For setting email notifications for OIM, follow these steps.
1. To set up your email server.
a. Make sure that you have a parameter called Email Server with Keyword XL.MailServer in
Administration -> System Configuration tab in the Design Console.
b. Create an IT resource with following values:
Name : Email Server
Type : Mail Server
Authentication: False/True (as required. If set to true provide User Login, Password)
Server name: <server IP>
For setting email notifications for OIM, follow these steps.
1. To set up your email server.
a. Make sure that you have a parameter called Email Server with Keyword XL.MailServer in
Administration -> System Configuration tab in the Design Console.
b. Create an IT resource with following values:
Name : Email Server
Type : Mail Server
Authentication: False/True (as required. If set to true provide User Login, Password)
Server name: <server IP>
d. Select the Email Definition defined in step 2 above and assign it to the task.
e. Check for - Requester, User and User Manager and map the status to 'C'.
f. In the RESPONSE tab, Set the response as 'C' and set Status field as complete.
g. In the TASK TO OBJECT STATUS MAPPING, make the object status to provisioned.
h. In the Integration tab, add System adapter 'tcCompleteTask' and save.
4. Now provision a user with this resource object and check if email notification is triggered.
Setup of Email Notification for Oracle Identity Manager Users Created Via Reconciliation
This document provides instruction regarding how to setup a notification to send an email to an administrator when a user is added to Oracle Identity Manager via reconciliation with a trusted source.
Since the Xellerate User provisioning process is a system process, you are only allowed to modify Reconciliation Insert Received and Reconciliation Update Received. You are not allowed to setup email notifications for the tasks of Add, Delete, Enable, or Disable a user by modifying the Xellerate User provisioning process definition.
After completion of these steps an email notification will be sent to a recipient when an insert (create new user) or update reconciliation event is created by a scheduled task reconciling with a trusted source.
1. Ensure that the logging for the XELLERATE category is set to debug in the log4j.xml configuration file:
<category name="XELLERATE">
<priority value="DEBUG"/>
</category>
2. Check to see if there are any firewalls or routers between the OIM server and the smtp server. If any exist, ensure that they are setup to allow smtp traffic between the OIM server and the smtp server.
3. In the Design Console, ensure that you have a properly configured email server IT Resource with the same name as in the System Configuration:
a. Open the Administration - System Configuration form, perform a query for all objects, and look for the email server specification which has the keyword "XL.MailServer". The object name shown to the right is the IT Resource name that will be used to send email notifications.
b. Open Resource Management - IT Resources, perform a query, and locate the IT Resource with the name determined from the System Configuration. If none exists create one or modify the name of the existing email IT Resource if it has been created with a different name.
c. Check the IT Resource to verify that it has the correct information to connect to the smtp server.
4. Create an email template or use an existing one. The email templates are found in the Design Console under Process Management - Email Definition. Please refer to the "Oracle Identity Manager Design Console Guide" for more information on creating email templates and inserting dynamic variables such as the User Login from the Target: "User Profile Information".
5. In the Design Console add the email notification information in the Reconciliation Insert Received (or Reconciliation Update Received) process task for Xellerate User:
a. Open Process Management - Process Definition and query for "Xellerate User"
b. Double-click on the box to the left of the task "Reconciliation Insert Received" (or "Reconciliation Update Received").
c. In the pop-up window, click on the Assignment tab and configure to use the default rule, target type User, and set the "User" column to the login of the user who should receive the email notifications.
d. Click on the Notification tab and check the "Assignee" checkbox, set the status to "C" for Completed, and then set the Email column to the email template to send.
6. In the Administrative Console, verify that the sender specified in the email template has a valid email address. Also, verify that the recipient has a valid email address.
With the logging level for XELLERATE set to debug, you should see an entry in the log similar to the following but with the configuration information that you specify. This log will assist in troubleshooting any email connection, authentication, or other email processing errors. Note that this email IT Resource is configured for authentication to the smtp server.
