Pageviews

Monday, July 22, 2013

Flat File Reconciliation OIM 11g, OIM 11g R1, OIM 11g R2

OIM 11G : Using Flat File as Trusted Resource for Reconciliation of Users.

Steps

1. CREATE SHARED DRIVE, CSV AND ARCHIVE
2. CREATE GENERIC CONNECTOR
3. RUN SCHEDULER AND CONFIRM
4. CREATING RULE GENERATORS
5. CREATING RECONCILATION PROFILE
6. RUN SCHEDULER
7. SEARCH RECONCILIED USER

-------------------------------------------------------------------------------------------------------

1. CREATE SHARED DRIVE, CSV AND ARCHIVE

    Create a directory Archive in C:\myDIR\HRFEED\

  

Create a csv file, name it hrfeed.csv and place it in C:\myDIR\HRFEED\ with file containing below details.
  


2. CREATE GENERIC CONNECTOR

    Login to sysadmin page of OIM with url

    http://localhost:14000/sysadmin

    place your hostname and port accordingly.



    Enter OIM user name and password and sign in to OIM sysadmin console



  Click on Generic Connector link in the Left Pane

Click on Create to create a new Generic Connector.
 

 Populate the fields as given below, uncheck provisioning and continue.


Now Specify Correct parameters in step 2 and continue.





Now in step 3 a pop-up will get displayed showing the mapping between your flat file attributes with OIM.

Here we require two new attributes in Reconciliation Staging table to map it with OIM Table.

Click on + icon in Reconciliation Staging table to add new attributes.


Fill all details as given below and click continue.

  

  


Repeat above steps to create userType attribute in Reconciliation Staging Table.




 


Now it's time to map Reconciliation Staging Table to OIM table.
Click on the edit button of UserLogin Attribute of OIM table and click continue to map.


 

 After mapping each and every attribute we will get following matching lines.

Click close to jump into step 5.



Click save and wait for some time



After clicking save button connector creation confirmation window will appear . Close and go to sysadmin console.



3. RUN SCHEDULER AND CONFIRM

Click on Scheduler link on the Left Pane under System Management.





A pop up will get appear, click on search arrow to get the list of scheduler jobs.



Find and open OIM_FlatFile_Recon_GTC and click Run now button.



Confirm job is running.



Go to oim_server terminal and watch for the error. If you receive the same error, then you need to configure the newly created GTC.



4. CREATING RULE GENERATORS

Design Console Configuration Needed . If it is already configured then continue to the below steps or configure design console using following link

http://onlineappsdba.com/index.php/2010/10/11/part-vii-install-configure-oim-design-console-oracleidm-11g-step-by-step-installation-of-oam-oim-oaam-oapm-oin/

To debug the above error we need to create rule generators for the newly created GTC.

Open design console from windows start menu

or alternatively you can also start by going to path

MIDDLEWARE_HOME\Oracle_IDM1\designconsole\xlclient

Login to design console with OIM user name and password.


Click and open resource object form, from left panel, and click query button from toolbar, then go to resource objects table tab. In this step we will confirm that the newly created connector appears in database records.


Click on OIM_FlatFile_Recon_GTC record and open Resource Objects Tab


Select and Copy name field.


Now open Reconciliation Rule form and paste the copied resource object name in previous step into Object field and click on Query icon.


If no record message appears, we will create a new one, a new Rule for flat file reconciliation.


So to create a rule, populate fields as below and save it.


Click on Add Rule Element button.

Fill up the fields as below and save it.


Close the error message and exit.


Click yes to exit.


Click save and close the error message if any.


Close the form


5. CREATING RECONCILATION PROFILE
    Open Resource Object form, query for records.


Open Resource Object Table Tab and select OIM_FlatFile_Recon_GTC record


Now open Resource Object.


Go to Object Reconciliation Tab in above panel


Click on Create Reconciliation Profile



Cut and paste hrfeed.csv file from Archive Directory to HRFEED directory.



6. RUN SCHEDULER Login to sysadmin.
      Click on scheduler link on the Left Pane.


A pop up will get appear, click on search arrow to get the list of scheduler jobs.


Find and open OIM_FlatFile_Recon_GTC and click Run now button.


Confirm job is running.


Open oim_server terminal and check for the following message without any error.


7. SEARCH RECONCILIED USER

Login to oim self service console using

http:\\localhost:14000\oim

Change IP address and port Accordingly. Click on User link on left pane


Click on search and find new user reconciled from the flat file.


Hope this was helpful post. Please give your Valuable feedback and comments for any queries.




