OIM Managed Bean Example: Custom Password Reset

Tested On: Oracle Identity Manager 11.1.2.2.0, WebLogic 10.3.6, JDeveloper 11.1.1.7.0
Description: Demonstrates how to setup and deploy a custom managed bean, and apply UI customization that triggers the bean. The example given here is a custom password reset managed bean. You can download the project here. Below are the results of the completing this tutorial:

References: http://docs.oracle.com/cd/E40329_01/dev.1112/e27150/uicust.htm#OMDEV4804
http://docs.oracle.com/cd/E40329_01/dev.1112/e27150/facesutils.htm#OMDEV5216
http://fusionsecurity.blogspot.com/2013/09/oim-reset-password-customization-example.html

OIM Custom Validation Event Handler Example

Tested On: Oracle Identity Manager 11.1.2.2.0
Description: A custom validation event handler that validates if  the "Telephone Number" (USR_TELEPHONE_NUMBER) user attribute has the proper format. The event handler is triggered on modification of "Telephone Number" user attribute.

Reference: http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/oper.htm#OMDEV4778

Developing Managed Beans: JDeveloper Project Template

Tested On:  JDeveloper 11.1.1.7.0, Oracle Identity Manager 11.1.2.2.0
Description: Shows how to setup a JDeveloper project template for managed bean development.
References: http://docs.oracle.com/cd/E40329_01/dev.1112/e27150/uicust.htm#OMDEV4804

How to Export MDS Files Through WLST

Tested On: Oracle Identity Manager 11.1.2.2.0, WebLogic 10.3.6
Description: Demonstrates how to export configuration files from Metadata Store through WebLogic Scripting Tool command line interface.
Prerequisites: Oracle Identity Manager and WebLogic servers must be running.
References: http://docs.oracle.com/cd/E28271_01/web.1111/e13813/custom_mds.htm

1. Execute wlst.sh located in "$MW_HOME/Oracle_IDM1/common/bin" directory.

2. Connect to WebLogic Administration Server via WLST.

connect('WL_USER','PASSWORD','t3://WL_HOSTNAME:WL_PORT');

# Example
connect('weblogic', 'Password1','t3://localhost:7001');

3. Export metadata of an application.

# SyntaxexportMetadata(application, server, toLocation [, docs]
 [, restrictCustTo] [, excludeCustFor] [, excludeAllCust] [, excludeBaseDocs]
 [, excludeExtendedMetadata] [, excludeSeededDocs]
 [, fromLabel][, toLabel] [, applicationVersion] [, remote] [, tenantName])


#==========================
# Examples
# listApplications() = List all applications
#==========================

# OIM Configuration Files
exportMetadata(application='OIMMetadata', server='oim_server1', toLocation='/home/oracle/mds_backup/oim_metadata');


# OIM Self-Service UI Files
exportMetadata(application='oracle.iam.console.identity.self-service.ear', server='oim_server1', toLocation='/home/oracle/mds_backup/oim_self_service_ui');


# OIM Sysadmin UI Files
exportMetadata(application='oracle.iam.console.identity.sysadmin.ear', server='oim_server1', toLocation='/home/oracle/mds_backup/oim_sysadmin_ui');

# Export Single OIM file
exportMetadata(application='OIMMetadata', server='oim_server1', toLocation='/home/oracle/mds_backup/oim_main_config',docs='/db/oim-config.xml');

How to Unregister an OIM Plugin

Version: Oracle Identity Manager 11.1.2.2.0
Description: Shows how to remove a custom plugin such as an event handler or scheduled task from Oracle Identity Manager via API.

package com.blogspot.oraclestack.utilities;

import java.util.Hashtable;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.login.LoginException;
import oracle.iam.platform.OIMClient;
import oracle.iam.platform.pluginframework.PluginException;
import oracle.iam.platformservice.api.PlatformService;
import oracle.iam.platformservice.api.PlatformUtilsService;
import oracle.iam.platformservice.exception.InvalidCacheCategoryException;
import oracle.iam.platformservice.exception.PlatformServiceAccessDeniedException;


/**
 * Removes a single plugin. This does not remove an entire zip plugin.
 * Query the OIM.PLUGINS table to get ID and VERSION.
 */
public class UnRegisterPlugin
{
    // Substitute these values accordingly 
    public static final String OIM_HOSTNAME = "localhost";
    public static final String OIM_PORT = "14000";
    public static final String OIM_PROVIDER_URL ="t3://" + OIM_HOSTNAME + ":" + OIM_PORT;
    public static final String OIM_USERNAME = "xelsysadm";
    public static final String OIM_PASSWORD = "Password1";
    public static final String OIM_CLIENT_HOME ="/home/oracle/jdeveloper/mywork/OracleIdentityManager/Resources/oimclient";
    public static final String AUTHWL_PATH =OIM_CLIENT_HOME + "/conf/authwl.conf";
    public static final String PLUGIN_ID = "com.blogspot.oraclestack.eventhandlers.SetMiddleNamePreprocessEH";
    public static final String PLUGIN_VERSION = "1.0";
   
    public static void main(String[] args) 
    {
        OIMClient oimClient = null;


        try
        {
            //Set system properties required for OIMClient
            System.setProperty("java.security.auth.login.config", AUTHWL_PATH);
            System.setProperty("APPSERVER_TYPE", "wls");

