SOA OIM Integration

Recommended - Follow previous steps for completing post installation steps before SOA OIM integration - https://rite-oim.blogspot.com/2019/12/post-installation-steps-23-december.html (Ignore if already done)

After completing the above steps, start performing below steps.

Open em console and start integrating

After successful integration , tunnel another port 14000 for OIM in moba-xterm and access the url - http://localhost:14000/identity

OIM Connector / DBAT connector Trusted Recon not working - No Recon Profile generated


Solution :

Please try one of this -

1. Create Recon Profile from Resource History for the connector you are looking for in Design Console and save.
2. There is a bug in ICF connectors Bug 19329379 - Check OIM system property for Batch Size - OIM.ReconBatchSize , edit this from 0 to 500 and restart the OIM servers.
3. Check the filters in Schedule Job , remove irrelevant filters.

Chart.js or chart js update chart on Angular 2 and above

After burning a lot of hours finally got the perfect solution

Chart.js or chart js update chart Angular 2 and above

Follow Angular2-chartjs to create charts in Angular 2 and above.

Once your project is working as expected and you want to update the charts as per your desired data please follow below easy and simple steps -

1. Add your chart id in html file and add a method to land in your component.

<chart #monthlyChart [type]="typeItems" [data]="dataItems" [options]="optionsItems" (click)="updateItemCategory()"></chart>

for example -

#monthlyChart is chart id

and

(click)="updateItemCategory()" is for invoking the update method

2. In your app component - 

import { ChartComponent } from 'angular2-chartjs';

then inside component class 


@ViewChild(ChartComponent,{static:false}) monthlyChart: ChartComponent; 

private updateItemCategory(){
   setTimeout(() => {
       this.monthlyChart.chart.data.datasets[0].data = [565, 539, 680, 381, 556];
       this.monthlyChart.chart.data.labels =  ["January", "February", "March", "April", "May"];
       this.monthlyChart.chart.update();
   }, 10);
}

Done - Just run your project again and check ☺☺

References -Angular2-chartjs

Angular2-chartjs_issues

OIM - Recon Event is not getting generated or Create Reconciliation Profile Failed or Failed to Create Index on RA_ in OIM Diagnostic Logs

Issue :

OIM - Recon Event is not getting generated or Create Reconciliation Profile Failed or Failed to Create Index on RA_ in OIM Diagnostic Logs

Solution : 

The issue was due to Child form must have atleast 1 key field

To resolve set Required=true as properties in key attribute for child process form.

Data AccessException: com.thortech.xl.orb.dataaccess.tcDataAccessException: DB_READ_FAILEDDetail: Description: ORA-00936: missing expression SQL State: 42000Vendor Code: 936Additional Debug Info:com.thortech.xl.orb.dataaccess.tcDataAccessException

Issue - 

Data AccessException:SQL State: 42000Vendor Code: 936Additional Debug Info:com.thortech.xl.orb.dataaccess.tcDataAccessException

com.thortech.xl.orb.dataaccess.tcDataAccessException: DB_READ_FAILEDDetail: SQL: = Description: ORA-00936: missing expression

Solution - 

Correct the Mapping of adapter variables in Process Task.

This issue is typically due to incorrect mapping of Columns in Process Task Adapter.

Mostly this issue occurs when Process task's Adapter Variable is mapped with wrong Column_Name/Table_Name required in Adapter. Check the Process Task Adapter Mapping and its literal value for Process Form - Column_Name/Table_Name. The column name and table name must be exactly same as provided in Process Form.

For example :

Child Table name = UD_SIEBEL_C

Child Table Column Name = UD_SIEBEL_C_USER_LOGIN

So your adapter mapping must contain same/exact value as provided in Process Form.

In my case I configured the wrong Child Process form column_name in my Process Task's Adapter mapping , which is required to update the Child Process Form's column value.

Let's say Instead of "UD_SIEBEL_C_USER_LOGIN", I configured it to UD_SIEBEL_C_U_LOGIN

OIM - Target Reconciliation - Child Table entry is coming Blank.

Follow

24 people are following Ritesh Maddala. Be the first of your friends.

OIM - Target Reconciliation - Child Table entry is coming Blank.

Issue -

During target reconciliation, the users are getting linked properly and reconciliation data is also visible in Reconciliation Event, but the issue is, the Role Name is not visible or a blank value is coming in Child table.