36 comments:

  1. I have followed all the steps but my users in csv file not uploaded to oim.even there is no error in server.Is it any perticular directory structure for csv file and archive directory in computer.
    please reply ASAP

    ReplyDelete
  2. This comment has been removed by the author.

    ReplyDelete
  3. This comment has been removed by the author.

    ReplyDelete
  4. Hi Tushar,

    Please mention your directory structure as described in Step 2 of Create a new Generic Connector. There is no particular directory Structure. Just you have mention in Generic Connector Creation which ever directory structure you are following.

    Regards
    Ritesh Maddala

    ReplyDelete
    Replies
    1. hi,
      my directory is F:\YIMS\HRFEED\Archive..
      I saw the successful message in log. but there is another exception

      "Caused By: javax.xml.bind.UnmarshalException - with linked exception:"
      can you help on this

      Delete
  5. Hi Tushar,

    Please Send me the full logs to understand the error

    Regards
    Ritesh Maddala

    ReplyDelete
  6. Hi Tushar,

    When you reconcile for the first time you always get this exception. So follow the post configuration steps as described above in the blog. You need to create a new Reconciliation Matching Rule followed by Reconciliation Profile Creation.

    This will definitely help you.

    Regards
    Ritesh Maddala

    ReplyDelete
    Replies
    1. Hello Ritesh,

      If we don't want to get this error even for the first time, we have to ✔️ the matching only check box while doing mappings from staging table and oim table.

      Thanks & Regards
      Mahesh Kumar Thiruveedula

      Delete
  7. Hi Rities,

    All the step I followed and it is successful also. But the users in .csv file not showing in the OIM console.

    help me out.

    ReplyDelete
  8. Hi Anand,

    Can you please send me the OIM diagnostic logs , to check what is the exact problem you are facing.

    Regards
    Ritesh

    ReplyDelete
  9. ]]
    [2013-12-11T18:35:55.554+05:30] [oim_server1] [ERROR] [] [org.quartz.impl.jdbcjobstore.JobStoreCMT] [tid: QuartzScheduler_OIMQuartzScheduler-YP1002639DT1386752781242_MisfireHandler] [userId: oiminternal] [ecid: 0000KBWtadd8TsXLxux0iW1Ie2eP000001,1:27935] [APP: oim#11.1.2.0.0] MisfireHandler: Error handling misfires: Unexpected runtime exception: null[[
    org.quartz.JobPersistenceException: Unexpected runtime exception: null [See nested exception: java.lang.NullPointerException]
    at org.quartz.impl.jdbcjobstore.JobStoreSupport.doRecoverMisfires(JobStoreSupport.java:3042)
    at org.quartz.impl.jdbcjobstore.JobStoreSupport$MisfireHandler.manage(JobStoreSupport.java:3789)
    at org.quartz.impl.jdbcjobstore.JobStoreSupport$MisfireHandler.run(JobStoreSupport.java:3809)
    Caused by: java.lang.NullPointerException
    at org.quartz.SimpleTrigger.computeNumTimesFiredBetween(SimpleTrigger.java:800)
    at org.quartz.SimpleTrigger.updateAfterMisfire(SimpleTrigger.java:514)
    at org.quartz.impl.jdbcjobstore.JobStoreSupport.doUpdateOfMisfiredTrigger(JobStoreSupport.java:944)
    at org.quartz.impl.jdbcjobstore.JobStoreSupport.recoverMisfiredJobs(JobStoreSupport.java:898)
    at org.quartz.impl.jdbcjobstore.JobStoreSupport.doRecoverMisfires(JobStoreSupport.java:3029)
    ... 2 more

    ]]

    ReplyDelete
  10. Hi Anand,

    In my opinion it is due to false setting of your Quartz Scheduler timer.
    Please try to follow the below link, and let me it worked or not

    http://yourhelperall.blogspot.in/2013/05/reconciliation-issue-misfirehandler.html

    Regards
    Ritesh

    ReplyDelete
  11. hi ritesh
    this is narasimha
    i followed all the step and i got the output. now i want to login with the user created by the gtc then will be the password of that userlogin
    how to give the password attribute through flat file or is there any other way to send password to oim from flat file

    ReplyDelete
    Replies
    1. Hi Narasimha,

      Glad to know, that it worked for you. Since this post is just an example, I haven't used Password field, in Flat File. If you want to try with the Password field in your Flat File , please do follow the same steps mentioned in the post and create a new Flat File Reconciliation connector with Password field.

      For now you can update a password of the User you have created by Flat File by logging into OIM sysadmin with OIM administrator from the OIM user management console and relogin to OIM with the newly created user credentials.

      Hope this will help you.

