Tested On: Oracle Identity Manager 11.1.2.2.0
Description: Shows how to propagate attributes from OIM User Profile to user resource accounts.
Sample Scenario
OIM User Attribute: First Name
Active Directory Process Form Field: First Name
Whenever the First Name OIM User Attribute is modified, the changes will also be pushed down to the First Name attribute on Active Directory.
References: http://docs.oracle.com/cd/E40329_01/dev.1112/e27150/promgt.htm#OMDEV2509
Saturday, December 27, 2014
Thursday, December 25, 2014
Adding Attributes to an ICF Connector for Reconciliation
Version: Oracle Identity Manager 11.1.2.2.0
Description: Shows how to add an attribute to an Identity Connector Framework (ICF) OIM connector for reconciliation in general. The Database Application Tables (DBAT) 11.1.1.5.0 connector is used as an example. Refer to here for setting up the DBAT connector.
References: https://docs.oracle.com/cd/E22999_01/index.htm
https://docs.oracle.com/cd/E22999_01/doc.111/e20277/extnd_func.htm#CDEJFECH
Description: Shows how to add an attribute to an Identity Connector Framework (ICF) OIM connector for reconciliation in general. The Database Application Tables (DBAT) 11.1.1.5.0 connector is used as an example. Refer to here for setting up the DBAT connector.
 |
| Reconciliation Event Data Flow: Target Data -> Recon Fields -> Process Form |
https://docs.oracle.com/cd/E22999_01/doc.111/e20277/extnd_func.htm#CDEJFECH
Tuesday, December 23, 2014
Update Child Process Form via API
Version: Oracle Identity Manager 11.1.2.2.0
Description: Uses the Oracle Identity Manager API to make updates (add, delete, and modify) on a resource account child form.
Reference: http://docs.oracle.com/cd/E40329_01/apirefs.1112/e28159/toc.htm
Description: Uses the Oracle Identity Manager API to make updates (add, delete, and modify) on a resource account child form.
Reference: http://docs.oracle.com/cd/E40329_01/apirefs.1112/e28159/toc.htm
Monday, December 22, 2014
Adding Attributes to an ICF Connector for Provisioning
Version: Oracle Identity Manager 11.1.2.2.0
Description: Shows how to add a resource attribute to an Identity Connector Framework (ICF) OIM connector for provisioning in general. The Database Application Tables (DBAT) 11.1.1.5.0 connector is used as an example. Refer to here for setting up the DBAT connector.
References: https://docs.oracle.com/cd/E22999_01/index.htm
https://docs.oracle.com/cd/E22999_01/doc.111/e20277/extnd_func.htm#CDEJFECH
Description: Shows how to add a resource attribute to an Identity Connector Framework (ICF) OIM connector for provisioning in general. The Database Application Tables (DBAT) 11.1.1.5.0 connector is used as an example. Refer to here for setting up the DBAT connector.
References: https://docs.oracle.com/cd/E22999_01/index.htm
https://docs.oracle.com/cd/E22999_01/doc.111/e20277/extnd_func.htm#CDEJFECH
Wednesday, December 17, 2014
OIM 11g R2 API: Resource Account Parent Form Modifications
Tested On: Oracle Identity Manager 11.1.2.2.0
Description: Contains sample code to make modifications to a specific resource account parent form using the ProvisioningService API.
Reference: http://docs.oracle.com/cd/E40329_01/apirefs.1112/e28159/toc.htm
Description: Contains sample code to make modifications to a specific resource account parent form using the ProvisioningService API.