Solution -

1. Configure/Create a lookup to get the Groups or Role from Target System.

2. Run lookup reconciliation scheduler.

3. Check the groups in lookup configured/created in step 1.

4. If Groups/Roles are present in the above lookup, run Entitlement List Scheduler.

5. Check Entitlement Tab under App Instance for Particular App Instance.

6. Now run the Target reconciliation again.

7. If you face the same issue, then check ReconAttrMap Lookup. It might be possible that, you have missed to append  "[LOOKUP]" as keyword for code key for the role attribute. 

Check your Connector DOC first for how to Map the Child Table Attributes in ReconAttrMap.

For example - If you are using DBAT connector then Replace --> Groups~Group Name to Groups~Group Name[LOOKUP]

Here in the above example - Groups is Multi Valued Attribute in Resource Object and Group Name is an attribute for Role/Group.

Error ORACLE.IAM.CONNECTORS.ICFCOMMON.PROV.ICPROVISIONINGMANAGER BEA-000000 oracle.iam.connectors.icfcommon.prov.ICProvisioningManager : doUpdate : Error while updating user java.lang.RuntimeException: Parameter 'uid' must not be null.

Issue - 

Error while disabling user - Parameter 'uid' must not be null.

Error ORACLE.IAM.CONNECTORS.ICFCOMMON.PROV.ICPROVISIONINGMANAGER  BEA-000000     oracle.iam.connectors.icfcommon.prov.ICProvisioningManager : doUpdate : Error while updating user

 java.lang.RuntimeException: Parameter 'uid' must not be null.

Solution -

1. Check your  ProvAttrMap lookup and add only those attributes as code and decode key which are in Resource Object.

2. Test your use case again.

3. If you are still facing issue - then check the Code and Decode key - also check the Process Form labels for Code Key or (Compare with your connector document for correct mapping of Code and Decode key in ProvAttrMap) 

DBAT Connector throwing Null Pointer Exception while Disabling User Account - ICProvisioningManager : doUpdate : Error while updating user java.lang.NullPointerException

Issue -

             ICProvisioningManager : doUpdate : Error while updating user 

                java.lang.NullPointerException

                at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.doUpdate(ICProvisioningManager.java:640)

                at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.doEnable(ICProvisioningManager.java:619)

                at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.disableUser(ICProvisioningManager.java:553)

Solution -

OIM expects UID as an object to be returned From groovy script. SO add the below line in your groovy script at the end - 

return new Uid(uid); 

Replace uid with the user id attribute in your groovy script. 

RACF - Target Recon Issue - Not linked to any user - IAM-0050000[[ oracle.iam.platform.utils.SuperRuntimeException: oracle.iam.platform.tx.OIMTransactionException: java.sql.SQLException: ORA-01407: cannot update ("IAM_OIM"."OIU"."OST_KEY") to NULL

Problem :

IAM-0050000[[

oracle.iam.platform.utils.SuperRuntimeException: oracle.iam.platform.tx.OIMTransactionException: java.sql.SQLException: ORA-01407: cannot update ("IAM_OIM"."OIU"."OST_KEY") to NULL

Solution :

1. Login to OIM - Sysadmin Console.
2. Open Scheduler Window.
3. Search for "RACF Reconcile All Users"
4. Modify the "SingleValueAttributes" Parameter with all your required fields on the process form.

5. I have populated the "SingleValueAttributes" Parameter with below values -

cn,

defaultGroup,

instdata,

lastaccessdate,

lastconnectdate,

location

owner,

resumeDate,

revokeDate,

Status,

tsoaccess,

tsoAcctNum,

tsoHoldclass,

tsoMaxSize,

tsoMsgclass,

tsoProc,

tsoSize,

tsoSysoutclass,

tsoUnit,

tsoUserdata,

uid,

userPassword,

waaccnt.

6. After changing the parameter value click Apply and re run the Scheduler.

OAM Interview Questions, Oracle Access Manager Interview Questions, Access Management Interview Questions.

Disclaimer : The contents of this post is meant only to help IAM professionals to get the basic understanding of OIM and is an extract from various sites and standard Oracle^® Documents.

Oracle Identity Manager Interview Questions, OIM Interview Questions, IDM Interview Questions, Identity Management Interview Questions, Identity Manager Interview Questions.

Disclaimer : The contents of this post is meant only to help IDM professionals to get the basic understanding of OIM and is an extract from various sites and standard Oracle^® Documents.

