2.0 and Oracle Internet Directory 11.1.1.6.0 OIM Connector
Description: Demonstrates how to manipulate reconciliation event data when running user reconciliation scheduled job for most Identity Connector Framework (ICF) connectors (Refer to the connector's documentation for specific instructions). The example given here uses the OID 11.1.1.6.0 connector (ODSEE/OUD/LDAPV3, Target System = OpenLDAP).
References: https://docs.oracle.com/cd/E22999_01/index.htm
https://docs.oracle.com/cd/E22999_01/doc.111/e28603/extnd_func.htm#BGBBBCGE
Description: Demonstrates how to manipulate reconciliation event data when running user reconciliation scheduled job for most Identity Connector Framework (ICF) connectors (Refer to the connector's documentation for specific instructions). The example given here uses the OID 11.1.1.6.0 connector (ODSEE/OUD/LDAPV3, Target System = OpenLDAP).
References: https://docs.oracle.com/cd/E22999_01/index.htm
https://docs.oracle.com/cd/E22999_01/doc.111/e28603/extnd_func.htm#BGBBBCGE
Wednesday, June 24, 2015
OIM API: Change Regular Account to be a Service Account
Tested On: OIM 11.1.2.2.0
Description: Demonstrates how to convert a regular resource account into a service account. The sample code will convert all resource accounts for a particular application instance into service accounts. The tcUserOperationsIntf API is used. When a regular resource account is converted into a service account, OIU.OIU_SERVICEACCOUNT is set to 1 and OIU.ACCOUNT_TYPE is set to serviceaccount.
References:
http://docs.oracle.com/cd/E40329_01/apirefs.1112/e28159/toc.htm
http://docs.oracle.com/cd/B31081_01/idmgr/b25940/appb.htm#CHDDGIAA
Description: Demonstrates how to convert a regular resource account into a service account. The sample code will convert all resource accounts for a particular application instance into service accounts. The tcUserOperationsIntf API is used. When a regular resource account is converted into a service account, OIU.OIU_SERVICEACCOUNT is set to 1 and OIU.ACCOUNT_TYPE is set to serviceaccount.
References:
http://docs.oracle.com/cd/E40329_01/apirefs.1112/e28159/toc.htm
http://docs.oracle.com/cd/B31081_01/idmgr/b25940/appb.htm#CHDDGIAA
Monday, June 15, 2015
Event Handler Example: Application Instance
Tested On: Oracle Identity Manager 11.1.2.2.0
Description: Given here is a custom preprocess event handler set to trigger on the provisioning of a specific application instance. On the initial provisioning of an application instance, the event handler will populate the resource parent form using data from the target OIM user similar to how prepopulate adapters function. Also, this example shows populating a resource child form. You can download the plugin zip file here.
Description: Given here is a custom preprocess event handler set to trigger on the provisioning of a specific application instance. On the initial provisioning of an application instance, the event handler will populate the resource parent form using data from the target OIM user similar to how prepopulate adapters function. Also, this example shows populating a resource child form. You can download the plugin zip file here.
Monday, May 25, 2015
OIM API: Provisioning Resource Account to User
Tested On: Oracle Identity Manager 11.1.2.2.0
Description: A utility to provision a resource account to an OIM User. The parent data and the child data can be provided to populate the process forms associated with the application instance.
Reference: http://docs.oracle.com/cd/E40329_01/apirefs.1112/e28159/toc.htm
Description: A utility to provision a resource account to an OIM User. The parent data and the child data can be provided to populate the process forms associated with the application instance.
 |
| Results of executing code |
Monday, March 30, 2015
OIM API: Entitlements
Tested On: Oracle Identity Manager 11.1.2.2.0
Description: Given here is code that utilize the OIM Java API to grant, revoke, and update entitlements on a user. Entitlement data is stored in the child process form of a resource. In the test driver, a disconnected resource with multiple columns in the child table (entitlement with attributes) is used as an example.
Here are some useful OIM tables related to entitlements to look at:
ENT_LIST = List of Entitlement
ENT_ASSIGN = Entitlement Instances assigned to users
UD_* = Resource account data: Look at the child UD table
References: Java API Reference for Oracle Identity Manager 11.1.2.2
http://docs.oracle.com/cd/E27559_01/admin.1112/e27149/appinstance.htm#OMADM4680
Description: Given here is code that utilize the OIM Java API to grant, revoke, and update entitlements on a user. Entitlement data is stored in the child process form of a resource. In the test driver, a disconnected resource with multiple columns in the child table (entitlement with attributes) is used as an example.
 |
| Child Form with "Type" form field as the Entitlement attribute. |
 |
| Lookup Definition for Entitlement attribute "Type". |
 |
| User Entitlements View |
 |
| User Resource Account View Includes: Parent data in the Details section Child data in Laptop_UD_LPTYPE table |
Here are some useful OIM tables related to entitlements to look at:
ENT_LIST = List of Entitlement
ENT_ASSIGN = Entitlement Instances assigned to users
UD_* = Resource account data: Look at the child UD table
References: Java API Reference for Oracle Identity Manager 11.1.2.2
http://docs.oracle.com/cd/E27559_01/admin.1112/e27149/appinstance.htm#OMADM4680
Saturday, March 21, 2015
OIM Event Handler: Implement Execute for Bulk Orchestration
Version: 11.1.2.2.0
Description: An example of implementing execute() for bulk orchestration in an event handler is given here. The example plug-in can be download here. The example event handler performs recalculation of department number user attribute whenever user type or manager user attribute is changed for target user(s). A test driver is given to perform modifications on multiple users on a single API call.