2010-04-03 11:55:12,921 INFO [STDOUT] DEBUG SMTP: useEhlo true, useAuth true
2010-04-03 11:55:12,921 INFO [STDOUT] DEBUG SMTP: useEhlo true, useAuth true
2010-04-03 11:55:12,937 INFO [STDOUT] DEBUG SMTP: trying to connect to host "192.168.0.3", port 25
2010-04-03 11:55:12,953 INFO [STDOUT] 220 ten.mydomain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at Thu, 3 Apr 2010 10:56:39 -0500
2010-04-03 11:55:12,953 INFO [STDOUT] DEBUG SMTP: connected to host "192.168.0.3", port: 25
2010-04-03 11:55:12,953 INFO [STDOUT] EHLO WIN3KEE
2010-04-03 11:55:12,968 INFO [STDOUT] 250-ten.mydomain.com Hello [192.168.0.2]
250-TURN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-X-EXPS GSSAPI NTLM LOGIN
250-X-EXPS=LOGIN
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-X-LINK2STATE
250-XEXCH50
250 OK
2010-04-03 11:55:13,000 INFO [STDOUT] DEBUG SMTP: Found extension "TURN", arg ""
2010-04-03 11:55:13,000 INFO [STDOUT] DEBUG SMTP: Found extension "SIZE", arg ""
2010-04-03 11:55:13,000 INFO [STDOUT] DEBUG SMTP: Found extension "ETRN", arg ""
2010-04-03 11:55:13,000 INFO [STDOUT] DEBUG SMTP: Found extension "PIPELINING", arg ""
2010-04-03 11:55:13,000 INFO [STDOUT] DEBUG SMTP: Found extension "DSN", arg ""
2010-04-03 11:55:13,000 INFO [STDOUT] DEBUG SMTP: Found extension "ENHANCEDSTATUSCODES", arg ""
2010-04-03 11:55:13,000 INFO [STDOUT] DEBUG SMTP: Found extension "8bitmime", arg ""
2010-04-03 11:55:13,015 INFO [STDOUT] DEBUG SMTP: Found extension "BINARYMIME", arg ""
2010-04-03 11:55:13,015 INFO [STDOUT] DEBUG SMTP: Found extension "CHUNKING", arg ""
2010-04-03 11:55:13,015 INFO [STDOUT] DEBUG SMTP: Found extension "VRFY", arg ""
2010-04-03 11:55:13,015 INFO [STDOUT] DEBUG SMTP: Found extension "X-EXPS", arg "GSSAPI NTLM LOGIN"
2010-04-03 11:55:13,015 INFO [STDOUT] DEBUG SMTP: Found extension "X-EXPS=LOGIN", arg ""
2010-04-03 11:55:13,015 INFO [STDOUT] DEBUG SMTP: Found extension "AUTH", arg "GSSAPI NTLM LOGIN"
2010-04-03 11:55:13,031 INFO [STDOUT] DEBUG SMTP: Found extension "AUTH=LOGIN", arg ""
2010-04-03 11:55:13,031 INFO [STDOUT] DEBUG SMTP: Found extension "X-LINK2STATE", arg ""
2010-04-03 11:55:13,031 INFO [STDOUT] DEBUG SMTP: Found extension "XEXCH50", arg ""
2010-04-03 11:55:13,031 INFO [STDOUT] DEBUG SMTP: Found extension "OK", arg ""
2010-04-03 11:55:13,031 INFO [STDOUT] DEBUG SMTP: Attempt to authenticate
2010-04-03 11:55:13,031 INFO [STDOUT] AUTH LOGIN
2010-04-03 11:55:13,046 INFO [STDOUT] 334 VXNlcm5hbWU6
2010-04-03 11:55:13,046 INFO [STDOUT] YWRtaW5pc3RyYXRvcg==
2010-04-03 11:55:13,046 INFO [STDOUT] 334 UGFzc3dvcmQ6
2010-04-03 11:55:13,046 INFO [STDOUT] YWJjZDEyMzQ=
2010-04-03 11:55:13,062 INFO [STDOUT] 235 2.7.0 Authentication successful.
