code to update a attribute in OIM

public void updateofficecode(String uid,String locat){
System.out.println("Inside officecode method");
HashMap usermap=new HashMap();
HashMap code=new HashMap();
try{
usermap.put("Users.User ID", uid);
System.out.println("UID==>"+uid);
tcResultSet moresult=moUserUtility.findUsers(usermap);
System.out.println("Officecode==>"+officecode);
code.put("Users.User ID", uid);
code.put("Users.locat){",locat){);
moUserUtility.updateUser(moresult, code);
System.out.println("locat updated");

}catch(Exception e){
System.out.println("Exception occured-->"+e);

}
}

Updating failover URL in OIM

1.Without failover URL

In the DirectDB section use the below in the url

jdbc:oracle:thin:@IP:PORT:SERVICENAME

2.With failover URL

In the DirectDB section use the below in the url

jdbc:oracle:thin:@(DESCRIPTION=(LOAD_BALANCE=on)(FAILOVER=on)(ADDRESS_LIST=(ADDRESS = (PROTOCOL = TCP)(HOST = IPaddressnode1)(PORT = portno))(ADDRESS = (PROTOCOL = TCP)(HOST = IPaddressnode1)(PORT = portno)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=Sevicename)))

Starting a oracle database

First step is to set the environmental variable.In my case it is devel.env

Login to sqlplus--->sqlplus /nolog
sql>conn /as sysdba
sql>startup;
sql>quit
#ps -ef | grep tns

To Start the Listener

#lsnrctl start LISTENERNAME

To check if the listener is running

#ps -ef | grep tns

Giving Read only access for OIM users

Normally the helpDesk users has only read only access to the users information.Please find the below steps to give previlages as only READ access.

1.Login as Admin(XELSYSADM) User.

2.Manage Organization --> Search for the orgzanization-->Select the organisation

3.Select "Administrative Groups" from the drop down --> Assign(or create) the Group and Give "Read" Access.

4.Now go the user(say 785444) which needs the user with only read access

5.Assign the group to the user(785444)

6.NOw login as the user(785444)

7.The user will have only read access.

Code to create Accesspolicy through code OIM API

public class AccessPolicy {

static ReadProperty readProperty = new ReadProperty();
public long returnVal = -1;
public static String homeDir = readProperty.getProp("homeDir");
public static String policyDir = readProperty.getProp("policyDir");
public static String confDir = readProperty.getProp("confDir");
public static String username = readProperty.getProp("username");
public static String password = readProperty.getProp("password");
public static String providerUrl = readProperty.getProp("providerUrl");

public tcUtilityFactory ioUtilityFactory;
public tcUserOperationsIntf moUserUtility;
public tcGroupOperationsIntf moGroupUtility;
public tcAccessPolicyOperationsIntf moAccesspolicyutility;
public tcObjectOperationsIntf moObjectUtility;

private HashMap policy;
private long[] provObjKeys;;
private boolean[] revokeObjectIfNotApply;;
private long[] denyObjKeys={};
private long[] groupKeys = new long[1];

public String roleAuthenticate(String usr, String pass){
try {
System.setProperty("XL.HomeDir", homeDir);
System.setProperty("java.security.policy", policyDir);//server or client
System.setProperty("java.security.auth.login.config", confDir);//server or client
System.setProperty("java.naming.provider.url", providerUrl);
usr = username;
pass = password;
ConfigurationClient.ComplexSetting config =
ConfigurationClient.getComplexSettingByPath("Discovery.CoreServer");
Hashtable env = config.getAllSettings();
System.out.println("test1");
tcUtilityFactory ioUtilityFactory = new tcUtilityFactory(env,usr,pass);
System.out.println("Getting utility interfaces...");
System.out.println("Connection Established");
moUserUtility = (tcUserOperationsIntf)ioUtilityFactory.getUtility("Thor.API.Operations.tcUserOperationsIntf");
moGroupUtility = (tcGroupOperationsIntf)ioUtilityFactory.getUtility("Thor.API.Operations.tcGroupOperationsIntf");
moAccesspolicyutility=(tcAccessPolicyOperationsIntf)ioUtilityFactory.getUtility("Thor.API.Operations.tcAccessPolicyOperationsIntf");
moObjectUtility=(tcObjectOperationsIntf)ioUtilityFactory.getUtility("Thor.API.Operations.tcObjectOperationsIntf");
Logger logger = oracle.j2ee.rmi.RMIMessages.getLogger();
logger.setLevel(Level.OFF);

return "Valid";
} catch(Exception e){
System.out.println("Exception ");
e.printStackTrace();
return "Invalid";
}
}

public AccessPolicy()
{
policy = new HashMap();

}

public long getGroupKey(String obj){
long key = 0;
HashMap userMap = new HashMap();

try {
userMap.put("Groups.Group Name", obj);
tcResultSet moResultSet = moGroupUtility.findGroups(userMap);

for (int i=0; i < moResultSet.getRowCount(); i++){ moResultSet.goToRow(i); key = moResultSet.getLongValue("Groups.Key"); } }catch(Exception e){ e.printStackTrace(); } return key; } public long getObjectKey(String object) { HashMap objectMap = new HashMap();
long key = 0;

try {
objectMap.put("Objects.Name", object);
tcResultSet moResultSet = moObjectUtility.findObjects(objectMap);
if (moResultSet.getRowCount()==0)
{
System.out.println("Cannot get key value");
}
else
{
moResultSet.goToRow(0);
key = moResultSet.getLongValue("Objects.Key");
System.out.println("Key value " +key);
}
}catch(Exception e){
e.printStackTrace();
}
return key;
}

public void setPolicy(String policyName, String policyDescription) {

policy.put("Access Policies.Name", policyName);
policy.put("Access Policies.Description", policyDescription);
policy.put("Access Policies.Note", policyName);
policy.put("Access Policies.Retrofit Flag", "1");
policy.put("Access Policies.By Request", "0");

}

public HashMap getPolicy() {
return policy;
}

public void setProvObjKeys(String objects) {

Scanner sc = new Scanner(objects).useDelimiter(";");

int count =0;
while(sc.hasNext())
{
count++;
sc.next();
}

System.out.println("Object count :" + count);
provObjKeys= new long[count];
revokeObjectIfNotApply= new boolean[count];

sc = new Scanner(objects).useDelimiter(";");
int i=0;
while(sc.hasNext())
{
String obj =sc.next();
System.out.println("Adding object" + obj);
provObjKeys[i]=getObjectKey(obj);
revokeObjectIfNotApply[i]=true;
i++;
}

