Friday, October 30, 2015

Get started using Oracle Identity Manager 11gR2 PS3

Learn Oracle Identity Manager 11gR2 PS3

  • This introductory series of short Oracle by Example tutorials will help you get started using Oracle Identity Manager 11gR2 PS3. The tutorials in this series will help you learn how to:
    • Install and prepare an Oracle Database for Oracle Identity and Access Management Suite
    • Setup an Oracle Identity Manager 11gR2 PS3 environment
    • Work with Oracle Identity Manager entities
    • Provision Oracle Identity Manager accounts using a connector
Click below link to open up tutorial

Setting-up an Oracle Identity Manager 11gR2 PS3 environment

Thursday, June 6, 2013

Propagate Changes from OIM User Profile to Target (Resources)

Propagate the changes from OIM User profile to a target (resource e.g. OID or ODSEE)

Go to Design Console and then open up the lookup table 'Lookup.USR_PROCESS_TRIGGERS' and map the OIM User profile attributes with corresponding tasks e.g. 'USR_FIRST_NAME' is a user profile attribute and 'Change First Name' task is corresponding target Task name. With this configuration when you make changes to 'First Name' then the changes automatically propagates to Target e.g. ODSEE or OID.




Wednesday, April 17, 2013

Trusted User Recon Setup for OID-11.1.1.5.0 ICF Based Connector

Oracle launched OID-11.1.1.5.0 ICF connector which supports the following directory servers
Oracle Directory Server Enterprise Edition (ODSEE), Oracle Internet Directory (OID), Oracle Unified Directory (OUD), and Novell eDirectory.

By default the connector is configured for Target User reconciliation if you want to configure the connector for Trusted User recon then make the following changes

1. Go to the design console and search for the lookup table 'Lookup.LDAP.Configuration'.
2. Update the decode value with 'Lookup.LDAP.UM.Configuration.Trusted' of 'User Configuration Lookup' code key as shown in picture.



3. Save the changes.
4. Run the Trusted User Recon job 'LDAP Connector Trusted User Reconciliation'.

Friday, March 8, 2013

java.io.InvalidClassException: org.eclipse.persistence.indirection.IndirectList

Due to Eclipselink.jar incompatibility within JDeveloper I faced the following exception:


Exception in thread "main" javax.ejb.EJBException: failed to unmarshal interface java.util.List; nested exception is: 
java.io.InvalidClassException: org.eclipse.persistence.indirection.IndirectList; local class incompatible: stream classdesc serialVersionUID = 4038061360325736360, local class serialVersionUID = -494763524358427112; nested exception is: java.io.InvalidClassException: org.eclipse.persistence.indirection.IndirectList; local class incompatible: stream classdesc serialVersionUID = 4038061360325736360, local class serialVersionUID = -494763524358427112
java.io.InvalidClassException: org.eclipse.persistence.indirection.IndirectList; local class incompatible: stream classdesc serialVersionUID = 4038061360325736360, local class serialVersionUID = -494763524358427112


Solution:

Replace the Eclipselink.jar with the JAR file found at the following location:

 Middleware_Home\oracle_common\modules\oracle.toplink_11.1.1\eclipselink.jar

Compile and Run the program again and it will run without any problem.

Wednesday, March 6, 2013

Get OIM DB Connection

We have OIM APIs to get connection to OIM DB and we can fire up a query to get data from OIM DB tables.

           
/**
* OIM DB Table: UPA_UD_FORMFIELDS
*Column Name: OLD_VALUE

*/

String query =
               "select * from UPA_UD_FORMFIELDS";

Connection connection = Platform.getOperationalDS().getConnection();
PreparedStatement prepared_statement = connection.prepareStatement(query);
ResultSet resultSet = prepared_statement.executeQuery();

String  field_old_value = resultSet.getString("OLD_VALUE");
            
            System.out.println("field_old_value: "+field_old_value);


List of OIM DB tables:

http://www.reachdba.com/showthread.php?701-OIM-List-of-Tables-and-Description

Tuesday, October 16, 2012

OIM 11gR1: Update Password Change Next Logon Status in OIM

Use Case: When OIM admin or Java API resets a user's password then OIM always forces a user to reset the password on next OIM logon, to avoid the force reset password on next log in we have to update column 'USR_CHANGE_PWD_AT_NEXT_LOGON' in 'USR' table for that user.

Note: It's not recommendation, it's just a work around.

Approaches:

#1.

Get Database connection to OIM schema and update that column value using SQLDevelopr or any DB IDE

SQL Satement:
update usr set USR_CHANGE_PWD_AT_NEXT_LOGON='0'  where usr_login = 'UserID';

Where USR_CHANGE_PWD_AT_NEXT_LOGON='0' means there is no force reset password on next logon.
USR_CHANGE_PWD_AT_NEXT_LOGON='1' means OIM forces the user to reset the password on next logon.

#2.

OIM Java API

Note: Following JAR files used to run the following Java code. It's better you develop your code using JDeveloper IDE.


  1. xlDataObjects.jar (Path: middleware\iam_home\designconsole\lib)
  2. oimclient.jar    (Path: middleware\iam_home\designconsole\lib)




    protected static void updatePasswordChangeNextLogonStatus(String oimUserId,
                                                              String logon_status_value) {


        OIMClient oimClient = null;
        tcDataProvider dbProvider = null;

        try {

            System.setProperty("java.security.auth.login.config",
                               "file:config/authwl.conf");
            Hashtable env = new Hashtable();
            env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL,
                    "weblogic.jndi.WLInitialContextFactory");
            env.put(OIMClient.JAVA_NAMING_PROVIDER_URL,
                    "t3://" + hostname + ":" + port);
            oimClient = new OIMClient(env);
            oimClient.login(username, password.toCharArray());


            XLClientSecurityAssociation.setClientHandle(oimClient);
            PreparedStatementUtil pstmt = new PreparedStatementUtil();
            dbProvider = new tcDataBaseClient();
            String query =
                "update usr set USR_CHANGE_PWD_AT_NEXT_LOGON='" + logon_status_value +
                "' where USR_LOGIN='" + oimUserId + "'";


            pstmt.setStatement(dbProvider, query);
            pstmt.executeUpdate();


        } catch (tcDataSetException ex) {
            logger.error(ex.getMessage(), ex);


        } catch (LoginException loginEx) {
            logger.error(loginEx.getMessage(), loginEx);


        } catch (tcDataAccessException ex) {
            logger.error(ex.getMessage(), ex);

        } finally {
                   if (dbProvider != null) {
            try {
                dbProvider.close();
            } catch (Exception e) {
                logger.error(e.getMessage(), e);
            }
        }
        try {
            XLClientSecurityAssociation.clearThreadLoginSession();
        } catch (Exception e) {

        }
        if (oimClient != null) {
            oimClient.logout();
        }
        }


    }

You can leverage the above Java code to update any column in USR table to modify any user's attribute but I would recommend to use this approach only when there is no direct API to update user's attribute.