2010-04-03 11:55:13,062 INFO [STDOUT] DEBUG SMTP: use8bit false
2010-04-03 11:55:13,078 INFO [STDOUT] MAIL FROM:<administrator@mydomain.com>
2010-04-03 11:55:13,078 INFO [STDOUT] 250 2.1.0 administrator@mydomain.com....Sender OK
2010-04-03 11:55:13,078 INFO [STDOUT] RCPT TO:<administrator@mydomain.com>
2010-04-03 11:55:13,078 INFO [STDOUT] 250 2.1.5 administrator@mydomain.com
2010-04-03 11:55:13,078 INFO [STDOUT] DEBUG SMTP: Verified Addresses
2010-04-03 11:55:13,093 INFO [STDOUT] DEBUG SMTP: administrator@mydomain.com
2010-04-03 11:55:13,093 INFO [STDOUT] DATA
2010-04-03 11:55:13,093 INFO [STDOUT] 354 Start mail input; end with <CRLF>.<CRLF>
2010-04-03 11:55:13,093 INFO [STDOUT] Message-ID: <27633417.1207238112921.JavaMail.administrator@WIN3KEE>
Date: Thu, 3 Apr 2010 11:55:12 -0400 (EDT)
From: administrator@mydomain.com
To: administrator@mydomain.com
Subject: OIM User Added by reconciliation
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
An OIM User OIM008 was added.
.
2010-04-03 11:55:13,781 INFO [STDOUT] 250 2.6.0 <27633417.1207238112921.JavaMail.administrator@WIN3KEE> Queued mail for delivery
2010-04-03 11:55:13,781 INFO [STDOUT] QUIT
Unable to Access User Profile Information with Approval Notification Email Definition
CONDITION
An email definition that is used to notify administrators / approvers of pending approval tasks has been created. The name of the user who made the request was not included in the notification email even though the <User Profile Information.First Name> tag was in the definition. It does not appear as though any of the variables for 'User Profile Information' are available. When setting the email definition as Provisioning Related, Request Related or General information, tags such as
<User Profile Information.First Name>
are not replaced with the appropriate First Name of the user in question.
It was expected that email would include the First Name of the user for this request replaced in for the <User Profile Information.First Name> tag.
For approval processes, as there can be more than one target user that the approval is for, the Oracle Identity Manager (OIM) server would not know which user to obtain the User Profile Information for and use it in the email notification.
How to Fix
As mentioned above, as a single approval can be for a set of users, OIM would not be able to know which user should be used in retrieving User Profile Information to be used in a notification email.
This type of dynamic substitution with User Profile Information is not supported for Approval notifications
How to Send an Email Notification Upon User Creation via the Admin Console
REQUIREMENT
It is desired to send a notification email to a user after an identity record is created in Oracle Identity Manager (OIM) via the Admin Console. Where does the the email template get attached to for this and how is that done so an OIM account holder gets the email notification?
A notification cannot be added to the Add User task in the Xellerate User provisioning process definition. But you can add a notification to the Reconciliation Insert Received Task as documented in that same Tech Note, for user accounts created via a trusted reconciliation.
If you want to send a notification for a user created via the Admin Console then you would need to employ a new task in the Xellerate User provisioning process instead. The steps below assume that the initial configuration of an email server and related steps required for making use of email notification have been completed already. For more info on those steps you may refer to Chapter 6 of the Design Console Guide for your version of OIM.
- Open the "Xellerate User" provisioning process definition in the Design Console -> Process Management -> Process Definition.
- Add a new task called "Notify" for example.
- Check Required for Completion, Allow Cancel and optionally Disable Manual Insert.
- In the Integration tab, add tcCompleteTask.
- In the assignment tab, add an entry with the Default rule, target type of User, and for the User field pick an existing user with a valid email address in their User Profile.
- In the Notification tab add an entry and check Assignee, have the Status field set to C and for the Email field pick a Provisioning type of Notification Template that you have already created
- Make sure the other steps from the mentioned notes are completed for the IT Resource and email configuration.
- Now create some new user and the email notification should be sent to the user from step 5.