References:
http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/oper.htm#OMDEV4741
http://docs.oracle.com/cd/E40329_01/apirefs.1112/e28159/toc.htm
Description: An example of implementing execute() for bulk orchestration in an event handler is given here. The example plug-in can be download here. The example event handler performs recalculation of department number user attribute whenever user type or manager user attribute is changed for target user(s). A test driver is given to perform modifications on multiple users on a single API call.
References:
http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/oper.htm#OMDEV4741
http://docs.oracle.com/cd/E40329_01/apirefs.1112/e28159/toc.htm
Friday, March 13, 2015
OIM API: Create Reconciliation Event
Version: Oracle Identity Manager 11.1.2.2.0
Description: Shows how to use the Oracle Identity Manager API to create reconciliation events. Below are screen shots of the end results of running the sample code given in this post on DBAT 11.1.1.5.0 connector.
Reference: http://docs.oracle.com/cd/E40329_01/apirefs.1112/e28159/toc.htm
Description: Shows how to use the Oracle Identity Manager API to create reconciliation events. Below are screen shots of the end results of running the sample code given in this post on DBAT 11.1.1.5.0 connector.
 |
| Reconciliation Event Created by OIM API |
 |
| Reconciliation Data |
 |
| Resource History of Reconciled Account |
 |
| Reconciliation Field Names to use in API |
Saturday, February 14, 2015
Working with OIM Prepopulate Adapters
Version: Oracle Identity Manager 11g R2
Description: Prepopulate adapters are used to populate the fields on a resource form in Oracle Identity Manager. By having the resource form fields populated by prepopulate adapters, the provisioning process of a resource account to a user can be handled with ease rather than having someone manually enter values for the resource form fields. In Oracle Identity Manager, prepopoulate adapters are triggered on the initial assignment of the resource account to a user.
References: http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/creadp.htm#OMDEV2693
Description: Prepopulate adapters are used to populate the fields on a resource form in Oracle Identity Manager. By having the resource form fields populated by prepopulate adapters, the provisioning process of a resource account to a user can be handled with ease rather than having someone manually enter values for the resource form fields. In Oracle Identity Manager, prepopoulate adapters are triggered on the initial assignment of the resource account to a user.
References: http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/creadp.htm#OMDEV2693
Sunday, January 18, 2015
Conditional Event Handler Example
Tested On: Oracle Identity Manager 11.1.2.2.0.
Description: This post demonstrates how to develop a conditional event handler in Oracle Identity Manager. To make a conditional event handler, your class must implement ConditionalEventHandler, and then write your conditions in the isApplicable method.
In this example, the postprocess event handler is triggered on the creation of employee users. The post process event handler populates the Employee Number field with the user's key (USR_KEY). The complete event handler plugin can be downloaded here.
Validation and preprocess event handlers can also be conditional. You can inspect the ORCHEVENTS table in the OIM Schema to see the event handlers trigger sequences of an entire process. If the conditions are met in the conditional event handler, you should see a record inserted in the ORCHEVENTS table for that event handler.
References: http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/oper.htm#OMDEV3085
Description: This post demonstrates how to develop a conditional event handler in Oracle Identity Manager. To make a conditional event handler, your class must implement ConditionalEventHandler, and then write your conditions in the isApplicable method.
In this example, the postprocess event handler is triggered on the creation of employee users. The post process event handler populates the Employee Number field with the user's key (USR_KEY). The complete event handler plugin can be downloaded here.
Validation and preprocess event handlers can also be conditional. You can inspect the ORCHEVENTS table in the OIM Schema to see the event handlers trigger sequences of an entire process. If the conditions are met in the conditional event handler, you should see a record inserted in the ORCHEVENTS table for that event handler.
References: http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/oper.htm#OMDEV3085
Thursday, January 15, 2015
Generate Requests using OIM API
Version: Oracle Identity Manager 11.1.2.2.0
Description: Demonstrates how to use the Oracle Identity Manager API to generate a request. Given here is example code that makes a request to provision an entitlement to a user, makes a request to modify attributes on a user profile, or makes a request to disable a user. The entire project can be found here.
Description: Demonstrates how to use the Oracle Identity Manager API to generate a request. Given here is example code that makes a request to provision an entitlement to a user, makes a request to modify attributes on a user profile, or makes a request to disable a user. The entire project can be found here.
 |
| Request generated by API. This request needs to be approved before the changes are applied to modify the user. |
Subscribe to:
Posts (Atom)