}

public long[] getProvObjKeys() {
return provObjKeys;
}

public void setGroupKeys(String groups) {

Scanner sc = new Scanner(groups).useDelimiter(";");
int i=0;
while(sc.hasNext())
{
groupKeys[i]=getGroupKey(sc.next());
}
}

public long[] getGroupKeys() {
return groupKeys;
}

public boolean[] getRevokeObjectIfNotApply() {
return revokeObjectIfNotApply;
}

public long[] getDenyObjKeys() {
return denyObjKeys;
}

public long createAccessPolicy()
{
long policyKey = 0;

try {

policyKey= moAccesspolicyutility.createAccessPolicy(getPolicy(), getProvObjKeys(),getRevokeObjectIfNotApply(),getDenyObjKeys(),getGroupKeys());

} catch (tcAPIException e) {
e.printStackTrace();
} catch (tcObjectNotFoundException e) {
e.printStackTrace();
} catch (tcGroupNotFoundException e) {
e.printStackTrace();
} catch (tcInvalidAttributeException e) {
e.printStackTrace();
}

return policyKey;

}
public static void main (String[] args)
{
AccessPolicy temp = new AccessPolicy();
temp.roleAuthenticate("adminuser","test123");//MAkes connectio with OIM
temp.setPolicy("tempcode2","tempcode");//Passing accesspolicy name and description
temp.setProvObjKeys("OID;"resource"); //Policy name
temp.setGroupKeys("testgroup");//Group name
temp.createAccessPolicy();



}

}

Code to create OIM groups thorugh API

public void creategroup(String creategrp){

HashMap userMap = new HashMap();
try{
userMap.put("Groups.Group Name", creategrp);
System.out.println("Group created is "+creategrp);
moGroupUtility.createGroup(userMap);

}catch(Exception e){
System.out.println(e);
}
}

TO check whether the Schedule task is up and Running

Schedule Task Up

To make sure if your schedule task is up and running, you may go to
http://localhost:8080/xlScheduler

EG:http://localhost:7777/xlScheduler

Code to enable the resources in resource profile for OIM users

If a user is disabled and all the resources are disabled then it has to enabled using code.
please find the code for that below.

public void Rejoin(String uid){
System.out.println("Inside Rejoin Method");
this.roleAuthenticate(username,password);
String str = "";
HashMap userMap = new HashMap();
try {
tcResultSet moObjectResultSet = moUserUtility.getObjects(getUserKey(uid));
userMap.put("Users.User ID", uid);
System.out.println("UID==>"+uid);
tcResultSet moResultSet = moUserUtility.findUsers(userMap);
for (int i=0; i < moResultSet.getRowCount(); i++){ moResultSet.goToRow(i); String Action = moResultSet.getStringValue("Users.Action"); System.out.println("Action value==>"+Action);
// if(Action.equals(Actionvalue_Rejoin)){
if(moObjectResultSet.getRowCount() < 1) { System.out.println("No Objects to deprovision."); } else { System.out.println("Starting to Deprovision Objects ..."); for (String column : moObjectResultSet.getColumnNames()) { System.out.println(column); } for (int j=0; j < moObjectResultSet.getRowCount(); j++){ moObjectResultSet.goToRow(j); String ResourceName = moObjectResultSet.getStringValue ("Objects.Name"); String object = moObjectResultSet.getStringValue("Users-Object Instance For User.Key"); String Status=moObjectResultSet.getStringValue("Objects.Object Status.Status"); long tObjKey = new Long(object).longValue(); System.out.println("ResourceName=== > "+ResourceName);
System.out.println("object=== > "+object);
System.out.println("Status=== > "+Status);
if(Status.equals("Provisioning"))
{
System.out.println("Ignoring the resources with STATUS as provisioning");
}
else{
String oim="Success";
//moUserUtility.disableAppForUser(getUserKey(uid), tObjKey);
//moUserUtility.revokeObject(getUserKey(uid), tObjKey);
moUserUtility.enableAppForUser(getUserKey(uid),tObjKey);
}
}
System.out.println("Resources Enabled for user ..");
}
}
//}
}
catch(ArrayIndexOutOfBoundsException be){
System.out.println("Exception in deprovision==> "+ be);
}
catch(Exception e ){
System.out.println("deprovision==> Exception e");
e.printStackTrace();
}
}

Code to revoke all the resouce that is provisioned to a user

System.out.println("Starting to Deprovision Objects ...");
for (int j=0; j < moObjectResultSet.getRowCount(); j++){
moObjectResultSet.goToRow(i);
String ResourceName = moObjectResultSet.getStringValue("Objects.Name");
String object = moObjectResultSet.getStringValue("Users-Object Instance For User.Key");
long tObjKey = new Long(object).longValue();
System.out.println("Deprovisioning Object "+ResourceName);
//moUserUtility.disableAppForUser(getUserKey(uid), tObjKey);
moUserUtility.revokeObject(getUserKey(uid), tObjKey);
}

System.out.println("Deprovisioning Complete...");
}

Importing certificates in OIM(9102) using keytool

1.Get the certifivate from the target system that has to be imported in IDM.

To import
keytool -import -alias ALIAS -file CER_FILE -keystore MY_CACERTS -storepass PASSWORD


Example:

/u01apps/oraclesoa/jdk/jre/bin/keytool -import -alias OC4J -file /u01apps/PROD/NewCert/latestCrtAD/ProdAD.cer -keystore /u01apps/oraclesoa/jdk/jre/lib/security/cacerts -storepass changeit


To verify the certificates that has to be imported successfully

keytool -list -alias ALIAS -keystore MY_CACERTS -storepass PASSWORD

Example:

/u01apps/oraclesoa/jdk/jre/bin/keytool -list -alias OC4J -keystore /u01apps/oraclesoa/jdk/jre/lib/security/cacerts -storepass changeit


To delete

keytool -delete -alias Alias -keystore MY_CACERTS -storepass PASSWORD

IDM disaster recovery

In Production environment there are unavoidable cases that the live servers might go down.During this failure time disaster recovery should happen.Considering that there are two live environment(DC and DR)
In case of failure in DC,DR should be brought up

Prerequisites

1.Export the OIM database schema using export from DC to DR.
2.Take the backup of the OIM_HOME in both the nodes 3.Backup the applications server files and its directories

Changes to be done in OIM

1.Bring down the application server in both the nodes.
Execute the command as given below.Goto the path

$ORACLE_HOME/opmn/bin
And execute ./opmnctl stopall

2.Copy the .xlKeystore ,.xldatabase and xlconfig.xml file from DC-Prod machine and copy these files in DR-Prod

Files to be copied	Path of the file in DC-Prod	Path of the file in DR-Prod
.xlkeystore	oim_server/xellerate/config	oim_server/xellerate/config
.xldatabasekey	oim_server/xellerate/config	oim_server/xellerate/config
Xlconfig.xml	oim_server/xellerate/config	oim_server/xellerate/config

3. Edit the xlconfig.xml file and locate the
directdb……DirectDB
Change the database details from DC-Prod to DR-Prod

4. Restart the application server in both the nodes.

Changes in DB

1.Take the backup of both dc-prod database as well as dr-prod database
2.Make sure that the DB schema username is same in both DC as sell as DR database.
Ex: xloim in both the databases.
3.Export the database from DC-Prod and import it into DR-Prod
4.Restart the database in DR-Prod.

