Tuesday Aug 19, 2014

Oracle Identity Manager Role Management With API

As an administrator, you use roles to create and manage the records of a collection of users to whom you want to permit access to common functionality, such as access rights, roles, or permissions.

Roles can be independent of an organization, span multiple organizations, or contain users from a single organization.

Using roles, you can:

  • View the menu items that the users can access through Oracle Identity Manager Administration Web interface.

  • Assign users to roles.

  • Assign a role to a parent role

  • Designate status to the users so that they can specify defined responses for process tasks.

  • Modify permissions on data objects.

  • Designate role administrators to perform actions on roles, such as enabling members of another role to assign users to the current role, revoke members from current role and so on.

  • Designate provisioning policies for a role. These policies determine if a resource object is to be provisioned to or requested for a member of the role.

  • Assign or remove membership rules to or from the role. These rules determine which users can be assigned/removed as direct membership to/from the role.


 In this post, i will share some examples for role management with Oracle Identity Management API.  You can do role operations you can use Thor.API.Operations.tcGroupOperationsIntf interface.

tcGroupOperationsIntf service =  getClient().getService(tcGroupOperationsIntf.class);   

 Assign an user to role : 

  public void assignRoleByUsrKey(String roleName, String usrKey) throws Exception {

        Map<String, String> filter = new HashMap<String, String>();

        filter.put("Groups.Role Name", roleName);

        tcResultSet role = service.findGroups(filter);

        String groupKey = role.getStringValue("Groups.Key");

        service.addMemberUser(Long.parseLong(groupKey), Long.parseLong(usrKey));

    }

 Revoke an user from role:

    public void revokeRoleByUsrKey(String roleName, String usrKey) throws Exception {

        Map<String, String> filter = new HashMap<String, String>();

        filter.put("Groups.Role Name", roleName);

        tcResultSet role = service.findGroups(filter);

        String groupKey = role.getStringValue("Groups.Key");

        service.removeMemberUser(Long.parseLong(groupKey), Long.parseLong(usrKey));

    }

Get all members of a role : 

    public List<User> getRoleMembers(String roleName) throws Exception {

        List<User> userList = new ArrayList<User>();

        Map<String, String> filter = new HashMap<String, String>();

        filter.put("Groups.Role Name", roleName);

        tcResultSet role = service.findGroups(filter);

      String groupKey = role.getStringValue("Groups.Key");

        tcResultSet members = service.getAllMemberUsers(Long.parseLong(groupKey));

        for (int i = 0; i < members.getRowCount(); i++) {

                members.goToRow(i);

                long userKey = members.getLongValue("Users.Key");

                User member = oimUserManager.findUserByUserKey(String.valueOf(userKey));

                userList.add(member);

        }

       return userList;

    }


About me:

Mustafa Kaya is a Senior Consultant in Oracle Fusion Middleware Team, living in Istanbul. Before coming to Oracle, he worked in teams developing web applications and backend services at a telco company. He is a Java technology enthusiast, software engineer and addicted to learn new technologies,develop new ideas.

Follow Mustafa on Twitter,Connect on LinkedIn, and visit his site for Oracle Fusion Middleware related tips.

Tuesday Jul 15, 2014

Oracle Identity Manager Developing Custom Scheduled Tasks

Oracle Identity Manager contains a set of predefined tasks that can be scheduled as job runs. OIM also provides the capability of creating your own scheduled tasks. You can create scheduled tasks according to your requirements if none of the predefined scheduled tasks fit your needs.You can develop various scheduled task such as reconciliation, user expire date check and etc.

In this post, I will explain create a custom scheduled task for check user's expire date. This jobs send notification to user's manager two weeks before end date.

Steps for create new schedule tasks;

  1. Create schedule task java class.

This class extends from OIM API's oracle.iam.scheduler.vo.TaskSupport. And override execute method for processing logic based on your requirements.

public class ExpireCheckJob extends TaskSupport {

    public ExpireCheckJob() {

        super();

    }

    public void execute(HashMap hashMap) throws Exception{

        try{

             List<HashMap<String, String>> usrlist = new ArrayList<HashMap<String, String>>();

             usrlist = getusersExpireToday();

             for (int i = 0; i < usrlist.size(); i++) {

                     User userDetails = usrlist.get(i);

                     sendNotificationToUserManager(user);

             }  

        }catch(Exception e){

            e.printStackTrace();

        }

    }

    public HashMap getAttributes() {

        return null;

    }

    public void setAttributes() {

    }

2.Create the plugin.xml file.