      Regards
      Ritesh Maddala

      Delete
    2. Hi Ritesh

      i have taken password field in flat file as you said and when i was mapping the flatfile fields to oim fields i cant find the password field in oim fields so how can i map.. is there any another way....
      i also have one more issue please help me. how to do multivalued target flat file recon . if you have any document regarding multivalued target recon please post it in your blog or please send to my mail i.e narasimha.idm@gmail.com
      thank you...

      Delete
    3. Hi Narasimha,

      1. May be OIM doesn't provide Password field to Map.(I am not sure, please do some R&D on this)
      2. What do you mean by Multivalued Target Field ?

      Regards....

      Delete
  12. Hi Ritesh
    Multivalued taget fields means.Let us suppose i have a target system in which a user is assigned in three groups and now i want to do target recon through flat file and link with oim user account during recon i also need to pass the group names in which he is assigned in a separate file.
    i also didn't work on it i read this in one developers document of oracle.. this is my scenerio can you help me in any way

    Thank You

    ReplyDelete
  13. Hi Ritesh,

    In Flat File Recon, how to send the users with start date and end date to oim..In my case, If I send the users normally without start date and end date,its working fine but if i include start date and end date in csv file.I am not getting the users in to OIM. Can you please help me with this. Is there any specific format to enter the start date and end date.When i check the log file its showing max size that I can enter is 7 but I want it in the format like(YYY/MM/DD HH.MM.SS Z)

    ReplyDelete
    Replies
    1. Hi Dev,

      In my opinion, do this:

      1. Goto Settings of Connector and change the Source Date Format to the Date Format of your choice. If this will not work then follow the Step 2.

      2. Create a new field - Date Format ( value must be : "YYY/MM/DD HH.MM.SS Z" ) in your Flat File and Map it with the Date Format of OIM fields. Follow all the process as it is, as given in this post , but during Settings of Generic connector specify the Source Date Format as "YYY/MM/DD HH.MM.SS Z".

      Hope this will help you.

      Regards
      Ritesh Maddala

      Delete
  14. Hi Ritesh,

    I have changed the Source datatype to date in the mapping which i did not realise to change it before and it works fine.But,thanks a lot for your help..

    Regards,
    Prasad Nandigam..

    ReplyDelete
  15. Hi Ritesh,

    Good sampling and explanation. The above steps worked for me. Thanks.

    If I understand correctly, in the step 3 of your blog, that is 'Reconciliation Stagin', we are mapping the data coming through the flat file to OIM user data fields and in this process, we also create two new fields 'Role' and 'User- Type' whose values are string literals, 'OTHER' and 'End-user' respectively. This means, each user that we reconsile to OIM, we give these two values 'OTHER' and 'End-user'.

    But when I check the users created after recon in OIM, I see that the user type field has the value 'OTHER' and the ROLE assigned to the users are 'All Users'.

    I have checked the mapping in the reconciliation staging and it seems ok to me. The users first name, last name, organization, email are getting mapped correctly.

    Do you have a clue why this is happening and where else should I look for possible errors?

    ReplyDelete
  16. Hi Ritesh, When I am trying to follow these steps when click on continue after 2nd step i ma getting below error '' Either there are no parent files in the staging directory or the required access (Read) permissions are missing. "

    ReplyDelete
    Replies
    1. Hi Prashanth,

      Exactly in which step you are getting this error.

      If you are receiving this error in the step where you run Scheduler then check the Archive directory and Cut and paste hrfeed.csv file from Archive Directory to HRFEED directory.

      Or if you have csv file there then check for User permissions for that directory and give all permissions to that directory if you are using Linux.

      And please share log as well to investigate in depth.

      Regards
      Ritesh

      Delete
  17. Hi ritesh!

    Thanks for this helping post.
    I need to reconcile 2nd time from the same file, is there anyway for that?

    Regards,
    Mian.

    ReplyDelete
    Replies
    1. Hi Milan,

      You can do reconciliation multiple times, just update the archived file with new user details and place it in reconciliation directory.

      And re-run the Scheduler.

      Hope this helps.

      Thanks & Regards
      Ritesh

      Delete
  18. Hi Ritesh,

    This is abhinav here, as i have done the same reconcillation process as in above blog but it's not working and throwing the error as ORA Error Code =>ORA-01400: cannot insert NULL into () ORA Error Stack =>ORA-06512: at "DEV_OIM.OIM_SP_RECONBLKUSERCRUD", line 747
    on the event management screen can u pls help me out with that

    ReplyDelete
    Replies
    1. Hi Abhinav,

      Please try below workarounds -

      1. Verify that you provided "Trusted Recon = Yes" while creating this GTC.

      2.Check the recon rule.

