When creating UDFs for the User form, Don't use spaces in the Name. Instead of Student Expiration Date, use Student_Expiration_Date for example. The GTC seems to have a hard time making the translation to the actual DB column name if you don't. I tried working with the customResource bundles in order to fix this, but no combination I tried seemed to work. I also tried editing the Process using the design console, but that just caused other issues. Only way I could get it to recon properly was with UDFs names without spaces.
If you do this, you will have ugly names on your User forms in the UI. Additionally if you need to localize for other languages, the way to add the localizations is somewhat obscure. You need to locate the IdentityTaskFlow.jar in your ORACLE_HOME/server/apps/oim.ear/admin.war/WEB-INF/lib directory. Inside this jar you will find the various language resource bundles at oracle/iam/identitytaskflow/resources/UserAttributes_en.properties and so on.
Extract this file. Add your UDF Names to Localization mappings to the file. The key should be in all lower case to work properly.
For example the above item would be added as:
student_expiration_date=Student Expiration Date
Update the jar and restart the OIM instance. Your UI should now reflect the localized names for your UDF fields!
Saturday, September 18, 2010
Thursday, September 16, 2010
Default SOA Workflows
I'm not sure if we ran into an installer thing, or something else, however while testing the approval workflows we were getting consistent failures. When we looked into it, the default SOA composites for the out of box workflows were not deployed to the SOA instance.
These are located in your ORACLE_HOME for OIM at ORACLE_HOME/server/workflows/composites. They are already registered with OIM, just not deployed into SOA. You can either extract the jar files from the zips in the above directory and deploy via the Enterprise Manager console or extract the zips and open with JDeveloper and deploy that way. Which ever you are more comfortable with. We used JDeveloper so we would have the defaults available to extend for our own purposes.
These are located in your ORACLE_HOME for OIM at ORACLE_HOME/server/workflows/composites. They are already registered with OIM, just not deployed into SOA. You can either extract the jar files from the zips in the above directory and deploy via the Enterprise Manager console or extract the zips and open with JDeveloper and deploy that way. Which ever you are more comfortable with. We used JDeveloper so we would have the defaults available to extend for our own purposes.
Friday, September 10, 2010
Useful Script to Automatically Start NodeManager at Boot-up
Found this excellent post with a script to start the NodeManager as a service.
http://weblogicserver.blogspot.com/2010/01/node-manager-as-unix-startup-process.html
http://weblogicserver.blogspot.com/2010/01/node-manager-as-unix-startup-process.html
Adding additional User Defined Attributes (UDF) to the User form - Part II
After we created all of the additional UDFs required on our OIM/Xellerate User form, we thought we were home-free. We created a test user using some of our new fields and the were properly created and the attributes set in the directory as mapped. However we ran into a bit of a head-scratcher. When we went to the modify user form, we could see none of our new attributes.
After fooling around with properties files and verifying settings, we finally figured out that the 'Authorization Policy' that was granting xelsysadm the ability to modify forms did not automatically include all the new attributes. We tried to edit the 'User Management Adminstration Policy' to check the additional attributes as allowed, however it seems you can't edit the built-in policies. So we created a new policy based on this policy and selected all of the new attributes. Problem solved!
After fooling around with properties files and verifying settings, we finally figured out that the 'Authorization Policy' that was granting xelsysadm the ability to modify forms did not automatically include all the new attributes. We tried to edit the 'User Management Adminstration Policy' to check the additional attributes as allowed, however it seems you can't edit the built-in policies. So we created a new policy based on this policy and selected all of the new attributes. Problem solved!
Wednesday, September 8, 2010
Purging Cache
The PurgeCache script works a bit differently than it does in 9.1, it took me a few tries to figure out what it was asking. The script is located in your IAM_HOME/server/bin directory and the easiest thing to do is bring the setWLSEnv.sh environment into your shell before running.
Initially I thought it was asking for the weblogic administrator information (Port 7001) as the export/import scripts did. It is actually looking for the OIM instance information.