<?xml version="1.0" encoding="UTF-8"?>
<oimplugins xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <plugins pluginpoint="oracle.iam.scheduler.vo.TaskSupport">
            <plugin pluginclass="com.oracle.oim.scheduledjobs.ExpireCheckJob" version="1.0" name="ExpireCheckJob"/>
     </plugins>
</oimplugins>

For example, you can configure a reconciliation run using a scheduled task that checks for new information on target systems periodically and replicates the data in Oracle Identity Manager.

 3.  Create a plugin.zip file which contains jar and plugin.xml

plugin/
lib/
PLUGIN.JAR

plugin.xml

4. Copy this zip file to OIM_HOME/server/plugins

5.  Copy jar file to OIM_HOME/server/ScheduleTask

6.  Configuring the schedule task xml file

This xml defines schedule task information.

<?xml version="1.0" encoding="UTF-8"?>
<xl-ddm-data version="2.0.1.0" user="XELSYSADM" database="jdbc:oracle:thin:@trkist01-odb-01:1521/MIDM" exported-date="1342018530943" description="ExpireCheckJob">
     <scheduledTask repo-type="MDS" name="ExpireCheckJob" mds-path="/db" mds-file="ExpireCheckJob.xml">
          <completeXml>
               <scheduledTasks xmlns="http://xmlns.oracle.com/oim/scheduler">
                    <task>
                         <name>ItAuthExpireCheckJob</name>
                         <class>com.oracle.oim.scheduledjobs.ExpireCheckJob</class>
                         <description>ExpireCheckJob</description>
                         <retry>1</retry>
                    </task>
               </scheduledTasks>
          </completeXml>
     </scheduledTask>
</xl-ddm-data>

Import the schedule task xml file via OIM Sysadmin console.

7.Create a new schedule task from OIM Sysadmin console.


First log in to Oracle Identity System Administration with the appropriate credentials.

1.In the left pane, under System Management, click Scheduler. The Advanced Administration is displayed with the Scheduler section in the System Management tab active. 

2. On the left pane, from the Actions menu, select Create. Alternatively, you can click the icon with the plus (+) sign beside the View list.

Job Name: Enter a name for the job.For our example : Expire Date Check

Task: Specify the name of the scheduled task that runs the job. For our example : ExpireDateCheckJob

* To search and specify a scheduled task:

1. Click the magnifying glass icon next to this field.

3. In the Search and Select : Scheduled Task dialog box, specify a search criterion for the scheduled task and click the icon next to Search field.A list of all scheduled tasks that meet the search criterion is displayed.

1. From this list, select the scheduled task that runs the job being created, and then click Confirm.


Start Date: Specify the date and time on which you want the job to run. To do this, select the date and time along with timezone from the date editor and click Ok. By default, the timezone is "(UTC-08:00) US Pacific Time".

Retries: Retry count is used to manage the job in case of failure. A job cannot execute more than its retry count if it fails consecutively. The job is disabled if it fails consecutively till its retry count is exhausted. The job must be enabled from the UI for further execution.

Schedule Type: Depending on the frequency at which you want the job to run, select one of the following schedule types:

Periodic: Select this option if you want the job to be run at a time that you specify, on a repeating basis. If you select this option, then you must enter an integer value in the Run every field under the Job Periodic Settings section and select one of the following values:

 - mins
                         - hrs
                         - days

Cron: Select this option if you want the job to be run at a particular interval on a recurring basis. For example, you can create a job that must run at 8:00 A.M. every Monday through Friday or at 1:30 A.M. every last Friday of the month.

* The recurrence of the job must be specified in the Cron Settings section. In the Recurring Interval field, you can select any of the following values:
- Daily
- Weekly
- Monthly on given dates
- Monthly on given weekdays
- Yearly
After selecting a value, you can enter an integer value in the Days between runs field.

Single: Select this option if the job is to be run only once at the specified start date and time.


  No pre-defined schedule: This option specifies that no schedule is attached to the job you are creating, and therefore, it is not triggered automatically. As a result, the only option to trigger the job is by clicking Save and Run Now.


About me:

Mustafa Kaya is a Senior Consultant in Oracle Fusion Middleware Team, living in Istanbul. Before coming to Oracle, he worked in teams developing web applications and backend services at a telco company. He is a Java technology enthusiast, software engineer and addicted to learn new technologies,develop new ideas.