Click this image to access the OIM Interview Questions PDF

OAM Interview Questions : http://rite-oim.blogspot.in/2014/09/oam-interview-questions-oracle-access.html

Ritesh's Oracle Identity Management Help Engine

Index :

UDF in OIM 11g R2, User Defined Fields in OIM 11g R2, Custom Attributes in OIM 11g R2

ObAccessClient.lst does not contain a client id - ACCESS_GATE FATAL 0x00001824

ClassCastException error during OIM- Siebel Provisioning and Reconciliation

Web Services

Managing User Life Cycle in Oracle Identity Management OIM 11g, User Life Cycle Management OIM 11g, Custom User Life Cycle

Logging, Auditing, and Monitoring the Directory, Enable Audit Logging in OID 11g, Audit Logs in OID, Configure OID Audit Logs, OID logs, Auditting in OID 11g

Flat File Reconciliation OIM 11g, OIM 11g R1, OIM 11g R2

DBAT Connector Throwing Null Pointer Exception - ICProvisioningManager : doUpdate : Error while updating user java.lang.NullPointerException

Parameter 'uid' must not be null

OIM Target Reconciliation - Role Name in Child Table is coming Blank

Logging, Auditing, and Monitoring the Directory, Enable Audit Logging in OID 11g, Audit Logs in OID, Configure OID Audit Logs, OID logs, Auditting in OID 11g

Logging, Auditing, and Monitoring the Directory

Managing and Enabling Audit Logging in OID 11g

In Oracle Fusion Middleware 11g Release 1 (11.1.1), auditing provides a measure of

accountability and answers the "who has done what and when" types of questions.

Prerequisites:

• OID 11g is installed in Environment.
• OID instances must be Up and Running.
• OID managed Servers must be Up and Running.

Here are the Steps, that an individual should follow to Enable Audit Logs in OID 11g:

1. Checking the Configurations. 
2. Checking the output file.
3. Preparing LDIF file.
4. Enabling the Audit Logging using Command Prompt.
5. Re-Checking the Configurations. 
6. Testing Audit Logging.

1. Checking the Configurations 

This step will help us to check the configuration of OID instance whether OID Audit Logging is Enabled or not .

Run the below Command in Command Prompt(Windows) or Terminal(Linux) where OID instance is installed.

Note: To run this command you may have to set the Environment Variables based on your server configurations. Normally In Windows we dont have to set the environment variables to run the below command.

Syntax:

ldapsearch -p <oid_port> -h <hostname> -D <username> -q \ -b "cn=oid2,cn=osdldapd,cn=subconfigsubentry" \ -s base "objectclass=*" > <filepath>

Example:

In Windows:
ldapsearch -p 3060 -h localhost -D cn=orcladmin -q \ -b "cn=oid2,cn=osdldapd,cn=subconfigsubentry" \ -s base "objectclass=*" > C:\Oracle\Middleware\c5.txt

Provide  Password and Hit Enter

In Linux:
ldapsearch -p 3060 -h localhost -D cn=orcladmin -q \ -b "cn=oid2,cn=osdldapd,cn=subconfigsubentry" \ -s base "objectclass=*" > /u01/app/Oracle\Middleware\c5.txt

Provide  Password and Hit Enter

2. Checking the output File.

Open file c5.txt  from the location 

Windows:
 C:\Oracle\Middleware\ 

Linux:
/u01/app/Oracle\Middleware\

Search for the ObjectClass "orclaudcustevents" and check the value Against this ObjectClass. If the value is blank then the configuration is not enabled for Audit Logging and we have to Enable logging which is given in next step.

3.Preparing LDIF file:

We will set the "orclaudcustevents" value using LDIF file.

Open any text editor and enter the values below:

dn: cn=oid2,cn=osdldapd,cn=subconfigsubentry

changetype: modify

replace: orclaudFilterPreset

orclaudFilterPreset: Custom

-

replace: orclaudcustevents

orclaudcustevents: UserLogin 

Save this file as LDIF file (for e.g. : aud.ldif)

Here OID2 is the component name, check the instance home for your component name and  UserLogin is the event for which we are enabling the Audit Logs. There are different types of events for which you can enable Audit Logging simultaneously. Some events are listed below which can be used with UserLogin.

UserLogin.FAILURESONLY, UserLogout, CheckAuthorization,

ModifyDataItemAttributes, CompareDataItemAttributes, ChangePassword.FAILURESONLY

orclaudfilterpreset=custom

4.Enabling the Audit Logs using Command Prompt.