Tips to Troubleshoot

1.After following the steps to cloning and still you are unable to login to the application using xelsysadm , login to database instances in both DC-Prod and DR-Prod and execute

select usr_password from USR where USR_LOGIN='XELSYSADM';

This will query a encrypted value.The encrypted value should be same in both DC and DR. If the value is not same, then the password is different for both the databases.

2.Login to the Admin Console and change the password as usual.
3.Open xlconfig.xml present in OIM_home/xellerate/config folder.
4.In the scheduler section, add the XLPassword line as shown below:

scheduler
xlusername xelsysadm XLUserName
xlpassword encrypted="false">NEW PASSWORD XLPassword
...
Scheduler

5.Restart the OC4J application server.
6.After confirming that you can log on to the Admin Console with the new password AND that the scheduler can start tasks with the new log on information, you can delete the backup xlconfig.xml.0 file that now exists in the config folder.

Deploying SPML webservice in OIM

Note: While installing Oracle Identity manager itself,You will have the OIMSpmlWS.ear in the OIM_HOME/SPMLWS

OIM Version:9102(BP12)
Application server:Oracle application server

To deploy

1.Goto $OIM_HOME/setup and execute

#./spml_oc4j.sh appserver_admin_password oim_db_user_password

eg#./spml_oc4j.sh admin123 admin123

Check if the deployment is done properly in the log $OIM_HOME/Logs/spml-oc4j.log

For non-clustered environment performing the above step is enough.

For clustered environment, you have to perform an additional step.

1.Open OC4J_HOME/j2ee/OC4J_instance/config/application.xml


In the imported-shared-libraries section of the application.xml file, change import-shared-library name="apache.commons.logging" to remove-inherited name="apache.commons.logging".

unable to provision users in E Business Suite from IDM

Error Got in Logs while provisioning

11/07/20 12:03:54 Running InitUtil
11/07/20 12:03:54 Running CreateUser
ERROR,20 Jul 2011 12:03:54,913,[OIMCP.EBSUM],================= Start Stack Trace =======================
ERROR,20 Jul 2011 12:03:54,913,[OIMCP.EBSUM],oracle.iam.connectors.ebs.usermgmt.integration.EBSUserManagementHelper : createEBSUser
ERROR,20 Jul 2011 12:03:54,913,[OIMCP.EBSUM],Exception Occured
ERROR,20 Jul 2011 12:03:54,913,[OIMCP.EBSUM],Description : ORA-20001: APP-FND-02600: Unable to create user 66696 due to the following reason(s):
Unabled to call fnd_ldap_wrapper.create_user due to the following reason:
ORA-20001: Unabled to call fnd_ldap_wrapper.create_user due to the following reason:
An unexpected error occurred. Please contact your System Administrator. (USER_NAME=66696). (USER_NAME=66696).
ORA-06512: at "APPS.APP_EXCEPTION", line 72
ORA-06512: at "APPS.FND_USER_PKG", line 780
ORA-06512: at "APPS.FND_USER_PKG", line 913
ORA-06512: at "APPS.FND_USER_PKG", line 1032
ORA-06512: at line 1

ERROR,20 Jul 2011 12:03:54,913,[OIMCP.EBSUM],java.sql.SQLException: ORA-20001: APP-FND-02600: Unable to create user 66696 due to the following reason(s):
Unabled to call fnd_ldap_wrapper.create_user due to the following reason:
ORA-20001: Unabled to call fnd_ldap_wrapper.create_user due to the following reason:
An unexpected error occurred. Please contact your System Administrator. (USER_NAME=66693236). (USER_NAME=66693236).
ORA-06512: at "APPS.APP_EXCEPTION", line 72
ORA-06512: at "APPS.FND_USER_PKG", line 780
ORA-06512: at "APPS.FND_USER_PKG", line 913
ORA-06512: at "APPS.FND_USER_PKG", line 1032
ORA-06512: at line 1

Solution:

1.Check for the user if it is already exists in OID(since it is doing some kind of authentication while creating the user in OF)

2.This error normally happens if the user is already available i the LDAP cn=OracleContext.
cn=ACCOUNTS,cn=subscription_data,cn=subscriptions,orclApplicationCommonName=IDMIDM,cn=EBusiness,cn=Products,cn=OracleContext,dc=test,dc=com,dc=in.

3.So deleted the entries related to the user and recreated the user again.

Code to Get the value of lookups by providing lookup name

public String getLookupVals(String lookupName)
{
HashMap lookup = new HashMap();
try {
tcResultSet tcresultSet = molookup.getLookupValues(lookupName);
for (int i=0; i < ((tcResultSet) tcresultSet).getRowCount(); i++){

((tcResultSet) tcresultSet).goToRow(i);
String code = tcresultSet.getStringValue("Lookup Definition.Lookup Code Information.Code Key");
tring decode = tcresultSet.getStringValue("Lookup Definition.Lookup Code Information.Decode");
System.out.println("Key : "+ decode+"\tValue :"+code); }

System.out.println("End of loop");

} catch (tcAPIException e) {
e.printStackTrace();
} catch (tcInvalidLookupException e) {
e.printStackTrace();
} catch (tcColumnNotFoundException e) {
e.printStackTrace();
}

return("Success");
}

General Utility factory in OIM for coding

private tcLookupOperationsIntf molookup;
public tcUtilityFactory ioUtilityFactory;
public tcUserOperationsIntf moUserUtility;
public tcGroupOperationsIntf moGroupUtility;

Utility
********

ioUtilityFactory = new tcUtilityFactory(env,usr,pass);

