Copy the following code into a java file and then export it to the OIM-HOME\xellerate\evenhandler folder.
Now open the Development Tools -> Business Rule Definition -> Event Handler Manager in the design console.
Create a new Event Handler and specify:
Event Handler Name: tcGenerateRandomPassword
In the package name give the package in which the class is present.
Select the pre-insert checkbox and then save the event handler.
Now Goto Development Tools -> Business Rule Definition -> Data Object Manager
Search for "Users" and add the event handler to the Pre-Insert list.
Save it.
Now once you create a user in xellerate it will generate a random password for the user. Try logging in with the password generated and you should be able to login successfully.
OIM Design Console must be installed. This setup uses the files installed by the OIM Design Console.
Add the Design Console JAR files to Eclipse:
Select your project, then select Windows -> Preferences (Eclipse -> Properties on a Mac).
Select Java, Build Path, User Libraries from the menu items on the left.
Click the New button, and enter a library name (OIM API Library), then click OK.
Click the Add Jars button, navigate to the "lib" directory where your OIM Design Console is installed (OIMDesignHome/xlclient/lib), and select all the jar files. It is left as an exorcise to set the javadoc location -- these might be located somewhere inOIMDesignHome/documentation/SDK/javadocs. If you find them, please update this page.
Add the User Library created in 2 to your Eclipses project:
Select your project, then select Project -> Properties.
Select Java Build Path from the menu items on the left.
Select the Libraries tab.
Click on the Add Library button, select User Library from the list, then Next.
Select OIM API Library from the list, then click Finish.
Add the files in the Design Consoles "ext" directory to the class path, and set the VM Arguments:
Select your project, then select Project -> Properties.
Select Run/Debug Settings form the menu items on the left.
If a launch configuration has not already been setup for your project, click on the New button and select Java Application as the type. Otherwise, select your configuration and press the Edit button.
On the Main tab, ensure that your Main class is set to the correct class file.
The Group Entitlements form is displayed in the User Management folder. You use it
to create and move forms, and to designate the forms and folders that members of a
user group can access through the Explorer.
To designate forms and folders to user groups by using the Group Entitlements form:
1. In the Explorer, double-click Group Entitlements.
The User Group Information page is displayed.
2. In the Group Name field, enter the name of the user group.
3. Click Assign.
The User Form Assignment lookup table is displayed.
4. From the lookup table, select the user form for this user group.
Use the arrow buttons to either add or delete from the Assigned Forms list.
5. Click OK.
The newly added user forms are listed in a Group Entitlements table. The Group
Entitlements Table displays all available user groups. This table shows the name of
the user form and the type. In the Group Entitlements table, there are two types,
javaform and folder. A javaform is a Java-based, graphical interface. A folder is a
container of one or many javaforms.
Sequence Recon If you select this check box, then reconciliation events are processed
in the sequence in which they are created.
The application of this feature can be illustrated by the following
example:
Suppose there are two reconciliation events for the OIM User
resource object for user John Doe. The first reconciliation event (E1)
data is as follows:
■ Login: testuser1
■ First Name: John
■ Last Name: Doe
■ Organization: Xellerate Users
■ Type: End-User
■ Role: Full-Time
The second reconciliation event (E2) data is as follows:
■ Login: testuser1
■ First Name: John1
■ Last Name: Doe1
■ Organization: Xellerate Users
■ Type: End-User
■ Role: Full-Time
Between the first and second events, the first name and last name of
the user was changed.
During trusted source reconciliation, if events are processed in the
order in which they are created, then this change in first and last
names is correctly reconciled into Oracle Identity Manager. However,
if the second event is processed before the first one, then data in the
target system does not match data in Oracle Identity Manager at the
end of the reconciliation run. This inconsistency will be reflected in
the auditing tables, and will remain until another event from the
trusted source is created for this user.
