More than just Identity & Access Management: OIM 11g

Showing posts with label OIM 11g. Show all posts

Wednesday, October 8, 2014

How to create Oracle Identity Manager 11gR2 PS2 Disconnected Resource and provision user

In this post we will learn about how to create OIM Disconnected Resource and test provisioning user to disconnected resource up on user request

Steps:

- Login to http://pokuri.demo.com:14000/sysadmin/ console with XELSYSADM account

- Click on Sandboxes

- Click on Create Sandbox

- Name Sandbox and click on "Save and Close"

- Click on "OK"

-- Check Sandbox status as "Active"

- Double Click on "Application Instances" in the left panel

- Click on "Create"

- Enter Disconnected Resource Name and select Disconnected Check Box and click on "Save"

- Click "OK"

- Notice message "Application Instance AdminApp created successfully" on top.

- Search if the Application instance created or not.

- As we are dealing with "Disconnected Resource" below change in "Process Definition" needed.

- Login to OIM Design Console with "XELSYSADM" account and double click on "Process Definition"

- Click on "Search" icon as shown in the below screen shot.

- Click on "Process Definition Table" tab at the bottom.

- Select the Disconnected application entry and double click on sequence number associated to it.

- Double click on "ManualProvisioningStart" Task.

- Click on "Yes"

- Click on "Task to Object Status Mapping" tab as shown in the below screen shot.

- Select status "C" row and double click in "Object Status" column which opens another pop up window.

- Select "Provisioned" and click on "OK"

- Click on "Save" button as shown in the below screen shot.

- Click on "Close" symbol as shown in the below screen shot.

- Click "Save" button again at the "Process Definition"

- Click "Publish Sandbox" to activate the changes.

- Click "Yes" to complete publishing sandbox.

- Disconnected resource configuration is completed.

Now, Lets test it by provisioning user to that disconnected resource.

- Login as an end user in to http://<<hostname>>:14000/identity

- Double Click on "Catalog"

- Click on the Search button as shown in the below screen shot.

- Make sure new disconnected resource just created appears here then click on "Add to Cart" button next to it

- Resource is added to cart

- Click on "Checkout"

- Add the details as needed and click on "Ready to submit"

- Click on "Submit"

- Check the request id and the request sent to administrator for approval

- Login as "xelsysadm" into identity console

- Double Click on "Home"

- In the dashboard, check "Pending Approvals" section and notice that there is a request for approval. Click on that request

- Click on "Approve" (if appropriate access)

- As it is disconnected resource, request will be sent to the concerned resource Inbox for fulfillment. In this case i just have "XELSYSADM" and so request comes to "XELSSYADM" Inbox. Click on "Inbox"

- Click on the "My Tasks" and see new task is waiting for "Complete" status. Once the Manual work is completed click on "Complete" button.

Now, Lets go and check the User Accounts and it's status

-- As shown in the below screen shot "AdminApp" is "Provisioned" successfully.

Hope this helps some one out there.

-- Siva Pokuri.

TIPS: Sample Create User Oracle Identity Manager 11g API code

Sample Code:

import Thor.API.Operations.tcLookupOperationsIntf;

import java.util.HashMap;
import java.util.Hashtable;

import javax.security.auth.login.LoginException;

import oracle.iam.identity.exception.UserAlreadyExistsException;
import oracle.iam.identity.exception.UserCreateException;
import oracle.iam.identity.exception.ValidationFailedException;
import oracle.iam.identity.usermgmt.api.UserManager;
import oracle.iam.identity.usermgmt.vo.User;
import oracle.iam.platform.OIMClient;

public class OIMTestClient
{
public static void main(String arg[])
{
Hashtable<Object, Object> env = new Hashtable<Object, Object>();
env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL, "weblogic.jndi.WLInitialContextFactory");
env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, "t3://pokuri.demo.com:14000");