User utility
************

moUserUtility =(tcUserOperationsIntf)ioUtilityFactory.getUtility("Thor.API.Operations.tcUserOperationsIntf");

Group Utility
**************

moGroupUtility = (tcGroupOperationsIntf)ioUtilityFactory.getUtility("Thor.API.Operations.tcGroupOperationsIntf");

Lookup Utility
**************

molookup=(tcLookupOperationsIntf)ioUtilityFactory.getUtility("Thor.API.Operations.tcLookupOperationsIntf");

code to Read an Excel sheet and updating in OIM(Bult data or bulk upload)

1.Code here below updates the password for the no of users in the excel sheet.
2.Inputs required are userid and password.
3.Code reads the attributes from the excel sheet and establishes connection with the oin and pass the values to the updatePassword method.
4.upadtes the password for all the OIM users as in the excel sheet

Code
*****


import java.io.BufferedWriter;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Locale;
import java.util.logging.Level;
import java.util.logging.Logger;
import jxl.Cell;
import jxl.DateCell;
import jxl.Sheet;
import jxl.Workbook;
import jxl.WorkbookSettings;
import jxl.read.biff.BiffException;
import com.thortech.xl.util.config.ConfigurationClient;
import Thor.API.tcResultSet;
import Thor.API.tcUtilityFactory;
import Thor.API.Exceptions.tcAPIException;
import Thor.API.Exceptions.tcChallengeNotSetException;
import Thor.API.Exceptions.tcLoginAttemptsExceededException;
import Thor.API.Exceptions.tcPasswordExpiredException;
import Thor.API.Exceptions.tcPasswordResetAttemptsExceededException;
import Thor.API.Exceptions.tcUserAccountDisabledException;
import Thor.API.Exceptions.tcUserAccountInvalidException;
import Thor.API.Exceptions.tcUserAlreadyLoggedInException;
import Thor.API.Operations.tcGroupOperationsIntf;
import Thor.API.Operations.tcUserOperationsIntf;

public class Blog {

static ReadProperty readProperty = new ReadProperty();
public long returnVal = -1;
public static String homeDir = readProperty.getProp("homeDir");
public static String policyDir = readProperty.getProp("policyDir");
public static String confDir = readProperty.getProp("confDir");
public static String username = readProperty.getProp("username");
public static String password = readProperty.getProp("password");
public static String providerUrl = readProperty.getProp("providerUrl");

public tcUtilityFactory ioUtilityFactory;
public tcUserOperationsIntf moUserUtility;
public tcGroupOperationsIntf moGroupUtility;

FileLogger fL;

public Blog(){
fL = new FileLogger();
fL.setLogFile("D:\\readerLog.txt");
}

public void writeFile(String text)
{
try{
// Create file
FileWriter fstream = new FileWriter("D:\\OfficeCode.txt",true);
BufferedWriter out = new BufferedWriter(fstream);
out.write(text);
out.newLine();
//Close the output stream
out.close();
}catch (Exception e){//Catch exception if any
System.err.println("Error: " + e.getMessage());
}
}

public String roleAuthenticate(String usr, String pass){
try {
System.setProperty("XL.HomeDir", homeDir);
System.setProperty("java.security.policy", policyDir);//server or client
System.setProperty("java.security.auth.login.config", confDir);//server or client
System.setProperty("java.naming.provider.url", providerUrl);

ConfigurationClient.ComplexSetting config =
ConfigurationClient.getComplexSettingByPath("Discovery.CoreServer");
Hashtable env = config.getAllSettings();
System.out.println("test1");
System.out.println("Getting Information before login..");
this.writeFile("Getting Information before login..");
tcUtilityFactory ioUtilityFactory = new tcUtilityFactory(env,usr,pass);

System.out.println("Getting utility interfaces...");
System.out.println("Connection Established");
this.writeFile("Getting utility interfaces...\nConnection Established");
moUserUtility = (tcUserOperationsIntf)ioUtilityFactory.getUtility("Thor.API.Operations.tcUserOperationsIntf");
moGroupUtility = (tcGroupOperationsIntf)ioUtilityFactory.getUtility("Thor.API.Operations.tcGroupOperationsIntf");
Logger logger = oracle.j2ee.rmi.RMIMessages.getLogger();
logger.setLevel(Level.OFF);

return "Valid";
} catch(Exception e){
e.printStackTrace();
return "Invalid";
}
}

public long getUserKey(String obj){
long key = 0;
HashMap userMap = new HashMap();
try {
//ConnectionEstablish cT = new ConnectionEstablish();
System.out.println("In getUserKey method, uid is :"+obj);
this.writeFile("In getUserKey method, uid is :"+obj);
userMap.put("Users.User ID", obj);
System.out.println("userMap contents: "+userMap.keySet()+userMap.values());
this.writeFile("userMap contents: "+userMap.keySet()+userMap.values());
tcResultSet moResultSet = moUserUtility.findUsers(userMap);
System.out.println("MoResult set count is :"+moResultSet.getRowCount());
this.writeFile("MoResult set count is :"+moResultSet.getRowCount());
for (int i=0; i < moResultSet.getRowCount(); i++){ moResultSet.goToRow(i); key = moResultSet.getLongValue("Users.Key"); System.out.println("In getUserKey method, key is :"+key); } }catch(Exception e){ System.out.println("Error in getting user key" + e); e.printStackTrace(); } return key; } public long getGroupKey(String obj){ long key = 0; HashMap userMap = new HashMap();

try {
userMap.put("Groups.Group Name", obj);
tcResultSet moResultSet = moGroupUtility.findGroups(userMap);
for (int i=0; i < moResultSet.getRowCount(); i++){ moResultSet.goToRow(i); key = moResultSet.getLongValue("Groups.Key"); } }catch(Exception e){ e.printStackTrace(); } return key; } public void UpdateUserPassword( String UID,String pwd) throws tcAPIException, tcChallengeNotSetException, tcLoginAttemptsExceededException, tcPasswordResetAttemptsExceededException, tcPasswordExpiredException, tcUserAccountDisabledException, tcUserAccountInvalidException, tcUserAlreadyLoggedInException { this.roleAuthenticate("xelsysadm","admin123"); HashMap userMap = new HashMap();
HashMap hmUser = new HashMap();


try {

userMap.put("Users.User ID", UID);
tcResultSet moResultSet = moUserUtility.findUsers(userMap);
hmUser.put("Users.User ID", UID);
hmUser.put("Users.Password", pwd);
moUserUtility.updateUser(moResultSet, hmUser);
System.out.println("Updated password");

