Custom Prepopulate Adapter to pre-populate fields on Process Form in OIM 11gR2 PS3

Prepopulate adapters are used to populate the fields on a resource or Process form in Oracle Identity Manager. By having the resource form fields populated by prepopulate adapters, the provisioning process of a resource account to a user can be handled with ease rather than having someone manually enter values for the resource form fields. In Oracle Identity Manager, prepopulate adapters are triggered on the initial assignment of the resource account to a user.

Custom Java Code for PrePopulate Adapters

In the below code we consider and example where we want to Concatenate below 4 fields from User Profile:

1. Postal Address
2. Postal Code
3. Street
4. State

to populate the field Street in Process Form.

package com.prepopulate.custom;

import java.util.logging.Logger;

public class fieldPrePopulate{

        private static final Logger logger = Logger.getLogger("com.prepopulate.custom");
String Space = " ";
        
        public static String StreetAddressGenerator(String PostalAddress, String Street, String PostalCode, String State){
            String StreetAddress = PostalAddress.concat(Space.concat(PostalCode.concat(Space.concat(Street.concat(State)))));
            logger.info("Concatenatedd Street Address: "+StreetAddress);
            return StreetAddress;
        }
}

Similarly you can write your own code to populate certain field on Process Form as per your requirement.

After writing Java methods for your prepopulate adapters, you have to create a JAR file of your Java code, and upload it to OIM as a JavaTasks JAR type (Place the JAR file in $MW_HOME/Oracle_IDM1/server/JavaTasks directory or upload to OIM database using UploadJars.sh script located in $MW_HOME/Oracle_IDM1/server/bin directory. The latter approach is recommended in a production environment).

Creating Adapter

1. Log in to design console. Design console can be started by executing $MW_HOME/Oracle_IDM1/designconsole/xlclient.sh script.

2. On the left panel, expand Development Tools, and select Adapter Factory.

3. Specify Adapter Name, Adapter Type, Description. Then save.

4. On the Variable List sub-tab, add the variables for your adapter as shown in the below screenshots. Typically, these variables are the input to your Java method.

                              Click Add

5. On the Adapter Tasks sub-tab, create a task that calls your Java method.

Click Add

Click Continue

Provide the details like Task Name, API Source and Methods as per screenshot

Map the Input Parameters to the variables created in Variables tab above

Map Output Parameter to Return Variable as shown in Screenshot and then click Save and close the pop-up

Java Task attached to adapter

6. Click Build to compile the adapter. Then save.

Attaching PrePopulate Adapter to Form Field

1. On the left panel of design console, expand Development Tools, and select Form Designer.

2. Select your process form that you will attach the prepopulate adapter to, and create a new version.

Ensure "Latest Version" and "Current Version" are using the version you created.

3. On the Pre-Populate sub-tab, attach your prepopulate adapter to a form field.

Click on Add to Add the PrePopulate Adapter by selecting the Adapter from the list 

 Map the fields in Adapter to User Definition Fields as shown in screenshot

4. Make version active.

Validate PrePopulate Adapter

Assign resource account to a user. After submitting the resource process form instance, the prepopulate adapters should kick in and populate the form fields.

Oracle Unified Directory(OUD) Installation and Configuration in OIM 11gR2 PS3

Download  OUD -

http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/oid-11gr2-2104316.html


1) Install Oracle Unified Directory 11.1.2.3.0

* Run the setup.exe -jreLoc C:\jdk1.7.0_55\jre

* Click on Next

* Select Skip Software updates and click on Next

* Click on Next

* Browse the path and click on Next

* Click on Install

* Click on Next

* Click on Finish

2) Configure Oracle Unified Directory 11.1.2.3.0

* Run the oud-setup.bat from the path where you installed the OUD

* Click on Next

* Provide the hostname, port, DN and password and click on Next

* This configuration is for standalone server, If you have replication topology then select second option.

* Give your Directory Base DN and click on Next

* If you have specific integration then select 2,3 & 4 option according to you requirement. In this setup we are going with no integration option.

* In PS2 OUD we get below different options to tune the server

   1) Provide Dedicated memory

   2) Provide Runtime memory

In Current setup we are going with Runtime memory option

* Click on Finish

* Click on Close

3) Access the Oracle Unified Directory from LDAP Studio

Types of Account in OIM

There are 3 different types of Account in OIM which are as below:

1. Rogue Account
2. Orphan Account
3. Service Account

1. Rogue Account

A rogue account is an account created "out of process" or beyond the control of the provisioning system. Below are the 2 possible instances where we can call an Account a Rogue Account:

• An account that exists on the target system but has been deprovisioned from the corresponding OIM User in Oracle Identity Manager

• An account that exists on the target system but the OIM User to whom the account is provisioned has been deleted from Oracle Identity Manager

2. Orphan Account

An orphan account is an operational account without a valid owner i.e an account that exists on the target system but has no corresponding owner (OIM User) in Oracle Identity Manager.

