Wednesday, September 25, 2013
Friday, September 20, 2013
OID: Command to create new OID Component
Here is the command to create new OID Component:
./opmnctl createcomponent -componentType OID -componentName oid3 -adminHost server -adminPort 7001 -Db_info "dbhost:1532:dbservicename" -Port 3063 -Sport 3133
Command requires login to weblogic admin server (server ):
Username: weblogic
Password:
Creating empty component directories...Done
Provisioning OID files for oid3
OID onCreate....
Enter ODS password:
Validating OID input parameters
Enter ODSSM password:
Enter OID admin password:
Creating wallet and tnsnames.ora for OID
Adding configuration entry for OID
Updating opmn.xml with OID snippet
Updating component-logs.xml with OID name
Setting proxy mbean properties
Registering oid3 component
Invoking opmn reload...Done
Command succeeded.
./opmnctl createcomponent -componentType OID -componentName oid3 -adminHost server -adminPort 7001 -Db_info "dbhost:1532:dbservicename" -Port 3063 -Sport 3133
Command requires login to weblogic admin server (server ):
Username: weblogic
Password:
Creating empty component directories...Done
Provisioning OID files for oid3
OID onCreate....
Enter ODS password:
Validating OID input parameters
Enter ODSSM password:
Enter OID admin password:
Creating wallet and tnsnames.ora for OID
Adding configuration entry for OID
Updating opmn.xml with OID snippet
Updating component-logs.xml with OID name
Setting proxy mbean properties
Registering oid3 component
Invoking opmn reload...Done
Command succeeded.
Thursday, September 19, 2013
OIM11g R1 Post Processor Event Handler to remove User Role after user is disabled
Here is the code:
package oim.custom.eventhandlers;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import oracle.iam.identity.rolemgmt.api.RoleManager;
import oracle.iam.identity.rolemgmt.api.RoleManagerConstants.RoleAttributeName;
import oracle.iam.identity.rolemgmt.vo.Role;
import oracle.iam.identity.rolemgmt.vo.RoleManagerResult;
import oracle.iam.identity.usermgmt.api.UserManager;
import oracle.iam.identity.usermgmt.vo.User;
import oracle.iam.platform.Platform;
import oracle.iam.platform.context.ContextManager;
import oracle.iam.platform.entitymgr.vo.SearchCriteria;
import oracle.iam.platform.kernel.spi.PostProcessHandler;
import oracle.iam.platform.kernel.vo.AbstractGenericOrchestration;
import oracle.iam.platform.kernel.vo.BulkEventResult;
import oracle.iam.platform.kernel.vo.BulkOrchestration;
import oracle.iam.platform.kernel.vo.EventResult;
import oracle.iam.platform.kernel.vo.Orchestration;
import Thor.API.tcResultSet;
import Thor.API.Operations.tcLookupOperationsIntf;
import com.thortech.util.logging.Logger;
public class RemoveRolesFromRetiredUser implements PostProcessHandler {
private static final Logger logger = Logger.getLogger("CUSTOM.EVENTS");
private static final String CLASS_NAME = "oim.custom.eventhandlers.RemoveRolesFromRetiredUser : ";
private static final String LOOKUP_COLUMN_DECODE = "Lookup Definition.Lookup Code Information.Decode";
public void initialize(HashMap arg0) {
String METHOD_NAME = "initialize :: ";
logger.info(CLASS_NAME + METHOD_NAME
+ " Initializing RemoveRolesFromRetiredUser Event Handler ");
}
@Override
public BulkEventResult execute(long processId, long eventId,
BulkOrchestration bulkorchestration) {
String METHOD_NAME = "BulkEventResult execute :: ";
logger.info(CLASS_NAME + METHOD_NAME + "Inside ");
try {