Follow Mustafa on Twitter,Connect on LinkedIn, and visit his site for Oracle Fusion Middleware related tips.

Tuesday Jun 17, 2014

Oracle Identity Manager Custom Event Handler

In an Identity Management system, any action performed by a user or system is called an operation. Examples of operations are creating users, modifying roles, and creating password policies. The process of any Oracle Identity Manager operation that goes through a predefined set of stages and executes some business logic in each stage is called an orchestration. The type of object that is changed by the orchestration is called an orchestration target. 

Orchestration is divided into predefined steps called stages. Every operation moves through these stages until it reaches finalization. Orchestration has the following stages:

  • Validation: Stage to perform validation on the orchestration, such as validity of orchestration parameters. Orchestration parameter is the data that is required to carry out the orchestration operation.
  • Preprocess: Stage to perform orchestration parameter manipulations or get approvals or perform Segregation of Duties (SoD) checks.
  • Action: Stage in which the action takes place.
  • Audit: Stage in which the auditing of operation is performed.
  • Postprocess: Stage in which consequent operations related to the current operation takes place. Examples of consequent operations are auto role membership and policy evaluation on a user creation.
  • Finalization: Last stage in the process to perform any clean up.

Oracle Identity Manager allows you to implement Service Provider Interfaces (SPIs) to customize the functionality of orchestration operations. Only customization of preprocess, postprocess, validation, and finalization stages of an operation in an entity orchestration is supported.

In my example, i will explain user enable operation. For example, we may want to change user's end-date when user's status change to enable.

1-) Develop custom event handler Java code.

For our example, I will use Postprocess stage therefore our class must be extended from oracle.iam.platform.kernel.spi.PostProcessHandler.

public class RoleUserEventManagement
  implements PostProcessHandler
{
private RoleUserEventProcessors roleUserEventProcessor;

  private RoleUserEventProcessors getRoleUserEventProcessor()
  {
    if (this.roleUserEventProcessor == null) {
      this.roleUserEventProcessor = new RoleUserEventProcessors();
    }

    return this.roleUserEventProcessor;
  }

  public void initialize(HashMap<String, String> arg0)
  {
  }

  public boolean cancel(long arg0, long arg1, AbstractGenericOrchestration arg2)
  {
    return false;
  }

  public void compensate(long arg0, long arg1, AbstractGenericOrchestration arg2)
  {
  }

  public EventResult execute(long processId, long eventId, Orchestration orchestration)
  {
    Utils.logger.error("[RoleUserEventManagement][execute] : Starting.");

    EventResult eventResult = new EventResult();
    String type = orchestration.getTarget().getType();
    Utils.logger.error("[RoleUserEventManagement][execute] type : " + type);

    if ("RoleUser".equalsIgnoreCase(type)) {
      try {
String operation = orchestration.getOperation();
             User user = getUserManager().getUser(processId, orchestration);
              if (UserManagerConstants.Operations.ENABLE.name().equalsIgnoreCase(operation)) {
                    updateUserEnddate(user);
               }

      } catch (Exception e) {
        eventResult.setFailureReason(e);
      }
    }

    return eventResult;
  }

  public BulkEventResult execute(long arg0, long arg1, BulkOrchestration arg2)
  {
    return null;
  }
}

2-) Create a jar.

Create a jar with custom event handler Java class. Jar must be include the following JAR files in the class path to compile a custom class:

From the OIM_ORACLE_HOME/server/platform/ directory:
  • iam-platform-kernel.jar
  • iam-platform-utils.jar
  • iam-platform-context.jar
  • iam-plaftorm-authz-service.jar
From the OIM_ORACLE_HOME/designconsole/lib/ directory:
  • oimclient.jar
  • xlAPI.jar

3-)  Define a XML file.

