To compile the sample adapter, the following steps must be executed:
1. Create a work folder, let's say c:\work and inside create the following structure:
c:\work\com\oracle\events\
2. Create a java file in c:\work\com\oracle\events\ named tcGenerateRandomPassword.java
3. Copy the source code provided in this document to the java file.
4. In c:\work create a file named compile.bat with the following contents:
set OIM_LIBS=c:\oim91\xellerate\lib set CLASSPATH=%OIM_LIBS%\xlLogger.jar;%OIM_LIBS%\xlDataObjects.jar;%OIM_LIBS%\xlVO.jar;%OIM_LIBS%\xlUtils.jar javac -classpath %CLASSPATH% com\oracle\events\tcGenerateRandomPassword.java jar cf randomPwdGen.jar *
Modify OIM_LIBS to point to the correct lib folder on the machine.
5. Run compile.bat and check for any compilation errors.
6. At this point a JAR file named randomPwdGen.jar will be created in c:\work folder.
To add the new created event handler to OIM server, perform the following steps:
1. Copy the file randomPwdGen.jar from c:\work to OIM_HOME\xellerate\EventHandlers
2. Open Design Console and navigate to:
Development Tools -> Business Rule Definition -> Event Handler Manager
3. Create a new Event Handler and specify:
Event Handler Name: tcGenerateRandomPassword
Package: com.oracle.events
Pre-Insert: Checked
4. Save the event handler
5. Navigate to Development Tools -> Business Rule Definition -> Data Object Manager
6. Search for "Users" and add the event handler to the Pre-Insert list.7. Save.
package com.oracle.events;
import java.util.Random;
import com.thortech.xl.dataobj.tcDataSet;
import com.thortech.xl.util.logging.LoggerMessages; import com.thortech.xl.util.logging.LoggerModules;
import com.thortech.util.logging.Logger;
public class tcGenerateRandomPassword extends com.thortech.xl.client.events.tcBaseEvent
{
private static Logger logger = Logger.getLogger(LoggerModules.XL_JAVA_CLIENT);
public tcGenerateRandomPassword()
{
setEventName("Generating a random password for a User.");
}
protected void implementation() throws Exception
{
if (getDataObject().isDeleting())
{
return;
}
if (getDataObject().isUpdating())
{
return;
}
String randomPassword = getRandomPassword();
getDataObject().setString("usr_password",randomPassword);
return;
}
private String getRandomPassword()
{
StringBuffer buffer = new StringBuffer();
Random random = new Random();
for ( int i = 0; i < 10; i++ ) {
buffer.append(((char)
('a'+random.nextInt(20))));
}
return buffer.toString();
}
}
Monday, March 15, 2010
How to remove fields from OIM User Creation Page
How to remove fields from OIM User Creation Page?
The field which you want to remove from User Creation Page. For this you need to remove field entry from two sections "
"
and " " of the FormMetaData.xml file.
For example:=========If we want to remove all provisioning and deproviong following field :
1.Provisioning Date
2.Deprovisioning Date
3.Provisioned Date
4.Deprovisioned DateSteps:====
1. Open FormMetadata.xml (\xellerate\config\)
2. Remove(delete) or comment these entry from FormMetadata.xml.
3. Save it .
4.Restart server
5.Login with OIM WebClient and click on User>>Create User.
The field which you want to remove from User Creation Page. For this you need to remove field entry from two sections "
"
and " " of the FormMetaData.xml file.
For example:=========If we want to remove all provisioning and deproviong following field :
1.Provisioning Date
2.Deprovisioning Date
3.Provisioned Date
4.Deprovisioned DateSteps:====
1. Open FormMetadata.xml (
2. Remove(delete) or comment these entry from FormMetadata.xml.
3. Save it .
4.Restart server
5.Login with OIM WebClient and click on User>>Create User.
How Increase OIM Group Name Maximum Length
Many organizations have a large number of groups and use an hierarchical naming convention which can easily exceed the 30 character group name length limitation in Oracle Identity Manager .
To increase the allowed length of the group name, attributes need to be modified in the database and in the metadata display options. The following steps increases the limitation on group name length from 30 to 2000:
Increase the width of the UGP_NAME column with the following SQL: alter table UGP modify UGP_NAME varchar2(2000 char);
Increase the width of Group Name field in the Admin Console:
a. Edit the\xellerate\config\FormMetaData.xml file.
b. Locate the line:
c. Change the dataLength from 30 to 2000:
d. Save and close the file. e. Restart the application server.
