OIM Installation and Configuration with LDAP Sync

OIM Installation with LDAP Sync Steps.

1. Install Database
2. Install RCU
3. Install Java
4. Install Weblogic
5. Install SOA
6. Install OIM
7. Configure Weblogic
8. Configure OPSS Security Store
9. Configure OIM with LDAP Synchronization (Enabling LDAP Sync)
  -->Start Weblogic Server
  -->Start SOA Server
 
10. Configure OIM
   --> Start OIM Server
 
11. Running the LDAP Post Configuration Utility

12. After All Installation and Configuration check below Scheduled Jobs are running Successfully-

    --> LDAP User Create and Update Reconciliation
    --> LDAP User Delete Reconciliation
    --> LDAP Role Membership Reconciliation
    --> LDAP Role Hierarchy Reconciliation
    --> LDAP Role Delete Reconciliation
    --> LDAP Role Create and Update Reconciliation

13. If above Scheduled Jobs are failed then follow the below link to run it successfully-

   http://oimfacts.blogspot.com/2015/11/ldap-scheduler-failure-issue-ldap-user.html

EM Console start Issue on OIM11gR2-PS3

Issue:-

Unable to open the EM console in browser while able to login on Weblogic console

When trying to open the EM console the its showing error 404.

1) I have login to Weblogic console

2) Click on Deployments

3) Here em is present in Installed status.

4) When trying to update or Install then its getting failed.

5) When trying to Start-->Servicing All Requestes

6) Getting error "No Target Defined"

Fix:-

1) Login to Weblogic console

2) Click on Deployments

3) Click on EM

4) Go To Targets

5) In em --> Current Targets value is "None Specified"

6) Select em --> Click on Change Targets --> Select AdminServer

7) Click on Yes

It will update the AdminServer as a Targets. No start required, directly access the em console.

http://localhost:7001/em/

Now EM console is working fine.

LDAP Scheduler failure Issue in OIM11gR2- LDAP User Create and Update Reconciliation

After Installing and configuring the OIM11gR2 with LDAP sync we should verify few LDAP sync related Scheduled Job. These scheduled jobs are getting failed with below error-

java.lang.Exception: Invalid syntax of the provided cookie

1) LDAP User Create and Update Reconciliation
2) LDAP User Delete Reconciliation
3) LDAP Role Membership Reconciliation
4) LDAP Role Hierarchy Reconciliation
5) LDAP Role Delete Reconciliation
6) LDAP Role Create and Update Reconciliation

There is a field called last change number in all of these Scheduled tasks which we need to update with OUD lastExternalChangelogCookie.

For fetching the lastExternalChangelogCookie from OUD need to run the below command-

$ldapsearch -h 20.107.232.100 -p 2 -D "cn=Directory Manager" -w Welcome1 -b "" -s base "objectclass=*" lastExternalChangelogCookie

Result-

lastExternalChangelogCookie: dc=dev,dc=com:000001514723101e109c0000     -->we need to update this highlighted value in Last Change Number in Scheduled Jobs

Check the query and Result in below screenshot-





In the below screenshot I have updaated the Last change Number-

SCIM/Rest Services - Fetch User Details

Fetching the user details from OIM through SCIM/Rest Services-

--------------------------------------------------------------------------------------------------------------
Required Jar File-
java-json.jar
sun.misc.BASE64Decoder.jar

=======================================================

package oracle.iam.webservice;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.ProtocolException;
import java.net.URL;

public class ViewUser {
public static void main(String args[])
{
String name = "xelsysadm";
String password = "Welcome1";
String authString = name + ":" + password;
String authStringEnc = "Basic "+ new String(new Decoder.BASE64Encoder().encode(authString.getBytes()));

System.out.println("Base64 encoded auth string: " + authStringEnc);
URL url = null;
try {
url = new URL(" http://localhost:14000/idaas/im/scim/v1/Users?filter=(userName co TestS01)"); //Fetch User Details through User Login
//url = new URL("http://localhost:14000/idaas/im/scim/v1/Users/3006"); //Fetch user details through User Key
HttpURLConnection connection = null;
connection = (HttpURLConnection) url.openConnection();
connection.setRequestMethod("GET"); //For Fetching User details GET Operation
connection.setRequestProperty("Accept", "application/scim+json");
connection.setRequestProperty("Authorization", authStringEnc);
connection.setConnectTimeout(5000);
connection.setReadTimeout(5000);
// OutputStreamWriter out = null;
BufferedReader in = null;
in = new BufferedReader(new InputStreamReader(connection.getInputStream()));
System.out.println(in.readLine());
System.out.println("\n REST Service Invoked Successfully..");
in.close();