String operation = bulkorchestration.getOperation();
logger.debug(CLASS_NAME + METHOD_NAME
+ "bulkorchestration.getOperation() " + operation);
String user = bulkorchestration.getTarget().getEntityId();
logger.debug(CLASS_NAME + METHOD_NAME
+ "bulkorchestration.getTarget().getEntityId() " + user);
logger.debug(CLASS_NAME + METHOD_NAME
+ " ContextManager.getContextType() "
+ ContextManager.getContextType());
// Remove the Roles of the Retired User
if (isUserRetired(user) && operation.equals("DISABLE")) {
logger.info(CLASS_NAME + METHOD_NAME
+ " Updated Description of Disabled User "
+ getUserName(user, "User Login") + " is "
+ getUserName(user, "Description"));
logger.info(CLASS_NAME + METHOD_NAME
+ " Updated Container of Disabled User "
+ getUserName(user, "User Login") + " is " + getUserName(user, "UserDN"));
logger.info(CLASS_NAME + METHOD_NAME
+ "Removing the Roles from the Disabled User "
+ getUserName(user, "User Login"));
removeRolesOfUser(user);
}
} catch (Exception e) {
logger.error(CLASS_NAME + METHOD_NAME + e.getMessage());
e.printStackTrace();
}
return new BulkEventResult();
}
public boolean isUserRetired(String userKey) {
String METHOD_NAME = "isUserRetired :: ";
logger.debug(CLASS_NAME + METHOD_NAME + "Inside ");
boolean isUserRetired = false;
try {
HashSet retiredContainers = readLookup("Lookup.OIM.RetiredContainers");
Iterator itr = retiredContainers.iterator();
String userDN = getUserName(userKey, "UserDN");
while(itr.hasNext()) {
String containername = itr.next().toString();
if(userDN.contains(containername)) {
isUserRetired = true;
}
}
} catch (Exception e) {
logger.error(CLASS_NAME
+ METHOD_NAME
+ "Error checking User Container "
+ e.getMessage());
}
return isUserRetired;
}
// Method to remove Roles from User
public void removeRolesOfUser(String userkey) {
final String METHOD_NAME = "removeOIMRoles :: ";
logger.debug(CLASS_NAME + METHOD_NAME + "Inside ");
String rolename = null;
try {
HashSet groupList = getRolesForUser(userkey);
Set roleKeysSet = new HashSet();
Iterator itr = groupList.iterator();
while (itr.hasNext()) {
rolename = itr.next().toString();
roleKeysSet.add(getRoleKey(rolename));
}
RoleManagerResult result = null;
RoleManager rmgr = Platform.getService(RoleManager.class);
result = rmgr.revokeRoleGrants(userkey, roleKeysSet);
logger.debug(CLASS_NAME + METHOD_NAME + "Role " + rolename
+ " Removed from User "
+ getUserName(userkey, "User Login") + result.getStatus());
} catch (Exception e) {
logger.debug(CLASS_NAME + METHOD_NAME + "Error Removing Roles "
+ e.getMessage());
e.printStackTrace();
}
}
public HashSet getRolesForUser(String userkey) {
String METHOD_NAME = "getRolesForUser :: ";
logger.debug(CLASS_NAME + METHOD_NAME + "Inside ");
HashSet roleList = new HashSet();
try {
logger.debug(CLASS_NAME + METHOD_NAME + "Reading "
+ getUserName(userkey, "User Login") + "Roles ");
RoleManager rolemanager = Platform.getService(RoleManager.class);
List groupList = rolemanager
.getUserMemberships(userkey, true);
for (Role role : groupList) {
String roleName = role.getAttribute("Role Name").toString();
logger.debug(CLASS_NAME + METHOD_NAME + "RoleName :" + roleName);
roleList.add(roleName);
}
HashSet removeRoles = readLookup("Lookup.OIM.IgnoreRole");
// Exclude Default Roles from the List
roleList.removeAll(removeRoles);
} catch (Exception e) {
logger.error(CLASS_NAME + METHOD_NAME + "Error Reading Roles"
+ e.getMessage());
e.printStackTrace();
}
return roleList;
}
// Method to read Lookup containing default OIM Roles
