Assigning the “System Administrator” Role to the user

Leave a reply

Assigning the “System Administrator” Role to the user

step 1 : Login to the self-service

Step2 : Click on “Manage” tab

Step3 :Go to “Organisations” tab

Step4 : Click on “Top” as Organization name

Step5 : Go to “Admin” tab and select “System Administrator” as Admin Role Name

Step6 : Click on Assign button

Step7 : Select user, Click on add selected and then click on “select” button

Step8 :Now you can see that user in the User Member’s list , select the “include sub-orgs”

Step9 :Check“include sub-orgs”and click on Apply button

BI Publisher Bursting

Leave a reply

Reports plays important part for management. It gives a birds eye view for a set of data, which allows the top management to take business decisions. BI publisher as a tool itself provides the reporting capability for OIM.

Simple reports can be created by creating a data model which are backed by SQL; and delivering the report to the required participant by configuring destination under output as follows

destination

But what if we want to deliver the single report by splitting it into different reports containing relevant data to the individual ? Bursting is the solution.

Bursting is a process of splitting data into blocks, generating documents for each block, and delivering the documents to one or more destinations. The data for the report is generated by executing a query once and then splitting the data based on a “Key” value. For each block of the data, a separate document is generated and delivered.

Example implementations include:

  • Invoice generation and delivery based on customer-specific layouts and delivery preference
  • Financial reporting to generate a master report of all cost centers, splitting out individual cost center reports to the appropriate manager
  • Generation of pay slips to all employees based on one extract and delivered via e-mail

What is the Bursting Definition?

A bursting definition is a component of the data model. After you have defined the data sets for the data model, you can set up one or more bursting definitions. When you set up a bursting definition, you define the following:

  • The Split By element is an element from the data that will govern how the data is split. For example, to split a batch of invoices by each invoice, you may use an element called CUSTOMER_ID. The data set must be sorted or grouped by this element.
  • The Deliver By element is the element from the data that will govern how formatting and delivery options are applied. In the invoice example, it is likely that each invoice will have delivery criteria determined by customer, therefore the Deliver By element may also be CUSTOMER_ID.
  • The Delivery Query is a SQL query that you define for BI Publisher to construct the delivery XML data file. The query must return the formatting and delivery details.

Adding a Bursting Definition to Your Data Model

Prerequisites:

  • You have defined the data set for this data model
  • The data set is sorted or grouped by the element by which you want to split the data in your bursting definition
  • The delivery and formatting information is available to BI Publisher. The information can be provided at runtime to BI Publisher in one of the following ways:
    • The information is stored in a database table available to BI Publisher (for a dynamic delivery definition)
    • The information is hard coded in the delivery SQL (for a static delivery definition)
  • The report definition for this data model has been created and includes the layouts that will be applied to the report data.

To add a bursting definition

  1. On the component pane of the data model editor, click Bursting.
  2. On the Bursting definition table, click the Create new Bursting button.
  3. Enter the following for this bursting definition:Name – for example, “Burst to File”Type– SQL Query is currently the only supported typeData Source – select the data source that contains your delivery informationThe following figure shows a Bursting definition:

    destination.PNG

  4.  Enabling bursting in the report:
    1. Click on Edit–> Properties of the report.
    2. Check “Enable Bursting” checkbox in Advanced and select bursting to apply and hit OK.

repo_bursting.PNG

Use case:

Consider a scenario where in new joinees need their userlogin and email id, and other information from their immediate manager. The respective reportee will get the relevent information using following report with bursting feature enabled.

Sample Data Model SQL:

SELECT
    usr_login,
    usr_email
FROM usr
WHERE
    usr_manager_key = (
        SELECT
            usr_key
        FROM
            usr
        WHERE
            usr_login =:mgr_login
        )

Sample email bursting query:

SELECT DISTINCT
     ( "User Login" ) AS "KEY",
     'My Template' template,
     'en-US' locale,
     'pdf' output_format,
     'MyReport_' || TO_CHAR(SYSDATE,'YYYYMMDD_HH:MM:SS') output_name,
     'EMAIL' del_channel,
     "USR_EMAIL"   parameter1,
     'Chaitanya.idm@gmail.com' parameter2,
     '' parameter3,
     'EMAIL_SUBJECT' parameter4,
     'Hi '
     || "User Login"
     || CHR(13)
     || 'Please find attached Users for the update.' parameter5,
     'true' parameter6,
     'chaitanya.idm@gmail.com' parameter7
 FROM
     (
         SELECT
             usr_login   "User Login",
             usr_email
         FROM
             usr
         WHERE
             usr_manager_key = (
                 SELECT
                     usr_key
                 FROM
                     usr
                 WHERE
                     usr_login =:mgr_login
             )
     )
 ORDER BY
     "User Login"

Sample folder bursting Query:

SELECT DISTINCT
     ( usr_login ) AS "KEY",
     'CW Disable Manager' template,
     'en-US' locale,
     'RTF' template_format,
     'PDF' output_format,
     'FILE' del_channel,
     '/tmp/rp' parameter1,
     'Report_'
     || TO_CHAR(SYSDATE,'YYYYMMDD_HH:MM:SS')
     || '.pdf' parameter2
 FROM
     (
         SELECT
             usr_login,
             usr_email
         FROM
             usr
         WHERE
             usr_manager_key = (
                 SELECT
                     usr_key
                 FROM
                     usr
                 WHERE
                     usr_login =:mgr_login
             )
     )
 ORDER BY
     usr_login

Example screenshot:

bursting

Reference:

https://docs.oracle.com/cd/E21764_01/bi.1111/e18862/T527073T555155.htm#T559968

https://docs.oracle.com/middleware/12212/bip/BIPDM/GUID-A926D588-426F-47C7-8A9A-B0A7959C5814.htm#BIPDM344

 

Entitlement valid from and valid to date

Leave a reply

Objective:

Getting information regarding entitlement start and end date from OIM database.

Let’s start:

Start date and end date plays vital role for any iam system like forgerock, sailpoint, OIM and so on.

When it comes to the entitlement start date and end date, it may not give you this information on OIM GUI.

But there is a way to get these details from OIM database from ENT_ASSIGN  table.
Here is the query to do the same.
SELECT USR_LOGIN,EL.ENT_CODE “Entitlement Name”,EA.VALID_FROM_DATE,EA.VALID_TO_DATE
FROM ENT_LIST EL, ENT_ASSIGN EA, USR
WHERE EL.ENT_LIST_KEY = EA.ENT_LIST_KEY
AND EA.USR_KEY = USR.USR_KEY
AND EA.ENT_STATUS = ‘Provisioned’
AND UPPER(USR.USR_LOGIN) = UPPER(‘<USER_LOGIN>’);
Conclusion :We are good to get the entitlement start and end date now 🙂

Read OIM IT Resource via API

Leave a reply
Objective:

Many a times it becomes necessary to read  OIM IT resource via API. This method will help you do the same.

Let’s start:

Initialize OIM client as usual. You can follow my other post to get started with writting OIM client.

Following is the method which you can use to read IT resource by providing IT Resource Name.

public static HashMap<String, String> getITResourceAttributeInMap(String itResourceName)  {

  HashMap<String, String>  adITResourcefileds = new HashMap<String, String> ();

  try{

   tcITResourceInstanceOperationsIntf tcITResourceIntf = oimClient.getService(tcITResourceInstanceOperationsIntf.class);

   HashMap<String, String>  searchcriteria = new HashMap<String, String>();

   searchcriteria.put(“IT Resources.Name”, itResourceName);

   tcResultSet resultSet = tcITResourceIntf.findITResourceInstances(searchcriteria);

   resultSet = tcITResourceIntf.getITResourceInstanceParameters(resultSet.getLongValue(“IT Resources.Key”));

   for (int i = 0; i < resultSet.getRowCount(); i++) {

    resultSet.goToRow(i);

    String name = resultSet.getStringValue(“IT Resources Type Parameter.Name”);

    String value= resultSet.getStringValue(“IT Resources Type Parameter Value.Value”);

    adITResourcefileds.put(name,value);

   }

  }catch (Exception ae) {

   ae.printStackTrace();

  }

  return adITResourcefileds;

 }

Conclusion : We are good to get the IT resource values via API 🙂

Troubleshooting Scheduler plugin in OIM

Leave a reply

Objective : To understand how to troubleshoot issues with scheduler plugin registered in OIM.