} catch (ProtocolException e) {
e.printStackTrace();
}catch (MalformedURLException e) {
e.printStackTrace();
}catch (IOException e) {
e.printStackTrace();
}

}

}

SCIM/REST Web Services code For Create User, Modify User, Disable User, Enable User, Delete User

Creating the user in OIM through SCIM/Rest Services-

-----------------------------------------------------------------------------------
Required Jar File-
java-json.jar
sun.misc.BASE64Decoder.jar
apache-httpcomponents-httpcore.jar
apache-jakarta-commons-httpclient.jar
commons-codec-1.9.jar
commons-logging.jar
commons-httpclient-3.1.jar
========================================================

package oracle.iam.webservice;

public class OIMUserManagementBySCIM 
{
/*
Operation-1: Create User Method
*/
public void createUser()
{
  try 
  {
  //1. Define URL
  java.net.URL url = null;
  
  //2. Define Authorization
  System.out.println(" Passing Credential ");
  String name = "xelsysadm";
  String password = "Welcome@1";
  String authString = name + ":" + password;
  String authStringEnc = "Basic "+ new String(new Decoder.BASE64Encoder().encode(authString.getBytes()));
  //System.out.println("Base64 encoded auth string: " + authStringEnc);
  
  //3. Creating object.
  org.json.JSONObject request_body = new org.json.JSONObject();
  org.json.JSONArray request_body_schemas= new org.json.JSONArray(); 
  org.json.JSONObject request_body_nameAttribute = new org.json.JSONObject();
  org.json.JSONArray request_body_email= new org.json.JSONArray();
  org.json.JSONObject request_body_emailValue = new  org.json.JSONObject();
  org.json.JSONObject request_body_ManagerValue = new  org.json.JSONObject();
  org.json.JSONObject request_body_manager= new  org.json.JSONObject();
  org.json.JSONObject request_body_organizationValue = new  org.json.JSONObject();
  org.json.JSONObject request_body_organizationName= new  org.json.JSONObject();
  
  request_body_schemas.put("urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User");
  request_body_schemas.put("urn:ietf:params:scim:schemas:core:2.0:User");
  request_body_schemas.put("urn:ietf:params:scim:schemas:extension:enterprise:2.0:User");
  request_body_schemas.put("urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User");
  request_body.put("schemas",request_body_schemas);
  
  //*******Basic Attributes********
  
  //obj.put("userName","");   
  request_body_nameAttribute.put("familyName","Testrws03");
  request_body_nameAttribute.put("givenName","Userrws03");
  request_body_nameAttribute.put("middleName","turws03");
  request_body.put("name",request_body_nameAttribute);
  request_body.put("displayName","Testrws03 Userrws03");
  request_body.put("profileUrl","http://oimhost:14000/userName");  
   
  request_body_emailValue.put("value","testrws01ervice03@test.com");
  request_body_emailValue.put("type","work");
  request_body_email.put(request_body_emailValue);
  request_body.put("emails",request_body_email);
  
  request_body.put("userType","Associate");
  request_body.put("title","Supervisor");
  request_body.put("employeeNumber","1100001");
  request_body.put("locale","en-US");
  request_body.put("locale","en-US");
  request_body.put("timezone","America/Los_Angeles");
  
  request_body_ManagerValue.put("value", "13324");
  request_body_manager.put("manager",request_body_ManagerValue);
  request_body.put("urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",request_body_manager);
  
  request_body_organizationValue.put("value","6");
  request_body_organizationValue.put("$ref", "http://oimhost:14000/idaas/im/scim/v1/Organizations/6");
  request_body_organizationName.put("homeOrganization", request_body_organizationValue);
  request_body.put("urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User",request_body_organizationName); 
 
