In this post , I will talk about an error which will happens if we try to use the OIM API method userManager.modify() to modify the user object. and how to fix it.
Below is the sample code with comments and fix
public User searchUserOnLogin(String userLoginValue)
throws UserSearchException, AccessDeniedException {
User user = null;
//Get User Manager Object in Event Handler or Scheduled Job
UserManager um = Platform.getService(UserManager.class);
SearchCriteria sc = new SearchCriteria(
UserManagerConstants.AttributeName.USER_LOGIN.getId(),
userLoginValue, SearchCriteria.Operator.EQUAL);
Set<String> retAttrs = new HashSet<String>();
retAttrs.add(UserManagerConstants.AttributeName.USER_LOGIN.getId());
List<User> users = um.search(sc, retAttrs, null);
if (users.size() == 1) {
user = users.get(0);
}
return user;
}
public void modifyUser(User user) throws ValidationFailedException,
UserModifyException, NoSuchUserException,
SearchKeyNotUniqueException, AccessDeniedException {
user.setEmployeeNumber("11000696");
// um.modify(user); // This will throw exception as usr_key is by
// default present in user object
// to work around this issue create a new null user object
User user2 = new User(null);
// Set the User Login Value first
user2.setAttribute(
UserManagerConstants.AttributeName.USER_LOGIN.getId(),
user.getLogin());
// Set the value to the attribute that you want modify
user2.setEmployeeNumber("11000696");
// Now modify
UserManager um = Platform.getService(UserManager.class);
um.modify(UserManagerConstants.AttributeName.USER_LOGIN.getId(),
user.getLogin(), user2);
// below will not work as usr_key is present in user which I fetched
// from search
// um.modify(user);
}
Friday, May 29, 2015
Thursday, May 28, 2015
OIM 11G - CSF Security Store Map and Code to extract credential
In this post, I will talk about how to use the jps api to read CSF key and then how to use that in SOA Composite
Go to EM console. Login as weblogic.
Expand Weblogic Domain in left pane.
Right click on <WLS_DOMAIN>. Select Security Credentials.
Click on “Create Map” button. Provide name for map as “PasswordMap”. Click OK.
Click on “Create Key” button. Provide following details:
Select Map: PasswordMap
Key: xladminkey
Type: Password
Username: xelsysadm
Password: < xelsysadm’s password> Click OK.
and Code to read the credentials
String oimUserName = "";
String oimPassword = "";
oracle.security.jps.JpsContext ctx = oracle.security.jps.JpsContextFactory.getContextFactory().getContext();
final oracle.security.jps.service.credstore.CredentialStore cs = (oracle.security.jps.service.credstore.CredentialStore) ctx
.getServiceInstance(oracle.security.jps.service.credstore.CredentialStore.class);
oracle.security.jps.service.credstore.CredentialMap cmap = cs.getCredentialMap("PasswordMap");
oracle.security.jps.service.credstore.Credential cred = cmap.getCredential("xladminkey");
if (cred instanceof oracle.security.jps.service.credstore.PasswordCredential) {
oracle.security.jps.service.credstore.PasswordCredential pcred = (oracle.security.jps.service.credstore.PasswordCredential) cred;
char[] p = pcred.getPassword();
oimUserName = pcred.getName();
oimPassword = new String(p);
}
remember to keep the jps-api.jar and oimclient.jar in SCA-INF\lib
oimclient is for OIM API
Go to EM console. Login as weblogic.
Expand Weblogic Domain in left pane.
Right click on <WLS_DOMAIN>. Select Security Credentials.
Click on “Create Map” button. Provide name for map as “PasswordMap”. Click OK.
Click on “Create Key” button. Provide following details:
Select Map: PasswordMap
Key: xladminkey
Type: Password
Username: xelsysadm
Password: < xelsysadm’s password> Click OK.