If you enable the Sequence Recon option, then you can ensure that
events for the same entity (for example, same user or same process
form) are processed in the order in which they were created.
public static void main(String arg[])
{
OimApi mo=new OimApi();
mo.init();
long usrKey=mo.finduserkey("testusr");
System.out.println(usrKey);
long procinstKey=mo.getProcessInstKeyOfRes("DB USER", usrKey, "provisioned");
mo.setValueOnProcessForm(procinstKey, "UD_DBUSER1_EMAIL", "xxx_yyy@yahoo.com");
System.out.println("updated form details successfully");
System.out.println("goin to disable the user");
//mo.disableApp(usrKey, procinstKey);
System.out.println("Printing form data");
mo.getFormData(procinstKey);
mo.getProcesstaskDetails(procinstKey);
System.exit(0);
}
//This method is used to get the process instance key
/**
* @param res_Name This parameter contains the resource Object name
* @param userkey This parameter contains the user key
* @param ROState This parameter contains the state of the RO either provisioned,enabled or disabled or revoked
*/
private long getProcessInstKeyOfRes(String res_Name,long userkey, String ROState) {
ROState = ROState.toLowerCase();
long longProcessInstanceKey = 0;
try{
tcResultSet resultGetObjects = userOperationsintf.getObjects(userkey);
int countResultGetObjects = resultGetObjects.getRowCount();
System.out.println("--------------"+countResultGetObjects);
for(int i = 0; i < countResultGetObjects; i++) {
resultGetObjects.goToRow(i);
String objetcName = resultGetObjects.getStringValue("Objects.Name");
System.out.println("---------Object name"+objetcName);
if(res_Name.equalsIgnoreCase(objetcName)) {
String status = resultGetObjects.getStringValue("Objects.Object Status.Status");
status = status.toLowerCase();
//This method is used to update the process form details
/**
* @param proInstKey This param contains the process Instance Key
* @param key This param contains the form column name
* @param value This param contains the value to be updated
*/
public String setValueOnProcessForm(long proInstKey, String key, String value){
String SUCCESS = "SUCCESS";
String FAILURE = "FAILURE";
HashMap hm = new HashMap();
hm.put(key, value);
try {
formInstanceOperationsIntf.setProcessFormData(proInstKey, hm);
//This method gets the child table data
/**
* @param procInstKey This parameter contains the process instance key
*/
public void getChildData(long procInstKey)
{
try{
long formDefKey=formInstanceOperationsIntf.getProcessFormDefinitionKey(procInstKey);
int iVersion=formInstanceOperationsIntf.getActiveVersion(formDefKey);
System.out.println("Printing the child table details");
tcResultSet childResult=formInstanceOperationsIntf.getChildFormDefinition(formDefKey, iVersion);
System.out.println("------------"+"Printing the child values");
printTcResultSet(childResult,"childResult", logger);
long lChildKey=childResult.getLongValue("Structure Utility.Child Tables.Child Key");
tcResultSet childTableData=formInstanceOperationsIntf.getProcessFormChildData(lChildKey, procInstKey);
printTcResultSet(childTableData,"Child Table Data", logger);
System.out.println(lChildKey);
}catch(Exception e){
logger.error(e.getMessage());
}
}
//This method disables the OIM user
/**
* @param usrKey This param contains the user key
*/
public void disableXellerateUser(long usrKey)
{
try{
userOperationsintf.disableUser(usrKey);
}catch(Exception e)
{
e.printStackTrace();
}
}
//This method is used to disable the App for the user
/**
* @param usrKey This param contains the user Key
* @param procInstKey This param contains the process instance key
*/
public void disableApp(long usrKey,long procInstKey)
{
//This method prints the DataSet Data
/**
* @param tcdataset This param contaisn the dataset
* @param tcdatasetName This param contains the name of the dataset
* @param logger This is the logger reference
*/
private static void printTcDataSet(tcDataSet tcdataset, String tcdatasetName, Logger logger) {
if(! logger.isDebugEnabled()) {
return;
}
logger.debug("printTcDataSet Starts for " + tcdatasetName);
//This method gets the form data
/**
* @param procInstKey This contains the process Instance Key
*/
public void getFormData(long procInstKey)
{
try{
tcResultSet data=formInstanceOperationsIntf.getProcessFormData(procInstKey);
printTcResultSet(data,"Parent Form", logger);
getChildData(procInstKey);
//This method prints the ResultSet Data
/**
* @param resultSet This param contaisn the dataset
* @param resultSetName This param contains the name of the dataset
* @param logger This is the logger reference
*/
private static void printTcResultSet(tcResultSet resultSet, String resultSetName, Logger logger) {
if(! logger.isDebugEnabled()) {
return;
}
System.out.println("printTcResultSet Starts for " + resultSetName);
//This method is used to get the process task details for a user
/**
* @param procInstKey This contains the process instance key
*/
public void getProcesstaskDetails(long procInstKey)
{
try{
tcResultSet processTaskResult=provisioningOperationsIntf.getProcessDetail(procInstKey);
printTcResultSet(processTaskResult,"Process Task", logger);
}catch(Exception e){
logger.error(e.getMessage());
}
}
need to implement the following scenario in OIM.I have following 3 types of users in OIM . Employee,Organization Admin and Resource Admin.