<?xml version = '1.0' encoding = 'UTF-8'?>
<xl-ddm-data version="2.0.1.0" user="XELSYSADM" database="jdbc:oracle:thin:@trkist01-odb-01:1521/MIDM" exported-date="1354621487559" description="RoleUserEventManagement">
     <eventhandlers repo-type="MDS" name="RoleUserEventManagement" mds-path="/db" mds-file="RoleUserEventManagement.xml">
          <completeXml>
               <eventhandlers xmlns="http://www.oracle.com/schema/oim/platform/kernel" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.oracle.com/schema/oim/platform/kernel orchestration-handlers.xsd">
                    <action-handler orch-target="oracle.iam.platform.kernel.vo.EntityOrchestration" class="com.mypackage.oim.plugins.events.RoleUserEventManagement" entity-type="RoleUser" operation="CREATE" name="RoleUserEventManagement" stage="postprocess" sync="TRUE" order="FIRST" />
               </eventhandlers>
          </completeXml>
     </eventhandlers>
</xl-ddm-data>

4-)  Create a plug-in zip file

  a.Define a plug-in XML.

<?xml version="1.0" encoding="UTF-8"?>
<oimplugins xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <plugins pluginpoint="oracle.iam.platform.kernel.spi.EventHandler">
         <plugin pluginclass="com.mypackage.oim.plugins.events.RoleUserEventManagement" version="1.0" name="RoleUserEventManagement"/>
     </plugins>
</oimplugins>

b.Package the plug-in XML and the JAR file that contains the custom class or classes into a plug-in ZIP file.

5-) Copy zip file to OIM_HOME/server/plugins directory.
6-) Register plug-in ZIP file.

You can use the Plugin Registration Utility for registering and unregistering plug-ins. The utility uses the following files:

  • pluginregistration.xml
  • ant.properties
These files are located in the OIM_HOME/plugin_utility/ directory.

Before using the utility, perform the following:

  1. Set the values for WLS_HOME and OIM_HOME in ant.properties.
  2. For example:

    WLS_HOME =.../middleware/wlserver_10.3

    OIM_HOME =..../middleware/Oracle_IDM1/server

    In addition, set the path for MW_HOME in the ant.properties file.

  3. Build the wlfullclient.jar in Oracle WebLogic server:
      1. Change directories to WLS_HOME/server/lib.
  4. Run the following command:
java -jar ../../../modules/com.bea.core.jarbuilder_1.3.0.0.jar

To register a plug-in:

  1. Execute the ant target "register":
  2. ant -f  pluginregistration.xml register
  3. This will prompt for the Oracle Identity Manager username and password along with the server information and the location of the plugin zip file. Enter the complete path of the zip file location.

About me:

Mustafa Kaya is a Senior Consultant in Oracle Fusion Middleware Team, living in Istanbul. Before coming to Oracle, he worked in teams developing web applications and backend services at a telco company. He is a Java technology enthusiast, software engineer and addicted to learn new technologies,develop new ideas.

Follow Mustafa on Twitter,Connect on LinkedIn, and visit his site for Oracle Fusion Middleware related tips.

Tuesday Apr 08, 2014

Send Notification With Oracle Identity Manager API

Information about events occurring in Oracle Identity Manager are required to be sent to various users, such as requesters, beneficiaries, or administrators. This information about events is sent by using the notification service in the form of notification e-mail messages. The notification service allows you to perform all notification-related operations in Oracle Identity Manager.

A notification template is used to send notifications. These templates contain variables that refer to available data to provide more context to the notifications. The channel through which a notification is sent is known as the notification provider. Examples of such channels are e-mail, Instant Messaging (IM), Short Message Service (SMS), and voice. To use these notification providers, Oracle Identity Manager uses Oracle User Messaging Service (UMS).

In some case, you need a custom notificaion process such as you can send notification after Active Directory Create User. I want to explain how you can send a notification any time with oim api.

1-) Create a notification template from Oracle Identity Manager Administration Console.

oim notification

2-) Develop send notification adapter code. (Add your classpath: oimclient.jar)

  private NotificationService notificationService;

  public NotificationService getNotificationService()

  {

    if (this.notificationService == null) {

      this.notificationService = ((NotificationService)Platform.getService(NotificationService.class));

    }

    return this.notificationService;

  }

  public void sendNotification(String receiverUserId, String templateName, HashMap<String, Object> templateParams)

    throws EventException, UnresolvedNotificationDataException, TemplateNotFoundException, MultipleTemplateException, NotificationResolverNotFoundException, UserDetailsNotFoundException, NotificationException

  {

    NotificationEvent event = new NotificationEvent();

    event.setUserIds(receiverUserId); // set OIM User Login parameter

    event.setTemplateName(templateName); // set OIM Notification template name. 

    event.setSender(null); 

    event.setParams(templateParams); // it's used for set some parameters in template.

    getNotificationService().notify(event); // send notification

  }

Template params use for send some dynamic variable in notificiation template. if you want to send information such as user login,password etc in notification, first you have to add variable with "$" character in notification template ($userLoginId) then set this variable with a HashMap in code.