public HashSet readLookup(String lookup) {
String METHOD_NAME = "readLookup :: ";
logger.debug(CLASS_NAME + METHOD_NAME + "Inside ");
HashSet records = new HashSet();
try {
String lookupDecode = lookup;
// Read Lookup to Find FilteredRoles
tcLookupOperationsIntf lookupOps = Platform
.getService(tcLookupOperationsIntf.class);
tcResultSet lookupResultSet = lookupOps
.getLookupValues(lookupDecode);
for (int i = 0; i < lookupResultSet.getRowCount(); i++) {
lookupResultSet.goToRow(i);
String decode = lookupResultSet.getStringValue(
LOOKUP_COLUMN_DECODE).trim();
records.add(decode);
}
} catch (Exception e) {
logger.error(CLASS_NAME + METHOD_NAME + "Error Reading Lookup"
+ e.getMessage());
e.printStackTrace();
}
return records;
}
// Method to get RoleKey based on Rolename input
public String getRoleKey(String roleName) {
final String METHOD_NAME = "getRoleKey :: ";
logger.debug(CLASS_NAME + METHOD_NAME + "Inside ");
RoleManager rmgr = Platform.getService(RoleManager.class);
Set retAttrs = new HashSet();
String roleKey = null;
try {
retAttrs.add(RoleAttributeName.DISPLAY_NAME.getId());
SearchCriteria criteria = null;
criteria = new SearchCriteria(RoleAttributeName.NAME.getId(),
roleName, SearchCriteria.Operator.EQUAL);
List roles = rmgr.search(criteria, retAttrs, null);
roleKey = roles.get(0).getEntityId();
} catch (Exception e) {
e.printStackTrace();
}
return roleKey;
}
// Method to retrieve User Login based on the usr_key
public String getUserName(String key, String attribute) {
String METHOD_NAME = "getUserName :: ";
logger.debug(CLASS_NAME + METHOD_NAME + "Inside ");
String userattr = null;
try {
HashMap attributes = null;
HashMap parameters = null;
Set attrNames = null;
List users = null;
UserManager umgr = Platform.getService(UserManager.class);
SearchCriteria criteria = new SearchCriteria("usr_key", key,
SearchCriteria.Operator.EQUAL);
attrNames = new HashSet();
attrNames.add(attribute);
users = umgr.search(criteria, attrNames, parameters);
if (users != null && !users.isEmpty()) {
for (User user : users) {
attributes = user.getAttributes();
userattr = attributes.get(attribute).toString();
logger.debug(CLASS_NAME + METHOD_NAME + " User : "
+ userattr);
}
}
} catch (Exception e) {
logger.error(CLASS_NAME + METHOD_NAME
+ "Error Retrieving User Login " + e.getMessage());
e.printStackTrace();
}
return userattr;
}
@Override
public EventResult execute(long processId, long eventId,
Orchestration orchestration) {
return null;
}
@Override
public boolean cancel(long arg0, long arg1,
AbstractGenericOrchestration arg2) {
return false;
}
@Override
public void compensate(long arg0, long arg1,
AbstractGenericOrchestration arg2) {
}
}
Here is the plugin.xml:
http://www.w3.org/2001/XMLSchema-instance
">package oim.custom.eventhandlers;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import oracle.iam.identity.rolemgmt.api.RoleManager;
import oracle.iam.identity.rolemgmt.api.RoleManagerConstants.RoleAttributeName;
import oracle.iam.identity.rolemgmt.vo.Role;
import oracle.iam.identity.rolemgmt.vo.RoleManagerResult;
import oracle.iam.identity.usermgmt.api.UserManager;
import oracle.iam.identity.usermgmt.vo.User;
import oracle.iam.platform.Platform;
import oracle.iam.platform.context.ContextManager;
import oracle.iam.platform.entitymgr.vo.SearchCriteria;
import oracle.iam.platform.kernel.spi.PostProcessHandler;
import oracle.iam.platform.kernel.vo.AbstractGenericOrchestration;
