In this post, I will talk about sending separate userid and password email on user onborading.
Existing Process
Modify the existing "Generated Password Notification"
and remove $username
Add new CREATE USER post-process Event Handler and send only
username.
Create a new Notification Event Resolver
Create a new Notification Template
Event Metadata -> Notification Resolver -> Notification
Template
-----------------------------------------------------------------------------------------------------------------------------------------------
OIM 11g: How to Disable Email Notification? [ID 1473778.1]
1) Export from MDS the file
/metadata/iam-features-selfservice/event-definition/EventHandlers.xml.
Instructions to import export can be found here. Save a local copy for future
reference.
2) Remove the section
<postprocess-handler
class="oracle.iam.selfservice.uself.uselfmgmt.impl.handlers.create.SelfServiceNotificationHandler"
entity-type="User"
operation="CREATE"
name="SelfServiceNotificationHandler"
order="1160"
stage="postprocess"
sync="TRUE">
</postprocess-handler>
3) Export from MDS the file
/metadata/iam-features-passwordmgmt/event-definition/EventHandlers.xml .
4) Remove the section:
<postprocess-handler
class="oracle.iam.passwordmgmt.eventhandlers.PasswordNotificationHandler"
entity-type="User" operation="CREATE"
name="PasswordNotificationHandler"
order="1180" stage="postprocess"
sync="TRUE">
</postprocess-handler>
5) Import these two files back into MDS.
6) Reexport the above two files again to verify your edits got
uploaded to MDS correctly.
7) Set the system property in OIM "Should send notifications
in recon or not" to FALSE.
Notes:
(1) Currently
notifications are sent in the following scenarios by event handlers in case
users are created through UI or through SPML (since internally we are having a
single code path -- create user orchestration) .
Create user with manual
password – SelfServiceNotificationHandler
This can be disabled
to suppress the notification being sent.
MDS Location :
/metadata/iam-features-selfservice/event-definition/EventHandlers.xml, Edit out
the section for SelfServiceNotificationHandler
Admin create user with
auto-gen password – PasswordNotificationHandler
This can be disabled
to suppress the notification being sent.
MDS Location :
/metadata/iam-features-passwordmgmt/event-definition/EventHandlers.xm,
edit out
the section for PasswordNotificationHandler
Admin change password
with manual password – Via UI based on the email checkbox selected on the UI.
UI checkbox can be
selected appropriately .
Admin change password
with auto-gen password (reset password) – ResetPasswordActionHandler
This is NOT a
post-processing handler that can be disabled. Not configurable, as password
needs to be communicated
(2) LDAP Sync Scenario:
System Property name which is specific to Recon to disable
notification, Recon.SEND_NOTIFICATION. This property is exercised when the
users are getting created through LDAP sync.
(3) Notes on how to edit
out the event handlers :
http://download.oracle.com/docs/cd/E14571_01/doc.1111/e14309/utils.htm
-----------------------------------------------------------------------------------------------------------------------------------------------
<?xml version='1.0' encoding='UTF-8'?>
<eventhandlers xmlns="http://www.oracle.com/schema/oim/platform/kernel"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.oracle.com/schema/oim/platform/kernel
orchestration-handlers.xsd">
<!--REMOVE---->
<postprocess-handler class="oracle.iam.selfservice.uself.uselfmgmt.impl.handlers.create.SelfServicePostHandler"
entity-type="User" operation="CREATE"
name="SelfServicePostHandler" order="1000000"
stage="postprocess" sync="TRUE"/>
<preview-handler
class="oracle.iam.selfservice.self.selfmgmt.impl.handlers.setchallenge.SetChallengeValuesPreviewHandler"
entity-type="User" operation="SELFSETCHALLENGE"
name="SetChallengeValuesPreviewHandler" order="FIRST"/>
<validation-handler
class="oracle.iam.selfservice.self.selfmgmt.impl.handlers.setchallenge.SetChallengeValuesValidationHandler"
entity-type="User" operation="SELFSETCHALLENGE"
name="SetChallengeValuesValidationHandler"
order="FIRST"/>
<action-handler
class="oracle.iam.selfservice.self.selfmgmt.impl.handlers.setchallenge.SetChallengeValuesActionHandler"
entity-type="User" operation="SELFSETCHALLENGE"
name="SetChallengeValuesActionHandler" order="FIRST"
stage="action" sync="TRUE"/>
<preview-handler
class="oracle.iam.selfservice.self.selfmgmt.impl.handlers.expiredpwd.ExpiredPasswordPreviewHandler"
entity-type="User" operation="SELFEXPIREDPWD"
name="ExpiredPasswordPreviewHandler" order="FIRST"/>
<action-handler
class="oracle.iam.selfservice.self.selfmgmt.impl.handlers.expiredpwd.ExpiredPasswordActionHandler"
entity-type="User" operation="SELFEXPIREDPWD"
name="ExpiredPasswordActionHandler" order="FIRST"
stage="action" sync="TRUE"/>
<preview-handler
class="oracle.iam.selfservice.self.selfmgmt.impl.handlers.changepwd.ChangePasswordPreviewHandler"
entity-type="User" operation="CHANGE_PASSWORD"
name="SelfChangePasswordPreviewHandler" order="FIRST"/>
<validation-handler
class="oracle.iam.selfservice.self.selfmgmt.impl.handlers.changepwd.ChangePasswordValidationHandler"
entity-type="User" operation="CHANGE_PASSWORD"
name="SelfChangePasswordValidationHandler" order="FIRST"/>
<action-handler
class="oracle.iam.selfservice.self.selfmgmt.impl.handlers.changepwd.ChangePasswordActionHandler"
entity-type="User" operation="CHANGE_PASSWORD"
name="SelfChangePasswordActionHandler" order="FIRST"
stage="action" sync="TRUE"/>
<postprocess-handler
class="oracle.iam.selfservice.uself.uselfmgmt.impl.handlers.create.SelfServiceNotificationHandler"
entity-type="User" operation="CREATE"
name="SelfServiceNotificationHandler" order="1160"
stage="postprocess" sync="TRUE"/>
</eventhandlers>
-----------------------------------------------------------------------------------------------------------------------------------------------
<?xml version='1.0' encoding='UTF-8'?>
<eventhandlers
xmlns="http://www.oracle.com/schema/oim/platform/kernel"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.oracle.com/schema/oim/platform/kernel
orchestration-handlers.xsd">
<preview-handler class="oracle.iam.passwordmgmt.eventhandlers.ResetPasswordPreviewHandler"
entity-type="User" operation="RESET_PASSWORD"
name="ResetPasswordPreviewHandler" order="FIRST"/>
<validation-handler
class="oracle.iam.passwordmgmt.eventhandlers.ResetPasswordValidationHandler"
entity-type="User" operation="RESET_PASSWORD"
name="ResetPasswordValidationHandler" order="FIRST"
sync="TRUE"/>
<validation-handler
class="oracle.iam.passwordmgmt.eventhandlers.UserPasswordValidationHandler"
entity-type="User" operation="CREATE" name="UserPasswordValidationHandler"
order="1020"/>
<validation-handler
class="oracle.iam.passwordmgmt.eventhandlers.UserPasswordValidationHandler"
entity-type="User" operation="CHANGE_PASSWORD"
name="UserPasswordValidationHandler" order="2"/>
<action-handler class="oracle.iam.passwordmgmt.eventhandlers.ResetPasswordPreProcessHandler"
entity-type="User" operation="RESET_PASSWORD"
name="ResetPasswordPreProcessHandler" stage="preprocess"
sync="TRUE" order="9900"/>
<action-handler class="oracle.iam.passwordmgmt.eventhandlers.ResetPasswordActionHandler"
entity-type="User" operation="RESET_PASSWORD"
name="ResetPasswordActionHandler" order="FIRST"
stage="action" sync="TRUE"/>
<!--REMOVE--->
<postprocess-handler
class="oracle.iam.passwordmgmt.eventhandlers.PasswordNotificationHandler"
entity-type="User" operation="CREATE"
name="PasswordNotificationHandler" order="1180"
stage="postprocess" sync="TRUE"/>
<postprocess-handler
class="oracle.iam.passwordmgmt.eventhandlers.PasswordHistoryPostProcessHandler"
entity-type="User" operation="CREATE"
name="PasswordHistoryPostProcessHandler" order="1200"
stage="postprocess" sync="TRUE"/>
<postprocess-handler
class="oracle.iam.passwordmgmt.eventhandlers.PasswordHistoryPostProcessHandler"
entity-type="User" operation="CHANGE_PASSWORD" name="PasswordHistoryPostProcessHandler"
order="SECOND" stage="postprocess"
sync="TRUE"/>
</eventhandlers>
-----------------------------------------------------------------------------------------------------------------------------------------------
Notification RESOLVER
-----------------------------------------------------------------------------------------------------------------------------------------------
<?xml version='1.0' encoding='UTF-8'?>
<Events
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="../../../notification/metadata/NotificationEvent.xsd">
<EventType name="CreateSelfUser">
<Resolver
class="oracle.iam.selfservice.notification.CreateNewSelfUserResolver">
<Param Name="CreateSelfUser"
DataType="X2-Entity" EntityName="CreateSelfUser"/>
</Resolver>
</EventType>
</Events>
__________________________________________________________________________________________________________________________________________________
NotificationEvent.xsd
---------------------------------------------------------------------------------------------------------------------------------------------------
<?xml version="1.0" encoding="utf-8"?>
<xs:schema
xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:complexType
name="ParamType">
<xs:attribute
name="Name" type="xs:string" use="required" />
<xs:attribute
name="DataType" use="required">
<xs:simpleType>
<xs:restriction
base="xs:string">
<xs:enumeration
value="X2-Entity" />
<xs:enumeration
value="91-Entity" />
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute
name="EntityName" type="xs:string"></xs:attribute>
</xs:complexType>
<xs:complexType
name="AttributeType">
<xs:attribute
name="Name" type="xs:string" use="required" />
<xs:attribute
name="DataType" use="required" >
<xs:simpleType>
<xs:restriction
base="xs:string">
<xs:enumeration
value="X2-Entity" />
<xs:enumeration
value="91-Entity" />
<xs:enumeration
value="X2-DataSet" />
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute
name="EntityName" type="xs:string"></xs:attribute>
</xs:complexType>
<xs:complexType
name="StaticDataType">
<xs:sequence>
<xs:element
name="Attribute" minOccurs="0"
maxOccurs="unbounded"
type="AttributeType"
/>
</xs:sequence>
</xs:complexType>
<xs:complexType
name="ResolverType">
<xs:sequence>
<xs:element
name="Param" minOccurs="1" maxOccurs="unbounded"
type="ParamType"
/>
</xs:sequence>
<xs:attribute
name="class" type="xs:string" />
</xs:complexType>
<xs:complexType
name="EventTypeType">
<xs:sequence>
<xs:element
name="StaticData" type="StaticDataType"
minOccurs="0"
maxOccurs="unbounded" />
<xs:element
name="Resolver" type="ResolverType"
minOccurs="1"
maxOccurs="1" />
</xs:sequence>
<xs:attribute
name="name" type="xs:string" />
</xs:complexType>
<xs:element
name="Events">
<xs:complexType>
<xs:choice
minOccurs="1" maxOccurs="unbounded">
<xs:element
name="EventType" type="EventTypeType"
minOccurs="1"
maxOccurs="unbounded" />
</xs:choice>
</xs:complexType>
</xs:element>
</xs:schema>
151141
1. Added in
"/home/oracle/MDS2/metadata/iam-features-passwordmgmt/event-definition/EventHandlers.xml"
<postprocess-handler
class="com.ee.oim.user.NotifyUserIdToUser"
entity-type="User" operation="CREATE"
name="NotifyUserIdToUser" order="2180"
stage="postprocess" sync="TRUE"/>
2. Added in
"/home/oracle/MDS2/metadata/iam-features-passwordmgmt/notification/ResetPasswordEvent.xml"
<EventType name="NotifyUserIdToUser">
<StaticData>
<Attribute DataType="X2-Entity"
EntityName="User" Name="Granted User"/>
</StaticData>
<Resolver
class="oracle.iam.identity.notification.EndDateNotificationEventResolver">
<Param DataType="X2-Entity"
EntityName="User" Name="usr_key"/>
</Resolver>
</EventType>
3. ./weblogicImportMetaData.sh
3. plugin.xml
<?xml version="1.0" encoding="UTF-8"?>
<oimplugins>
<plugins
pluginpoint="oracle.iam.platform.kernel.spi.EventHandler">
<plugin pluginclass=
"com.deepak.dubey.oim.user.NotifyUserIdToUser"
version="1.0"
name="NotifyUserIdToUser">
</plugin>
</plugins>
</oimplugins>
[oracle@voimbilt01 plugin_utility]$ ant -f pluginregistration.xml
register
Buildfile: pluginregistration.xml
register:
[echo]
[echo]
*******************************************************************************
[echo] REGISTRATION
TOOL TO REGISTER
[echo]
*******************************************************************************
[echo] This tool can be used to register
or unregister plugins to OIM.
[echo]
[echo] Edit the ant.properties file to set
the properties.
[echo] Invoke the corresponding ant targets
(register or unregister) to perform registration or unregistration
correspondingly.
[echo]
[echo] Following are the additional
system properties accepted by the utility. They would be prompted if not passed
at the time of invoking the utility.
[echo]
[echo] OIM.Username (User ID of the oim
user)
[echo] ServerURL (URL of the server.
t3://<host>:<port>)
[echo] PluginZipToRegister (Complete name
with path of the plugin file. Required for registering a plugin.)
[echo]
[echo] Set the other properties in
ant.properties file:
[echo] wls.home
[echo] oim.home
[echo] login.config
[echo]
[echo]
[echo]
/opt/oracle/Oracle/Middleware/Oracle_IDM1/server/ext/spring.jar:/opt/oracle/Oracle/Middleware/Oracle_IDM1/server/ext/jakarta-commons/commons-logging.jar:/opt/oracle/Oracle/Middleware/Oracle_IDM1/server/ext/internal/toplink.jar:/opt/oracle/Oracle/Middleware/Oracle_IDM1/server/platform/iam-platform-context.jar:/opt/oracle/Oracle/Middleware/Oracle_IDM1/server/platform/iam-platform-utils.jar:/opt/oracle/Oracle/Middleware/Oracle_IDM1/server/platform/iam-platform-auth-client.jar:/opt/oracle/Oracle/Middleware/Oracle_IDM1/server/platform/iam-platform-pluginframework.jar:/opt/oracle/Oracle/Middleware/Oracle_IDM1/server/client/oimclient.jar:/opt/oracle/Oracle/Middleware/wlserver_10.3/server/lib/wlfullclient.jar
[input] Enter the oim
user id:
xelsysadm
[input]Enter the oim
user password:
[input] Enter the server
url [t3://<host>:<port>] :
t3://localhost:14000
[input] Enter name
(complete file name with path) of the plugin file:
/opt/oracle/deploy/plugins/notify-user.zip
[echo]
[echo] Plugin
Registered
BUILD SUCCESSFUL
Total time: 44 seconds
[oracle@voimbilt01 plugin_utility]$
-----------------------------------------------------------------------------------------------------------------------------------------------------------
Notify UserId to User
New Account Information
Generated Password
<html>
<head>
</head> <body>
<p>
An account has been created for you with the following details.
You will be required to change your password on next login.
</p><p>
UserID: $User_Login<br>
</p><p>
For any issues,
please contact admin@localdomain.com
</p>
</body></html>
-----------------------------------------------------------------------------------------------------------------------------------------------------------
Modify the Existing
"Generated Password Notification"
<html>
<head>
</head> <body>
<p>
An account has been created for you with the following details.
You will be required to change your password on next login.
</p><p>
Password: $password<br>
</p><p>
For any issues,
please contact admin@localdomain.com
</p>
</body></html>
-------------------------------------------------------------------------------------------------------------------------------------------------------------
