Thursday, January 15, 2015

Generate Requests using OIM API

Version: Oracle Identity Manager 11.1.2.2.0
Description: Demonstrates how to use the Oracle Identity Manager API to generate a request. Given here is example code that makes a request to provision an entitlement to a user, makes a request to modify attributes on a user profile, or makes a request to disable a user. The entire project can be found here.

Request generated by API. This request needs to be
approved before the changes are applied to modify the user.

package com.blogspot.oraclestack.testdriver;
import com.blogspot.oraclestack.services.OracleIdentityManagerClient;
import com.blogspot.oraclestack.utilities.GenerateRequestUtilities;
import java.util.HashMap;
import oracle.iam.platform.OIMClient;
import oracle.iam.vo.OperationResult;
/**
* Test Driver for GenerateRequestUtilities class
* @author rayedchan
*/
public class GenerateRequestTestDriver
{
// Adjust constant variables according to you OIM environment
public static final String OIM_HOSTNAME = "localhost";
public static final String OIM_PORT = "14000"; // For SSL, use 14001; For non-SSL, use 14000
public static final String OIM_PROVIDER_URL = "t3://"+ OIM_HOSTNAME + ":" + OIM_PORT; // For SSL, use t3s protocol; For non-SSL, use t3 protocol
public static final String AUTHWL_PATH = "lib/config/authwl.conf";
public static final String APPSERVER_TYPE = "wls";
public static final String FACTORY_INITIAL_TYPE = "weblogic.jndi.WLInitialContextFactory";
public static final String OIM_ADMIN_USERNAME = "xelsysadm";
public static final String OIM_ADMIN_PASSWORD = "Password1";
public static void main(String[] args) throws Exception
{
OracleIdentityManagerClient oimClientWrapper = null;
try
{
// Establish an OIM Client
oimClientWrapper = new OracleIdentityManagerClient(OIM_ADMIN_USERNAME, OIM_ADMIN_PASSWORD, AUTHWL_PATH, APPSERVER_TYPE, FACTORY_INITIAL_TYPE, OIM_PROVIDER_URL, false, null);
OIMClient oimClient = oimClientWrapper.getOIMClient();
// Instantiate Util Object
GenerateRequestUtilities genReqUtil = new GenerateRequestUtilities(oimClient);
// Input variables
String userLogin = "JCICCHELLA";
OperationResult response;
HashMap<String,String> modAttrs = new HashMap<String,String>();
modAttrs.put("First Name", "Justin2");
modAttrs.put("Last Name", "Cicchella2");
String entitlementValue = "Tech Lab"; // ENT_LIST.ENT_VALUE
String entitlementKey = "5"; // ENT_LIST.ENT_LIST_KEY
// Generate "Disable User" Request
response = genReqUtil.requestToDisableUser(userLogin);
System.out.printf("Request Id: {%s}, Entity Id: {%s}, Status: {%s}\n", response.getRequestID(), response.getEntityId(), response.getOperationStatus());
// Generate "Modify User" Request
response = genReqUtil.requestToModifyUserAttributes(userLogin, modAttrs);
System.out.printf("Request Id: {%s}, Entity Id: {%s}, Status: {%s}\n", response.getRequestID(), response.getEntityId(), response.getOperationStatus());
// Generate "Provision Entitlement" Request
response = genReqUtil.requestToProvisionEntitlement(userLogin, entitlementValue, entitlementKey);
System.out.printf("Request Id: {%s}, Entity Id: {%s}, Status: {%s}\n", response.getRequestID(), response.getEntityId(), response.getOperationStatus());
}
finally
{
oimClientWrapper.logout();
}
}
}
view raw GenerateRequestTestDriver.java hosted with ❤ by GitHub
package com.blogspot.oraclestack.utilities;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import oracle.core.ojdl.logging.ODLLevel;
import oracle.core.ojdl.logging.ODLLogger;
import oracle.iam.api.OIMService;
import oracle.iam.exception.OIMServiceException;
import oracle.iam.identity.exception.NoSuchUserException;
import oracle.iam.identity.exception.UserLookupException;
import oracle.iam.identity.usermgmt.api.UserManager;
import oracle.iam.identity.usermgmt.api.UserManagerConstants;
import oracle.iam.identity.usermgmt.vo.User;
import oracle.iam.platform.OIMClient;
import oracle.iam.platform.utils.vo.OIMType;
