OIM 11G : Using Flat File as Trusted Resource for Reconciliation of Users.
Steps
1. CREATE SHARED DRIVE, CSV AND ARCHIVE
2. CREATE GENERIC CONNECTOR
3. RUN SCHEDULER AND CONFIRM
4. CREATING RULE GENERATORS
5. CREATING RECONCILATION PROFILE
6. RUN SCHEDULER
7. SEARCH RECONCILIED USER
-------------------------------------------------------------------------------------------------------
1. CREATE SHARED DRIVE, CSV AND ARCHIVE
Create a directory Archive in C:\myDIR\HRFEED\
Create a csv file, name it hrfeed.csv and place it in C:\myDIR\HRFEED\ with file containing below details.
2. CREATE GENERIC CONNECTOR
Login to sysadmin page of OIM with url
http://localhost:14000/sysadmin
place your hostname and port accordingly.
Enter OIM user name and password and sign in to OIM sysadmin console
Click on Generic Connector link in the Left Pane
Click on Create to create a new Generic Connector.
Populate the fields as given below, uncheck provisioning and continue.
Now Specify Correct parameters in step 2 and continue.
Now in step 3 a pop-up will get displayed showing the mapping between your flat file attributes with OIM.
Here we require two new attributes in Reconciliation Staging table to map it with OIM Table.
Click on + icon in Reconciliation Staging table to add new attributes.
Repeat above steps to create userType attribute in Reconciliation Staging Table.
Now it's time to map Reconciliation Staging Table to OIM table.
Click on the edit button of UserLogin Attribute of OIM table and click continue to map.
After mapping each and every attribute we will get following matching lines.
Click close to jump into step 5.
Click save and wait for some time
After clicking save button connector creation confirmation window will appear . Close and go to sysadmin console.
3. RUN SCHEDULER AND CONFIRM
Click on Scheduler link on the Left Pane under System Management.
A pop up will get appear, click on search arrow to get the list of scheduler jobs.
Find and open OIM_FlatFile_Recon_GTC and click Run now button.
Confirm job is running.
Go to oim_server terminal and watch for the error. If you receive the same error, then you need to configure the newly created GTC.
4. CREATING RULE GENERATORS
Design Console Configuration Needed . If it is already configured then continue to the below steps or configure design console using following link
http://onlineappsdba.com/index.php/2010/10/11/part-vii-install-configure-oim-design-console-oracleidm-11g-step-by-step-installation-of-oam-oim-oaam-oapm-oin/
To debug the above error we need to create rule generators for the newly created GTC.
Open design console from windows start menu
or alternatively you can also start by going to path
MIDDLEWARE_HOME\Oracle_IDM1\designconsole\xlclient
Login to design console with OIM user name and password.
Click and open resource object form, from left panel, and click query button from toolbar, then go to resource objects table tab. In this step we will confirm that the newly created connector appears in database records.
Steps
1. CREATE SHARED DRIVE, CSV AND ARCHIVE
2. CREATE GENERIC CONNECTOR
3. RUN SCHEDULER AND CONFIRM
4. CREATING RULE GENERATORS
5. CREATING RECONCILATION PROFILE
6. RUN SCHEDULER
7. SEARCH RECONCILIED USER
-------------------------------------------------------------------------------------------------------
1. CREATE SHARED DRIVE, CSV AND ARCHIVE
Create a directory Archive in C:\myDIR\HRFEED\
Create a csv file, name it hrfeed.csv and place it in C:\myDIR\HRFEED\ with file containing below details.
2. CREATE GENERIC CONNECTOR
Login to sysadmin page of OIM with url
http://localhost:14000/sysadmin
place your hostname and port accordingly.
Enter OIM user name and password and sign in to OIM sysadmin console
Click on Generic Connector link in the Left Pane
Populate the fields as given below, uncheck provisioning and continue.
Now Specify Correct parameters in step 2 and continue.
Now in step 3 a pop-up will get displayed showing the mapping between your flat file attributes with OIM.
Here we require two new attributes in Reconciliation Staging table to map it with OIM Table.