} catch (Exception e) {
System.out.println("Exception in OIM server while updating password for user <===" + UID +"===>");
e.printStackTrace();
}

}

public void init(String filePath)
{
System.out.println("Opening file...........\n");
FileInputStream fs = null;
try
{
fs = new FileInputStream(new File(filePath));
readContent(fs);
}
catch (IOException e)
{
e.printStackTrace();
} catch (Exception e)
{
e.printStackTrace();
}
finally
{
try
{
fs.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}

public void updatePassword(Sheet sheet) throws tcAPIException, tcChallengeNotSetException, tcLoginAttemptsExceededException, tcPasswordResetAttemptsExceededException, tcUserAccountDisabledException, tcPasswordExpiredException, tcUserAlreadyLoggedInException, tcUserAccountInvalidException{

HashMap userMap = new HashMap();
//HashMap hmUser = new HashMap();
int columnCount = sheet.getColumns();
int rowCount = sheet.getRows();
String userID = null;
String password = null;

for(int j=1;j < rowCount; j++) { userID = sheet.getCell(0, j).getContents(); password = sheet.getCell(1, j).getContents(); System.out.println("For UserIDs User ID :"+userID); userMap.put("Users.User ID", userID); System.out.println("User Map values "+userMap.values()); this.roleAuthenticate("xelsysadm","admin123"); this.UpdateUserPassword(userID, password); System.out.println("\n\nupdated Password "+password+"for user: "+userID+"..............\n"); } } public void readContent(InputStream fileInputStream) throws tcAPIException, tcChallengeNotSetException, tcLoginAttemptsExceededException, tcPasswordResetAttemptsExceededException, tcUserAccountDisabledException, tcPasswordExpiredException, tcUserAlreadyLoggedInException, tcUserAccountInvalidException { WorkbookSettings ws = null; Workbook workbook = null; Sheet s = null; Cell rowData[] = null; int rowCount = '0'; int columnCount = '0'; DateCell dc = null; int totalSheet = 0; ArrayList al=new ArrayList(); ArrayList all=new ArrayList(); try { ws = new WorkbookSettings(); ws.setLocale(new Locale("en", "EN")); workbook = Workbook.getWorkbook(fileInputStream, ws); totalSheet = workbook.getNumberOfSheets(); if(totalSheet > 0)
{

System.out.println("Reading file contents............\n");


System.out.println("Total Sheet Found:" + totalSheet);
for(int j=0;j {
System.out.println("Sheet Name:" + workbook.getSheet(j).getName());
}
}

//Getting Default Sheet i.e. 0
s = workbook.getSheet(0);

//Reading Individual Cell
// getHeadingFromXlsFile(s);

//Total Total No Of Rows in Sheet, will return you no of rows that are occupied with some data
System.out.println("Total Rows inside Sheet:" + s.getRows());
rowCount = s.getRows();

//Total Total No Of Columns in Sheet
System.out.println("Total Column inside Sheet:" + s.getColumns());
columnCount = s.getColumns();


updatePassword(s);



}
catch (IOException e)
{
e.printStackTrace();
} catch (BiffException e)
{
e.printStackTrace();
}


}


public static void main(String[] args){
try
{
Blog blog = new Blog();
blog.init("D:\\Book2.xls");
System.exit(0);
} catch (Exception e)
{
e.printStackTrace();
}

}

}

Code to get Get Userkey, groupkey and Objectkey

code to get userkey

public long getUserKey(String obj){
long key = 0;
HashMap userMap = new HashMap();
try {
userMap.put("Users.User ID", obj);
tcResultSet moResultSet = moUserUtility.findUsers(userMap);

for (int i=0; i < moResultSet.getRowCount(); i++){ moResultSet.goToRow(i); key = moResultSet.getLongValue("Users.Key"); } }catch(Exception e){ e.printStackTrace(); } return key;} Code to get groupkey

public long getGroupKey(String obj){
long key = 0;
HashMap userMap = new HashMap();
try {
userMap.put("Groups.Group Name", obj);
tcResultSet moResultSet = moGroupUtility.findGroups(userMap);

for (int i=0; i < moResultSet.getRowCount(); i++){ moResultSet.goToRow(i); key = moResultSet.getLongValue("Groups.Key"); } }catch(Exception e){ e.printStackTrace(); } return key;} Getting Object key for resource

public long getObjectKey(String object) {
HashMap objectMap = new HashMap();
long key = 0;

try {
objectMap.put("Objects.Name", object);
tcResultSet moResultSet = moObjectUtility.findObjects(objectMap);
if (moResultSet.getRowCount()==0)
{
System.out.println("Cannot get key value");
}
else
{
moResultSet.goToRow(0);
key = moResultSet.getLongValue("Objects.Key");
System.out.println("Key value " +key);
}
}catch(Exception e){
e.printStackTrace();
}
return key;
}

Code to add groups to user in OIM

public void addgroups(String uid,String groupname){

try{
System.out.println("added groups"+groupname);
moGroupUtility.addMemberUser(getGroupKey(groupname), getUserKey(uid));

}catch(Exception e){
System.out.println(e);
}
}

Code to remove groups from a User in OIM

public void Removegroups(String uidToDeprovision){

try{
ArrayList alCurrentGroups = getGroups(uidToDeprovision);
for(int cntGroup = 0; cntGroup String strGropuToBeRemoved = alCurrentGroups.get(cntGroup).toString();
System.out.println("Group to be removed is " + strGropuToBeRemoved);
moGroupUtility.removeMemberUser(getGroupKeystrGropuToBeRemoved),getUserKey(uidToDeprovision));

}
}catch(Exception e){
System.out.println(e);
}
}

Code to check if users are already exists in OIM

public void userexists(String UserID){
HashMap userMap = new HashMap);
try{
userMap.put("Users.User ID",UserID);
tcResultSet resultSet=moUserUtility.findUsers(userMap);
if(resultSet.getRowCount()==0)
{
fL.writeToLog("User is not present");
System.out.println(UserID+ "is not present in OIM");
}
else
{
fL.writeToLog("User '"+UserID+"'is present");
System.out.println("User '"+UserID+"'is present in OIM");
}

}
catch(Exception e){

}
}

Creating Custom adaptors in the design console

1.1Deploying the Adaptor

After developing the Custom code, make it as jar(eg:customadaptor.jar) and deploy in $OIM_Home/JavaTasks