Prerequisites:

  1. Basic understanding of plugin registration and plugin structure.
  2. Understanding of Scheduler and its related artifacts this can be read here.

Lets Start:

Many a times we face challenges while working with scheduler in OIM. These challenges can be listed as follows:

  1. Plugin registration is completed successfully, but still metadata file is not present in mds.
  2. Plugin registration is completed successfully, Unable to find metadata file to create scheduled Job.
  3. Plugin registration is completed successfully, metadata file also present and scheduled job is also created but its failing and throwing NullPointerException.
  4. Plugin registration is completed successfully, but unable to find jar and metadata.
and so on…. do let me know if you face any issue other than these:
To troubleshoot this here are the steps you should check for:
  1. Plugin registration needs a specific format of folder structure containing specific files in it. You can read more on plugins here.
  2. While creating the plugin zip ensure that you are not zipping the parent folder. Many a times when creating zip we tend to right click and select send to zip option. This internally creates parent folder couple of times and hence plugin doesn’t get registered. E.g. when zipped plugin folder directly it will create structure like plugin ==> plugin ==> lib  while we just need plugin ==> lib
  3. Verify if plugin registration utility is working properly and it is not the issue with utility. If the issue is with the utility and its causing issue for each and every scheduler plugin to not to seed metadata then try registering the scheduler in following way:
    1. Use upload jar utility and select option 2 [scheduled Jar] and upload the jar.
    2. Use em console to import metadata of scheduler.
  4. Ensure that there are no additional or extra spaces in the task file. This sometimes leads to NullPointerException giving no clue where the things are wrong.
  5. Additionally check if jar status in “plugins” table, you can also verify when its updated or created in the using this table
  6. Nevertheless please let me know if there are additional steps which you found out useful to troubleshoot the same.
Conclusion :We are good to troubleshoot our scheduler plugin now 🙂

Attaching Entitlements to Disconnected Application Instance.

1 Reply

 

  1. Login to sysadmin console.
  2. Click on Sandboxes.
  3. Click onCreate Sandbox.
  4. Give sandbox name and click on Save and Close.
  5. Go toApplication Instance tab.
  6. Click on Create.
  7. Give Application Instance name and then click on Save.
  8. Click on Edit.
  9. Go to Child Object’s tab.
  10. Click on Add.
  11. Enter Child Object Name and click on OK.
  12. Click on created child object.
  13. Select Field Type :Lookup
  14. Provide required details.
  15. Click on Lookup Type.
  16. Execute following query:
  17. Select svr_key, svr_name from .svr wheresvr_name=;
  18. It will give you svr_key which we need to add with entitlement in code field.
  19. Enter required details and then click Save.
  20. Click on Save and Close.
  21. Click on Back To Parent Object.
  22. Click on Regenerate View.
  23. Select Form Type :Parent + Child
  24. Publish Sandbox.
  25. Goto”Scheduler”tab.
  26. Search”Entitlement List”.
  27. Click on Run Now.
  28. Search”Catalog Synchronization Job”.
  29. Click onvRun Now.
  30. Now we can see Entitlements are listed for Application Instance.

Creating User Defined Field UDF in OIM 

Leave a reply
  1. Login to System Administrator Console using “xelsysadm” credential and click on”Sandboxes”.
  2. Click on Create Sandbox.
  3. Enter sandbox name and click on Save and Close.
  4. Click on  User link.
  5. Click on new icon.
  6. Select Field Type as “Text” Enter field name as “PocketId”.
  7. Enter Display Label field and then click on “Save and Close”.
  8. Custom field is created.
  9. Go to Manage sandboxes and publish that sandbox.
  10. The custom field is now registered in the “USR” Table.
  11. Now to make visible the custom field”PocketId” in Create User Form, Login to Identity Self Service console using “xelsysadm” credential.
  12. create a new sandbox.
  13. Give sandbox name and click on Save and Close.
  14. Go to “Manage” tab.Click on Users tab.Click on Create.
  15. Click on customize on top right corner of the Identity console.
  16. Click on Structure tab.
  17. Click onEdit.
  18. Click on the area where you want to add your field.containing and then click on add symbol.
  19. Open Data component-Catalog.
  20. Open userVO.
  21. Search for added custom field and click on Add.
  22. Select the option : ADF Input text with label.
  23. Click on cross icon.
  24. Click onClosebutton.
  25. Go to manage sandboxes and publish sandbox.We can see, “PocketId” custom field added successfully.
  26. Similarly add the field to View page, and modify page. 

