[Oracle Identity Manager] Provision Account With OIM Api

Oracle Identity Manager allows you to provision account using the OIM api. Sometimes you will need give account from remote operations (webservice or some remote connector).

For this operations , first , you have to find right application instance for provision account. You can use findApplicationInstanceByName method of oracle.iam.provisioning.api.ApplicationInstanceService service for find application instance. Then,you can provision an application instance with OIM api, using  oracle.iam.provisioning.api.ProvisioningService service.

import oracle.iam.provisioning.api.ProvisioningService;

import oracle.iam.provisioning.api.ApplicationInstanceService;

    public void provisionAccount(String userKey) throws ApplicationInstanceNotFoundException,

                                                                        GenericAppInstanceServiceException,

                                                                        UserNotFoundException,

                                                                        GenericProvisioningException {

ProvisioningService service=getClient().getService(ProvisioningService.class); 

ApplicationInstance appInstance=findApplicationInstanceByName("Application Instance Name");

                //serverName example : UD_ADUSER_SERVER

        //itResourceName example : Active Directory

        FormInfo formInfo = appInstance.getAccountForm();

        Map parentData = new HashMap();

        parentData.put(serverName, itResourceName);

        String formKey = String.valueOf(formInfo.getFormKey());

        AccountData accountData = new AccountData(formKey, null, parentData);

        Account account = new Account(appInstance, accountData);

        account.setAccountType(Account.ACCOUNT_TYPE.Primary);

        service.provision(userKey, account);

}


    public ApplicationInstance findApplicationInstanceByName(String applicationInstanceName) throws ApplicationInstanceNotFoundException,

                                                                                                GenericAppInstanceServiceException {

ApplicationInstanceService service=getClient().getService(ApplicationInstanceService.class);

        ApplicationInstance appInstance=service.findApplicationInstanceByName(applicationInstanceName);

        return appInstance;

    }

Comments:

hi,

thank you for this code snippet!

My problem is the following: I would like to import a lot(1000+) of different service accounts to my oim system and link them to different oim users. at the moment, the information which service-account belongs to which person is stored in a textfile.

Your code works fine! The account is displayed in the section "user accounts", but the status of the created account is still "Provisioning".
when I reconcile this linux server, oim doesn't establish a link between the service account on the target system and the created account! why?

how can i solve my problem? which information is missing, to establish a link between an existing account on a target system and an api created account?

thank you!

br,
max

Posted by guest on November 04, 2013 at 01:13 AM EET #

Why do you need first provision account and then reconcile? You can directly run reconcile job with a correct reconciliation rule.
You can use this code for direct provision to target system. So, if target has same account you can't provision because it's already exist and stay in "Provisioning"!

Thanks, regards.
Mustafa.

Posted by Mustafa Kaya on November 05, 2013 at 01:23 AM EET #

Thank you for your answer! The "Provisioning" is working now!

@topic reconcilation:
in our situation it is not possible to run a reconcile job with a reconcilation rule, because the matching between target accounts and oim users is to complex.

e.g:
ServiceAccountName001 --> OIMUserName004
ServiceAccountName002 --> OIMUser007
ServiceAccountName003 --> OIMUserxxx10

There is no regularity! At the moment the matching between target accounts and oim users is stored in an csv file. how would you import these accounts? (900 unix servers with ~30.0000 accounts)

br

Posted by guest on November 13, 2013 at 12:07 AM EET #

while provisioning Account via provisioningService.provision api. The IT Resource field (column with properties ITResource = true ) in the form table is not getting populated. Its works as expected if the same account is requested via UI. What could be the issue here. Please guide.

Posted by Raghu on December 01, 2013 at 01:14 AM EET #

Raghu;

You have to set resource server as IT resource name.

//serverName example : UD_ADUSER_SERVER

//itResourceName example : Active Directory

FormInfo formInfo = appInstance.getAccountForm();

Map parentData = new HashMap();

parentData.put(serverName, itResourceName);

String formKey = String.valueOf(formInfo.getFormKey());

AccountData accountData = new AccountData(formKey, null, parentData);

Account account = new Account(appInstance, accountData);

account.setAccountType(Account.ACCOUNT_TYPE.Primary);

service.provision(userKey, account);

Posted by Mustafa Kaya on December 04, 2013 at 10:12 PM EET #

When I am doing the exchange provisioning for Service account then "Account Name" not updating and "Provisioned On" means date is showing like '31 December 1969' and "status" is 'Waiting' in OIM.

Please help

Posted by CB Singh on January 21, 2014 at 09:24 AM EET #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Türkçe versiyon için tıklayınız.

profile image
Welcome to my blog, a space for me to share information on various Oracle middleware technology issues. My day job as a consultant within Oracle Consulting Fusion Middleware Team.I will share some of these issues and solutions here in the hope that it will help you out some day!


Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today