*Change the owner of the jarfile from root to oracle(User other than Superuser)
*Give rwx permissions to the jar file
*Add the dependent jar files to $ORACLE_HOME/jdk/jre/lib/ext

1.2.Create Adaptor

Open the Oracle Identity manager design console and proceed with the creation of adaptor.

a.Goto development tools-->Adaptor Factory
b.Enter the Adaptor name,adaptor type(select from the populated values) and description values.

c. Save.

d. Goto to Variable List Tab and Enter the Attributes
e. click Add

Add all the variable as above,after adding the attributes will be displayed like the below Screenshot

f.Now move to Adaptor tasks tab and click Add, Select Functional task and Java and click continue

g.Select New Object Instance and continue(A new Screen appears)

h.Enter a task Name
In the API Source select the jar file name(i.e Customadaptor.jar)
Select the Application API,Constructors,Methods and Save.The parameters will get autopopulated in the Application Methods Parameters

i.Mapping has to be done now

And click set

And click Set

j.Save after adding all the Parameters.
k.Compile the Adaptor(Click on the Built button).

The Compile status will change from Recompile to OK
With this the creation of Adaptor is complete.

1.3.Creating PrePopForm Adaptor

a.Enter

b. Goto to Variable List Tab and Enter the Attributes
c. click Add

d.Save
e.In the Adaptor Tasks Tab,Select Add

f.Click Continue

g.Save
The adaptor task tab will display like below.

h.Compile the Adaptor.
i.Click on the Built button
The Compile status will change from Recompile to OK
With this the creation of pre-pop Adaptor is complete.

1.4. Form Designer

a.Navigate through the development tools-Form Designer
b.Enter the table name:UD_(will be taken automatically).
Description:PeopleSoftRoleUpdate
c.Save
d.Goto Additional Columns tab and click Add

e.Save
f.GoTo Properties Tab,The parameters will be displayed,

g.Click Add Property

h.For lookup field(create the lookup before adding properties as in Point no 3)
i.Click add properties

j.Save
k.After adding properties,The form Designer properties tab will look like follows

l.In prepopulate tab,Enter the mappings as in screen shot

1.5 Creating Lookup

a.Goto->Administration -->LookUp definition
b.Enter lookup.PSCustpm.Role in the code column
c.Enter Group:PSCustom and save

The add button will get activated.
Enter the roles needed.

Doing prepopulate in lookup
a.Goto prepopulate Tab, Click add

b.Save
In the adaptor variables,Do the mapping

1.6.Resource Management

a.Goto Resource Mangement->Resource Objects
b.Enter Name:PSCustomRole
Type:Application
c.Save
d.Select Object Reconcilation Tab(Reconcilation Fields)and click Add

e.Move to reconciliation Action Rules Tab,Select Add

1.7.Process Definition
a.Goto Process mangement->Process Definition
b.Enter

c.Goto Reconcilation Field Mappings Select Add Field Map

d.Select Tasks Tab and click Add

e.Save it.
f.Goto Integration Tab ,In the Event handler/Adaptor,Select Add

g.In the Adaptor variable,the status in now N,

h.Map the variables to Y and save

i.In the responses Tab,Select Add and add the responses and save

j.In the Tasks tab,the newly mapped apaptor is added as shown in screenshot

Code to Create a user using OIM

The below code is helpful to create a user in OIM .The code below has some custom attributes created by myself to create user.Modify the code as per your needs.:)


public String CreateUser(
final String UserID,
final String FirstName,
final String middleName,
final String LastName,
final String Status,
final String EmployeeType,
final String Location,
final String email,
{
String flag = "";
System.out.println("Value received from Method ");
System.out.println"-----------------------------------------------------------");
System.out.println("Value for UserID ===>"+ UserID );
System.out.println("Value for FirstName ===>"+FirstName);
System.out.println("Value for middleName ===>"+middleName);
System.out.println("Value for LastName ===>"+LastName);
System.out.println("Value for Status ===>"+Status);

System.out.println("Value for LocationType ===>"+LocationType);
System.out.println("Value for EmployeeType ===>"+EmployeeType);
System.out.println("Value for Location ===>"+Location);
System.out.println("Value for email ===>"+email);
System.out.println"-----------------------------------------------------------");
System.out.println("Value received );

HashMap userMap = new HashMap();

try {
userMap.put("Users.User ID", UserID);
userMap.put("Users.First Name", FirstName);
userMap.put("Users.Middle Name", middleName);
userMap.put("Users.Last Name", LastName);
userMap.put("Users.EmployeeType", "EMP");
userMap.put("Users.Password", "343245324");
userMap.put("Users.Confirm Password", "3432432");

userMap.put("Users.Location", Location);

userMap.put("Users.Division", LocationType);
userMap.put("Users.Email", email);
userMap.put("Users.User Type", "End-User");
userMap.put("Users.Status", "Active");
userMap.put("Users.AgentStatus", "");
userMap.put("Users.Xellerate Type", "End-User");
userMap.put("Users.Role", "Full-Time");
userMap.put("Users.Organization", "Xellerate Users");
userMap.put("Organizations.Key", "1");
userMap.put("RogueAcIdentifier","");

long test = moUserUtility.createUser(userMap);
//TODO write your implementation code here:
System.out.println("User created successfully with id <==="+ UserID +"===>");
flag = "User Created Successfully in OIM";
return flag;
} catch (Thor.API.Exceptions.tcAPIException exception) {
// e.printStackTrace();
System.out.println("Exception In OIM SERVER <===" + UserID + "===>" + exception.toString());
return exception.toString();
}
catch (Exception e) {

System.out.println("Exception In OIM SERVER while creating user <===" + e.toString());
return e.toString();
}
}

Code to update the Users Password in OIM

public void UpdateUserPassword( String UID,String pwd) {

HashMap userMap = new HashMap();
HashMap hmUser = new HashMap();

try {
userMap.put("Users.User ID", UID);
tcResultSet moResultSet = moUserUtility.findUsers(userMap);
hmUser.put("Users.User ID", UID);
hmUser.put("Users.Password", pwd);
moUserUtility.updateUser(moResultSet, hmUser);
System.out.println("Password Updated successfully for user <===" + UID +"===>");

} catch (Exception e) {
System.out.println("Exception in OIM server while updating password for user <===" + UID +"===>");
e.printStackTrace();
}