import oracle.iam.request.vo.Beneficiary;
import oracle.iam.request.vo.RequestBeneficiaryEntity;
import oracle.iam.request.vo.RequestConstants;
import oracle.iam.request.vo.RequestData;
import oracle.iam.request.vo.RequestEntity;
import oracle.iam.request.vo.RequestEntityAttribute;
import oracle.iam.vo.OperationResult;
/**
* Generate a request in Oracle Identity Manager for the specific operation (E.g.
* Create User, Modify User, Create Role, Provision Account, Revoke Entitlement).
* The request must be approved in order for the changes be applied in OIM.
* Refer to oracle.iam.api.OIMService for more information.
* @author rayedchan
*/
public class GenerateRequestUtilities
{
// Logger
private ODLLogger logger = ODLLogger.getODLLogger(GenerateRequestUtilities.class.getName());
// OIM Service for API calls
private final OIMService oimService;
private final UserManager usrMgrOps;
/**
* Constructor
* @param oimService OIMService
*/
public GenerateRequestUtilities(OIMClient oimClient)
{
this.oimService = oimClient.getService(OIMService.class);
this.usrMgrOps = oimClient.getService(UserManager.class);
}
/**
*
* @param userLogin OIM User Login
* @return
* @throws NoSuchUserException
* @throws UserLookupException
* @throws OIMServiceException
*/
public OperationResult requestToDisableUser(String userLogin) throws NoSuchUserException, UserLookupException, OIMServiceException
{
// Call helper method to get usr_key by User Login
String usrKey = getUserKeyByUserLogin(userLogin);
// Setup Request Entity
RequestEntity reqEntity = new RequestEntity();
reqEntity.setRequestEntityType(OIMType.User); // Specify entity type to User
reqEntity.setEntityKey(usrKey); // Specify target user's usr_key
reqEntity.setOperation(RequestConstants.MODEL_DISABLE_OPERATION); // Specify DISABLE operation to perform
// Add single request entity to list
List<RequestEntity> entities = new ArrayList<RequestEntity>();
entities.add(reqEntity);
// Setup Request Data
RequestData reqData = new RequestData();
reqData.setTargetEntities(entities); // Set list of request entity
// Invoke request operation in OIM
OperationResult result = oimService.doOperation(reqData, OIMService.Intent.REQUEST);
return result;
}
/**
* Generate a request to OIM to modify User Profile
* @param userLogin OIM User Login
* @param modAttrs User Profile attributes to modify
* @return response
* @throws NoSuchUserException
* @throws UserLookupException
* @throws OIMServiceException
*/
public OperationResult requestToModifyUserAttributes(String userLogin, Map<String,String> modAttrs) throws NoSuchUserException, UserLookupException, OIMServiceException
{
// Call helper method to get usr_key by User Login
String usrKey = getUserKeyByUserLogin(userLogin);
// Generate a list of request entity attribute to modify
List<RequestEntityAttribute> reqModAttrs = new ArrayList<RequestEntityAttribute>();
for(Map.Entry<String,String> entry : modAttrs.entrySet())
{
RequestEntityAttribute modAttr = new RequestEntityAttribute(entry.getKey(), entry.getValue(), RequestEntityAttribute.TYPE.String);
reqModAttrs.add(modAttr);
}
// Setup Request Entity
RequestEntity reqEntity = new RequestEntity();
reqEntity.setRequestEntityType(OIMType.User);
reqEntity.setEntityKey(usrKey);
reqEntity.setOperation(RequestConstants.MODEL_MODIFY_OPERATION);
reqEntity.setEntityData(reqModAttrs);
// Add single request entity to list
List<RequestEntity> entities = new ArrayList<RequestEntity>();
entities.add(reqEntity);
// Setup Request Data
RequestData reqData = new RequestData();
reqData.setTargetEntities(entities); // Set list of request entity
// Invoke request operation in OIM
OperationResult result = oimService.doOperation(reqData, OIMService.Intent.REQUEST);
return result;
}
public OperationResult requestToProvisionEntitlement(String userLogin, String entitlementName, String entKey) throws NoSuchUserException, UserLookupException, OIMServiceException
{
// Call helper method to get usr_key by User Login
String usrKey = getUserKeyByUserLogin(userLogin);