import oracle.iam.platform.kernel.vo.BulkEventResult;
import oracle.iam.platform.kernel.vo.BulkOrchestration;
import oracle.iam.platform.kernel.vo.EventResult;
import oracle.iam.platform.kernel.vo.Orchestration;
import Thor.API.tcResultSet;
import Thor.API.Operations.tcLookupOperationsIntf;
import com.thortech.util.logging.Logger;
public class RemoveRolesFromRetiredUser implements PostProcessHandler {
private static final Logger logger = Logger.getLogger("CUSTOM.EVENTS");
private static final String CLASS_NAME = "oim.custom.eventhandlers.RemoveRolesFromRetiredUser : ";
private static final String LOOKUP_COLUMN_DECODE = "Lookup Definition.Lookup Code Information.Decode";
public void initialize(HashMap
String METHOD_NAME = "initialize :: ";
logger.info(CLASS_NAME + METHOD_NAME
+ " Initializing RemoveRolesFromRetiredUser Event Handler ");
}
@Override
public BulkEventResult execute(long processId, long eventId,
BulkOrchestration bulkorchestration) {
String METHOD_NAME = "BulkEventResult execute :: ";
logger.info(CLASS_NAME + METHOD_NAME + "Inside ");
try {
String operation = bulkorchestration.getOperation();
logger.debug(CLASS_NAME + METHOD_NAME
+ "bulkorchestration.getOperation() " + operation);
String user = bulkorchestration.getTarget().getEntityId();
logger.debug(CLASS_NAME + METHOD_NAME
+ "bulkorchestration.getTarget().getEntityId() " + user);
logger.debug(CLASS_NAME + METHOD_NAME
+ " ContextManager.getContextType() "
+ ContextManager.getContextType());
// Remove the Roles of the Retired User
if (isUserRetired(user) && operation.equals("DISABLE")) {
logger.info(CLASS_NAME + METHOD_NAME
+ " Updated Description of Disabled User "
+ getUserName(user, "User Login") + " is "
+ getUserName(user, "Description"));
logger.info(CLASS_NAME + METHOD_NAME
+ " Updated Container of Disabled User "
+ getUserName(user, "User Login") + " is " + getUserName(user, "UserDN"));
logger.info(CLASS_NAME + METHOD_NAME
+ "Removing the Roles from the Disabled User "
+ getUserName(user, "User Login"));
removeRolesOfUser(user);
}
} catch (Exception e) {
logger.error(CLASS_NAME + METHOD_NAME + e.getMessage());
e.printStackTrace();
}
return new BulkEventResult();
}
public boolean isUserRetired(String userKey) {
String METHOD_NAME = "isUserRetired :: ";
logger.debug(CLASS_NAME + METHOD_NAME + "Inside ");
boolean isUserRetired = false;
try {
HashSet
Iterator
String userDN = getUserName(userKey, "UserDN");
while(itr.hasNext()) {
String containername = itr.next().toString();
if(userDN.contains(containername)) {
isUserRetired = true;
}
}
} catch (Exception e) {
logger.error(CLASS_NAME
+ METHOD_NAME
+ "Error checking User Container "
+ e.getMessage());
}
return isUserRetired;
}
// Method to remove Roles from User
public void removeRolesOfUser(String userkey) {
final String METHOD_NAME = "removeOIMRoles :: ";
logger.debug(CLASS_NAME + METHOD_NAME + "Inside ");
String rolename = null;
try {
HashSet
Set
Iterator
while (itr.hasNext()) {
rolename = itr.next().toString();
roleKeysSet.add(getRoleKey(rolename));
}
RoleManagerResult result = null;
RoleManager rmgr = Platform.getService(RoleManager.class);
result = rmgr.revokeRoleGrants(userkey, roleKeysSet);
logger.debug(CLASS_NAME + METHOD_NAME + "Role " + rolename
+ " Removed from User "
+ getUserName(userkey, "User Login") + result.getStatus());
} catch (Exception e) {
logger.debug(CLASS_NAME + METHOD_NAME + "Error Removing Roles "
+ e.getMessage());
e.printStackTrace();
}
}
