Tuesday, October 16, 2012

OIM 11gR1: Update Password Change Next Logon Status in OIM

Use Case: When OIM admin or Java API resets a user's password then OIM always forces a user to reset the password on next OIM logon, to avoid the force reset password on next log in we have to update column 'USR_CHANGE_PWD_AT_NEXT_LOGON' in 'USR' table for that user.

Note: It's not recommendation, it's just a work around.



Get Database connection to OIM schema and update that column value using SQLDevelopr or any DB IDE

SQL Satement:
update usr set USR_CHANGE_PWD_AT_NEXT_LOGON='0'  where usr_login = 'UserID';

Where USR_CHANGE_PWD_AT_NEXT_LOGON='0' means there is no force reset password on next logon.
USR_CHANGE_PWD_AT_NEXT_LOGON='1' means OIM forces the user to reset the password on next logon.



Note: Following JAR files used to run the following Java code. It's better you develop your code using JDeveloper IDE.

  1. xlDataObjects.jar (Path: middleware\iam_home\designconsole\lib)
  2. oimclient.jar    (Path: middleware\iam_home\designconsole\lib)

    protected static void updatePasswordChangeNextLogonStatus(String oimUserId,
                                                              String logon_status_value) {

        OIMClient oimClient = null;
        tcDataProvider dbProvider = null;

        try {

            Hashtable env = new Hashtable();
                    "t3://" + hostname + ":" + port);
            oimClient = new OIMClient(env);
            oimClient.login(username, password.toCharArray());

            PreparedStatementUtil pstmt = new PreparedStatementUtil();
            dbProvider = new tcDataBaseClient();
            String query =
                "update usr set USR_CHANGE_PWD_AT_NEXT_LOGON='" + logon_status_value +
                "' where USR_LOGIN='" + oimUserId + "'";

            pstmt.setStatement(dbProvider, query);

        } catch (tcDataSetException ex) {
            logger.error(ex.getMessage(), ex);

        } catch (LoginException loginEx) {
            logger.error(loginEx.getMessage(), loginEx);

        } catch (tcDataAccessException ex) {
            logger.error(ex.getMessage(), ex);

        } finally {
                   if (dbProvider != null) {
            try {
            } catch (Exception e) {
                logger.error(e.getMessage(), e);
        try {
        } catch (Exception e) {

        if (oimClient != null) {


You can leverage the above Java code to update any column in USR table to modify any user's attribute but I would recommend to use this approach only when there is no direct API to update user's attribute.

No comments:

Post a Comment