Click on + icon in Reconciliation Staging table to add new attributes.
Fill all details as given below and click continue.
Repeat above steps to create userType attribute in Reconciliation Staging Table.
Now it's time to map Reconciliation Staging Table to OIM table.
Click on the edit button of UserLogin Attribute of OIM table and click continue to map.
After mapping each and every attribute we will get following matching lines.
Click close to jump into step 5.
Click save and wait for some time
After clicking save button connector creation confirmation window will appear . Close and go to sysadmin console.
3. RUN SCHEDULER AND CONFIRM
Click on Scheduler link on the Left Pane under System Management.
A pop up will get appear, click on search arrow to get the list of scheduler jobs.
Find and open OIM_FlatFile_Recon_GTC and click Run now button.
Confirm job is running.
Go to oim_server terminal and watch for the error. If you receive the same error, then you need to configure the newly created GTC.
4. CREATING RULE GENERATORS
Design Console Configuration Needed . If it is already configured then continue to the below steps or configure design console using following link
http://onlineappsdba.com/index.php/2010/10/11/part-vii-install-configure-oim-design-console-oracleidm-11g-step-by-step-installation-of-oam-oim-oaam-oapm-oin/
To debug the above error we need to create rule generators for the newly created GTC.
Open design console from windows start menu
or alternatively you can also start by going to path
MIDDLEWARE_HOME\Oracle_IDM1\designconsole\xlclient
Login to design console with OIM user name and password.
Click and open resource object form, from left panel, and click query button from toolbar, then go to resource objects table tab. In this step we will confirm that the newly created connector appears in database records.
Click on OIM_FlatFile_Recon_GTC record and open Resource Objects Tab
Select and Copy name field.
Now open Reconciliation Rule form and paste the copied resource object name in previous step into Object field and click on Query icon.
If no record message appears, we will create a new one, a new Rule for flat file reconciliation.
So to create a rule, populate fields as below and save it.
Click on Add Rule Element button.
Fill up the fields as below and save it.
Close the error message and exit.
Click yes to exit.
Click save and close the error message if any.
Close the form
5. CREATING RECONCILATION PROFILE
Open Resource Object form, query for records.
Open Resource Object Table Tab and select OIM_FlatFile_Recon_GTC record
Now open Resource Object.
Go to Object Reconciliation Tab in above panel
Click on Create Reconciliation Profile
Cut and paste hrfeed.csv file from Archive Directory to HRFEED directory.
6. RUN SCHEDULER Login to sysadmin.
Click on scheduler link on the Left Pane.
A pop up will get appear, click on search arrow to get the list of scheduler jobs.
Find and open OIM_FlatFile_Recon_GTC and click Run now button.
Confirm job is running.
Open oim_server terminal and check for the following message without any error.
7. SEARCH RECONCILIED USER
Login to oim self service console using
http:\\localhost:14000\oim
Change IP address and port Accordingly. Click on User link on left pane
Click on search and find new user reconciled from the flat file.
Hope this was helpful post. Please give your Valuable feedback and comments for any queries.
I have followed all the steps but my users in csv file not uploaded to oim.even there is no error in server.Is it any perticular directory structure for csv file and archive directory in computer.
ReplyDeleteplease reply ASAP
This comment has been removed by the author.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteHi Tushar,
ReplyDeletePlease mention your directory structure as described in Step 2 of Create a new Generic Connector. There is no particular directory Structure. Just you have mention in Generic Connector Creation which ever directory structure you are following.
Regards
Ritesh Maddala
hi,
Deletemy directory is F:\YIMS\HRFEED\Archive..
I saw the successful message in log. but there is another exception
"Caused By: javax.xml.bind.UnmarshalException - with linked exception:"
can you help on this
Hi Tushar,
ReplyDeletePlease Send me the full logs to understand the error
Regards
Ritesh Maddala
Hi Tushar,
ReplyDeleteWhen you reconcile for the first time you always get this exception. So follow the post configuration steps as described above in the blog. You need to create a new Reconciliation Matching Rule followed by Reconciliation Profile Creation.
This will definitely help you.