3-) Create a process task adapter from design console and assign it after "AD User" Process Form, "Create User" task ,"SUCCESS" response. 

Mustafa Kaya is a Senior Consultant in Oracle Fusion Middleware Team, living in Istanbul. Before coming to Oracle, he worked in teams developing web applications and backend services at a telco company. He is a Java technology enthusiast, software engineer and addicted to learn new technologies,develop new ideas.

Follow Mustafa on Twitter,Connect on LinkedIn, and visit his site for Oracle Fusion Middleware related tips.

Wednesday Mar 12, 2014

Oracle Identity Manager 11g R2 Basic Performance Tuning

We have to configuration performance tuning for Oracle Identity Manager optimal performance such as application server,database and etc. I'll write some basic tuning settings  recommended by Oracle.

 Also, you can read this guide for other tuning settings such as caching and learn how to monitor Oracle Identiy Manager performance. http://docs.oracle.com/cd/E27559_01/doc.1112/e28552/oim.htm

Basic UI Tuning :

Following are the recommended application module settings for OIM. Add these settings under WebLogic ServerAdministration Console>> Servers >> oim_server1>> Server Start >> Arguments and restart the admin server.

-Djbo.ampool.doampooling=true -Djbo.ampool.minavailablesize=1

-Djbo.ampool.maxavailablesize=120 -Djbo.recyclethreshold=60

-Djbo.ampool.timetolive=-1 -Djbo.load.components.lazily=true

-Djbo.doconnectionpooling=true -Djbo.txn.disconnect_level=1

-Djbo.connectfailover=false -Djbo.max.cursors=5

-Doracle.jdbc.implicitStatementCacheSize=5

-Doracle.jdbc.maxCachedBufferSize=19

These recommended settings assume that 100 concurrent users per node. Use the below formula to change

Djbo.ampool.maxavailablesize if your # of concurrent users is different.

Djbo.ampool.maxavailablesize = # of concurrent users + 20%

Basic Server Tuning:

JVM Parameter HotSpot JVM JRockit JVM

Min. Heap Size (Xms) 4GB 4GB

Max Heap Size (Xmx) 4GB 4GB

PermSize (-XX:PermSize) 500m N/A

PermGen size (-XX:MaxPermSize) 1GB N/A

JDBC Connection Pool parameters: 

Parameter name Value

Initial Capacity 50

Minimum Capacity 50

Max. Capacity 150

Inactive Connectiontimeout 30

To increase the capacity of the JDBC connection pools:

Goto WebLogic Server Administration Console and then Click Services=>Data Sources.

OIM also uses DirectDB data source and you can increase its capacity as below.

Go to Enterprise Manager -> Oracle Identity Manager -> System MBean Browser -> Application Defined MBeans -> oracle.iam -

>OIM Server -> Application oim -> XMLConfig -> Config -> XMLConfig.DirectDBConfig.

Set the following values for attributes.

Attribute name Value

MinConnections 50

MaxConnections 150

Mustafa Kaya is a Senior Consultant in Oracle Fusion Middleware Team, living in Istanbul. Before coming to Oracle, he worked in teams developing web applications and backend services at a telco company. He is a Java technology enthusiast, software engineer and addicted to learn new technologies,develop new ideas.

Follow Mustafa on Twitter,Connect on LinkedIn, and visit his site for Oracle Fusion Middleware related tips.

Wednesday Feb 19, 2014

Management of Oracle Database Authorization with Oracle Identity Manager

Oracle Identity Manager projects usually starts with management of user identity life-cycle from trusted resource to target systems. After completed user's identity management in first step second step is entitlement management of user's. For example role management of user's on Oracle Databases or Windows Servers or any custom applications.

I want to share my experience about management of Oracle Database authorization through Oracle Identity Manager in a project on this post.

We used three component for management of Oracle Database Authorization. These are Oracle Database Enterprise User Security(EUS), Oracle Unified Directory(OUD) and Oracle Identity Manager(OIM).  

Enterprise User Security enables you to centrally manage database users across the enterprise. This is a component of Oracle Database.

