Search This Blog

Wednesday, 17 February 2016

Custom Prepopulate Adapter to pre-populate fields on Process Form in OIM 11gR2 PS3

Prepopulate adapters are used to populate the fields on a resource or Process form in Oracle Identity Manager. By having the resource form fields populated by prepopulate adapters, the provisioning process of a resource account to a user can be handled with ease rather than having someone manually enter values for the resource form fields. In Oracle Identity Manager, prepopulate adapters are triggered on the initial assignment of the resource account to a user.


Custom Java Code for PrePopulate Adapters

In the below code we consider and example where we want to Concatenate below 4 fields from User Profile:

1. Postal Address
2. Postal Code
3. Street
4. State

to populate the field Street in Process Form.

package com.prepopulate.custom;

import java.util.logging.Logger;

public class fieldPrePopulate{

        private static final Logger logger = Logger.getLogger("com.prepopulate.custom");
String Space = " ";
        
        public static String StreetAddressGenerator(String PostalAddress, String Street, String PostalCode, String State){
            String StreetAddress = PostalAddress.concat(Space.concat(PostalCode.concat(Space.concat(Street.concat(State)))));
            logger.info("Concatenatedd Street Address: "+StreetAddress);
            return StreetAddress;
        }
}

Similarly you can write your own code to populate certain field on Process Form as per your requirement.

After writing Java methods for your prepopulate adapters, you have to create a JAR file of your Java code, and upload it to OIM as a JavaTasks JAR type (Place the JAR file in $MW_HOME/Oracle_IDM1/server/JavaTasks directory or upload to OIM database using UploadJars.sh script located in $MW_HOME/Oracle_IDM1/server/bin directory. The latter approach is recommended in a production environment).


Creating Adapter


1. Log in to design console. Design console can be started by executing $MW_HOME/Oracle_IDM1/designconsole/xlclient.sh script.


2. On the left panel, expand Development Tools, and select Adapter Factory.



3. Specify Adapter Name, Adapter Type, Description. Then save.



4. On the Variable List sub-tab, add the variables for your adapter as shown in the below screenshots. Typically, these variables are the input to your Java method.


                              Click Add



5. On the Adapter Tasks sub-tab, create a task that calls your Java method.


Click Add




Click Continue

Provide the details like Task Name, API Source and Methods as per screenshot

Map the Input Parameters to the variables created in Variables tab above

Map Output Parameter to Return Variable as shown in Screenshot and then click Save and close the pop-up

Java Task attached to adapter

6. Click Build to compile the adapter. Then save.

Attaching PrePopulate Adapter to Form Field

1. On the left panel of design console, expand Development Tools, and select Form Designer.



2. Select your process form that you will attach the prepopulate adapter to, and create a new version.



Ensure "Latest Version" and "Current Version" are using the version you created.

3. On the Pre-Populate sub-tab, attach your prepopulate adapter to a form field.
Click on Add to Add the PrePopulate Adapter by selecting the Adapter from the list 


 Map the fields in Adapter to User Definition Fields as shown in screenshot


4. Make version active.

Validate PrePopulate Adapter


Assign resource account to a user. After submitting the resource process form instance, the prepopulate adapters should kick in and populate the form fields.

Monday, 8 February 2016

Oracle Unified Directory(OUD) Installation and Configuration in OIM 11gR2 PS3

Download  OUD -

http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/oid-11gr2-2104316.html


1) Install Oracle Unified Directory 11.1.2.3.0

* Run the setup.exe -jreLoc C:\jdk1.7.0_55\jre



* Click on Next



* Select Skip Software updates and click on Next



* Click on Next



* Browse the path and click on Next



* Click on Install


* Click on Next


* Click on Finish


2) Configure Oracle Unified Directory 11.1.2.3.0
* Run the oud-setup.bat from the path where you installed the OUD


* Click on Next


* Provide the hostname, port, DN and password and click on Next


* This configuration is for standalone server, If you have replication topology then select second option.


* Give your Directory Base DN and click on Next


* If you have specific integration then select 2,3 & 4 option according to you requirement. In this setup we are going with no integration option.



* In PS2 OUD we get below different options to tune the server

   1) Provide Dedicated memory
   2) Provide Runtime memory

In Current setup we are going with Runtime memory option




* Click on Finish


* Click on Close


3) Access the Oracle Unified Directory from LDAP Studio


Thursday, 4 February 2016

Types of Account in OIM

There are 3 different types of Account in OIM which are as below:

1. Rogue Account
2. Orphan Account
3. Service Account


1. Rogue Account

A rogue account is an account created "out of process" or beyond the control of the provisioning system. Below are the 2 possible instances where we can call an Account a Rogue Account:

  • An account that exists on the target system but has been deprovisioned from the corresponding OIM User in Oracle Identity Manager
  • An account that exists on the target system but the OIM User to whom the account is provisioned has been deleted from Oracle Identity Manager


2. Orphan Account

An orphan account is an operational account without a valid owner i.e an account that exists on the target system but has no corresponding owner (OIM User) in Oracle Identity Manager.

Rogue and Orphan account represents serious security risks.


3. Service Account

Service account is like Admin account. Which has different life cycle and privileges. A service account is distinguished from a regular account by an internal flag. When a user is provisioned with a service account, Oracle Identity Manager manages a mapping from the user's identity to the service account. This user is considered the owner of the Service Account.