Regards
Ritesh Maddala
Hello Ritesh,
DeleteIf we don't want to get this error even for the first time, we have to ✔️ the matching only check box while doing mappings from staging table and oim table.
Thanks & Regards
Mahesh Kumar Thiruveedula
Hi Rities,
ReplyDeleteAll the step I followed and it is successful also. But the users in .csv file not showing in the OIM console.
help me out.
Hi Anand,
ReplyDeleteCan you please send me the OIM diagnostic logs , to check what is the exact problem you are facing.
Regards
Ritesh
]]
ReplyDelete[2013-12-11T18:35:55.554+05:30] [oim_server1] [ERROR] [] [org.quartz.impl.jdbcjobstore.JobStoreCMT] [tid: QuartzScheduler_OIMQuartzScheduler-YP1002639DT1386752781242_MisfireHandler] [userId: oiminternal] [ecid: 0000KBWtadd8TsXLxux0iW1Ie2eP000001,1:27935] [APP: oim#11.1.2.0.0] MisfireHandler: Error handling misfires: Unexpected runtime exception: null[[
org.quartz.JobPersistenceException: Unexpected runtime exception: null [See nested exception: java.lang.NullPointerException]
at org.quartz.impl.jdbcjobstore.JobStoreSupport.doRecoverMisfires(JobStoreSupport.java:3042)
at org.quartz.impl.jdbcjobstore.JobStoreSupport$MisfireHandler.manage(JobStoreSupport.java:3789)
at org.quartz.impl.jdbcjobstore.JobStoreSupport$MisfireHandler.run(JobStoreSupport.java:3809)
Caused by: java.lang.NullPointerException
at org.quartz.SimpleTrigger.computeNumTimesFiredBetween(SimpleTrigger.java:800)
at org.quartz.SimpleTrigger.updateAfterMisfire(SimpleTrigger.java:514)
at org.quartz.impl.jdbcjobstore.JobStoreSupport.doUpdateOfMisfiredTrigger(JobStoreSupport.java:944)
at org.quartz.impl.jdbcjobstore.JobStoreSupport.recoverMisfiredJobs(JobStoreSupport.java:898)
at org.quartz.impl.jdbcjobstore.JobStoreSupport.doRecoverMisfires(JobStoreSupport.java:3029)
... 2 more
]]
this is my last log I got
ReplyDeleteHi Anand,
ReplyDeleteIn my opinion it is due to false setting of your Quartz Scheduler timer.
Please try to follow the below link, and let me it worked or not
http://yourhelperall.blogspot.in/2013/05/reconciliation-issue-misfirehandler.html
Regards
Ritesh
hi ritesh
ReplyDeletethis is narasimha
i followed all the step and i got the output. now i want to login with the user created by the gtc then will be the password of that userlogin
how to give the password attribute through flat file or is there any other way to send password to oim from flat file
Hi Narasimha,
DeleteGlad to know, that it worked for you. Since this post is just an example, I haven't used Password field, in Flat File. If you want to try with the Password field in your Flat File , please do follow the same steps mentioned in the post and create a new Flat File Reconciliation connector with Password field.
For now you can update a password of the User you have created by Flat File by logging into OIM sysadmin with OIM administrator from the OIM user management console and relogin to OIM with the newly created user credentials.
Hope this will help you.
Regards
Ritesh Maddala
Hi Ritesh
Deletei have taken password field in flat file as you said and when i was mapping the flatfile fields to oim fields i cant find the password field in oim fields so how can i map.. is there any another way....
i also have one more issue please help me. how to do multivalued target flat file recon . if you have any document regarding multivalued target recon please post it in your blog or please send to my mail i.e narasimha.idm@gmail.com
thank you...
Hi Narasimha,
Delete1. May be OIM doesn't provide Password field to Map.(I am not sure, please do some R&D on this)
2. What do you mean by Multivalued Target Field ?
Regards....