LDAP Modify command is used  to Enable the Audit Logs and modify the value of orclaudcustevents

Run the command below:

Syntax:

ldapmodify -D <username> -q -p <port> -h <hostname> -f <filelocation>

Example:

ldapmodify -D cn=orcladmin -q -p 3060 -h localhost -f C:\Oracle\Middleware\aud.ldif

Enter Password when prompted:

5. Re-Checking the Configurations:

Rerun the LDAP Search command to check new Configurations.

Do the steps 1 and 2 from above. This time in Step 2 the output must show the below result:

6. Testing Audit Logging:

Open the ODSM page in browser using the URL below: 

http://<hostname>:<port>/odsm

In my case http://localhost:7005/odsm

Try to Log-in using any User say cn=orcladmin with Correct password:

If user logs in correctly, log out and re-log-in with different user say cn=testuser and with Incorrect Password this time.

Now we will see the Audit Logs whether Our UserLogin Events are captured or not:

Open Location 

INSTANCE_HOME/AuditLogs/component-name/

In my case : C:\Oracle\Middleware\asinstance1\auditlogs\OID\oid2\

and open the latest audit log file 

for e.g: file with name audit_pid3924.txt

You must receive the logs with events captured for UserLogin as below example. Click the image below to see results:

The Other way to check the Audit Logging in OID is, using EM console : http://onlineappsdba.com/index.php/2012/08/28/how-to-findaudit-failed-login-attempts-in-oid-11g/

*********************************************************************************

UDF in OIM 11g R2, User Defined Fields in OIM 11g R2, Custom Attributes in OIM 11g R2

UDF(User Defined Fields) or Custom Attributes in Oracle Identity Management (OIM 11g R2)

1. REGISTERING A NEW ATTRIBUTE

2. ADDING A NEW ATTRIBUTE IN FORM

3. CREATE A NEW USER

4. CHECK NEW USER AND ATTRIBUTE IN OIM

USER TABLE

FOR DETAILED INFORMATION ON UDF PLEASE REFER "Configuring Custom Attributes" IN OIM 11G R2 ADMIN

GUIDE

1. REGISTERING A NEW ATTRIBUTE

To create a custom attribute or UDF Log in to Oracle Identity System Administration using
http://localhost:14000/sysadmin and change hostname and port no. accordingly.
Type username and password of admin.

Create and activate a sandbox. Click on Sandboxes on upper right corner.

Click on Create Sandbox.

Give a name to your sandbox and click Save and Close.

Click on Form Designer in the left pane under Configuration header.

Search for the form of User Type and click User.

Click on Create icon under Custom Panel

Select Field Type as Text and click OK.

After Clicking OK button you will receive a custom attribute wizard .

Fill up fields as shown below and Click Save and Close to Save.

Now goto Manage Sandboxes tab , Select the activated sandboxes and Click Publish Sandbox to

Commit the changes done so far.
So far we have registered the new attribute in User Form.

2. ADDING A NEW ATTRIBUTE IN FORM

Login to OIM Self service Console using http://localhost:14000/oim and change hostname and port no.
accordingly.

Enter the admin username and password.

Click on the Sandboxes to create a new Sandbox

Click on the Create Sandbox, enter following details then save and close the wizard.

Click Users under Administration in left pane.

Click Create to open User Creation Form.

Fill the mandatory fields to avoid some validation exceptions.

Click on the Customize link situated at above right corner to customize the user form.

Click on the View and select Source to edit ADF code.

Select basic Information Area of User form to add attribute there by using your mouse pointer.

After selecting the area a confirmation window appears, Click Edit and confirm.

Now click Add Content button. Scroll, search, and click Data Component - Manage Users Link.

Scroll Down and search for UserVO1 Component. Click it.

After clicking a new wizard will get appear , scroll deep down and search for Major_Skill text box
component.

Click on the add button on left and select ADF Input Text W/ Lable. You can observer that
a new Field is automatically appears in User Form in Basic Information Area. Close Wizard.

Select the new attribute in ADF editor and click edit

Check on the Auto Submit and click ok.

Close the Customize window.

3. CREATE A NEW USER

In Create User Form just fill with some information and submit

4. CHECK NEW USER AND ATTRIBUTE IN OIM USER TABLE

Check User in Database and find the new attribute (column) USR_UDF_MAJOR_SKILL