  //********Custom Attributes********
  
  request_body.put("urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User:EmployeeStatus","Active");
  request_body.put("urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User:EmailNonProd","testrws03@gmail.com");
  request_body.put("urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User:Level","30");
  request_body.put("urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User:Division","Corporate");
  request_body.put("urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User:SW1_Category","S");
       
  System.out.println("JSON object is ::"+request_body);
  
 //5. parameters for connection
  url = new java.net.URL("http://oimhost:14000/idaas/im/scim/v1/Users");
  java.net.HttpURLConnection connection = null;
  connection = (java.net.HttpURLConnection) url.openConnection();
  connection.setRequestMethod("POST"); // For Creation put POST Operation
  connection.setRequestProperty("Content-Type", "application/scim+json");
  connection.setRequestProperty("Authorization", authStringEnc);
  connection.setConnectTimeout(5000);
  connection.setDoOutput(true);
  connection.setReadTimeout(5000);
  
  //7. Sending Data in OIM
  java.io.OutputStreamWriter out=null;
  out = new java.io.OutputStreamWriter(connection.getOutputStream());
  out.write(request_body.toString());
  out.close();
  
  //7. Getting output
  java.io.BufferedReader in = new java.io.BufferedReader(new java.io.InputStreamReader(connection.getInputStream()));
  System.out.println("Buffered input is"+in);
  System.out.println("Response code from server is ::"+connection.getResponseCode());
  System.out.println("*****User created successfully******");
  String line ="";
  while ((line = in.readLine()) != null) 
  {
    System.out.println("Result is ::"+line);
  }
  in.close();
  
} 
 catch (java.net.ProtocolException e) 
 {
  // TODO Auto-generated catch block
  e.printStackTrace();
 }
 catch (java.net.MalformedURLException e) 
 {
  // TODO Auto-generated catch block
  e.printStackTrace();
 }
 catch (java.io.IOException e)
 {
  // TODO Auto-generated catch block
  e.printStackTrace();
 } 
 catch (org.json.JSONException e)
 {
  // TODO Auto-generated catch block
  e.printStackTrace();
 }

}

/*
Operation-2: Modify User Method
*/
public void modifyUser()
{
//1. Define URL with User Key
org.apache.commons.httpclient.methods.PostMethod m = new org.apache.commons.httpclient.methods.PostMethod("http://oimhost:14000/idaas/im/scim/v1/Users/13337") 
{
@Override 
//2. Calling PATCH Operation
public String getName() 
{ 
System.out.println(" After PATCH ");
return "PATCH"; 
}
};
//3. Define Authorization
System.out.println(" Passing Credential ");
String userCredentials = "xelsysadm:Welcome@1";
new com.sun.xml.internal.messaging.saaj.util.Base64();
String basicAuth = "Basic " + new String(com.sun.xml.internal.messaging.saaj.util.Base64.encode(userCredentials.getBytes()));
m.setRequestHeader("Authorization", basicAuth);
try 
{
//4. Creating Object
org.json.JSONObject request_body = new org.json.JSONObject();
org.json.JSONArray request_body_schemas = new org.json.JSONArray();

//5. Passing SChema
request_body_schemas.put("urn:ietf:params:scim:api:messages:2.0:PatchOp");
request_body.put("schemas", request_body_schemas);    
org.json.JSONArray request_body_operation= new org.json.JSONArray();

//6. Updating/Modifying Attributes
//Basic Attribute
org.json.JSONObject request_body_lastname= new org.json.JSONObject();
request_body_lastname.put("op", "replace");
request_body_lastname.put("path", "urn:ietf:params:scim:schemas:core:2.0:User:name.givenName");
request_body_lastname.put("value", "testcbs23_new");
request_body_operation.put(request_body_lastname);

org.json.JSONObject request_body_employeeNumber= new org.json.JSONObject();
request_body_employeeNumber.put("op", "replace");
request_body_employeeNumber.put("path", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:employeeNumber");
request_body_employeeNumber.put("value", "11123010");
request_body_operation.put(request_body_employeeNumber);