System.setProperty("java.security.auth.login.config", "/IdentityManagement/Blog/OIM/JDeveloperConfigforOIM/designconsole/config/authwl.conf");
System.setProperty("OIM.AppServerType", "wls");
System.setProperty("APPSERVER_TYPE", "wls");
oracle.iam.platform.OIMClient oimClient = new oracle.iam.platform.OIMClient(env);

try
{
oimClient.login("xelsysadm", "Abcd1234".toCharArray());
System.out.print("Successfully Connected with OIM ");
System.out.println("Before Create User --");

HashMap<String, Object> userAttributeValueMap = new HashMap<String, Object>();
userAttributeValueMap.put("act_key", new Long(1));
userAttributeValueMap.put("User Login", "sam");
userAttributeValueMap.put("First Name", "sam");
userAttributeValueMap.put("Last Name", "peter");
userAttributeValueMap.put("Email", "speter@abc.com");
userAttributeValueMap.put("usr_password", "Password123");
userAttributeValueMap.put("Role", "OTHER");
User user = new User("sam", userAttributeValueMap);
UserManager userManager = oimClient.getService(UserManager.class);
try {
userManager.create(user);
System.out.println("\nUser Created");
} catch (ValidationFailedException e) {
e.printStackTrace();
} catch (UserAlreadyExistsException e) {
e.printStackTrace();
} catch (UserCreateException e) {
e.printStackTrace();
}
System.out.println("User Created successfully");
}
catch (Exception e)
{
System.out.print(" Exception"+ e);
}
}
}

Tuesday, February 4, 2014

Oracle Identity Manager(OIM) 11g error: ORA-12516: TNS:LISTENER COULD NOT FIND AVAILABLE HANDLERWITH MATCHING PROTOCOL STACK

Issue:

OIM Managed Server some times shows ORA-12516: TNS:LISTENER COULD NOT FIND AVAILABLE HANDLER WITH MATCHING PROTOCOL STACK error.

Solution:

Connect OIM database as schema owner(Example: DEV_OIM) and increate processes and sessions count as shown below:

alter system set processes=300 scope=spfile;

alter system set sessions=300 scope=spfile;

Note: You need to restart database to take effect.

Thanks

Oracle Identity Manager(OIM) 11g R2 PS2(11.1.2.2.0) & Oracle SOA 11.1.1.7.0 Installation & Configuration

Oracle Identity Manager 11g R2 PS2 & SOA Installation & Configuration

Note: Identity and Access Management 11g R2 PS2 installers can be downloaded from http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/oid-11gr2-2104316.html

Steps:

Oracle Database Installation
IAM 11.1.2.2.0 RCU Installation
WebLogic 10.3.6 Installation
SOA 11.1.1.7.0 Installation
Configure SOA domain
SOA Mandatory Patches for OIM 11g R2 PS2 (which is bundled by default in IAM Installer Disk1)
IAM Suite Installation
Upgrading OPSS Schema using Patch Set Assistant
Extend OIM in existing domain(In this case we used SOA domain)
Configure OIM
Start OIM & SOA services

1. Oracle Database Installation:

Navigate to Database installer and double click on the setup as shown in below screen shot.

Note: For Oracle IAM suite setup select AL32UTF8 character set.

2. RCU Installation:

Unzip the RCU and navigate to /rcuHome/bin and double click on "rcu.bat".

3. Weblogic Installation

4. SOA Installation

5. Configure SOA Domain

6. SOA Mandatory Patches for OIM 11g R2 PS2 (which is bundled by default in IAM Installer Disk1)

7. IAM Suite installation

8. Upgrading OPSS Schema using Patch Set Assistant

9. Extend SOA domain to OIM

Configure Database security store using below command

<MW_HOME>/oracle_common/common/bin/wlst.cmd <IAM_HOME>/common/tools/configureSecurityStore.py -d <MW_Home>/user_projects/domains/base_domain -c IAM -p welcome1 -m create

Then start SOA Managed Server & Weblogic Admin Server.

10. Configure OIM: