Wednesday, October 8, 2014

How to create Oracle Identity Manager 11gR2 PS2 Disconnected Resource and provision user


In this post we will learn about how to create OIM Disconnected Resource and test provisioning user to disconnected resource up on user request

Steps:

- Login to http://pokuri.demo.com:14000/sysadmin/ console with XELSYSADM account



- Click on Sandboxes


- Click on Create Sandbox


- Name Sandbox and click on "Save and Close"

- Click on "OK"


-- Check Sandbox status as "Active"


- Double Click on "Application Instances" in the left panel

- Click on "Create"


- Enter Disconnected Resource Name and select Disconnected Check Box and click on "Save"


- Click "OK" 


- Notice message "Application Instance AdminApp created successfully" on top.


- Search if the Application instance created or not.


- As we are dealing with "Disconnected Resource" below change in "Process Definition" needed.

- Login to OIM Design Console with "XELSYSADM" account and double click on "Process Definition" 


- Click on "Search" icon as shown in the below screen shot. 


- Click on "Process Definition Table" tab at the bottom.


- Select the Disconnected application entry and double click on sequence number associated to it.


- Double click on "ManualProvisioningStart" Task.


- Click on "Yes"


- Click on "Task to Object Status Mapping" tab as shown in the below screen shot.


- Select status "C" row and double click in "Object Status" column which opens another pop up window.


- Select "Provisioned" and click on "OK"


- Click on "Save" button as shown in the below screen shot.


- Click on "Close" symbol as shown in the below screen shot.


- Click "Save" button again at the "Process Definition"


- Click "Publish Sandbox" to activate the changes.


- Click "Yes" to complete publishing sandbox.



- Disconnected resource configuration is completed.

Now, Lets test it by provisioning user to that disconnected resource.

- Login as an end user in to http://<<hostname>>:14000/identity


- Double Click on "Catalog"


- Click on the Search button as shown in the below screen shot.


- Make sure new disconnected resource just created appears here then click on "Add to Cart" button next to it


- Resource is added to cart

- Click on "Checkout"


 - Add the details as needed and click on "Ready to submit"



- Click on "Submit"


- Check the request id and the request sent to administrator for approval



- Login as "xelsysadm" into identity console



 - Double Click on "Home"

- In the dashboard, check "Pending Approvals" section and notice that there is a request for approval. Click on that request


- Click on "Approve" (if appropriate access)


- As it is disconnected resource, request will be sent to the concerned resource Inbox for fulfillment. In this case i just have "XELSYSADM" and so request comes to "XELSSYADM" Inbox. Click on "Inbox" 



- Click on the "My Tasks" and see new task is waiting for "Complete" status. Once the Manual work is completed click on "Complete" button.








Now, Lets go and check the User Accounts and it's status


-- As shown in the below screen shot "AdminApp" is "Provisioned" successfully.


Hope this helps some one out there.

-- Siva Pokuri.

TIPS: Sample Create User Oracle Identity Manager 11g API code

Sample Code:

import Thor.API.Operations.tcLookupOperationsIntf;

import java.util.HashMap;
import java.util.Hashtable;

import javax.security.auth.login.LoginException;

import oracle.iam.identity.exception.UserAlreadyExistsException;
import oracle.iam.identity.exception.UserCreateException;
import oracle.iam.identity.exception.ValidationFailedException;
import oracle.iam.identity.usermgmt.api.UserManager;
import oracle.iam.identity.usermgmt.vo.User;
import oracle.iam.platform.OIMClient;

public class OIMTestClient
{  
    public static void main(String arg[])
    {
        Hashtable<Object, Object> env = new Hashtable<Object, Object>();
        env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL, "weblogic.jndi.WLInitialContextFactory");
        env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, "t3://pokuri.demo.com:14000");
     
        System.setProperty("java.security.auth.login.config", "/IdentityManagement/Blog/OIM/JDeveloperConfigforOIM/designconsole/config/authwl.conf");
        System.setProperty("OIM.AppServerType", "wls");
        System.setProperty("APPSERVER_TYPE", "wls");
        oracle.iam.platform.OIMClient oimClient = new oracle.iam.platform.OIMClient(env);
     
        try
        {                      
            oimClient.login("xelsysadm", "Abcd1234".toCharArray());
            System.out.print("Successfully Connected with OIM ");
            System.out.println("Before Create User --");
         