            // Create an instance of OIMClient with OIM environment information
            Hashtable env = new Hashtable();
            env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL,"weblogic.jndi.WLInitialContextFactory");
            env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, OIM_PROVIDER_URL);
            oimClient = new OIMClient(env);

            // Login to OIM with the approriate credentials
            oimClient.login(OIM_USERNAME, OIM_PASSWORD.toCharArray());

            // Remove single plugin
            PlatformService service = oimClient.getService(PlatformService.class);
            service.unRegisterPlugin(PLUGIN_ID, PLUGIN_VERSION);
           
            // Purge Cache
            PlatformUtilsService platUtilOps = oimClient.getService(PlatformUtilsService.class);
            platUtilOps.purgeCache("ALL");
        }

        catch (PlatformServiceAccessDeniedException ex) {Logger.getLogger(RegisterPlugin.class.getName()).log(Level.SEVERE, null, ex);}                               
        catch (PluginException ex) {Logger.getLogger(RegisterPlugin.class.getName()).log(Level.SEVERE, null, ex);}
        catch (LoginException ex) {Logger.getLogger(RegisterPlugin.class.getName()).log(Level.SEVERE, null, ex);}
        catch (InvalidCacheCategoryException e) {Logger.getLogger(RegisterPlugin.class.getName()).log(Level.SEVERE, null, e);}

        finally
        {
            // Logout user from OIMClient
            if (oimClient != null) { oimClient.logout(); }
        }
    }
}

Custom Preprocess Event Handler to Set Middle Name

Version: Oracle Identity Manager 11.1.2.2.0
Description:  A preprocess event handler which sets the user's middle name using the first letter of the user's first name if the user does not have a value for middle name. The event handler triggers on the creation of an OIM User.
Reference: https://docs.oracle.com/cd/E40329_01/dev.1112/e27150/oper.htm#OMDEV4768

Disabling OOTB OIM Event Handlers

Description: Shows you how to disable an out of the box event handler in Oracle Identity Manager.
** USE AT YOUR OWN RISK **   
References: https://docs.oracle.com/cd/E21764_01/doc.1111/e14309/utils.htm#OMDEV2810
http://docs.oracle.com/cd/E40329_01/dev.1112/e27150/uploadutil.htm#OMDEV4859
Tested On: Oracle Identity Manager 11.1.2.2.0

1. Figure out the metedata file you would like to export. Execute the following SQL query on the MDS schema to obtain all the predefined event handlers:

SELECT * FROM mds_paths WHERE path_fullname LIKE '%EventHandlers.xml%';

2. Export the event handler XML file from MDS via EM console or weblogicExportMetadata.sh. Refer Import and Export Metadata using EM Console for step by step instructions.

3. Keep a backup copy of the original XML file.

4. Modify the XML file. Given below is an example of commenting out one of the predefined event handler from "/metadata/iam-features-passwordmgmt/event-definition/EventHandlers.xml" file:

<?xml version='1.0' encoding='UTF-8'?>
<eventhandlers xmlns="http://www.oracle.com/schema/oim/platform/kernel" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.oracle.com/schema/oim/platform/kernel orchestration-handlers.xsd">
<validation-handler class="oracle.iam.passwordmgmt.eventhandlers.ResetPasswordValidationHandler" entity-type="User" operation="RESET_PASSWORD" name="ResetPasswordValidationHandler" order="FIRST" sync="TRUE"/>
<validation-handler class="oracle.iam.passwordmgmt.eventhandlers.UserPasswordValidationHandler" entity-type="User" operation="CREATE" name="CreateUserPasswordValidationHandler" order="1020"/>
<validation-handler class="oracle.iam.passwordmgmt.eventhandlers.UserPasswordValidationHandler" entity-type="User" operation="CHANGE_PASSWORD" name="UserPasswordValidationHandler" order="2"/>
<!--<action-handler class="oracle.iam.passwordmgmt.eventhandlers.ResetPasswordPreProcessHandler" entity-type="User" operation="RESET_PASSWORD" name="ResetPasswordPreProcessHandler" stage="preprocess" sync="TRUE" order="9900"/>-->
<action-handler class="oracle.iam.passwordmgmt.eventhandlers.ResetPasswordActionHandler" entity-type="User" operation="RESET_PASSWORD" name="ResetPasswordActionHandler" order="FIRST" stage="action" sync="TRUE"/>
<postprocess-handler class="oracle.iam.passwordmgmt.eventhandlers.PasswordNotificationHandler" entity-type="User" operation="RESET_PASSWORD" name="ResetPasswordNotificationHandler" order="FIRST" stage="postprocess" sync="TRUE"/>
<postprocess-handler class="oracle.iam.passwordmgmt.eventhandlers.PasswordNotificationHandler" entity-type="User" operation="CREATE" name="CreateUserPasswordNotificationHandler" order="1180" stage="postprocess" sync="TRUE"/>
<postprocess-handler class="oracle.iam.passwordmgmt.eventhandlers.PasswordNotificationHandler" entity-type="User" operation="CHANGE_PASSWORD" name="PasswordNotificationHandler" order="THIRD" stage="postprocess" sync="TRUE"/>
</eventhandlers>

5. Import the modified XML file into MDS via EM console.

6. Purge the cache or restart the OIM server for changes to take effect.

7. You can query the ORCHEVENTS table from the OIM schema to see the trigger points of each event handler process.