To increase the allowed length of the group name, attributes need to be modified in the database and in the metadata display options. The following steps increases the limitation on group name length from 30 to 2000:
Increase the width of the UGP_NAME column with the following SQL: alter table UGP modify UGP_NAME varchar2(2000 char);
Increase the width of Group Name field in the Admin Console:
a. Edit the
b. Locate the line:
d. Save and close the file. e. Restart the application server.
How to add Enable, Disable, Revoke Functionality for Resource Objects in OIM
How to add Enable, Disable, Revoke Functionality for Resource Object in OIM so that "Enable" , "Disable" and "Revoke" button works on User's Resource Profile form in OIM Web Client.
Follow these steps:
1) Login to java client as "xelsysadm" user and create a resource object Ro1 for User with allow all, allow multiple check boxes checked.
2) Create a provisioning process Ro1_pp and attach the resource Ro1 with this.
3) Add a task "Enable". Check the conditional, allow multiple instances check boxes. Select task effect as "Enable process or Access to application" and save.
4) Move to integration tab and select system handler task "tcCompleteTask" and save.
5) Move to Task to object status mapping and map completed to "Enabled" object status.
6) Add another task as "Disable". Check the conditional, allow multiple instances check boxes. Select task effect as "Disable process or Access to application" and save.
7) Move to integration tab and select system handler task "tcCompleteTask" and save.
8) Move to Task to object status mapping and map completed to "Disabled" object status.
9) Add another task as "Revoke". Check the conditional check box.select task effect as "No effect" and save.
10) Move to integration tab and select system handler task "tcCompleteTask" and save.
11) Move to Task to object status mapping and map completed to "Revoked" object status.
12) Add another task as "Provision". Check allow multiple instances check boxes
13) Move to integration tab and select system handler task "tcCompleteTask" and save.
14) Move to Task to object status mapping and map completed to "Provisioned" object status.
15) Move to undo/recovery tab and assign "Revoke" task in Undo Tasks section.
16) Now provision this "Ro1" resource to any user e.g. "user1".
17) Resource will be provisioned to "user1" and Ro1's status will be "Provisioned".
Expected results after clicking:
Disable : check the disable check box against the resource and click on disable button
Expected result -> Resource get disabled.
Enable: check the enable check box against the resource and click on enable button
Expected result -> Resource get enabled.
Revoke: check the revoke check box against the resource and click on revoke buttonExpected result -> Resource get revoked
Follow these steps:
1) Login to java client as "xelsysadm" user and create a resource object Ro1 for User with allow all, allow multiple check boxes checked.
2) Create a provisioning process Ro1_pp and attach the resource Ro1 with this.
3) Add a task "Enable". Check the conditional, allow multiple instances check boxes. Select task effect as "Enable process or Access to application" and save.
4) Move to integration tab and select system handler task "tcCompleteTask" and save.
5) Move to Task to object status mapping and map completed to "Enabled" object status.
6) Add another task as "Disable". Check the conditional, allow multiple instances check boxes. Select task effect as "Disable process or Access to application" and save.
7) Move to integration tab and select system handler task "tcCompleteTask" and save.
8) Move to Task to object status mapping and map completed to "Disabled" object status.
9) Add another task as "Revoke". Check the conditional check box.select task effect as "No effect" and save.
10) Move to integration tab and select system handler task "tcCompleteTask" and save.
11) Move to Task to object status mapping and map completed to "Revoked" object status.
12) Add another task as "Provision". Check allow multiple instances check boxes
13) Move to integration tab and select system handler task "tcCompleteTask" and save.
14) Move to Task to object status mapping and map completed to "Provisioned" object status.
15) Move to undo/recovery tab and assign "Revoke" task in Undo Tasks section.
16) Now provision this "Ro1" resource to any user e.g. "user1".
17) Resource will be provisioned to "user1" and Ro1's status will be "Provisioned".
Expected results after clicking:
Disable : check the disable check box against the resource and click on disable button
Expected result -> Resource get disabled.
Enable: check the enable check box against the resource and click on enable button
Expected result -> Resource get enabled.