         
            HashMap<String, Object> userAttributeValueMap = new HashMap<String, Object>();
            userAttributeValueMap.put("act_key", new Long(1));
            userAttributeValueMap.put("User Login", "sam");
            userAttributeValueMap.put("First Name", "sam");
            userAttributeValueMap.put("Last Name", "peter");
            userAttributeValueMap.put("Email", "speter@abc.com");
            userAttributeValueMap.put("usr_password", "Password123");
            userAttributeValueMap.put("Role", "OTHER");
            User user = new User("sam", userAttributeValueMap);
            UserManager userManager = oimClient.getService(UserManager.class);
            try {
                userManager.create(user);
                System.out.println("\nUser Created");
            } catch (ValidationFailedException e) {
                e.printStackTrace();
            } catch (UserAlreadyExistsException e) {
                e.printStackTrace();
            } catch (UserCreateException e) {
                e.printStackTrace();
            }
            System.out.println("User Created successfully");
        }
        catch (Exception e)
        {
            System.out.print(" Exception"+ e);
        }
    }
}

Sample Oracle Identity Manager 11g API code to Create and add values to Lookup


Note: Before running the code make sure all the below jar files are in class path


Sample Code

import Thor.API.Operations.tcLookupOperationsIntf;
import java.util.Hashtable;
import javax.security.auth.login.LoginException;
import oracle.iam.platform.OIMClient;
public class OIMTestClient
{  
    public static void main(String arg[])
    {
        Hashtable<Object, Object> env = new Hashtable<Object, Object>();
        env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL, "weblogic.jndi.WLInitialContextFactory");
        env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, "t3://pokuri.demo.com:14000");
     
        System.setProperty("java.security.auth.login.config", "/IdentityManagement/Blog/OIM/JDeveloperConfigforOIM/designconsole/config/authwl.conf");
        System.setProperty("OIM.AppServerType", "wls");
        System.setProperty("APPSERVER_TYPE", "wls");
        oracle.iam.platform.OIMClient oimClient = new oracle.iam.platform.OIMClient(env);
        try
        {                      
            oimClient.login("xelsysadm", "Abcd1234".toCharArray());
            System.out.print("Successfully Connected with OIM ");
            System.out.println("Before Lookup add--");
            tcLookupOperationsIntf lookupIntf = oimClient.getService(tcLookupOperationsIntf.class);
         
            // Create Lookup
            lookupIntf.addLookupCode("UserRoles");
            System.out.println("Created Lookup Table");
         
            // Add Values to lookup
            lookupIntf.addLookupValue("UserRoles", "Admin", "Admin", "en", "US");
            lookupIntf.addLookupValue("UserRoles", "End-User", "End-User", "en", "US");
         
            System.out.println("Added Lookup Values succsesfully");
        }
        catch (Exception e)
        {
            System.out.print(" Exception"+ e);
        }
    }
}

-- Siva Pokuri.

Monday, October 6, 2014

Sample JNDI code to connect and get Active Directory Group properties

import java.util.Hashtable;
import java.util.Date;

import javax.naming.*;
import javax.naming.directory.*;

class GetGroupProps
{
public static void main(String[] args)
{
int totalResults = 0;
Hashtable env = new Hashtable(5, 0.75f);
final String ldapSearchBase = "dc=addemo,dc=com";
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://spsolutions.addemo.com:389");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "cn=Administrator,cn=users,dc=addemo,dc=com");
env.put(Context.SECURITY_CREDENTIALS, "Oracle@1234");
try
{
        DirContext ctx = new InitialDirContext(env);
        System.out.println("Login Successful");
        String searchFilter = "(&(objectClass=group)(CN=Administrators))";
        SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration<SearchResult> results = ctx.search(ldapSearchBase, searchFilter, searchControls);
while (results.hasMoreElements())
{
SearchResult sr = (SearchResult)results.next();
System.out.println(">>>" + sr.getName());
Attributes attrs = sr.getAttributes();
if (attrs != null
{
try 
{
for (NamingEnumeration ae = attrs.getAll();ae.hasMore();) 
{
Attribute attr = (Attribute)ae.next();
System.out.println("Attribute: " + attr.getID());
for (NamingEnumeration e = attr.getAll();e.hasMore();totalResults++) 
{
System.out.println(" " +  totalResults + ". " +  e.next());
}
}
}
catch (NamingException e)    
{
System.err.println("Problem listing membership: " + e);
}
}
}
}
catch(Exception e)
        {
System.out.println("Exception "+ e);
        }
}
}