Rogue and Orphan account represents serious security risks.

3. Service Account

Service account is like Admin account. Which has different life cycle and privileges. A service account is distinguished from a regular account by an internal flag. When a user is provisioned with a service account, Oracle Identity Manager manages a mapping from the user's identity to the service account. This user is considered the owner of the Service Account.

Installation of OIM Customization Installer Extension in JDeveloper

Before using OIM Customization Installer,

• JDeveloper 11.1.1.7.0 (studio version) should be installed on the system, which has been done already on the VM

• For any customization that has to be deployed using this framework, below folder structure should be followed to package its source as it should show up in the JDeveloper IDE. The package of all the customization artifacts that will be used in this training course, already follow this recommended structure. 

Folder Structure            Description

PROJECT-CONTEXT]/config All .xml files

[PROJECT-CONTEXT]/resources All the required resources files

[PROJECT-CONTEXT]/lib         All the required jar files

[PROJECT-CONTEXT]/src         All java source files

Please note that the above folder structure is mandatory. A directory can be left empty, but should not be missed out from the folder structure.

Set Environment Variable

Set APPSERVER_TYPE=wls in both windows and Linux Environment where JDeveloper is running.

Note: Please keep wls as small characters.

Sample screen in Windows machine will look like this:

Create Log Directory

Create log directory under {JDEVELOPER-HOME}/jdev/bin

Note: Please keep log as small characters.

Install OIM Customization Installer Extension on JDeveloper

• Select menu  “Help” -> “Check for Updates”

• Select “Install from Local File” from the wizard.

• Browse and select the oim-customization-installer.zip package and click Next

• Click on “Finish”.

• Restart JDeveloper

Sending Notification with UserID to User on successful user creation in OIM

In this post I will discuss the scenario where we want to send notification to user with User ID on successful account creation in OIM.

We have an out-of-box notification as well for the same, where a mail is sent to user with User ID and password.

Now in this post we will achieve the same, but only User ID will be sent to the user in the notification. But we will discuss on how we can send other desired attributes as well using OIM APIs i.e the same code can be used to send other details as well which we will discuss side-by-side.

To start with, we first need to create a Notification Template that will be used to send notification to end-user. For that click on Notification on Administrator Control present under System configurations tab as shown below:

Click on Notifications and a popup window will appear. Click on Create New Notification's Icon to create New Notification Template as below:

Enter the required details like 

Template Name: Notify User(You can choose any name and the same needs to be referred in code)

Description Text: Notify User when User is Created in OIM

Available Event: Create User(WE will update this once we create a New Event)

Encoding: UTF-8

Message Subject: Congratulations! Your Account has been successfully Created

Type: HTML

Short Message: Create User Successful(Change it as per your Notification requirement)

Long Message:
<html><head></head>  <body>    
                    <p> 
Congratulations!! Your account has been successfully created!!
      Your user login is - $userLoginId
    </p>

                     </body></html>

Click Save after providing the details, template will look as below:

Now, we will create the event so that the same can be selected in the Notification Template. For that first we need to export the metadata. In that open the file metadata->iam-features-identity->IdentityNotificationEvent.xml. Add the below lines in the file:

<EventType name="Notify User">
<StaticData>
<Attribute DataType="X2-Entity" EntityName="User" Name="Granted User"/>
</StaticData>
<Resolver class="oracle.iam.identity.notification.EndDateNotificationEventResolver">
<Param DataType="X2-Entity" EntityName="User" Name="usr_key"/>
</Resolver>

</EventType>

Screenshot is attached for reference below:

Now save the file and import the metadata. Once the import is completed, now we can see the "Notify User" event in the template, select it and save the template as below:

Now, we need to write the code which uses the above template to send Notification to user once the user is created in OIM. For that we have 2 broadly classified scenarios:

1. User Created Using Identity Console
2. User Created Using Flat File

In our code we will write the code to take care of both the cases, you can choose both or one as per the requirement. Read the comments above method to understand the role of each method. We need to 2 jar files for this code namely oimclient.jar and ojdl.jar. Below is the code:

package com.handler.iam;

import java.io.Serializable;

import java.util.ArrayList;
import java.util.HashMap;

import java.util.HashSet;
import java.util.List;
import java.util.Set;

import oracle.core.ojdl.logging.ODLLogger;

import static oracle.iam.identity.usermgmt.api.UserManagerConstants.AttributeName.MANAGER_KEY;
import static oracle.iam.identity.usermgmt.api.UserManagerConstants.AttributeName.USER_LOGIN;

