Tuesday, October 16, 2012

OIM 11gR1: Update Password Change Next Logon Status in OIM

Use Case: When OIM admin or Java API resets a user's password then OIM always forces a user to reset the password on next OIM logon, to avoid the force reset password on next log in we have to update column 'USR_CHANGE_PWD_AT_NEXT_LOGON' in 'USR' table for that user.

Note: It's not recommendation, it's just a work around.

Approaches:

#1.

Get Database connection to OIM schema and update that column value using SQLDevelopr or any DB IDE

SQL Satement:
update usr set USR_CHANGE_PWD_AT_NEXT_LOGON='0'  where usr_login = 'UserID';

Where USR_CHANGE_PWD_AT_NEXT_LOGON='0' means there is no force reset password on next logon.
USR_CHANGE_PWD_AT_NEXT_LOGON='1' means OIM forces the user to reset the password on next logon.

#2.

OIM Java API

Note: Following JAR files used to run the following Java code. It's better you develop your code using JDeveloper IDE.


  1. xlDataObjects.jar (Path: middleware\iam_home\designconsole\lib)
  2. oimclient.jar    (Path: middleware\iam_home\designconsole\lib)




    protected static void updatePasswordChangeNextLogonStatus(String oimUserId,
                                                              String logon_status_value) {


        OIMClient oimClient = null;
        tcDataProvider dbProvider = null;

        try {

            System.setProperty("java.security.auth.login.config",
                               "file:config/authwl.conf");
            Hashtable env = new Hashtable();
            env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL,
                    "weblogic.jndi.WLInitialContextFactory");
            env.put(OIMClient.JAVA_NAMING_PROVIDER_URL,
                    "t3://" + hostname + ":" + port);
            oimClient = new OIMClient(env);
            oimClient.login(username, password.toCharArray());


            XLClientSecurityAssociation.setClientHandle(oimClient);
            PreparedStatementUtil pstmt = new PreparedStatementUtil();
            dbProvider = new tcDataBaseClient();
            String query =
                "update usr set USR_CHANGE_PWD_AT_NEXT_LOGON='" + logon_status_value +
                "' where USR_LOGIN='" + oimUserId + "'";


            pstmt.setStatement(dbProvider, query);
            pstmt.executeUpdate();


        } catch (tcDataSetException ex) {
            logger.error(ex.getMessage(), ex);


        } catch (LoginException loginEx) {
            logger.error(loginEx.getMessage(), loginEx);


        } catch (tcDataAccessException ex) {
            logger.error(ex.getMessage(), ex);

        } finally {
                   if (dbProvider != null) {
            try {
                dbProvider.close();
            } catch (Exception e) {
                logger.error(e.getMessage(), e);
            }
        }
        try {
            XLClientSecurityAssociation.clearThreadLoginSession();
        } catch (Exception e) {

        }
        if (oimClient != null) {
            oimClient.logout();
        }
        }


    }

You can leverage the above Java code to update any column in USR table to modify any user's attribute but I would recommend to use this approach only when there is no direct API to update user's attribute.