1.Organization Admin logs into OIM and request a resource to an user.While requesting,Organization admin needs to enter some information about the user (it could be either process form or resource form)
2.Once the request is submitted,Resource Admin should see it in his pending task list.
3.Resource admin approves the request and the user gets provisioned to the target system.
I tried creating a process form,in which the admin can enter user details,but I am not sure how to attach approval workflow in that.
When I tried using Resource Form,I am not able to populate user's information in the form.
Any idea about how to implement this scenario?.Thanks in Advance.
=============
If I understood your workflow correctly then this might be a solution for you.
1.Create an object form.Attach it to Resource object form.This object form will be filled by Organization Admin.
2.Have your approval process for this resource object form which will be approved by resource admin.
3.All user attribute can be populated in process form using pre-pop adapters.
4.Create Data Flow so that information from object form can flow in process form.
Task Assignment adapter is used to acertain the user/group to whom the process task should be assigned in a provisioning workflow. Task Assignment adapters are in use Jupiter onwards only.
Example to use a Task Assignment Adapter:
Login into Java client with an admin user
Move to Resource Management -> Resource Objects
Create a resource object
Move to Process Management -> Process Definition
Create a provisioning process for the above resource object
Create a new task in the above process and save
Move to Development Tools -> Adapter Factory
Enter valid adapter name, description and select “Task Assignment ” as adapter type
Save the adapter
Verify in the variable list tab that 2 default adapter return variables are created
In the Adapter Tasks tab, click on Assign to add a task to the adapter. Select to add a java task
In the API source, select the appropriate jar (eg. newtask.jar). Also select appropriate Methods and save the task.
Add two java tasks to the above adapter:
For first select method as getType and map the variables as “Output variable” -> Adapter Variable -> Return Variable for key type. Map the second variable to a literal “User/Group” and the third variable to anything.
For second select method as getKey and map the variables as “Output variable” -> Adapter Variable -> Return Variable for key. Map the second variable to a user/group key and the third variable to anything.
Save and compile the adapter
Move to Process Management -> Process Definition and query for the process created in step 5
Double click to invoke the edit task dialog for the task created in step 6 and move to the assignment tab
Double click on the Target type lookup field and select either User/Group
In the adapter lookup field, select the adapter created in step 9.
After making an adapter association, select the row and click on Map button
Map the adapter return variables to task information and save
Now provision the resource object to a user/organization
<Expected Result>
Verify that the tasks (Approval/Provisioning) get assigned to appropriate users as mapped in the adapter.
Other things to test:
Provision to organization
Check for both approval and provisioning processes
Login with appropriate user and complete the assigned task
In OIM approval workflows, how can we ensure that the requestor is not the approver for his requests (Seggregation of Duty - SOD)
2. As per the OOTB functionality of OIM, the request goes to user's manager for approval. In case the Manager's ID is disabled, the request goes to xelsysadm.
How can we change this behavior so that if the user's manager is disabled, the request should go to User's manager's manager.
Answer to your questions:
You need a custom task assignment adapter that will check whether the manager is disabled and return the manager of manager user key instead.
This blog has been created to post your ideas,solutions and any issues you have encountered while working on OIM or while doing any customizations or implementation. Lets help each other and solve our issues in no time. So guys lets blog!!!!