and Code to read the credentials
String oimUserName = "";
String oimPassword = "";
oracle.security.jps.JpsContext ctx = oracle.security.jps.JpsContextFactory.getContextFactory().getContext();
final oracle.security.jps.service.credstore.CredentialStore cs = (oracle.security.jps.service.credstore.CredentialStore) ctx
.getServiceInstance(oracle.security.jps.service.credstore.CredentialStore.class);
oracle.security.jps.service.credstore.CredentialMap cmap = cs.getCredentialMap("PasswordMap");
oracle.security.jps.service.credstore.Credential cred = cmap.getCredential("xladminkey");
if (cred instanceof oracle.security.jps.service.credstore.PasswordCredential) {
oracle.security.jps.service.credstore.PasswordCredential pcred = (oracle.security.jps.service.credstore.PasswordCredential) cred;
char[] p = pcred.getPassword();
oimUserName = pcred.getName();
oimPassword = new String(p);
}
remember to keep the jps-api.jar and oimclient.jar in SCA-INF\lib
oimclient is for OIM API
Tuesday, May 26, 2015
OIM 11G R2 PS2 (11.1.2.2.0) Sample search user code
In this post I will share some sample code to search user based on a custom user attribute and also while searching some of the attribute label that do not work.
public List<User> fetchUsers(String attributeName, String attributeValue)
throws UserSearchException, AccessDeniedException {
UserManager um = Platform.getService(UserManager.class);
SearchCriteria sc = new SearchCriteria(attributeName, attributeValue,
SearchCriteria.Operator.EQUAL);
Set<String> retAttrs = new HashSet<String>();
retAttrs.add(UserManagerConstants.AttributeName.USER_LOGIN.getId());
List<User> users = um.search(sc, retAttrs, null);
return users;
}
throws UserSearchException, AccessDeniedException {
UserManager um = Platform.getService(UserManager.class);
SearchCriteria sc = new SearchCriteria(attributeName, attributeValue,
SearchCriteria.Operator.EQUAL);
Set<String> retAttrs = new HashSet<String>();
retAttrs.add(UserManagerConstants.AttributeName.USER_LOGIN.getId());
List<User> users = um.search(sc, retAttrs, null);
return users;
}
Couple of attribute name label that does not work in code are
USR_UDF_COLUMN
usr_udf_column
Label Name defined in user entity form
Users.attribute name if defined via design console
usr_udf_column
Label Name defined in user entity form
Users.attribute name if defined via design console
The label name that will work will be name as defined on user entity form without any spaces.
Monday, May 25, 2015
OIM 11G R2 PS2 (11.1.2.2.0) Event Handler Registration
In this post, I will talk about the event handler registration by using your custom created EventHandlers.xml file or by using OOTB EventHandlers.xml
Well I created a folder structure like /metadata/user/custom/CustomPreProcessHandler/ and placed my file there EventHandlers.xml and ran the weblogicImportMetadata.sh .
On testing my custom pre-process event Handler does not get loaded.
To fix this issue you can modify the OOTB file
/metadata/iam-features-identity/event-definition/EventHandlers.xml file
Sample content
<action-handler orch-target="oracle.iam.platform.kernel.vo.EntityOrchestration" class="fullyqualifiedclassname" entity-type="User" operation="CREATE" name="classname" stage="preprocess" order="1500" sync="true"/>
Monday, May 18, 2015
Oracle Identity and Access Management 11G R2 PS3 (11.1.2.3.0) released
Downloads
http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/oid-11gr2-2104316.html
http://download.oracle.com/otn/nt/middleware/11g/111230/ofm_iam_generic_11.1.2.3.0_disk1_1of3.zip
http://download.oracle.com/otn/nt/middleware/11g/111230/ofm_iam_generic_11.1.2.3.0_disk1_2of3.zip
http://download.oracle.com/otn/nt/middleware/11g/111230/ofm_iam_generic_11.1.2.3.0_disk1_3of3.zip
Documentation
http://docs.oracle.com/cd/E52734_01/
Certification Matrix here
http://www.oracle.com/technetwork/middleware/id-mgmt/documentation/identity-access-111230certmatrix-2539086.xlsx
More shall follow soon
http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/oid-11gr2-2104316.html
http://download.oracle.com/otn/nt/middleware/11g/111230/ofm_iam_generic_11.1.2.3.0_disk1_1of3.zip
http://download.oracle.com/otn/nt/middleware/11g/111230/ofm_iam_generic_11.1.2.3.0_disk1_2of3.zip
http://download.oracle.com/otn/nt/middleware/11g/111230/ofm_iam_generic_11.1.2.3.0_disk1_3of3.zip
Documentation
http://docs.oracle.com/cd/E52734_01/
Certification Matrix here
http://www.oracle.com/technetwork/middleware/id-mgmt/documentation/identity-access-111230certmatrix-2539086.xlsx
More shall follow soon
Subscribe to:
Posts (Atom)