import oracle.iam.identity.exception.AccessDeniedException;
import oracle.iam.identity.exception.NoSuchUserException;
import oracle.iam.identity.exception.UserLookupException;
import oracle.iam.identity.usermgmt.api.UserManager;
import oracle.iam.identity.usermgmt.vo.User;
import oracle.iam.notification.api.NotificationService;

import oracle.iam.notification.vo.NotificationEvent;
import oracle.iam.platform.Platform;
import oracle.iam.platform.kernel.spi.PostProcessHandler;
import oracle.iam.platform.kernel.vo.AbstractGenericOrchestration;
import oracle.iam.platform.kernel.vo.BulkEventResult;
import oracle.iam.platform.kernel.vo.BulkOrchestration;
import oracle.iam.platform.kernel.vo.EventResult;
import oracle.iam.platform.kernel.vo.Orchestration;
import oracle.iam.upgrade.metadata.Params;

public class userCreationNotification implements PostProcessHandler{
    
    private ODLLogger logger = ODLLogger.getODLLogger("com.scb.oim.generateEmailID");
    
    /**
     * This method is used to send Notification to user when User is created using Identity Screen of OIM
     * @param processId
     * @param eventId
     * @param orchestration
     * @return
     */
    public EventResult execute(long processId, long eventId, Orchestration orchestration) {
        
        logger.entering("Notification", "EventResult execute");
        try {
                logger.info("Entering  EventResult of NotifyUserIdToUser");
                logger.info("Process ID ->" + processId);
                logger.info("Event ID ->" + eventId);
                String oprType = orchestration.getOperation();
                logger.info("oprType ->" + oprType);
                HashMap<String, Serializable> Params = orchestration.getParameters();
                //logger.info("Param ->" + Params);
                Set<String> KeySet = Params.keySet();
                //logger.info("KeySet ->" + KeySet);
                String usrLogin = null;
                String usrKey = null;
                for (String key : KeySet) {
                    logger.info("key ->" + key);
                    Serializable serializable = Params.get(key);
                    logger.info("serializable ->" + serializable);
                    if (key.equalsIgnoreCase("User Login")) {
                            usrLogin = serializable.toString();
                            logger.info("usrLogin ->" + usrLogin);
                            UserManager usrMgr = Platform
                                            .getService(UserManager.class);

                            User user = usrMgr.getDetails(usrLogin, null, true);
                            usrKey = user.getEntityId(); // getAttribute("usr_key").toString();
                            String uid = user.getId();
                            logger.info("uid--->" + uid);
                            logger.info("usrKey ->" + usrKey);
                            String templateName = "Notify User";
                            NotificationService notService = Platform
                                            .getService(NotificationService.class);
                            NotificationEvent eventToSend = this
                                            .createNotificationEvent(templateName, usrKey);
                            notService.notify(eventToSend);

                    }
                }
                
        } catch (Exception e) {
                logger.info("exception e in ExecuteEvent ->"
                                + e.getMessage());
                e.printStackTrace();
        }
        logger.exiting("Notification", "ExecuteEvent");
        return new EventResult();
    }
    
    /**
     * This method is used to create the Notification Event using the Template Name and User Key
     * @param poTemplateName
     * @param userKey
     * @return
     */
    private NotificationEvent createNotificationEvent(String poTemplateName, String userKey) {
        logger.entering("Notification", "createNotificationEvent()");
        NotificationEvent event = null;
        try {
                event = new NotificationEvent();
                String[] receiverUserIds = getRecipientUserIds(userKey);
                event.setUserIds(receiverUserIds);
                event.setTemplateName(poTemplateName);
                event.setSender(null);
                logger.info("User ID: "+receiverUserIds.toString());
                logger.info("Template Name: "+poTemplateName);
                HashMap<String, Object> templateParams = new HashMap<String, Object>();
                templateParams.put("usr_key", userKey);
                event.setParams(templateParams);
                logger.exiting("Notification", "createNotificationEvent()");
        } catch (Exception e) {
                e.printStackTrace();
                logger.severe("Exception in createNotificationEvent()"+e.getMessage());
        }
        return event;
    }