Reference: http://docs.oracle.com/cd/E40329_01/apirefs.1112/e28159/toc.htm
Monday, December 15, 2014
OIM Managed Bean Example: Custom Password Reset
Tested On: Oracle Identity Manager 11.1.2.2.0, WebLogic 10.3.6, JDeveloper 11.1.1.7.0
Description: Demonstrates how to setup and deploy a custom managed bean, and apply UI customization that triggers the bean. The example given here is a custom password reset managed bean. You can download the project here. Below are the results of the completing this tutorial:
References: http://docs.oracle.com/cd/E40329_01/dev.1112/e27150/uicust.htm#OMDEV4804
http://docs.oracle.com/cd/E40329_01/dev.1112/e27150/facesutils.htm#OMDEV5216
http://fusionsecurity.blogspot.com/2013/09/oim-reset-password-customization-example.html
Description: Demonstrates how to setup and deploy a custom managed bean, and apply UI customization that triggers the bean. The example given here is a custom password reset managed bean. You can download the project here. Below are the results of the completing this tutorial:
References: http://docs.oracle.com/cd/E40329_01/dev.1112/e27150/uicust.htm#OMDEV4804
http://docs.oracle.com/cd/E40329_01/dev.1112/e27150/facesutils.htm#OMDEV5216
http://fusionsecurity.blogspot.com/2013/09/oim-reset-password-customization-example.html
Sunday, December 14, 2014
OIM Custom Validation Event Handler Example
Tested On: Oracle Identity Manager 11.1.2.2.0
Description: A custom validation event handler that validates if the "Telephone Number" (USR_TELEPHONE_NUMBER) user attribute has the proper format. The event handler is triggered on modification of "Telephone Number" user attribute.
Reference: http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/oper.htm#OMDEV4778
Description: A custom validation event handler that validates if the "Telephone Number" (USR_TELEPHONE_NUMBER) user attribute has the proper format. The event handler is triggered on modification of "Telephone Number" user attribute.
Reference: http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/oper.htm#OMDEV4778
Friday, December 12, 2014
Developing Managed Beans: JDeveloper Project Template
Tested On: JDeveloper 11.1.1.7.0, Oracle Identity Manager 11.1.2.2.0
Description: Shows how to setup a JDeveloper project template for managed bean development.
References: http://docs.oracle.com/cd/E40329_01/dev.1112/e27150/uicust.htm#OMDEV4804
Description: Shows how to setup a JDeveloper project template for managed bean development.
References: http://docs.oracle.com/cd/E40329_01/dev.1112/e27150/uicust.htm#OMDEV4804
Wednesday, December 10, 2014
How to Export MDS Files Through WLST
Tested On: Oracle Identity Manager 11.1.2.2.0, WebLogic 10.3.6
Description: Demonstrates how to export configuration files from Metadata Store through WebLogic Scripting Tool command line interface.
Prerequisites: Oracle Identity Manager and WebLogic servers must be running.
References: http://docs.oracle.com/cd/E28271_01/web.1111/e13813/custom_mds.htm
1. Execute wlst.sh located in "$MW_HOME/Oracle_IDM1/common/bin" directory.
2. Connect to WebLogic Administration Server via WLST.
3. Export metadata of an application.
Description: Demonstrates how to export configuration files from Metadata Store through WebLogic Scripting Tool command line interface.
Prerequisites: Oracle Identity Manager and WebLogic servers must be running.
References: http://docs.oracle.com/cd/E28271_01/web.1111/e13813/custom_mds.htm
1. Execute wlst.sh located in "$MW_HOME/Oracle_IDM1/common/bin" directory.
2. Connect to WebLogic Administration Server via WLST.
connect('WL_USER','PASSWORD','t3://WL_HOSTNAME:WL_PORT');
# Example
connect('weblogic', 'Password1','t3://localhost:7001');
3. Export metadata of an application.
# SyntaxexportMetadata(application, server, toLocation [, docs] [, restrictCustTo] [, excludeCustFor] [, excludeAllCust] [, excludeBaseDocs] [, excludeExtendedMetadata] [, excludeSeededDocs] [, fromLabel][, toLabel] [, applicationVersion] [, remote] [, tenantName]) #========================== # Examples # listApplications() = List all applications #========================== # OIM Configuration Files exportMetadata(application='OIMMetadata', server='oim_server1', toLocation='/home/oracle/mds_backup/oim_metadata'); # OIM Self-Service UI Files exportMetadata(application='oracle.iam.console.identity.self-service.ear', server='oim_server1', toLocation='/home/oracle/mds_backup/oim_self_service_ui'); # OIM Sysadmin UI Files exportMetadata(application='oracle.iam.console.identity.sysadmin.ear', server='oim_server1', toLocation='/home/oracle/mds_backup/oim_sysadmin_ui'); # Export Single OIM file exportMetadata(application='OIMMetadata', server='oim_server1', toLocation='/home/oracle/mds_backup/oim_main_config',docs='/db/oim-config.xml');
Tuesday, December 9, 2014
How to Unregister an OIM Plugin
Version: Oracle Identity Manager 11.1.2.2.0
Description: Shows how to remove a custom plugin such as an event handler or scheduled task from Oracle Identity Manager via API.
