Wednesday Mar 26, 2014

OIM11gR2: Uninstall connector utility

Unlike earlier version of OIM, you can now uninstall a connecter that is installed using a connector bundle or created on an environment directly.

Note: Before deleting a connector, navigate to Resource Object and click Create Reconciliation profile before deleting connector. Otherwise you see the connector delete is unsuccessful.

The following are the steps involved in uninstalling a connector:

 1. Set up the properties file with appropriate information. Location: $OIM_HOME/bin/ConnectorUninstall.properties

2. Execute the uninstall script. Location: $OIM_HOME/bin/uninstallConnector.bat or uninstallConnector.sh

Almost all the properties on the ConnectorUninstall.properties file are explained in the OOB file. The focus here would be on ObjectType and ObjectValues properties.

If the connector is installed using a connector bundle and you wanted to uninstall it, ignore these properties.  If a connector is installed using Deployment Manager --> Import then these properties are helpful.

By providing ObjectType=Resource and ObjectValue=<Name of RO>, a few of the important connector components can be deleted.

If a connector is uninstalled using the Resource Object Name and it is value, the objects like Process Definition, Process Form, IT Resource, Application Instance are deleted. Note that the request dataset is not deleted.

Monday May 20, 2013

OIM11gR2: Issue with (request form prepop Vs process form prepop)

Background

Pre-Populating known information on a request form during a provisioning operation is a very common need. OIM11g R2 supports request form pre-population using plug-in concept. The plug-in point is "oracle.iam.request.plugins.PrePopulationAdapter". A sample entry in plug-in.xml is shown here:

<plugin pluginclass="PrePopulateUserLogin" version="1.0" name="PrePopulateUserLogin">
   <metadata name="PrePopulationAdapater">
    <value>PrepopTestApp::User Login|FileTransfer::Account Login</value>
   </metadata>
  </plugin>

Issue

The class  PrePopulateUserLogin is used maintain the logic to fetch and return the value of User Login.

The returned value is populated on the attributes mentioned in the <value> element of the above seen snippet. They are 'user Login' field on the 'PrepopTestApp' application and 'Account Login' on 'FileTransfer' application.

In case the plugin class couldn't fetch a value for User Login and it is programmed in such a way that a blank/empty string is returned. In this scenario doing this may look smooth and robust enough. However, this is an issue if you also have a logic to pre-populate the same attribute using a pre-populate adapter attached on the process form.

Flow

 The User Login is returned blank by the request form pre-populate code. The request is submitted with a blank User Login value. Say the request had gone through required approvals.

The process form pre-populate adapter gets triggered because the 'User Name' attribute is blank. Any OIM developer can state that, once the pre-populate adapter is triggered and returns a value, the value is populated on the process form. Surprisingly, this doesn't happen in this case.

The adapter is triggered and a value is returned, but the form is not populated. In case your User Name attribute is mandatory on the process form, you account stands in provisioning state and you can see from the Resource History that 'System Validation' is pending. Try this out!!!

Solution

At least I felt that it is a good discovery. The solution is simple.

In your request form pre-population logic if you don't find a value to return, return null instead of blank string

Case1:   If we do this, the process form pre-pop triggers but will not a set a value . The weird thing is since it is triggered, it should set the value fetched, but it doesn’t.
if (attrValue!=null)
      return attrValue;
    else
      return "";
Case2: The process form pre-populate gets triggered and sets a value
if (attrValue!=null)
      return attrValue;
    else
      return null;

Conclusion

This means, for request form pre-populate we should return null, if the source attribute value is either blank/null. 




Friday Apr 12, 2013

OIM11gR2PS1 (11.1.2.1) Database Schema Documentation Now Available

For anyone who is interested to know more about the OIM11gR2 database schema, OIM11gR2 DB Data Model and the Data dictionary, refer the following document on https://support.oracle.com

Oracle Identity Manager 11gR2PS1 (11.1.2.1) Database Schema Documentation [ID 1541858.1]


Thursday Mar 21, 2013

OIM11g R2: Reconciling a Disconnected System Account

Reconciliation of disconnected system account is same as reconciling a connected system account. The main difference lies in the source of reconciliation. In case of a connected system, a connection is established with the actual target system and data is pulled to OIM. Where as in case of a disconnected system, the data is made available to OIM using a CSV, Flat File or a database table. Reconciliation on both these types of systems look same in case of initial load. Some implementations make data available externally during initial load for all types of target systems.

 In any type of System's reconciliation, including IT Resource attribute among the RO attributes and recon data is mandatory. In case this information(IT Resource in the recon data) is missed in the recon data when submitting reconciliation event, the reconciliation event is created and linked successfully. The status on the recon event shows 'Creation Succeeded'. However, when navigated to the 'Accounts' tab or 'My Access' tab, the resource is not shown. The reconciliation rules are evaluated, the event gets linked, but the resource doesn't appear on the user's resource profile. Yes, you read it correctly.

Also, when another recon event is created for the same account, the event shows 'Update Succeeded' , but again no resource is seen is the user's resource profile.

The code snippet for submitting a simple recon even is here:

ReconOperationsService reconOp = client.getService(ReconOperationsService.class);
        System.out.println("reconOp="+reconOp);

         Map<String,Object> roDataMap = new HashMap<String,Object> ();

          roDataMap.put("User Name","name");
          roDataMap.put("Email","name@xyz.com");
roDataMap.put("IT Resource","ITR"); - This is most important

          try {

           EventAttributes ea=new EventAttributes();
           ea.setEventFinished(true);

           long eventKey = reconOp.createReconciliationEvent(RESOURCE_OBJECT, roDataMap , ea);
           reconOp.processReconciliationEvent(eventKey);
           System.out.println("eventKey="+eventKey);

          } catch (Exception e) {

              e.printStackTrace();
          }

About

OIM11gR2 Blog by NA-TAG Offshore IDAM team

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today