Revoke: check the revoke check box against the resource and click on revoke buttonExpected result -> Resource get revoked
How to Propagate Data from Xellerate User to AD User Resource
To update AD User process form when the User definition is updated. Here we are using user's Business Phone as an example. When user's phone no. is changed in user profile, this change is propagated to AD process form
1)Add UDF USR_UDF_BUS_PHONE
2)Double click on "Lookup Definition" and query for this "Lookup.USR_PROCESS_TRIGGERS" code.
3)Add "Lookup Code Information" like this.
Code Key >>>USR_UDF_BUS_PHONE Decode>>>>Change Business Phone Number Language>>>en Country>>>>US
4) create one adapter of type process task
i)Move to Variable List tab and create a variable "var1" Resolve at run time.
ii)Add logic task -> SET VARIABLE and click on continue
iii)In Add Set Variable Task Parameter dialog, select Adapter return value in variable name drop down, Operand Type as Variable, Operand Qualifier ->"var1" created in 4i).
5)Add one task AD User process named "Change Business Phone Number" the task name should be exactly same as Decode value in lookup definitions. make it conditional and also check "Allow Multiple Instances".
6)In "Integration" tab of task add adapter you have created in 4) map adapter variables. Adapter Return Variable>> Process Date>>map with form field which you want update with user's Business Telephone USR_UDF_BUS_PHONE field. adapter variable>>>User Definition>>>map with user's Business Telephone USR_UDF_BUS_PHONE field.
1)Add UDF USR_UDF_BUS_PHONE
2)Double click on "Lookup Definition" and query for this "Lookup.USR_PROCESS_TRIGGERS" code.
3)Add "Lookup Code Information" like this.
Code Key >>>USR_UDF_BUS_PHONE Decode>>>>Change Business Phone Number Language>>>en Country>>>>US
4) create one adapter of type process task
i)Move to Variable List tab and create a variable "var1" Resolve at run time.
ii)Add logic task -> SET VARIABLE and click on continue
iii)In Add Set Variable Task Parameter dialog, select Adapter return value in variable name drop down, Operand Type as Variable, Operand Qualifier ->"var1" created in 4i).
5)Add one task AD User process named "Change Business Phone Number" the task name should be exactly same as Decode value in lookup definitions. make it conditional and also check "Allow Multiple Instances".
6)In "Integration" tab of task add adapter you have created in 4) map adapter variables. Adapter Return Variable>> Process Date>>map with form field which you want update with user's Business Telephone USR_UDF_BUS_PHONE field. adapter variable>>>User Definition>>>map with user's Business Telephone USR_UDF_BUS_PHONE field.
How To Add Parent Organization Name In Lookup
------------How to add new search criteria in "Filter By" drop-down field and also add additional column?Need to display Organization Parent name in organization lookup
For adding new search criteria in
"Filter By" drop-down field and additional column. We need toadd that filed in the two files.1)
FormMetaData.xml (\xellerate\config\)
2)xlWebAdmin_en.properties(\server\default\deploy\Xellerate.ear\xlWebApp.war\WEB-INF\Classes\)
Please follow the following steps:For example:To add "Organizations Parent Name" and Status in search field.1)
Open FormMetaData.xml (\xellerate\config\)
2) Add one more field "Organizations.Parent Name" in below section and save file.displayColumns="Organizations.Organization Name,Organizations.Status,Organizations.Parent Name"----
----
3) Open xlWebAdmin_en.properties
(\server\default\deploy\Xellerate.ear\xlWebApp.war\WEB-INF\Classes\)Search for the term "lookupfield.header."
in that file and add below to the end of the existingentires.lookupfield.header.organizations.status=Statuslookupfield.header.organizations.parent_name=Parent Name
4) Save
5) Restart Server
For adding new search criteria in
"Filter By" drop-down field and additional column. We need toadd that filed in the two files.1)
FormMetaData.xml (
2)xlWebAdmin_en.properties(
Please follow the following steps:For example:To add "Organizations Parent Name" and Status in search field.1)
Open FormMetaData.xml (
2) Add one more field "Organizations.Parent Name" in below section and save file.displayColumns="Organizations.Organization Name,Organizations.Status,Organizations.Parent Name"----
3) Open xlWebAdmin_en.properties
(
in that file and add below to the end of the existingentires.lookupfield.header.organizations.status=Statuslookupfield.header.organizations.parent_name=Parent Name
4) Save
5) Restart Server
Defining a Task Assignment Adapter in Oracle Identity Manager
Purpose
This article describes how to define a “Task Assignment” adapter in Oracle Identity Manager and Oracle Identity Manager Connectors.