Description: Shows how to remove a custom plugin such as an event handler or scheduled task from Oracle Identity Manager via API.
package com.blogspot.oraclestack.utilities;
import java.util.Hashtable;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.login.LoginException;
import oracle.iam.platform.OIMClient;
import oracle.iam.platform.pluginframework.PluginException;
import oracle.iam.platformservice.api.PlatformService;
import oracle.iam.platformservice.api.PlatformUtilsService;
import oracle.iam.platformservice.exception.InvalidCacheCategoryException;
import oracle.iam.platformservice.exception.PlatformServiceAccessDeniedException;
/**
* Removes a single plugin. This does not remove an entire zip plugin.
* Query the OIM.PLUGINS table to get ID and VERSION.
*/
public class UnRegisterPlugin
{
// Substitute these values accordingly
public static final String OIM_HOSTNAME = "localhost";
public static final String OIM_PORT = "14000";
public static final String OIM_PROVIDER_URL ="t3://" + OIM_HOSTNAME + ":" + OIM_PORT;
public static final String OIM_USERNAME = "xelsysadm";
public static final String OIM_PASSWORD = "Password1";
public static final String OIM_CLIENT_HOME ="/home/oracle/jdeveloper/mywork/OracleIdentityManager/Resources/oimclient";
public static final String AUTHWL_PATH =OIM_CLIENT_HOME + "/conf/authwl.conf";
public static final String PLUGIN_ID = "com.blogspot.oraclestack.eventhandlers.SetMiddleNamePreprocessEH";
public static final String PLUGIN_VERSION = "1.0";
public static void main(String[] args)
{
OIMClient oimClient = null;
try
{
//Set system properties required for OIMClient
System.setProperty("java.security.auth.login.config", AUTHWL_PATH);
System.setProperty("APPSERVER_TYPE", "wls");
// Create an instance of OIMClient with OIM environment information
Hashtable env = new Hashtable();
env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL,"weblogic.jndi.WLInitialContextFactory");
env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, OIM_PROVIDER_URL);
oimClient = new OIMClient(env);
// Login to OIM with the approriate credentials
oimClient.login(OIM_USERNAME, OIM_PASSWORD.toCharArray());
// Remove single plugin
PlatformService service = oimClient.getService(PlatformService.class);
service.unRegisterPlugin(PLUGIN_ID, PLUGIN_VERSION);
// Purge Cache
PlatformUtilsService platUtilOps = oimClient.getService(PlatformUtilsService.class);
platUtilOps.purgeCache("ALL");
}
catch (PlatformServiceAccessDeniedException ex) {Logger.getLogger(RegisterPlugin.class.getName()).log(Level.SEVERE, null, ex);}
catch (PluginException ex) {Logger.getLogger(RegisterPlugin.class.getName()).log(Level.SEVERE, null, ex);}
catch (LoginException ex) {Logger.getLogger(RegisterPlugin.class.getName()).log(Level.SEVERE, null, ex);}
catch (InvalidCacheCategoryException e) {Logger.getLogger(RegisterPlugin.class.getName()).log(Level.SEVERE, null, e);}
finally
{
// Logout user from OIMClient
if (oimClient != null) { oimClient.logout(); }
}
}
}
Saturday, December 6, 2014
Custom Preprocess Event Handler to Set Middle Name
Version: Oracle Identity Manager 11.1.2.2.0
Description: A preprocess event handler which sets the user's middle name using the first letter of the user's first name if the user does not have a value for middle name. The event handler triggers on the creation of an OIM User.
Reference: https://docs.oracle.com/cd/E40329_01/dev.1112/e27150/oper.htm#OMDEV4768
Description: A preprocess event handler which sets the user's middle name using the first letter of the user's first name if the user does not have a value for middle name. The event handler triggers on the creation of an OIM User.
Reference: https://docs.oracle.com/cd/E40329_01/dev.1112/e27150/oper.htm#OMDEV4768
Tuesday, December 2, 2014
Disabling OOTB OIM Event Handlers
Description: Shows you how to disable an out of the box event handler in Oracle Identity Manager.