public HashSet getRolesForUser(String userkey) {
String METHOD_NAME = "getRolesForUser :: ";
logger.debug(CLASS_NAME + METHOD_NAME + "Inside ");
HashSet
try {
logger.debug(CLASS_NAME + METHOD_NAME + "Reading "
+ getUserName(userkey, "User Login") + "Roles ");
RoleManager rolemanager = Platform.getService(RoleManager.class);
List
.getUserMemberships(userkey, true);
for (Role role : groupList) {
String roleName = role.getAttribute("Role Name").toString();
logger.debug(CLASS_NAME + METHOD_NAME + "RoleName :" + roleName);
roleList.add(roleName);
}
HashSet
// Exclude Default Roles from the List
roleList.removeAll(removeRoles);
} catch (Exception e) {
logger.error(CLASS_NAME + METHOD_NAME + "Error Reading Roles"
+ e.getMessage());
e.printStackTrace();
}
return roleList;
}
// Method to read Lookup containing default OIM Roles
public HashSet
String METHOD_NAME = "readLookup :: ";
logger.debug(CLASS_NAME + METHOD_NAME + "Inside ");
HashSet
try {
String lookupDecode = lookup;
// Read Lookup to Find FilteredRoles
tcLookupOperationsIntf lookupOps = Platform
.getService(tcLookupOperationsIntf.class);
tcResultSet lookupResultSet = lookupOps
.getLookupValues(lookupDecode);
for (int i = 0; i < lookupResultSet.getRowCount(); i++) {
lookupResultSet.goToRow(i);
String decode = lookupResultSet.getStringValue(
LOOKUP_COLUMN_DECODE).trim();
records.add(decode);
}
} catch (Exception e) {
logger.error(CLASS_NAME + METHOD_NAME + "Error Reading Lookup"
+ e.getMessage());
e.printStackTrace();
}
return records;
}
// Method to get RoleKey based on Rolename input
public String getRoleKey(String roleName) {
final String METHOD_NAME = "getRoleKey :: ";
logger.debug(CLASS_NAME + METHOD_NAME + "Inside ");
RoleManager rmgr = Platform.getService(RoleManager.class);
Set
String roleKey = null;
try {
retAttrs.add(RoleAttributeName.DISPLAY_NAME.getId());
SearchCriteria criteria = null;
criteria = new SearchCriteria(RoleAttributeName.NAME.getId(),
roleName, SearchCriteria.Operator.EQUAL);
List
roleKey = roles.get(0).getEntityId();
} catch (Exception e) {
e.printStackTrace();
}
return roleKey;
}
// Method to retrieve User Login based on the usr_key
public String getUserName(String key, String attribute) {
String METHOD_NAME = "getUserName :: ";
logger.debug(CLASS_NAME + METHOD_NAME + "Inside ");
String userattr = null;
try {
HashMap
HashMap
Set
List
UserManager umgr = Platform.getService(UserManager.class);
SearchCriteria criteria = new SearchCriteria("usr_key", key,
SearchCriteria.Operator.EQUAL);
attrNames = new HashSet
attrNames.add(attribute);
users = umgr.search(criteria, attrNames, parameters);
if (users != null && !users.isEmpty()) {
for (User user : users) {
attributes = user.getAttributes();
userattr = attributes.get(attribute).toString();
logger.debug(CLASS_NAME + METHOD_NAME + " User : "
+ userattr);
}
}
} catch (Exception e) {
logger.error(CLASS_NAME + METHOD_NAME
+ "Error Retrieving User Login " + e.getMessage());
e.printStackTrace();
}
return userattr;
}
@Override
public EventResult execute(long processId, long eventId,
Orchestration orchestration) {
return null;
}
@Override
public boolean cancel(long arg0, long arg1,
AbstractGenericOrchestration arg2) {
return false;
}
@Override
public void compensate(long arg0, long arg1,
AbstractGenericOrchestration arg2) {
}
}
Here is the plugin.xml:
Here is the eventhandlers.xml:
" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.oracle.com/schema/oim/platform/kernel orchestration-handlers.xsd">
Cheers!