Hi Ritesh
ReplyDeleteMultivalued taget fields means.Let us suppose i have a target system in which a user is assigned in three groups and now i want to do target recon through flat file and link with oim user account during recon i also need to pass the group names in which he is assigned in a separate file.
i also didn't work on it i read this in one developers document of oracle.. this is my scenerio can you help me in any way
Thank You
Hi Ritesh,
ReplyDeleteIn Flat File Recon, how to send the users with start date and end date to oim..In my case, If I send the users normally without start date and end date,its working fine but if i include start date and end date in csv file.I am not getting the users in to OIM. Can you please help me with this. Is there any specific format to enter the start date and end date.When i check the log file its showing max size that I can enter is 7 but I want it in the format like(YYY/MM/DD HH.MM.SS Z)
Hi Dev,
DeleteIn my opinion, do this:
1. Goto Settings of Connector and change the Source Date Format to the Date Format of your choice. If this will not work then follow the Step 2.
2. Create a new field - Date Format ( value must be : "YYY/MM/DD HH.MM.SS Z" ) in your Flat File and Map it with the Date Format of OIM fields. Follow all the process as it is, as given in this post , but during Settings of Generic connector specify the Source Date Format as "YYY/MM/DD HH.MM.SS Z".
Hope this will help you.
Regards
Ritesh Maddala
Hi Ritesh,
ReplyDeleteI have changed the Source datatype to date in the mapping which i did not realise to change it before and it works fine.But,thanks a lot for your help..
Regards,
Prasad Nandigam..
Hi Ritesh,
ReplyDeleteGood sampling and explanation. The above steps worked for me. Thanks.
If I understand correctly, in the step 3 of your blog, that is 'Reconciliation Stagin', we are mapping the data coming through the flat file to OIM user data fields and in this process, we also create two new fields 'Role' and 'User- Type' whose values are string literals, 'OTHER' and 'End-user' respectively. This means, each user that we reconsile to OIM, we give these two values 'OTHER' and 'End-user'.
But when I check the users created after recon in OIM, I see that the user type field has the value 'OTHER' and the ROLE assigned to the users are 'All Users'.
I have checked the mapping in the reconciliation staging and it seems ok to me. The users first name, last name, organization, email are getting mapped correctly.
Do you have a clue why this is happening and where else should I look for possible errors?
Hi Ritesh, When I am trying to follow these steps when click on continue after 2nd step i ma getting below error '' Either there are no parent files in the staging directory or the required access (Read) permissions are missing. "
ReplyDeleteHi Prashanth,
DeleteExactly in which step you are getting this error.
If you are receiving this error in the step where you run Scheduler then check the Archive directory and Cut and paste hrfeed.csv file from Archive Directory to HRFEED directory.
Or if you have csv file there then check for User permissions for that directory and give all permissions to that directory if you are using Linux.
And please share log as well to investigate in depth.
Regards
Ritesh
Hi ritesh!
ReplyDeleteThanks for this helping post.
I need to reconcile 2nd time from the same file, is there anyway for that?
Regards,
Mian.
Hi Milan,
DeleteYou can do reconciliation multiple times, just update the archived file with new user details and place it in reconciliation directory.
And re-run the Scheduler.
Hope this helps.
Thanks & Regards
Ritesh
Hi Ritesh,
ReplyDeleteThis is abhinav here, as i have done the same reconcillation process as in above blog but it's not working and throwing the error as ORA Error Code =>ORA-01400: cannot insert NULL into () ORA Error Stack =>ORA-06512: at "DEV_OIM.OIM_SP_RECONBLKUSERCRUD", line 747
on the event management screen can u pls help me out with that
Hi Abhinav,
DeletePlease try below workarounds -
1. Verify that you provided "Trusted Recon = Yes" while creating this GTC.
2.Check the recon rule.
3.Create Reconciliation Profile again.
4.Check flat file and populate all mandatory fields with correct values.
5.Run Reconciliation again.