** USE AT YOUR OWN RISK **
References: https://docs.oracle.com/cd/E21764_01/doc.1111/e14309/utils.htm#OMDEV2810
http://docs.oracle.com/cd/E40329_01/dev.1112/e27150/uploadutil.htm#OMDEV4859
Tested On: Oracle Identity Manager 11.1.2.2.0
1. Figure out the metedata file you would like to export. Execute the following SQL query on the MDS schema to obtain all the predefined event handlers:
2. Export the event handler XML file from MDS via EM console or weblogicExportMetadata.sh. Refer Import and Export Metadata using EM Console for step by step instructions.
3. Keep a backup copy of the original XML file.
4. Modify the XML file. Given below is an example of commenting out one of the predefined event handler from "/metadata/iam-features-passwordmgmt/event-definition/EventHandlers.xml" file:
6. Purge the cache or restart the OIM server for changes to take effect.
7. You can query the ORCHEVENTS table from the OIM schema to see the trigger points of each event handler process.
** USE AT YOUR OWN RISK **
References: https://docs.oracle.com/cd/E21764_01/doc.1111/e14309/utils.htm#OMDEV2810
http://docs.oracle.com/cd/E40329_01/dev.1112/e27150/uploadutil.htm#OMDEV4859
Tested On: Oracle Identity Manager 11.1.2.2.0
1. Figure out the metedata file you would like to export. Execute the following SQL query on the MDS schema to obtain all the predefined event handlers:
SELECT * FROM mds_paths WHERE path_fullname LIKE '%EventHandlers.xml%';
2. Export the event handler XML file from MDS via EM console or weblogicExportMetadata.sh. Refer Import and Export Metadata using EM Console for step by step instructions.
3. Keep a backup copy of the original XML file.
4. Modify the XML file. Given below is an example of commenting out one of the predefined event handler from "/metadata/iam-features-passwordmgmt/event-definition/EventHandlers.xml" file:
<?xml version='1.0' encoding='UTF-8'?> <eventhandlers xmlns="http://www.oracle.com/schema/oim/platform/kernel" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.oracle.com/schema/oim/platform/kernel orchestration-handlers.xsd"> <validation-handler class="oracle.iam.passwordmgmt.eventhandlers.ResetPasswordValidationHandler" entity-type="User" operation="RESET_PASSWORD" name="ResetPasswordValidationHandler" order="FIRST" sync="TRUE"/> <validation-handler class="oracle.iam.passwordmgmt.eventhandlers.UserPasswordValidationHandler" entity-type="User" operation="CREATE" name="CreateUserPasswordValidationHandler" order="1020"/> <validation-handler class="oracle.iam.passwordmgmt.eventhandlers.UserPasswordValidationHandler" entity-type="User" operation="CHANGE_PASSWORD" name="UserPasswordValidationHandler" order="2"/> <!--<action-handler class="oracle.iam.passwordmgmt.eventhandlers.ResetPasswordPreProcessHandler" entity-type="User" operation="RESET_PASSWORD" name="ResetPasswordPreProcessHandler" stage="preprocess" sync="TRUE" order="9900"/>--> <action-handler class="oracle.iam.passwordmgmt.eventhandlers.ResetPasswordActionHandler" entity-type="User" operation="RESET_PASSWORD" name="ResetPasswordActionHandler" order="FIRST" stage="action" sync="TRUE"/> <postprocess-handler class="oracle.iam.passwordmgmt.eventhandlers.PasswordNotificationHandler" entity-type="User" operation="RESET_PASSWORD" name="ResetPasswordNotificationHandler" order="FIRST" stage="postprocess" sync="TRUE"/> <postprocess-handler class="oracle.iam.passwordmgmt.eventhandlers.PasswordNotificationHandler" entity-type="User" operation="CREATE" name="CreateUserPasswordNotificationHandler" order="1180" stage="postprocess" sync="TRUE"/> <postprocess-handler class="oracle.iam.passwordmgmt.eventhandlers.PasswordNotificationHandler" entity-type="User" operation="CHANGE_PASSWORD" name="PasswordNotificationHandler" order="THIRD" stage="postprocess" sync="TRUE"/> </eventhandlers>5. Import the modified XML file into MDS via EM console.
6. Purge the cache or restart the OIM server for changes to take effect.
7. You can query the ORCHEVENTS table from the OIM schema to see the trigger points of each event handler process.
Subscribe to:
Posts (Atom)