Monday, September 9, 2013
OIM: How to Disable/Enable User Resource Object using API
Here is the sample code to disable the resource objects allocated to a user:
"y9506a"));
userOp = oimClient.getService(tcUserOperationsIntf.class);
tcResultSet userObjects = userOp.getObjects(userKey);
Long processKey = userObjects.getLongValue(Users-Object Instance For User.Key");
// Disable the Resource Object
String ostatus = userObjects.getStringValue(
System.
tcResultSet userObjects = userOp.getObjects(userKey);
Long processKey = userObjects.getLongValue(Users-Object Instance For User.Key");
// Disable the Resource Object
userOp.disableAppForUser(userKey, processKey);
// Enable the Resource Object
userOp.enableAppForUser(userKey, processKey);
"Objects.Object Status.Status");
out.println(ostatus);
Thursday, August 29, 2013
OIM - Code to Revoke Resource Object from User Profile
Here is the sample code to revoke the resource object for a user:
Long userKey = getUserKey("OIMUSER0176");
tcUtilityFactory ioUtilityFactory = new tcUtilityFactory(env,
OIM_USERNAME, OIM_PASSWORD);
userOp = (tcUserOperationsIntf) ioUtilityFactory
.getUtility("Thor.API.Operations.tcUserOperationsIntf");
tcResultSet resultSet = userOp.getObjects(userKey);
long key = resultSet.getLongValue("Users-Object Instance For User.Key");
userOp.revokeObject(userKey, key);
tcUtilityFactory ioUtilityFactory = new tcUtilityFactory(env,
OIM_USERNAME, OIM_PASSWORD);
userOp = (tcUserOperationsIntf) ioUtilityFactory
.getUtility("Thor.API.Operations.tcUserOperationsIntf");
tcResultSet resultSet = userOp.getObjects(userKey);
long key = resultSet.getLongValue("Users-Object Instance For User.Key");
userOp.revokeObject(userKey, key);
Tuesday, July 30, 2013
OVD Metrics - "No Data Available" Issue
From the time we have enabled HTTPS and LDAPS port, we are having time tough troubleshooting Enterprise Manager not showing metrics for OVD & OID.
Here is one of the recent update from Oracle Support Team on this issue that helped me:
Tuesday, April 9, 2013
HOW TO CHECK IF IPv6 is Used
Hi,
You might have came across lot of issues due to IPV6 enabled on your machine/server and even disabling IPV6 doesn't put an end to your issue. Then here is a java code that you can run to confirm if IPV6 is disabled or not:
import java.net.*;
import java.util.*;
public class IPV4Only {
public static void main(String[] args) throws Exception {
boolean b=true;
Enumeration nifs = NetworkInterface.getNetworkInterfaces();
while (nifs.hasMoreElements()) {
NetworkInterface nif = nifs.nextElement();
Enumeration addrs = nif.getInetAddresses();
while (addrs.hasMoreElements()) {
InetAddress hostAddr = addrs.nextElement();
if ( hostAddr instanceof Inet6Address ){
b=false;
System.out.println("NetworkInterfaceV6List failed - found IPv6 address " + hostAddr.getHostAddress() );
}
}
}
if (b) {
System.out.println("No IPv6 detected");
} else {
System.out.println("Detect IPv6 interfaces - use java property java.net.preferIPv4Stack=true ");
}
}
}
Reference:
You might have came across lot of issues due to IPV6 enabled on your machine/server and even disabling IPV6 doesn't put an end to your issue. Then here is a java code that you can run to confirm if IPV6 is disabled or not:
import java.net.*;
import java.util.*;
public class IPV4Only {
public static void main(String[] args) throws Exception {
boolean b=true;
Enumeration
while (nifs.hasMoreElements()) {
NetworkInterface nif = nifs.nextElement();
Enumeration
while (addrs.hasMoreElements()) {
InetAddress hostAddr = addrs.nextElement();
if ( hostAddr instanceof Inet6Address ){
b=false;
System.out.println("NetworkInterfaceV6List failed - found IPv6 address " + hostAddr.getHostAddress() );
}
}
}
if (b) {
System.out.println("No IPv6 detected");
} else {
System.out.println("Detect IPv6 interfaces - use java property java.net.preferIPv4Stack=true ");
}
}
}
Reference:
Subscribe to:
Posts (Atom)