Friday May 13, 2016

Event Handlers upon Resource Provisioning Activities

After deprecation of entity adapters, everyone know that Oracle has introduced event handlers to perform operations on pre and post of insert, update and delete activities. 

By now, almost all OIM developers might have worked on writing Event Handlers pre and post of creating and updating a user/identity profile. This is a very frequent requirement. 

There is a chance one might want to write event handler that triggers on account provisioning activities. The blog post is intended to provide an example of how to trigger an event handler on successful provisioning of a resource. 

Before getting to the details one must understand there are various operations supported by OIM like Create User, Update User, Provision Account, Disable Account, Create Role, Delete Role, Update Role, Provision Account by Access Policy, Revoke Account etc... and each operation is considered to be a different orchestration.  

1. Entry to EventHandler XML file for AP based provisioning:

<action-handler
    class="com.xyz.oim.account.usermgmt.impl.handlers.OIMProvisionAccountPostProcessEmailHandler"
    entity-type="Resource" 
    operation="ACCESS_POLICY_BASED_PROVISION"  
    name="OIMProvisionAccountPostProcessEmailHandler"
    stage="postprocess"
    order="10000" 
    sync="TRUE"/> 

 Notice the values for entity-type and operation. The values indicate that the event handler should trigger upon provisioning a resource. The operation value especially indicate that the event handler should trigger only if a resource is provisioned using Access Policy. 

 2. Entry to EventHandlers XML file for direct provisioning:

<action-handler
    class="com.xyz.oim.account.usermgmt.impl.handlers.OIMProvisionAccountPostProcessEmailHandler"
    entity-type="Resource" 
    operation="PROVISION"  
    name="OIMProvisionAccountPostProcessEmailHandler"
    stage="postprocess"
    order="10000" 
    sync="TRUE"/> 

 In this case the value of operation is 'PROVISION'. One can similarly use REVOKE for triggering event handler upon revoking an account.

OTN documentation provides right value for 'operation' and 'entity-type'  for certain frequently used operations. In order to find all possible values, use the following and perform the operation:

<action-handler
    class="com.xyz.oim.account.usermgmt.impl.handlers.OIMHandler"
    entity-type="Any" 
    operation="Any"  
    name="OIMHandler"
    stage="postprocess"
    order="10000" 
    sync="TRUE"/>

 The handler code can print the values for operation and entity-type:

1. abstractGenericOrchestration.getOperation()

2. abstractGenericOrchestration.getTarget().getType() 

The input parameter to the execute method of event handler differ based on the operations. In case of 'Resource' type use conditional event handler and identify the resource being provisioned in the context. Based on the resource decide whether the actual handler logic is required or not. 

Important Note: Using Any/Any is for the properties is not supported. This is for internal purposes only. Using this may have high impact of product performance.  

Wednesday Dec 05, 2012

Using ant to register plugins and deploy metadata xmls

Ant can be used to register plugins directly to MDS.

Following is the ant script to register plugin zip:

<target name="register_plugin" depends="compile_package">
    <echo> Register Plugin : ${plugin.base}/${project.name}.zip</echo>
    <java classname="oracle.iam.platformservice.utils.PluginUtility" classpathref="classpath" fork="true">
        <sysproperty key="XL.HomeDir" value="${oim.home.server}"/>
        <sysproperty key="OIM.Username" value="${oim.username}"/>    
        <sysproperty key="OIM.UserPassword" value="${oim.password}"/>
        <sysproperty key="ServerURL" value="${oim.url}"/>
       <sysproperty key="PluginZipToRegister" value="${plugin.base}/${project.name}.zip"/>
        <sysproperty key="java.security.auth.login.config" value="${oim.home}\designconsole\config\authwl.conf"/>
        <arg value="REGISTER"/>
        <redirector error="redirector.err" errorproperty="redirector.err" output="redirector.out" outputproperty="redirector.out"/>
    </java>
    <copy file="${plugin.base}/${project.name}.zip" todir="${oim.home.server}\plugins"/>
</target>

This script requires following properties:

plugin.base

project.name

oim.home.server

oim.username

oim.password

You can either define a properties file for these properties or define them directly in build.xml. Build.properties will look like:

# Set the OIM home here

oim.home=C:/Oracle/Middleware02/Oracle_IDM

# Set the weblogic home here

wls.home=C:/Oracle/Middleware02/wlserver_10.3

OIM.ServerName=oim_server1

# e.g.: used in building the jar and zip files

#Note : no spaces in the project name

project.name=ScheduledTask_Sample

#Set the oim username

oim.username=xelsysadm

# set the oim password

oim.password=Welcome1

WL.Username=weblogic

WL.UserPassword=weblogic1

#set the oim URL here

oim.url=t3://localhost:14000

WL.url=t3://localhost:7001

#Location from where the metadata files are pickedup for MDS import

metadata.location=C:/Project /src/ScheduledTask_Sample /metaxml/

Following is the ANT script to import metadata xml:

<target name="ImportMetadata">
                <echo> Preparing for MDS xmls Upload...</echo>
                <copy file="${oim.home}/bin/weblogic.properties" todir="."/>
                <replaceregexp file="weblogic.properties" match="wls_servername=(.*)" replace="wls_servername=${OIM.ServerName}" byline="true"/>
                <replaceregexp file="weblogic.properties" match="application_name=(.*)" replace="application_name=OIMMetadata" byline="true"/>
                <replaceregexp file="weblogic.properties" match="metadata_from_loc=(.*)" replace="metadata_from_loc=${metadata.location}" byline="true"/>
                <copy file="${oim.home}/bin/weblogicImportMetadata.py" todir="."/>
                <replace file="weblogicImportMetadata.py">
                     <replacefilter token="connect()" value="connect('${wl.username}', '${wl.password}', '${wl.url}')"/>
                </replace>
                <echo> Importing metadata xmls to MDS... </echo>
                <exec dir="." vmlauncher="false" executable="${oim.home}/../common/bin/wlst.sh">
                        <arg value="-loadProperties"/>
                        <arg value="weblogic.properties"/>
                        <arg value="weblogicImportMetadata.py"/>
                        <redirector output="deletemd_redirector.out" logerror="true" outputproperty="deletemd_redirector.out" />
                </exec>
                <echo>${deletemd_redirector.out}</echo>
                <echo>${deletemd_redirector.out}</echo>
                <echo>Completed metadata xmls import to MDS</echo>
</target>
About

OIM11gR2 Blog by NA-TAG Offshore IDAM team

Search

Categories
Archives
« June 2016
SunMonTueWedThuFriSat
   
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
  
       
Today