Code to get the Details of a user for an attribute in OIM

public void UserDetails(String UID) {

HashMap userMap = new HashMap();

try{
userMap.put("Users.User ID", UID);
System.out.println("UID==>"+UID);
tcResultSet moResultSet = moUserUtility.findUsers(userMap);

for (int i=0; i < moResultSet.getRowCount(); i++){ moResultSet.goToRow(i); String FN = moResultSet.getStringValue("Users.First Name"); String Mail=moResultSet.getStringValue("Users.Email"); String LN = moResultSet.getStringValue("Users.Last Name"); String Dept= moResultSet.getStringValue("USR_UDF_DEPARMENT_ID"); System.out.println("First Name--> " + FN);
System.out.println("Mail--> " + Mail);
System.out.println("Last Name--> " +LN);
System.out.println("DeptID--> " +Dept);
}
}catch (Exception e){
e.printStackTrace();
}
}

Getting the OIM Users list assigned to a particular group

public String usersingroup(String groupname){

HashMap userMap = new HashMap();
String uid="";

try {
userMap.put("Groups.Group Name", groupname);
System.out.println("Group Name==>" + groupname);

tcResultSet moResultSet = moGroupUtility.getAllMemberUsers(getGroupKey(groupname));
for (int i=0; i < moResultSet.getRowCount(); i++){ moResultSet.goToRow(i); uid = moResultSet.getStringValueFromColumn(1); System.out.println("USerIDs==>"+uid);
}
}catch(Exception e){
System.out.println("No such groups Found");
}
return uid;
}

GENERAL ISSUES FACED DURING OIM(Oracle Identity manager) INSTALLATION

1.Before proceeding with the OIM installation make sure you set the oc4j,path and java home.
export JAVA_HOME=/u01apps/oraclesoa/jdk
export OC4J_HOME=/u01apps/oraclesoa
export PATH=$JAVA_HOME/bin:$PATH

2.If the OIM and OAM is installed on the same server there is high chances of port(RMI) contradiction between OIM and OAM (both ports should be different).By default it will take 12401.For OIM check the port no in opmn.xml file under ORACLE_HOME/opmn/conf

3.If your allication is clustered environment create a new oc4j instance in the application control (through browser). Don’t use the default instance in a clustered environment.

4.After installing OIM 9101, install the base patch 9102 before proceeding to the Bundle patch of 9102(BP).

5.Make sure the RMI port is same in both the nodes if incase the environment is clustered(OIM RMI port).

6.Make sure the oc4j application is running while applying the patch for Application server

7.Make sure the installation is done on oracle user and not root user.This is the recommended way of approach to install ,avoid installing application as root user

8.If OIM installation is done on clustered environment ,make sure the xellerate folder is deployed on newly created OC4J instance.folder structure and not in the default home instance: /u01apps/oraclesoa/j2ee/xluser2/application-deployments

9.I you get system encountered error(menu items are not working),Check the FormMetaData.xml.Check the xml by opening in a browser.

10.If an application is reployed(for example if Xellerate.ear is redeloed through em console),Run the oc4j(patch) script from setup folder.

Code to fetch all the Users available in OIM

public ArrayList getAllUsers(String users){
ArrayList allusers = new ArrayList();
String str = "";
HashMap userMap = new HashMap();
try {

userMap.put("Users.User ID", users);
tcResultSet moResultSet = moUserUtility.findUsers(userMap);
for (int i=0; i < moResultSet.getRowCount(); i++){ moResultSet.goToRow(i); str = moResultSet.getStringValue("Users.User ID"); allusers.add(str); System.out.println("User List in OIM==>"+str);
}
}catch(Exception e){
e.printStackTrace();
}
return allusers;
}

Code to fetch all the groups available in OIM

public ArrayList getAllGroups(String groups){
ArrayList groupAll = new ArrayList();
String str = "";
HashMap userMap = new HashMap();
try {

userMap.put("Groups.Group Name", groups);
tcResultSet moResultSet = moGroupUtility.findGroups(userMap);
for (int i=0; i < moResultSet.getRowCount(); i++){ moResultSet.goToRow(i); str = moResultSet.getStringValue("Groups.Group Name"); groupAll.add(str); System.out.println("All Groups==>"+str);
}
}catch(Exception e){
e.printStackTrace();
}
return groupAll;
}

Code to get(retrive) the Groups assigned to a OIM User

This code will return the groups assigned to a user present in OIM

//#######Getting User Key##########

public long getUserKey(String obj){
long key = 0;
HashMap userMap = new HashMap();

try {
userMap.put("Users.User ID", obj);
tcResultSet moResultSet = moUserUtility.findUsers(userMap);

for (int i=0; i < moResultSet.getRowCount(); i++){ moResultSet.goToRow(i); key = moResultSet.getLongValue("Users.Key"); } }catch(Exception e){ e.printStackTrace(); } return key; } public long getGroupKey(String obj){ long key = 0; HashMap userMap = new HashMap();

try {
userMap.put("Groups.Group Name", obj);
tcResultSet moResultSet = moGroupUtility.findGroups(userMap);

for (int i=0; i < moResultSet.getRowCount(); i++){ moResultSet.goToRow(i); key = moResultSet.getLongValue("Groups.Key"); } }catch(Exception e){ e.printStackTrace(); } return key; } //##########Getting the OIM groups for the particulat User######### public ArrayList getGroups(String uid){
ArrayList GroupList = new ArrayList();
String str = "";
HashMap userMap = new HashMap();

try {
userMap.put("Users.User ID", uid);
System.out.println("UID==>"+uid);
tcResultSet moResultSet = moUserUtility.getGroups(getUserKey(uid));

for (int i=0; i < moResultSet.getRowCount(); i++){ moResultSet.goToRow(i); str = moResultSet.getStringValueFromColumn(1); if ((!((str.equals("ALL USERS")) || (str.equals("SYSTEM ADMINISTRATORS"))||(str.equals("SELF OPERATORS"))))) GroupList.add(str); System.out.println("Groups assigned to the user"+uid+"==>"+str);
}
}catch(Exception e){
e.printStackTrace();
}
return GroupList;

}

Database command to unlock an user in OIM

When a user administrator is locked it needs another administrator to unlock the account from the admin console.