[Enter the admin username:]xelsysadm
[Enter the admin password:]
[Enter the service url : (i.e.: t3://oimhostname:oimportno)]t3://oimmidtierhostname:14000
I created a little script on my path to run this without going into the directory.
Initially I thought it was asking for the weblogic administrator information (Port 7001) as the export/import scripts did. It is actually looking for the OIM instance information.
[Enter the admin username:]xelsysadm
[Enter the admin password:]
[Enter the service url : (i.e.: t3://oimhostname:oimportno)]t3://oimmidtierhostname:14000
I created a little script on my path to run this without going into the directory.
export OIM_ORACLE_HOME=/oracle/product/fmw/iam
. /oracle/product/fmw/wlserver_10.3/server/bin/setWLSEnv.sh
pushd /oracle/product/fmw/iam/server/bin
./PurgeCache.sh $1
User Attributes and Categories
While managing user attributes, I have noticed a few things to keep an eye out for. If you move or delete an attribute from a category, re-order it to the highest numbered position first (Farthest away from 1). If you don't you will likely be missing some of the other attributes from the list in the category after the move/delete. This is relatively easy to repair.
1) Export the /file/User.xml metadata using the export utility.
2) Look for the metadata-attachment section of the xml. This section lists the ordering of the attributes in the categories. When you find the category in question, it will likely be missing entries for the affected attributes.
They look like this:
<metadata>
<name>2</name>
<value>SIS Affiliation</value>
<category>categories.Internal Attributes</category>
</metadata>
3) Re-add metadata sections for the missing attributes.
4) Import the /file/User.xml
5) I had to restart the OIM instance in order to see the changes, it doesn't seem to refresh this metadata on the fly. UPDATE: PurgeCache All worked.
1) Export the /file/User.xml metadata using the export utility.
2) Look for the metadata-attachment section of the xml. This section lists the ordering of the attributes in the categories. When you find the category in question, it will likely be missing entries for the affected attributes.
They look like this:
<metadata>
<name>2</name>
<value>SIS Affiliation</value>
<category>categories.Internal Attributes</category>
</metadata>
3) Re-add metadata sections for the missing attributes.
4) Import the /file/User.xml
5) I had to restart the OIM instance in order to see the changes, it doesn't seem to refresh this metadata on the fly. UPDATE: PurgeCache All worked.
Wednesday, September 1, 2010
LDAP Sync Config - Part 2
As part of our implementation of OID, we use several different object classes of our own creation as well as the eduPerson object class. Additionally we don't use cn as our RDN for user accounts, we use a custom unique ID. We were able to change the LDAP Sync configuration in OIM to support all of this quite easily.
1) Add the custom attributes to the User Attributes in OIM.
2) Export the /metadata/iam-features-ldap-sync/LDAPUser.xml metadata from the repository.
3) To add additional object classes to be added on create, add additional <value> entries to the <parameter name="objectclass"> node .
Ex:
<parameter name="objectclass">
<value>orclIDXPerson</value>
<value>eduPerson</value>
</parameter>
4) Add your custom attributes to the three sections as noted in 13.4 of the OIM System Administrators guide.
5) To change your RDN from cn to another attribute, update the <parameter name="rdnattribute"> tag to the new directory attribute name.
Ex:
<parameter name="rdnattribute">
<value>companyid</value>
</parameter>
6) Reimport the metadata and test!
</parameter></parameter>
1) Add the custom attributes to the User Attributes in OIM.
2) Export the /metadata/iam-features-ldap-sync/LDAPUser.xml metadata from the repository.
3) To add additional object classes to be added on create, add additional <value> entries to the <parameter name="objectclass"> node .
Ex:
<parameter name="objectclass">
<value>orclIDXPerson</value>
<value>eduPerson</value>
</parameter>
4) Add your custom attributes to the three sections as noted in 13.4 of the OIM System Administrators guide.
5) To change your RDN from cn to another attribute, update the <parameter name="rdnattribute"> tag to the new directory attribute name.
Ex:
<parameter name="rdnattribute">
<value>companyid</value>
</parameter>
6) Reimport the metadata and test!
</parameter></parameter>
Subscribe to:
Posts (Atom)