Use Case: When OIM admin or Java API resets a user's password then OIM always forces a user to reset the password on next OIM logon, to avoid the force reset password on next log in we have to update column 'USR_CHANGE_PWD_AT_NEXT_LOGON' in 'USR' table for that user.
Note: It's not recommendation, it's just a work around.
Approaches:
#1.
Get Database connection to OIM schema and update that column value using SQLDevelopr or any DB IDE
SQL Satement:
update usr set USR_CHANGE_PWD_AT_NEXT_LOGON='0' where usr_login = 'UserID';
Where USR_CHANGE_PWD_AT_NEXT_LOGON='0' means there is no force reset password on next logon.
USR_CHANGE_PWD_AT_NEXT_LOGON='1' means OIM forces the user to reset the password on next logon.
#2.
OIM Java API
Note: Following JAR files used to run the following Java code. It's better you develop your code using JDeveloper IDE.
protected static void updatePasswordChangeNextLogonStatus(String oimUserId,
String logon_status_value) {
OIMClient oimClient = null;
tcDataProvider dbProvider = null;
try {
System.setProperty("java.security.auth.login.config",
"file:config/authwl.conf");
Hashtable env = new Hashtable();
env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL,
"weblogic.jndi.WLInitialContextFactory");
env.put(OIMClient.JAVA_NAMING_PROVIDER_URL,
"t3://" + hostname + ":" + port);
oimClient = new OIMClient(env);
oimClient.login(username, password.toCharArray());
XLClientSecurityAssociation.setClientHandle(oimClient);
PreparedStatementUtil pstmt = new PreparedStatementUtil();
dbProvider = new tcDataBaseClient();
String query =
"update usr set USR_CHANGE_PWD_AT_NEXT_LOGON='" + logon_status_value +
"' where USR_LOGIN='" + oimUserId + "'";
pstmt.setStatement(dbProvider, query);
pstmt.executeUpdate();
} catch (tcDataSetException ex) {
logger.error(ex.getMessage(), ex);
} catch (LoginException loginEx) {
logger.error(loginEx.getMessage(), loginEx);
} catch (tcDataAccessException ex) {
logger.error(ex.getMessage(), ex);
} finally {
if (dbProvider != null) {
try {
dbProvider.close();
} catch (Exception e) {
logger.error(e.getMessage(), e);
}
}
try {
XLClientSecurityAssociation.clearThreadLoginSession();
} catch (Exception e) {
}
if (oimClient != null) {
oimClient.logout();
}
}
}
You can leverage the above Java code to update any column in USR table to modify any user's attribute but I would recommend to use this approach only when there is no direct API to update user's attribute.
Note: It's not recommendation, it's just a work around.
Approaches:
#1.
Get Database connection to OIM schema and update that column value using SQLDevelopr or any DB IDE
SQL Satement:
update usr set USR_CHANGE_PWD_AT_NEXT_LOGON='0' where usr_login = 'UserID';
Where USR_CHANGE_PWD_AT_NEXT_LOGON='0' means there is no force reset password on next logon.
USR_CHANGE_PWD_AT_NEXT_LOGON='1' means OIM forces the user to reset the password on next logon.
#2.
OIM Java API
Note: Following JAR files used to run the following Java code. It's better you develop your code using JDeveloper IDE.
- xlDataObjects.jar (Path: middleware\iam_home\designconsole\lib)
- oimclient.jar (Path: middleware\iam_home\designconsole\lib)
protected static void updatePasswordChangeNextLogonStatus(String oimUserId,
String logon_status_value) {
OIMClient oimClient = null;
tcDataProvider dbProvider = null;
try {
System.setProperty("java.security.auth.login.config",
"file:config/authwl.conf");
Hashtable
env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL,
"weblogic.jndi.WLInitialContextFactory");
env.put(OIMClient.JAVA_NAMING_PROVIDER_URL,
"t3://" + hostname + ":" + port);
oimClient = new OIMClient(env);
oimClient.login(username, password.toCharArray());
XLClientSecurityAssociation.setClientHandle(oimClient);
PreparedStatementUtil pstmt = new PreparedStatementUtil();
dbProvider = new tcDataBaseClient();
String query =
"update usr set USR_CHANGE_PWD_AT_NEXT_LOGON='" + logon_status_value +
"' where USR_LOGIN='" + oimUserId + "'";
pstmt.setStatement(dbProvider, query);
pstmt.executeUpdate();
} catch (tcDataSetException ex) {
logger.error(ex.getMessage(), ex);
} catch (LoginException loginEx) {
logger.error(loginEx.getMessage(), loginEx);
} catch (tcDataAccessException ex) {
logger.error(ex.getMessage(), ex);
} finally {
if (dbProvider != null) {
try {
dbProvider.close();
} catch (Exception e) {
logger.error(e.getMessage(), e);
}
}
try {
XLClientSecurityAssociation.clearThreadLoginSession();
} catch (Exception e) {
}
if (oimClient != null) {
oimClient.logout();
}
}
}
You can leverage the above Java code to update any column in USR table to modify any user's attribute but I would recommend to use this approach only when there is no direct API to update user's attribute.
No comments:
Post a Comment