Scope and Application
Task Assignment adapters can be used in Oracle Identity Manager for provisioning purpose and at the same time they can be used in Oracle Identity Connectors to extend the generic functionality provide by out-of-box connectors.
This article describes how to define a “Task Assignment” adapter in Oracle Identity Manager and Oracle Identity Manager Connectors.
Scope and Application
Task Assignment adapters can be used in Oracle Identity Manager for provisioning purpose and at the same time they can be used in Oracle Identity Connectors to extend the generic functionality provide by out-of-box connectors.
Task Assignment adapter is required to return at least following outputs:
key (user key or group key) and type ("User" or "Group")
And one may need to define a custom class to return these values. In order to define a custom class it is important to note that task assignment adapter needs at least a key (user key or group key and a type("User" or "Group") to be returned as its output so that it works correctly. Therefore customized class should implement at least these 2 methods: one method should return a key (can be usr_key of user whom you want the task to be assigned to) and another method should return type ("Group" in case you want to assign it to "Group" or "User" if you want it to be assigned to a user). Methods can take any input parameters and one can use desired logic to determine the correct user or group one wants but one of these methods should return a key as output while the other method should return type as output. Following is a sample only which one can use/refer to define a custom class which can be used in defining Task Assignment adapter:
import java.io.PrintStream;
And one may need to define a custom class to return these values. In order to define a custom class it is important to note that task assignment adapter needs at least a key (user key or group key and a type("User" or "Group") to be returned as its output so that it works correctly. Therefore customized class should implement at least these 2 methods: one method should return a key (can be usr_key of user whom you want the task to be assigned to) and another method should return type ("Group" in case you want to assign it to "Group" or "User" if you want it to be assigned to a user). Methods can take any input parameters and one can use desired logic to determine the correct user or group one wants but one of these methods should return a key as output while the other method should return type as output. Following is a sample only which one can use/refer to define a custom class which can be used in defining Task Assignment adapter:
import java.io.PrintStream;
public class TATest
{
public TATest()
{
}
public static void main(String args[])
{
}
public String getGrouporUserKey(String s, String s1)
{
String grpOrUserKey; //logic to determine correct group's or user's key you want task to be assigned to return grpOrUserKey;
}
public String getUsrOrGroupType(String s, String s1)
{
String getUsrOrGroupType; //can have value either "Group" or "User"
//logic to determine correct group or user type return getUsrOrGroupType;
}
}
How To Allow User Accounts Other than 'xelsysadm' To Login To OIM Design Console which have only "READ ONLY"
It is possible that a user who do not belong to 'SYSTEM ADMINISTRATORS' group can login into Design Console and will only have read only access.
Please follow below steps to achieve this:
1) Create a group e.g. 'group1'
1) Create a user e.g. 'user1', when creating user choose "End-User Administrator" as "User Type"
3) Now login into Design Console with 'xelsysadm'.
4) Go to User Management- >> Group Entitlements
5) Search for 'group1'
6) In Group Entitlements Assign the Forms you wants to be visible to members of 'group1' e.g. "Resource Objects", "Process Definition", "Data Object Manager" etc.
7) Now 'user1' can login into Design Console.
8 ) 'user1' will be able to see that data for which 'group1' has permissions e.g. if for 'ro1' resource 'group1' has been assigned in Administrators tab and 'write' and 'delete' checkboxes are unchecked then 'user1' will be able to see 'ro1' resource in Design console but can not update anything. Same permission model can be used for other components as well.
You can repeat the same process for any number of users.
Please follow below steps to achieve this:
1) Create a group e.g. 'group1'
1) Create a user e.g. 'user1', when creating user choose "End-User Administrator" as "User Type"
3) Now login into Design Console with 'xelsysadm'.
4) Go to User Management- >> Group Entitlements
5) Search for 'group1'
6) In Group Entitlements Assign the Forms you wants to be visible to members of 'group1' e.g. "Resource Objects", "Process Definition", "Data Object Manager" etc.
7) Now 'user1' can login into Design Console.
8 ) 'user1' will be able to see that data for which 'group1' has permissions e.g. if for 'ro1' resource 'group1' has been assigned in Administrators tab and 'write' and 'delete' checkboxes are unchecked then 'user1' will be able to see 'ro1' resource in Design console but can not update anything. Same permission model can be used for other components as well.
You can repeat the same process for any number of users.
Subscribe to:
Posts (Atom)