Oracle Unified Directory is a comprehensive next generation directory service that is designed to address large deployments, to provide high performance, to be highly extensive and to be easy to deploy, manage, and monitor. Oracle Unified Directory is used to role management integrated with Enterprise User Security.Integrating Oracle Unified Directory with Oracle's Enterprise User Security (EUS) enables you to store user identities in Oracle Unified Directory for Oracle Database authentication.

Oracle Identity Manager is used to management of Oracle Unified Directory user's life-cycle with right value and user's group.All of this process stars from Oracle Identity Manager and then insert user to OUD group or delete user from OUD group.So user will have rights via Oracle Unified Directory and Enterprise User Security.


Following steps explain integration of these three tools.

1- Enabling Oracle Unified Directory for Enterprise User Security by using Oracle Directory Services Manager(ODSM).

  • Connect to the directory server from ODSM.
  • Select the Home tab.
  • Under the Configuration menu, select Create Base DN.
  • On the Configuration Wizard, enter the details of the new suffix.
  • Select the EUS Enabled check box.
  • Click Create to add the new, EUS-enabled suffix.

2- After OUD has been enabled for EUS, you must update the realm information in the OUD configuration by performing the following steps:

  • Locate the LDIF template file at install_dir/config/EUS/modifyRealm.ldif.
  • Edit the modifyRealm.ldif file as follows:

-Replace dc=example,dc=com with the correct naming context for your server instance.

-Replace ou=people and ou=groups with the correct location of the user and group entries in your DIT.

  • Use the ldapmodify command to update the configuration with the edited LDIF template file, for example:

- $ ldapmodify -h localhost -p 4444 -D "cn=directory manager" -j pwd-file -v -f modifyRealm.ldif

3- Complete below configuration on Oracle Database

  • Configure your database for directory usage by using NetCA.
  • Register the database with the directory by using DBCA.
  • Creating a shared schema in the database.
  • Mapping enterprise users to the shared schema.

4-Install Oracle Internet Directory Connector to Oracle Identity Manager because of user provisioning to Oracle Unified Directory and manage groups so roles.

When complete all of above steps.First Enterprise User Security enabled on DB,then create DB roles -enterprise role- and map this roles to the Oracle Unified Directory global roles.And last manage user's Oracle database authorization with Oracle Identity Manager through Oracle Unified Directory.

P.S.: if you want to manage Oracle Database 9i you have to use Oracle Internet Directory instead of Oracle Unified Directory.

About me:

Mustafa Kaya is a Senior Consultant in Oracle Fusion Middleware Team, living in Istanbul. Before coming to Oracle, he worked in teams developing web applications and backend services at a telco company. He is a Java technology enthusiast, software engineer and addicted to learn new technologies,develop new ideas.

Follow Mustafa on Twitter,Connect on LinkedIn, and visit his site for Oracle Fusion Middleware related tips.

Tuesday Jan 07, 2014

Manage Child Process Forms With Oracle Identity Manager API

Oracle Identity Manager allows you to manage roles, responsibility or group membership as an entitlement. An entitlement granted to an account on a target system enables the account user to a specific task or function.In Oracle Identity Manager, there is one process form for each account (resource) provisioned to an OIM User. Entitlement data is stored in child process forms of the process form.

You can manage child form with Oracle Identity Manager api such as remove and add data. For this operations, you can use tcFormOperationsIntf service.

First,you have process instance key for find the right child table. 

    import Thor.API.Operations.tcFormInstanceOperationsIntf;

    private tcFormInstanceOperationsIntf service;

    /**
     * Default constructor.
     */
    public ProcessFormManagerImpl() {
        service = getClient().getService(tcFormInstanceOperationsIntf.class);
    }

    public void addDataChildProcessForm(long processInstanceKey, String columnName,
                                 String columnValue) throws Exception {
//columnName example UD_ADUSRC_GROUPNAME
        long processFormDefinitionKey =
            service.getProcessFormDefinitionKey(processInstanceKey);
        int processParentFormVersion =
            service.getProcessFormVersion(processInstanceKey);
        tcResultSet childFormDef =
            service.getChildFormDefinition(processFormDefinitionKey,
                                           processParentFormVersion);
        long childKey =
            childFormDef.getLongValue("Structure Utility.Child Tables.Child Key");
        HashMap addAttr = new HashMap();
        addAttr.put(columnName, columnValue);
        service.addProcessFormChildData(childKey, processInstanceKey, addAttr);
    }