If there is only one admin user and it it is locked or disabled,the only possible way to enable the account is by executing the query in the OIM

Login to database machine and exxecute the SQL query

SQL> UPDATE USR SET USR_LOCKED=0,USR_LOGIN_ATTEMPTS_CTR=0 WHERE USR_LOGIN='XELSYSADM';
SQL> update USR set usr_status='Active' where USR_LOGIN='XELSYSADM';
SQL> update USR set usr_end_date='' where USR_LOGIN='XELSYSADM';
SQL> update USR set usr_disabled='0' where USR_LOGIN='XELSYSADM';
SQL> commit;

Checking OIM built version

Login to database machine and execute the following query

SELECT XSD_VALUE FROM XSD WHERE XSD_CODE='XL_BUILD_NUMBER';

Code to establish connection with OIM

This code will establish the connection to OIM.

package com.oim;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import Thor.API.tcResultSet;
import Thor.API.tcUtilityFactory;
import Thor.API.Exceptions.tcAPIException;
import Thor.API.Exceptions.tcColumnNotFoundException;
import Thor.API.Exceptions.tcOrganizationNotFoundException;
import Thor.API.Operations.tcGroupOperationsIntf;
import Thor.API.Operations.tcOrganizationOperationsIntf;
import Thor.API.Operations.tcUserOperationsIntf;


import com.thortech.xl.crypto.tcCryptoUtil;
import com.thortech.xl.crypto.tcSignatureMessage;
import com.thortech.xl.util.config.ConfigurationClient;

public class ConnectionEstablish {

public tcUtilityFactory ioUtilityFactory;
public tcUserOperationsIntf moUserUtility;
public tcGroupOperationsIntf moGroupUtility;

HashMap userMap = new HashMap();

public ConnectionEstablish(){


}

public String roleAuthenticate(String usr, String pass){
try {

System.setProperty("XL.HomeDir", "/u01/apps/oraclesoa/j2ee/home/applications/PREntRole/EntRole/WEB-INF");
System.setProperty("java.security.policy", "/u01/apps/oraclesoa/j2ee/home/applications/PRNICEntRole/EntRole/WEB-INF/Config/xl.policy");//server or client
System.setProperty("java.security.auth.login.config","/u01/apps/oraclesoa/j2ee/home/applications/PREntRole/EntRole/WEB-INF/Config/auth.conf");//server or client
System.setProperty("java.naming.provider.url", "");

ConfigurationClient.ComplexSetting config =
ConfigurationClient.getComplexSettingByPath("Discovery.CoreServer");
Hashtable env = config.getAllSettings();
System.out.println("test1");

tcUtilityFactory ioUtilityFactory = new tcUtilityFactory(env,usr,pass);

System.out.println("Getting utility interfaces...");
System.out.println("Connection Established");
moUserUtility = (tcUserOperationsIntf)ioUtilityFactory.getUtility("Thor.API.Operations.tcUserOperationsIntf");
moGroupUtility = (tcGroupOperationsIntf)ioUtilityFactory.getUtility("Thor.API.Operations.tcGroupOperationsIntf");
Logger logger = oracle.j2ee.rmi.RMIMessages.getLogger();
logger.setLevel(Level.OFF);

return "Valid";
} catch(Exception e){
e.printStackTrace();
return "Invalid";
}
}

To create a user with the same UserID of a deleted User in OIM

Steps to Follow

1.Login to the OIM Design Console
2.Goto the Administration - System Configuration form
3.Search for the Keyword "XL.UserIDReuse" and set the value to TRUE(by default it will be false)

Login to database Machine which has User

Login to SQLPrompt and Execute the query

DROP INDEX UDX_USR_LOGIN;
create unique index UDX_USR_LOGIN_UNQ ON USR (USR_LOGIN, ACT_KEY, DECODE(USR_STATUS,'Active',USR_STATUS,TO_CHAR(USR_KEY)));

About Oracle Identity manager

1. IDM(Identity management)

 Identity management(User Provisioning) is responsible for users life-cycle management.It deals with the creation of users,deletion of users,creation of groups.

1.1. Connector

 The connector has basically has 2 main functions.

  (i)Provisioning
  (ii)Reconciliation

• Provisioning is responsible for sending the information from IDM to the respectable target system

• Reconciliation is responsible for receiving information from target system and store it in IDM

1.2. Adaptor:

There are five types of adapters you can create in OIM.

1) Process task adapter:- Which is used with process task.Which you will create with process definition. (e.g For Create User)

2) Task assignment adapter:- Which is used to assign of a process task to a user or group.

3)Rule generator:- which is basically used with Form's field.

4) Pre-populate adapter:- Which is basically rule generator adapter which can added
to a user-created form field. Which basically populate user field with using adapter but do not save that data into OIM database.

5) Entity adapter:- which is basically created for form field.This adapter will executes on criteria like pre-insert,pre-update, pre-delete, post-insert, post-update, or post-delete. When any of this criteria fullfilled then this adapter will be called and will perform operation on perticular field and saves data into OIM database.2. Archietucture of OIM:

2.1. Three Tiers of Oracle Identity Manager

IDM ARCHITECTURE

2.1.1. Tier 1: Client

The first tier provides two interfaces, the Design Console (which is discussed in this guide) and the Administrative and User Console. Users log in to Oracle Identity Manager through the Administrative and User Console, which provides the Oracle Identity Manager server with the user's login credentials. With the Administrative and User Console, users search for, edit, and delete information in the Oracle Identity Manager database.

2.1.2. Tier 2: Application Server

The second tier implements the business logic in Java Data Objects. These objects are managed by the supported J2EE application server such as JBoss Application Server, BEA WebLogic Server, IBM WebSphere Application Server, and Oracle Containers for J2EE. The Java Data Objects implement the business logic of the Oracle Identity Manager application, however, they are not exposed to any methods from other applications. To access the business functionality of Oracle Identity Manager, you can use the application programming interface (API) layer in the J2EE infrastructure, which provides the lookup and communication mechanism.
The J2EE-compliant application server that is supported by Oracle Identity Manager is the only component that interacts with the database. It is responsible for the following functions:

¡  Logging in to Oracle Identity Manager: The application server connects the Oracle Identity Manager client to the database.

¡  Handling client requests: The application server processes requests from the Oracle Identity Manager client and sends information from the requests to the database. The server also delivers responses from the database to the client.

¡  Scalability (connection pooling or sharing): The application server supports single application or multiple application usage in a manner that is transparent to Oracle Identity Manager clients. Connection pooling improves database connectivity performance and dynamically resizes the connection pool by optimizing resources for usage scalability.

¡  Securing system-level data (metadata): Oracle Identity Manager prevents unauthorized access by users who might accidentally delete or modify system-level information (system metadata). If an unauthorized user attempts to add, modify, or delete system-level information, the following message is displayed:The security level for this data item indicates that it cannot be deleted or updated.

2.1.3. Tier 3: Database

The third tier is the database. This is the layer that is responsible for managing the storage of data within Oracle Identity Manager.