// Custom Attribute
org.json.JSONObject request_body_employeeStatus= new org.json.JSONObject();
request_body_employeeStatus.put("op", "replace");
request_body_employeeStatus.put("path", "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User:EmployeeStatus");
request_body_employeeStatus.put("value", "Active");
request_body_operation.put(request_body_employeeStatus);

org.json.JSONObject request_body_division= new org.json.JSONObject();
request_body_division.put("op", "replace");
request_body_division.put("path", "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User:Division");
request_body_division.put("value", "CORPORATE");
request_body_operation.put(request_body_division);

request_body.put("Operations", request_body_operation);
System.out.println("JSON Object: "+request_body);

//7. Sending Data in OIM
   m.setRequestEntity(new org.apache.commons.httpclient.methods.StringRequestEntity(request_body.toString(), "application/scim+json", "UTF-8"));
   org.apache.commons.httpclient.HttpClient c = new org.apache.commons.httpclient.HttpClient();
int sc = c.executeMethod(m);
System.out.println("PATCH call returned a Modify status code ::" + sc);
  
} 
catch (java.net.ProtocolException e) 
{
  // TODO Auto-generated catch block
  e.printStackTrace();
}
catch (java.net.MalformedURLException e) 
{
  // TODO Auto-generated catch block
  e.printStackTrace();
}
catch (java.io.IOException e)
{
  // TODO Auto-generated catch block
  e.printStackTrace();
} 
catch (org.json.JSONException e) 
{
  // TODO Auto-generated catch block
  e.printStackTrace();
}
   }

/*
Operation-3: Enable User Method
*/
public void enableUser()
{
       //1. Define URL with User Key
org.apache.commons.httpclient.methods.PostMethod m = new org.apache.commons.httpclient.methods.PostMethod("http://oimhost:14000/idaas/im/scim/v1/Users/13337") 
{
@Override 
//2. Calling PATCH Operation
public String getName() 
{ 
System.out.println(" After PATCH ");
return "PATCH"; 
}
};
//3. Define Authorization
System.out.println(" Passing Credential ");
String userCredentials = "xelsysadm:Welcome@1";
new com.sun.xml.internal.messaging.saaj.util.Base64();
String basicAuth = "Basic " + new String(com.sun.xml.internal.messaging.saaj.util.Base64.encode(userCredentials.getBytes()));
m.setRequestHeader("Authorization", basicAuth);
try 
{
//4. Creating Object
org.json.JSONObject request_body = new org.json.JSONObject();
org.json.JSONArray request_body_schemas = new org.json.JSONArray();

//5. Passing SChema
request_body_schemas.put("urn:ietf:params:scim:api:messages:2.0:PatchOp");
request_body.put("schemas", request_body_schemas);    
org.json.JSONArray request_body_operation= new org.json.JSONArray();

//6. Enable User
org.json.JSONObject request_body_enable= new org.json.JSONObject();
request_body_enable.put("op", "replace");
request_body_enable.put("path", "urn:ietf:params:scim:schemas:core:2.0:User:active");
request_body_enable.put("value", true);
request_body_operation.put(request_body_enable);

request_body.put("Operations", request_body_operation);
System.out.println("JSON Object: "+request_body);

//7. Sending Data in OIM
   m.setRequestEntity(new org.apache.commons.httpclient.methods.StringRequestEntity(request_body.toString(), "application/scim+json", "UTF-8"));
   org.apache.commons.httpclient.HttpClient c = new org.apache.commons.httpclient.HttpClient();
int sc = c.executeMethod(m);
System.out.println("PATCH call returned a Enable status code ::" + sc);
  
} 
catch (java.net.ProtocolException e) 
{
  // TODO Auto-generated catch block
  e.printStackTrace();
}
catch (java.net.MalformedURLException e) 
{
  // TODO Auto-generated catch block
  e.printStackTrace();
}
catch (java.io.IOException e)
{
  // TODO Auto-generated catch block
  e.printStackTrace();
} 
catch (org.json.JSONException e) 
{
  // TODO Auto-generated catch block
  e.printStackTrace();
}
}
/*
Operation-4: Disable User Method
*/
public void disableUser()
{
        //1. Define URL with User Key
org.apache.commons.httpclient.methods.PostMethod m = new org.apache.commons.httpclient.methods.PostMethod("http://oimhost:14000/idaas/im/scim/v1/Users/13337") 
{
@Override 
//2. Calling PATCH Operation
public String getName() 
{ 
System.out.println(" After PATCH ");
return "PATCH"; 
}
};
//3. Define Authorization
System.out.println(" Passing Credential ");
String userCredentials = "xelsysadm:Welcome@1";
new com.sun.xml.internal.messaging.saaj.util.Base64();
String basicAuth = "Basic " + new String(com.sun.xml.internal.messaging.saaj.util.Base64.encode(userCredentials.getBytes()));
m.setRequestHeader("Authorization", basicAuth);
try 
{
//4. Creating Object
org.json.JSONObject request_body = new org.json.JSONObject();
org.json.JSONArray request_body_schemas = new org.json.JSONArray();