    public void removeDataChildProcessForm(long processInstanceKey,
                                           String childFormKey,
                                           String columnName,
                                           String columnValue) throws Exception {
        long processFormDefinitionKey =
            service.getProcessFormDefinitionKey(processInstanceKey);
        int processParentFormVersion =
            service.getProcessFormVersion(processInstanceKey);
        tcResultSet childFormDef =
            service.getChildFormDefinition(processFormDefinitionKey,
                                           processParentFormVersion);
        long childKey =
            childFormDef.getLongValue("Structure Utility.Child Tables.Child Key");
        tcResultSet childData =
            service.getProcessFormChildData(childKey, processInstanceKey);
        for (int i = 0; i < childData.getRowCount(); i++) {
            childData.goToRow(i);
            String groupName = childData.getStringValue(columnName);
            if (groupName.equals(columnValue)) {
                long rowKey = childData.getLongValue(childFormKey);
                service.removeProcessFormChildData(childKey, rowKey);
            }
        }
    }

About me:

Mustafa Kaya is a Senior Consultant in Oracle Fusion Middleware Team, living in Istanbul. Before coming to Oracle, he worked in teams developing web applications and backend services at a telco company. He is a Java technology enthusiast, software engineer and addicted to learn new technologies,develop new ideas.

Follow Mustafa on Twitter,Connect on LinkedIn, and visit his site for Oracle Fusion Middleware related tips.

Monday Dec 09, 2013

Account Provisioning With Oracle Identity Manager API

Oracle Identity Manager allows you to provision account using the OIM api. You can use Oracle Identity Manager to create, maintain, and delete accounts on target systems. Oracle Identity Manager becomes the front-end entry point for managing all the accounts on these systems. After the accounts are provisioned, the users for whom accounts have been provisioned are able to access the target systems without any interaction with Oracle Identity Manager. This is the provisioning configuration of Oracle Identity Manager.

oim provision

Sometimes you will need give account from remote operations (webservice or some remote connector).For this operations , you have to find right application instance for provision account. You can use findApplicationInstanceByName method of oracle.iam.provisioning.api.ApplicationInstanceService service for find application instance. Then,you can provision an application instance with OIM api, using oracle.iam.provisioning.api.ProvisioningService service.


import oracle.iam.provisioning.api.ProvisioningService;

import oracle.iam.provisioning.api.ApplicationInstanceService;


    public void provisionAccount(String userKey) throws ApplicationInstanceNotFoundException,

                                                                        GenericAppInstanceServiceException,

                                                                        UserNotFoundException,

                                                                        GenericProvisioningException {

  ProvisioningService service=getClient().getService(ProvisioningService.class); 

  ApplicationInstance appInstance=findApplicationInstanceByName("Application Instance Name");

                //serverName example : UD_ADUSER_SERVER

        //itResourceName example : Active Directory

        FormInfo formInfo = appInstance.getAccountForm();

        Map parentData = new HashMap();

        parentData.put(serverName, itResourceName);

        String formKey = String.valueOf(formInfo.getFormKey());

        AccountData accountData = new AccountData(formKey, null, parentData);

        Account account = new Account(appInstance, accountData);

        account.setAccountType(Account.ACCOUNT_TYPE.Primary);

        service.provision(userKey, account);

}


    public ApplicationInstance findApplicationInstanceByName(String applicationInstanceName) throws ApplicationInstanceNotFoundException,

                                                                                                GenericAppInstanceServiceException {

 ApplicationInstanceService service=getClient().getService(ApplicationInstanceService.class);

        ApplicationInstance appInstance=service.findApplicationInstanceByName(applicationInstanceName);

        return appInstance;

    }

About me:

Mustafa Kaya is a Senior Consultant in Oracle Fusion Middleware Team, living in Istanbul. Before coming to Oracle, he worked in teams developing web applications and backend services at a telco company. He is a Java technology enthusiast, software engineer and addicted to learn new technologies,develop new ideas.

Follow Mustafa on Twitter,Connect on LinkedIn, and visit his site for Oracle Fusion Middleware related tips.

About

Get the latest on all things Middleware. Join Oracle's Middleware Community today.

Find Us on facebook Follow us on twitter Catch Us on YouTube 

Search

Categories
Archives
« February 2015
SunMonTueWedThuFriSat
1
4
5
7
8
10
13
14
16
19
21
22
25
26
27
28
       
       
Today