6.Check recon events
Thanks
Hi Ritesh,
DeleteI followed the above procedure but in log file it is not showing File Archived instead of that it is showing like below
[2016-08-18T23:04:45.044+00:00] [oim_server1] [NOTIFICATION] [] [oracle.iam.scheduler.impl.quartz] [tid: OIMQuartzScheduler_Worker-6] [userId: oiminternal] [ecid: 0000LPqKjEs0nnG6yzIbMG1Netcm000002,1:19885] [APP: oim#11.1.2.0.0] Job Listener, Job to be executed Description null FullName DEFAULT.Evaluate User Policies Name Evaluate User Policies
[2016-08-18T23:04:45.053+00:00] [oim_server1] [NOTIFICATION] [] [oracle.iam.scheduler.impl.quartz] [tid: OIMQuartzScheduler_Worker-6] [userId: oiminternal] [ecid: 0000LPqKjEs0nnG6yzIbMG1Netcm000002,1:19885] [APP: oim#11.1.2.0.0] Method details Method details: executeJob
[2016-08-18T23:04:45.053+00:00] [oim_server1] [NOTIFICATION] [] [oracle.iam.scheduler.vo] [tid: OIMQuartzScheduler_Worker-6] [userId: oiminternal] [ecid: 0000LPqKjEs0nnG6yzIbMG1Netcm000002,1:19885] [APP: oim#11.1.2.0.0] Method details executeJob Evaluate User Policies
[2016-08-18T23:04:45.063+00:00] [oim_server1] [WARNING] [] [XELLERATE.SCHEDULER.TASK] [tid: OIMQuartzScheduler_Worker-6] [userId: oiminternal] [ecid: 0000LPqKjEs0nnG6yzIbMG1Netcm000002,1:19885] [APP: oim#11.1.2.0.0] tcTskUsrEvaluatePolicies/init: maxWorkerCount: 20 batchSize: 500 maxExecutionTimeMins: null startTime: 1471561485063
[2016-08-18T23:04:45.281+00:00] [oim_server1] [WARNING] [] [XELLERATE.SCHEDULER.TASK] [tid: OIMQuartzScheduler_Worker-6] [userId: oiminternal] [ecid: 0000LPqKjEs0nnG6yzIbMG1Netcm000002,1:19885] [APP: oim#11.1.2.0.0] tcTskUsrEvaluatePolicies/execute
[2016-08-18T23:04:45.298+00:00] [oim_server1] [NOTIFICATION] [] [oracle.iam.scheduler.impl.quartz] [tid: OIMQuartzScheduler_Worker-6] [userId: oiminternal] [ecid: 0000LPqKjEs0nnG6yzIbMG1Netcm000002,1:19885] [APP: oim#11.1.2.0.0] Job Listener, Job was executed QuartzJobListener.jobWasExecuted Description null FullName DEFAULT.Evaluate User Policies Name Evaluate User Policies
Hi Ritesh,
ReplyDeleteWill U please provide the Flat File Provisioning in oim.
Hi Ritesh,
ReplyDeleteThis blog is a very good learning, appreciate it.
Please provide some more about OIM stuffs, as We are very new in this technology.
Thanks for sharing this.
Hi,
ReplyDeleteI use Full recon in the GTC. But the recon creates events for unchanged records too every time we run GTC. The event status is Update Succeeded for all events. Any idea why the evnts are generated for unchanged records in Full recon.?
Thanks
Deepa
• Nice and good article. It is very useful for me to learn and understand easily. Thanks for sharing your valuable information and time. Please keep updatingAzure Online course bangalore
ReplyDeletehttps://learnoracleidentity.blogspot.com/
ReplyDeleteThanks for sharing this information!
ReplyDeleteI totally agree with you. Your information is very interesting and important. I really like this information.Our easy web plans company is famous in Advanced Oracle Identity Manager Online Training in Hyderabad .
If you want to see our training venue then click on links: http://lucidtechsystems.com/oracle-identity-manager-online-training/
Call Now: +91-965-292-6376
Drop Mail: info@lucidtechsystems.com
Hey I am trying to do the following step accordingly. my feedHr file is going into the archive folder. still the User is not showing in identity console , and there is no such error in log file too so what to do ??
ReplyDeleteplease guide me!
Thanks and that i have a nifty provide: Whole House Renovation Cost Calculator Canada home remodeling estimates
ReplyDelete