      3.Create Reconciliation Profile again.

      4.Check flat file and populate all mandatory fields with correct values.

      5.Run Reconciliation again.

      6.Check recon events

      Thanks

      Delete
    2. Hi Ritesh,
      I followed the above procedure but in log file it is not showing File Archived instead of that it is showing like below

      [2016-08-18T23:04:45.044+00:00] [oim_server1] [NOTIFICATION] [] [oracle.iam.scheduler.impl.quartz] [tid: OIMQuartzScheduler_Worker-6] [userId: oiminternal] [ecid: 0000LPqKjEs0nnG6yzIbMG1Netcm000002,1:19885] [APP: oim#11.1.2.0.0] Job Listener, Job to be executed Description null FullName DEFAULT.Evaluate User Policies Name Evaluate User Policies
      [2016-08-18T23:04:45.053+00:00] [oim_server1] [NOTIFICATION] [] [oracle.iam.scheduler.impl.quartz] [tid: OIMQuartzScheduler_Worker-6] [userId: oiminternal] [ecid: 0000LPqKjEs0nnG6yzIbMG1Netcm000002,1:19885] [APP: oim#11.1.2.0.0] Method details Method details: executeJob
      [2016-08-18T23:04:45.053+00:00] [oim_server1] [NOTIFICATION] [] [oracle.iam.scheduler.vo] [tid: OIMQuartzScheduler_Worker-6] [userId: oiminternal] [ecid: 0000LPqKjEs0nnG6yzIbMG1Netcm000002,1:19885] [APP: oim#11.1.2.0.0] Method details executeJob Evaluate User Policies
      [2016-08-18T23:04:45.063+00:00] [oim_server1] [WARNING] [] [XELLERATE.SCHEDULER.TASK] [tid: OIMQuartzScheduler_Worker-6] [userId: oiminternal] [ecid: 0000LPqKjEs0nnG6yzIbMG1Netcm000002,1:19885] [APP: oim#11.1.2.0.0] tcTskUsrEvaluatePolicies/init: maxWorkerCount: 20 batchSize: 500 maxExecutionTimeMins: null startTime: 1471561485063
      [2016-08-18T23:04:45.281+00:00] [oim_server1] [WARNING] [] [XELLERATE.SCHEDULER.TASK] [tid: OIMQuartzScheduler_Worker-6] [userId: oiminternal] [ecid: 0000LPqKjEs0nnG6yzIbMG1Netcm000002,1:19885] [APP: oim#11.1.2.0.0] tcTskUsrEvaluatePolicies/execute
      [2016-08-18T23:04:45.298+00:00] [oim_server1] [NOTIFICATION] [] [oracle.iam.scheduler.impl.quartz] [tid: OIMQuartzScheduler_Worker-6] [userId: oiminternal] [ecid: 0000LPqKjEs0nnG6yzIbMG1Netcm000002,1:19885] [APP: oim#11.1.2.0.0] Job Listener, Job was executed QuartzJobListener.jobWasExecuted Description null FullName DEFAULT.Evaluate User Policies Name Evaluate User Policies

      Delete
  19. Hi Ritesh,

    Will U please provide the Flat File Provisioning in oim.

    ReplyDelete
  20. Hi Ritesh,

    This blog is a very good learning, appreciate it.

    Please provide some more about OIM stuffs, as We are very new in this technology.

    Thanks for sharing this.

    ReplyDelete
  21. Hi,

    I use Full recon in the GTC. But the recon creates events for unchanged records too every time we run GTC. The event status is Update Succeeded for all events. Any idea why the evnts are generated for unchanged records in Full recon.?

    Thanks
    Deepa

    ReplyDelete
  22. • Nice and good article. It is very useful for me to learn and understand easily. Thanks for sharing your valuable information and time. Please keep updatingAzure Online course bangalore

    ReplyDelete
  23. https://learnoracleidentity.blogspot.com/

    ReplyDelete
  24. Thanks for sharing this information!
    I totally agree with you. Your information is very interesting and important. I really like this information.Our easy web plans company is famous in Advanced Oracle Identity Manager Online Training in Hyderabad .
    If you want to see our training venue then click on links: http://lucidtechsystems.com/oracle-identity-manager-online-training/
    Call Now: +91-965-292-6376
    Drop Mail: info@lucidtechsystems.com

    ReplyDelete
  25. Hey I am trying to do the following step accordingly. my feedHr file is going into the archive folder. still the User is not showing in identity console , and there is no such error in log file too so what to do ??
    please guide me!

    ReplyDelete