    /**
     * This method is used to send Notification to user when User is created using BulkUpload or Flat File
     * @param l
     * @param l1
     * @param bulkOrchestration
     * @return
     */
    public BulkEventResult execute(long l, long l1,
                                   BulkOrchestration bulkOrchestration) {
        logger.entering("Notification", "Bulk User Creation");
        try {
                logger.info("Entering  BulkEventResult of NotifyUserIdToUser");
                logger.info("l ->" + l);
                logger.info("l1 ->" + l1);
                String oprType = bulkOrchestration.getOperation();
                logger.info("oprType ->" + oprType);
                HashMap<String, Serializable>[] bulkParams = bulkOrchestration.getBulkParameters();
                for (HashMap<String, Serializable> bulkParam : bulkParams) {
                        logger.info("bulkParam ->" + bulkParam);
                        Set<String> bulkKeySet = bulkParam.keySet();
                        logger.info("bulkKeySet ->" + bulkKeySet);
                        String usrLogin = null;
                        String usrKey = null;
                        for (String key : bulkKeySet) {
                                logger.info("key ->" + key);
                                Serializable serializable = bulkParam.get(key);
                                logger.info("serializable ->" + serializable);
                                if (key.equalsIgnoreCase("User Login")) {
                                        usrLogin = serializable.toString();
                                        logger.info("usrLogin ->" + usrLogin);
                                        UserManager usrMgr = Platform
                                                        .getService(UserManager.class);

                                        User user = usrMgr.getDetails(usrLogin, null, true);
                                        usrKey = user.getEntityId(); // getAttribute("usr_key").toString();
                                        String uid = user.getId();
                                        logger.info("uid--->" + uid);
                                        logger.info("usrKey ->" + usrKey);
                                        String templateName = "Notify User";
                                        NotificationService notService = Platform
                                                        .getService(NotificationService.class);
                                        NotificationEvent eventToSend = this
                                                        .createNotificationEvent(templateName, usrKey);
                                        notService.notify(eventToSend);

                                }
                        }
                }
        } catch (Exception e) {
                logger.info("exception e in BulkExecuteEvent ->"
                                + e.getMessage());
                e.printStackTrace();
        }
        logger.exiting("Notification", "Bulk User Creation");
        return new BulkEventResult();
    }
    
    /**
     * This method is used to fetch the UserID of the reciepient to whom the Notification needs to be sent
     * @param userKey
     * @return
     * @throws NoSuchUserException
     * @throws UserLookupException
     * @throws AccessDeniedException
     */
    private String[] getRecipientUserIds(String userKey) throws NoSuchUserException, UserLookupException, AccessDeniedException {
        UserManager usrMgr = Platform.getService(UserManager.class);
        User user = null;
        String userId = null;
        Set<String> userRetAttrs = new HashSet<String>();
        userRetAttrs.add(MANAGER_KEY.getId());
        userRetAttrs.add(USER_LOGIN.getId());
        User manager = null;
        String managerId = null;
        String managerKey = null;
        Set<String> managerRetAttrs = new HashSet<String>();
        managerRetAttrs.add(USER_LOGIN.getId());
        user = usrMgr.getDetails(userKey, userRetAttrs, false);
        userId = user.getAttribute(USER_LOGIN.getId()).toString();
        List<String> userIds = new ArrayList<String>();
        userIds.add(userId);
        if (user.getAttribute(MANAGER_KEY.getId()) != null) {
                managerKey = user.getAttribute(MANAGER_KEY.getId()).toString();
                manager = usrMgr.getDetails(managerKey, managerRetAttrs, false);
                managerId = manager.getAttribute(USER_LOGIN.getId()).toString();
                userIds.add(managerId);
        }
        String[] recipientIDs = userIds.toArray(new String[0]);
        return recipientIDs;
    }

    public boolean cancel(long l, long l1,
                          AbstractGenericOrchestration abstractGenericOrchestration) {
        return false;
    }

    public void initialize(HashMap<String, String> hashMap) {
    }

    public void compensate(long l, long l1,
                           AbstractGenericOrchestration abstractGenericOrchestration) {
    }

}

Since this is a post-process Event Handler, which we need to attach to Create User Process, we will do the same by creating a EventHandler.xml file will below lines:

<eventhandlers xmlns="http://www.oracle.com/schema/oim/platform/kernel" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.oracle.com/schema/oim/platform/kernel orchestration-handlers.xsd">

<action-handler class="com.handler.iam.userCreationNotification" entity-type="User" operation="CREATE" name="NotifyUser" stage="postprocess" order="FIRST" sync="TRUE"/>

</eventhandlers>

Now create a plugin.xml file with below lines:

<?xml version="1.0" encoding="UTF-8"?>

<oimplugins>

  <plugins pluginpoint="oracle.iam.platform.kernel.spi.EventHandler">

    <plugin pluginclass=

        "com.handler.iam.userCreationNotification"

         version="1.0"

         name="userCreationNotification">

    </plugin>

  </plugins>

</oimplugins>

Now, deploy the EventHandler using ant plugin utility and the you will see that the Notification is being sent to user with User ID every time a new user is created in OIM. We can also send other attributes as per our requirement. For that we just need to add the Variables to Notification template using $ sign as we did for $userLoginId post that we have to select the variable from the list of variables already been fetched in the code and map it to that data to send it in Notification. If you still face issues you can contact me.