//5. Passing SChema
request_body_schemas.put("urn:ietf:params:scim:api:messages:2.0:PatchOp");
request_body.put("schemas", request_body_schemas);    
org.json.JSONArray request_body_operation= new org.json.JSONArray();

//6. Enable User
org.json.JSONObject request_body_disable= new org.json.JSONObject();
request_body_disable.put("op", "replace");
request_body_disable.put("path", "urn:ietf:params:scim:schemas:core:2.0:User:active");
request_body_disable.put("value", false);
request_body_operation.put(request_body_disable);

request_body.put("Operations", request_body_operation);
System.out.println("JSON Object: "+request_body);

//6. Sending Data in OIM
   m.setRequestEntity(new org.apache.commons.httpclient.methods.StringRequestEntity(request_body.toString(), "application/scim+json", "UTF-8"));
   org.apache.commons.httpclient.HttpClient c = new org.apache.commons.httpclient.HttpClient();
int sc = c.executeMethod(m);
System.out.println("PATCH call returned a Disable status code ::" + sc);
  
} 
catch (java.net.ProtocolException e) 
{
  // TODO Auto-generated catch block
  e.printStackTrace();
}
catch (java.net.MalformedURLException e) 
{
  // TODO Auto-generated catch block
  e.printStackTrace();
}
catch (java.io.IOException e)
{
  // TODO Auto-generated catch block
  e.printStackTrace();
} 
catch (org.json.JSONException e) 
{
  // TODO Auto-generated catch block
  e.printStackTrace();
}
}
/*
Operation-5: Delete User Method
*/
public void deleteUser()
{
  //1. Define URL
java.net.URL url = null;
  
  //2. Passing Authorization
  String userName="xelsysadm";
  String password="Welcome@1";
  String authString = userName + ":" + password;
  String authStringEnc = "Basic " + new String(new Decoder.BASE64Encoder().encode(authString.getBytes()));
  //System.out.println("Base64 encoded auth string: " + authStringEnc);
  
  try {
  //3. Passing URL with User Key in URL
  url = new java.net.URL("http://oimhost:14000/idaas/im/scim/v1/Users/13336");
  
  //4. parameters for connection
  java.net.HttpURLConnection connection = null;
  connection = (java.net.HttpURLConnection) url.openConnection();
  connection.setRequestMethod("DELETE");
  connection.setRequestProperty("Content-Type", "application/scim+json");
  connection.setRequestProperty("Authorization", authStringEnc);
  connection.setConnectTimeout(5000);
  connection.setDoOutput(true);
  connection.setReadTimeout(5000);
  
  //7. Getting output
  java.io.BufferedReader in = new java.io.BufferedReader(new java.io.InputStreamReader(connection.getInputStream()));
  //System.out.println("Buffered input is"+in);
  System.out.println("Response code from server is ::"+connection.getResponseCode());
  System.out.println("User Deleted successfully");
  in.close();
  
 } 
  catch (java.net.ProtocolException e)
  {
// TODO Auto-generated catch block
  e.printStackTrace();
  } 
  catch (java.net.MalformedURLException e) 
  {
// TODO Auto-generated catch block
  e.printStackTrace();
  } 
  catch (java.io.IOException e)
  {
// TODO Auto-generated catch block
  e.printStackTrace();
 }
}
public static void main(String args[])
{
OIMUserManagementBySCIM usermgmt=new OIMUserManagementBySCIM();
usermgmt.createUser();
//usermgmt.modifyUser();
//usermgmt.enableUser();
//usermgmt.disableUser();
//usermgmt.deleteUser();
}

}