// Setup Request Entity
RequestBeneficiaryEntity reqBenefEntity = new RequestBeneficiaryEntity();
reqBenefEntity.setRequestEntityType(OIMType.Entitlement);
reqBenefEntity.setEntitySubType(entitlementName);
reqBenefEntity.setEntityKey(entKey);
reqBenefEntity.setOperation(RequestConstants.MODEL_PROVISION_ENTITLEMENT_OPERATION);
// Add single request entity to list
List<RequestBeneficiaryEntity> entities = new ArrayList<RequestBeneficiaryEntity>();
entities.add(reqBenefEntity);
// Setup beneficiary to grant entitlement
Beneficiary beneficiary = new Beneficiary();
beneficiary.setBeneficiaryKey(usrKey);
beneficiary.setBeneficiaryType(Beneficiary.USER_BENEFICIARY);
beneficiary.setTargetEntities(entities);
// Add single beneficiary to list
List<Beneficiary> beneficiaries = new ArrayList<Beneficiary>();
beneficiaries.add(beneficiary);
// Setup Request Data
RequestData reqData = new RequestData();
reqData.setBeneficiaries(beneficiaries); // Set list of request entity
// Invoke request operation in OIM
OperationResult result = oimService.doOperation(reqData, OIMService.Intent.REQUEST);
return result;
}
/**
* Get the OIM User's USR_KEY
* @param userLogin OIM.User Login (USR_LOGIN)
* @return value of USR_KEY
* @throws NoSuchUserException
* @throws UserLookupException
*/
private String getUserKeyByUserLogin(String userLogin) throws NoSuchUserException, UserLookupException
{
boolean userLoginUsed = true;
HashSet<String> attrsToFetch = new HashSet<String>();
attrsToFetch.add(UserManagerConstants.AttributeName.USER_KEY.getId());
attrsToFetch.add(UserManagerConstants.AttributeName.USER_LOGIN.getId());
User user = usrMgrOps.getDetails(userLogin, attrsToFetch, userLoginUsed);
logger.log(ODLLevel.NOTIFICATION, "User Details: {0}", new Object[]{user});
return user.getEntityId();
}
}
view raw GenerateRequestUtilities.java hosted with ❤ by GitHub
package com.blogspot.oraclestack.services;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.List;
import javax.security.auth.login.LoginException;
import oracle.core.ojdl.logging.ODLLevel;
import oracle.core.ojdl.logging.ODLLogger;
import oracle.iam.identity.exception.UserSearchException;
import oracle.iam.identity.usermgmt.api.UserManager;
import oracle.iam.identity.usermgmt.vo.User;
import oracle.iam.platform.OIMClient;
import oracle.iam.platform.authz.exception.AccessDeniedException;
import oracle.iam.platform.entitymgr.vo.SearchCriteria;
/**
* This class uses the OIMClient to access the API services of an Oracle
* Identity Manager environment.
* @author rayedchan
*/
public class OracleIdentityManagerClient
{
// Logger
public static ODLLogger logger = ODLLogger.getODLLogger(OracleIdentityManagerClient.class.getName());
// Instance Variables
private OIMClient oimClient; // OIM Client to use API services
/**
* This constructor initializes the OIMClient by logging in as an
* OIM Identity. A system administrator is necessary to perform
* all the OIM API services.
* @param username User Login of the OIM Identity
* @param password Plain text password of the OIM Identity
* @param authwlPath Path to "authwl.conf" file. This can be found in "$MW_HOME/Oracle_IDM1/designconsole/config".
* @param appServerType Type of application server OIM is deployed on. For WebLogic, this value should be "wls".
* @param factoryInitialType Type of factory initial. For WebLogic, this value should be "weblogic.jndi.WLInitialContextFactory".
* @param oimProviderURL The OIM provider URL. For non-SSL protocol, the value should be "t3://<oimhostname>:<oimport>". For SSL protocol, the value should be "t3s://<oimhostname>:<oimport>".
* @param isSSL Set to true if SSL protocol is in use.
* @param trustKeystorePath Set path to trust key store if SSL is being used.
*/
public OracleIdentityManagerClient(String username, String password, String authwlPath, String appServerType, String factoryInitialType, String oimProviderURL, boolean isSSL, String trustKeystorePath) throws LoginException
{