    Note : for adding UDF on view page the udf needs to be selected from “Manage Users=>UserV01=>Adf output text with label”.

    Custom empty search result text in OIM search table

    Leave a reply

    Use Case: whenever any search window is opened it always shows “No data to display” message at the bottom of table. This sometimes may created wrong impression as there is no data in the system to display. The other use case could be as this message is not that user friendly we need to customize it.

    Objective: In this post we are going to acheive the same for the track request search table by customizing “No data to display” to display some meaningful message.

    Solution: we can achieve this functionality using the sandbox approach by following steps as follows:

    1. ­­­­­­­­­create new sandbox and activate it
    2. Go to search table e.g. track request table1..PNG
    3. Click customize and then click on structure   2.
    4. Right Click “table:t1” and click on Edit
    5. You can see “Empty Text” property is set to “No data to display”.Click on small arrow next to it.5..PNG
    6. Update text “builder#{oimuibundle.SEARCH_NO_DATA}” to desired text. and click on Test6
    7. Click on OK8
    8. Click on Apply and OK at bottom.9.
    9. Export and publish the sandbox.

    Some useful Linux commands

    Leave a reply

    To get process details of the specified processename.
    ps -ef | grep [processname]

    To kill the process with processid.
    pkill -9 [processid]

    To find ip address

     sudo /sbin/ifconfig

    To find version information.             uname -a

    To check open port.                                netstat -ano | grep “1521”

    To create jar                                                    jar -cvf <jar_name> <files to be added in jar>

    To create User.                                      useradd <username> -passwd                        This will prompt to enter password
    To change the root password:

    sudo passwd

    To change logged in user’s password:

    passwd

    To change non logged in user’s  password:

    sudo passwd USERNAME

    Creating simple Prepopulate Adapter in OIM

    Leave a reply

    Objective:

    For provisioning any target resource some user information needs to be passed to the user. This information can be filled  and submitted for each user manually which is not efficient process. We can automate this process by creating pre-populate adapters and attaching them in the process form. Here we will create a simple logical task adapter which copies user first name from user profile to target’s process form.

    Prerequisite: 

    Access to design console and Some Application Instance which can be provisioned to user.

    Let’s Achieve this:

    1. Open designconsole by running xlclient.sh from /home/oracle/Oracle/Middleware/Oracle_IDM1/designconsole/ from this path.1.DCLogin
    2. Login to design console2.DCOpen
    3. Double click on Adapter Factory3.AdapterFactory.PNG
    4. Enter the details as follows and Click on Save4.adapter.PNG
    5. Go to  Variable List tab5.varList
    6. Click on Add to  create a variable and enter the details as follows:6.var.PNG
    7. Click on save and close.7.savedVar
    8. Go to Adapter Tasks tab 4.adapter
    9. Click on Add                                                                 8.logictask.PNG
    10. Select Logic Task and select SET VARIABLE , Click on Continue and fill the details as follows :                                                9.logictask1.PNG
    11. Click on Save and Close then Click on Build : 11.updatedAdapterThis completes the process to create prepop adapter
    12. To attach this adapter to process form go to form designer 10.formDesigner.PNG
    13. Select the form on which you want to add this prepop adapter11.1..PNG
    14. Go to prepop tab then Click on Add and Select the adapter 12.selectAdapter.PNG
    15. Do the mapping as follows:           13.Mapping.PNG
    16. Click on Save.
    17. Test the prepop by provisioning user to the selected form’s App Instance.

    Note : If the form version is already active you may not able to add  the prepop adapter. In this case create new form version and add prepop adapter. Also you need to create a new form from sysadmin console and attach it to application Instance. Also the fields will be populated post the request and not when we click on submit button.

    Reference Links :

    Using Prepopulate AdaptersUsing Prepopulate Adapters