Monday, February 23, 2015

OIM 11G R2 PS2 (11.1.2.2.0) User Name generation plugin

In this post I will talk about the usage of username generation plugin and how to provide your own custom plugin to generate user login and then how to go about searching a custom user field via oim new api code.


Well to start with OIM generates a user login if no user login is specified. This happens because there is a system property called Default Username Generation plugin  which holds the value of OIM standard class.

Default policy for username generation
= oracle.iam.identity.usermgmt.impl.plugins.DefaultComboPolicy

If you want to override with your custom class then you need to implement
oracle.iam.identity.usermgmt.api.UserNameGenerationPolicy
In your custom class and provide a method named

public String getUserName(Map<String, Object> reqData) throws UserNameGenerationException;

With username generation logic
ReqData contains all the fields that will contains first name last name and other user attribute field

Once your class is developed and jarred
You can create a plugin.xml
<?xml version="1.0" encoding="UTF-8"?>
<oimplugins>
<plugins pluginpoint="oracle.iam.identity.usermgmt.api.UserNamePolicy">
<plugin pluginclass="yourfullyqualifiedclassname " version="1.0" name="classname"/>
</plugins>
</oimplugins>

Package the lib/jar and plugin.xml in a plugin.zip and register the plugin

Once the registration is done you will have to modify the system property

Default policy for username generation and specify your custom class name

That's it now the user login will be generated via your custom logic.

Also note that this plugin will run as pre-process event Handler but it does not require import metadata command to be used.

 ---------Sample Implementation --------------------------------------------------------------------

import java.util.Locale;
import java.util.Map;

import oracle.iam.identity.exception.UserNameGenerationException;
import oracle.iam.identity.usermgmt.api.UserManagerConstants;
import oracle.iam.identity.usermgmt.api.UserNameGenerationPolicy;


public class UserIDGeneration implements UserNameGenerationPolicy {

    @Override
    public String getDescription(Locale arg0) {
        // TODO Auto-generated method stub
        return null;
    }

    @Override
    public String getUserNameFromPolicy(Map<String, String> arg0)
            throws UserNameGenerationException {
        // TODO Auto-generated method stub
        return null;
    }

    @Override
    public boolean isUserNameValid(String arg0, Map<String, String> arg1) {
        // TODO Auto-generated method stub
        return false;
    }
  
    public String createCustomUserGenerationLogic(String firstName, String lastName){
        String userLoginGen = "";
//        put logic here
        return userLoginGen;
    }
  
  
    @Override
    public String getUserName(Map<String, Object> reqData)
            throws UserNameGenerationException {

        String firstName = reqData.get(UserManagerConstants.AttributeName.FIRSTNAME.getId()).toString();
        String lastName = reqData.get(UserManagerConstants.AttributeName.LASTNAME.getId()).toString();
        return createCustomUserGenerationLogic(firstName, lastName);
      
    }

    @Override
    public boolean isGivenUserNameValid(String arg0, Map<String, Object> arg1) {
        // TODO Auto-generated method stub
        return false;
    }

}

Saturday, February 21, 2015

OIM 11g R2 PS2 (11.1.2.2.0) Patch Process

In the post, I will talk about the patching process which has slightly changed from earlier bundle patches

Well lot of steps still remain the same, only change is they have done away with PSA (Patch Set Assistant) which used to upgrade the DB Schema

you set the PATH to include the Oracle_IDM1 Opatch folder so the opatch utility can be found
you set the ORACLE_HOME and OIM_ORACLE_HOME etc to Oracle_IDM1 folder.

check inventory
opatch lsinventory
which opatch
which unzip

apply the patch
opatch apply

Second step replaces PSA
Basically you update a patch_oim_wls.profile with all the details


  • Mandatory Env Variables
  • Weblogic SOA variables
  • DB Config Details - OIM and MDS
  • OIM location (t3://), userid and password

export PATH, JAVA_HOME, ANT_HOME, 
execute
sh ./patch_oim_wls.sh

after patching
restart OIM, SOA and Admin Servers

Lock and edit weblogic admin server

Create a new Work Manager called "OIMWorkManager" and target to OIM_SERVER and OIMCLUSTER with MAXIMUM THREADS CONSTRAINT = 33



Monday, February 2, 2015

OIM : Terminations and Future Deletes

In this post, I will talk about a very common business requirement where in the business needs the user the user to be kept in disabled state and want to retain all user's accesses and data for certain grace number of days after his termination and delete the user only the after that grace period is over.
This post will cover how it can be achieved in OIM.

Well by default, If the User's End Date (for termination date) is reached.
OOTB Scheduled Job "Disable/Delete User After End Date" will delete the user because
"XL.UserDeleteDelayPeriod" is set to 0.

You can set this value to number of days you want to retain the user data and accesses.

Lets say you set it to 365 days.
So what will happen next is user will always go into Disabled State first and will remain so for next 365 days.

Once the 365 Days is over.

Another scheduled job "Delayed Delete User" does the job of finding the all the disabled users and checking if the grace period is over and deleting them.

This whole scenario invloves

2 Scheduled Jobs
"Disable/Delete User After End Date"
"Delayed Delete User"

1 System Property
"XL.UserDeleteDelayPeriod" = "Period to Delay User Delete"

2 USR DATE COLUMN
USR_END_DATE
USR_AUTOMATICALLY_DELETE_ON

Whole thing can be directly tested by just playing with DB and setting the values directly and running those jobs.

Sunday, February 1, 2015

OHS 12c - Adding Self Generated Custom Cert in OHS 12c

In this post, I will cover the steps required to generate and add self signed certs in OHS.

My OHS 12c is installed at

/app/oracle/deepakdubeyfusion

mkdir /var/oracle/deepakdubeywallets/

cd /var/oracle/deepakdubeywallets/

export JAVA_HOME=/app/oracle/deepakdubeyjava/jdk1.7.0_40/

/app/oracle/deepakdubeyfusion/oracle_common/bin/orapki wallet create -wallet /var/oracle/deepakdubeywallets/test1 -auto_login -pwd Welcome1

/app/oracle/deepakdubeyfusion/oracle_common/bin/orapki wallet add -wallet /var/oracle/deepakdubeywallets/test1 -dn cn=hostname.domainname.com -keysize 2048 -self_signed -validity 3650

/app/oracle/deepakdubeyfusion/oracle_common/bin/orapki wallet display -wallet /var/oracle/deepakdubeywallets/test1

then

in ssl.conf file add this line

uncomment the existing SSLWallet

  SSLWallet "/var/oracle/deepakdubeywallets/test1"

restart the ohs server