// Initializes OIMClient with environment information
this.initializeOIMClient(authwlPath, appServerType, factoryInitialType, oimProviderURL, isSSL, trustKeystorePath);
// Login to OIM with System Administrator Credentials
oimClient.login(username, password.toCharArray());
}
/**
* Setup the necessary system properties and environment information in
* order to use the OIM Client.
* @param authwlPath Path to "authwl.conf" file. This can be found in "$MW_HOME/Oracle_IDM1/designconsole/config".
* @param appServerType Type of application server OIM is deployed on. For WebLogic, this value should be "wls".
* @param factoryInitialType Type of factory initial. For WebLogic, this value should be "weblogic.jndi.WLInitialContextFactory".
* @param oimProviderURL The OIM provider URL. For non-SSL protocol, the value should be "t3://<oimhostname>:<oimport>". For SSL protocol, the value should be "t3s://<oimhostname>:<oimport>".
* @param isSSL Set to true if SSL is in use.
* @param trustKeystorePath Set path to trust key store if SSL is being used.
*/
private void initializeOIMClient(String authwlPath, String appServerType, String factoryInitialType, String oimProviderURL, boolean isSSL, String trustKeystorePath)
{
// Set system properties required for OIMClient
System.setProperty("java.security.auth.login.config", authwlPath);
System.setProperty("APPSERVER_TYPE", appServerType);
// Set SSL argument on runtime to point to trusted key store
if(isSSL)
{
System.setProperty("weblogic.security.SSL.trustedCAKeyStore", trustKeystorePath);
}
// Create an instance of OIMClient with OIM environment information
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL, factoryInitialType);
env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, oimProviderURL);
this.oimClient = new OIMClient(env);
}
/**
* Get the OIMClient
* @return OIMClient object
*/
public OIMClient getOIMClient()
{
return this.oimClient;
}
/**
* Log out user from OIMClient.
*/
public void logout()
{
if(this.oimClient != null)
{
this.oimClient.logout();
logger.log(ODLLevel.TRACE, "Logout user from OIMClient.");
}
}
/**
* Method to test the OIMClient. All the Identities (users) are queried from
* OIM environment.
* @param args
*/
public void test() throws AccessDeniedException, UserSearchException
{
// Lookup User Manager service
UserManager usermgr = this.oimClient.getService(UserManager.class);
// Only fetch attributes defined in HashSet
HashSet attrQuery = new HashSet();
attrQuery.add("usr_key");
attrQuery.add("usr_login");
attrQuery.add("Display Name");
attrQuery.add("First Name");
attrQuery.add("Last Name");
// Call a method from User Manager service
List<User> users = usermgr.search(new SearchCriteria("User Login", "*", SearchCriteria.Operator.EQUAL), attrQuery, new HashMap());
logger.log(ODLLevel.NOTIFICATION, "OIM Users: {0}", new Object[]{users});
}
}
view raw OracleIdentityManagerClient .java hosted with ❤ by GitHub
Posted by at
Labels:

3 comments:

  1. srikantSeptember 2, 2017 at 2:30 PM

    In this blog requester is system administrator.In OIM 11Gr2 ps3 ,we need to raise request through user for self and others.So how to raise request by end user as we cant have credential of each user.

    ReplyDelete
  2. UnknownJanuary 31, 2019 at 8:58 AM

    Hi,

    Create request for entitlement works fine if user is not having any account provisioned or if there is just one account provisioned to user. If user is having multiple accounts of same application instance, to which entitlement belongs, then after calling requestService submit method, OIM get confused to which account the requested entitlement has to be associated. Is there a way to provide OIU_KEY while raising entitlement request, so that OIM knows that this request for this entitlment belong to this account.

    ReplyDelete
  3. EdajuaDecember 30, 2019 at 4:41 PM

    Hi Kuldeep Rautela,

    Do you resolve that issue?

    Best regards,

    ReplyDelete

Subscribe to: Post Comments (Atom)