Long enough in Identity and Access Management domain to go through all of these.
Friday, May 24, 2024
Friday, September 8, 2017
Wednesday, August 9, 2017
OIM 11.1.2.3.x OIM Bundle Patch History
| Bundle Patch Version | Patch Number | Release Date | Pillar/Suite Patch | OIM Opatch Number | Patch Documentation |
| 11.1.2.3.1 | Patch:21169810 | 15-Jul-2015 | Yes | 21308416 | Patch Readme |
| 11.1.2.3.2 | Patch:21615056 | 19-Aug-2015 | No | 21615056 | Patch Readme |
| 11.1.2.3.3 | Patch:21771609 | 15-Sep-2015 | No | 21771609 | Patch Readme |
| 11.1.2.3.4 | Patch:21698880 | 20-Oct-2015 | Yes | 21979115 | Patch Readme |
| 11.1.2.3.5 | Patch:22085274 | 19-Jan-2016 | Yes | 22364075 | Patch Readme |
| 11.1.2.3.160419 | Patch:22675286 | 19-Apr-2016 | Yes | 22874405 | Patch Readme |
| 11.1.2.3.160719 | Not Available* | 19-Jul-2016 | Yes | 24290399 | Not Available* |
| 11.1.2.3.161018 | Patch:24326201 | 18-Oct-2016 | Yes | 24751162 | Patch Readme |
| 11.1.2.3.170117 | Patch:25038775 | 17-Jan-2017 | Yes | 24927639 | Patch Readme |
| 11.1.2.3.170418 | Patch:25654150 | 18-Apr-2017 | Yes | 25348617 | Patch Readme |
| 11.1.2.3.170718 | Patch:26040260 | 18-Jul-2017 | Yes | 25840295 | Patch Readme |
Oracle BI Pubisher (11.1.1.7) Report - Not able to create group link between two data sets with different data source type JDBC and LDAP
It is not supported to create group link between two data sets with different data source type JDBC and LDAP.
OIM - uSNChanged out of sync between domain controllers problem for AD Target Recon
OIM - 11.1.2.3
AD Connector - 11.1.1.6
When you configure the AD IT Resource as serverless binding, the target recon may have problem with uSNChanged as 'Incremental Recon Attribute' because it's out of sync between domain controllers.
You can workaround this by setting the 'SyncDomainController' to a domain controller in the AD IT Resource configuration.
AD Connector - 11.1.1.6
When you configure the AD IT Resource as serverless binding, the target recon may have problem with uSNChanged as 'Incremental Recon Attribute' because it's out of sync between domain controllers.
You can workaround this by setting the 'SyncDomainController' to a domain controller in the AD IT Resource configuration.
Friday, July 21, 2017
Friday, June 2, 2017
Connector ConnectorKey not found Error OIM 11g R2PS3
This is caused by missing jars on Connector Server.
oracle.iam.connectors.icfcommon.exceptions.IntegrationException: Connector ConnectorKey( bundleName=org.identityconnectors.domino bundleVersion=2.0.2 connectorName=org.identityconnectors.domino.DominoConnector ) not found
at oracle.iam.connectors.icfcommon.ConnectorFactory.createConnectorFacade(ConnectorFactory.java:179)
at oracle.iam.connectors.icfcommon.recon.AbstractReconTask.init(AbstractReconTask.java:116)
at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.execute(SchedulerBaseTask.java:383)
at oracle.iam.scheduler.vo.TaskSupport.invokeExecute(TaskSupport.java:275)
at oracle.iam.scheduler.vo.TaskSupport.access$000(TaskSupport.java:46)
at oracle.iam.scheduler.vo.TaskSupport$1.processWithoutResult(TaskSupport.java:221)
at oracle.iam.platform.tx.OIMTransactionCallbackWithoutResult.process(OIMTransactionCallbackWithoutResult.java:9)
at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:13)
at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:6)
at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:128)
at oracle.iam.platform.tx.OIMTransactionManager.execute(OIMTransactionManager.java:22)
at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:201)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at oracle.iam.scheduler.impl.quartz.QuartzJob$TaskExecutionAction.run(QuartzJob.java:285)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:266)
at oracle.security.jps.internal.jaas.AccActionExecutor.execute(AccActionExecutor.java:65)
at oracle.security.jps.internal.jaas.AbstractSubjectSecurity$ActionExecutorWrapper.execute(AbstractSubjectSecurity.java:228)
at oracle.security.jps.internal.jaas.CascadeActionExecutor$SubjectPrivilegedAction.run(CascadeActionExecutor.java:68)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.security.Security.runAs(Security.java:41)
at oracle.security.jps.wls.jaas.WlsActionExecutor.execute(WlsActionExecutor.java:47)
at oracle.security.jps.internal.jaas.CascadeActionExecutor.execute(CascadeActionExecutor.java:50)
at oracle.security.jps.internal.jaas.AbstractSubjectSecurity$ActionExecutorWrapper.execute(AbstractSubjectSecurity.java:228)
at Thor.API.Security.LoginHandler.AssertionLoginSession.runAs(AssertionLoginSession.java:93)
at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:85)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
oracle.iam.connectors.icfcommon.exceptions.IntegrationException: Connector ConnectorKey( bundleName=org.identityconnectors.domino bundleVersion=2.0.2 connectorName=org.identityconnectors.domino.DominoConnector ) not found
at oracle.iam.connectors.icfcommon.ConnectorFactory.createConnectorFacade(ConnectorFactory.java:179)
at oracle.iam.connectors.icfcommon.recon.AbstractReconTask.init(AbstractReconTask.java:116)
at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.execute(SchedulerBaseTask.java:383)
at oracle.iam.scheduler.vo.TaskSupport.invokeExecute(TaskSupport.java:275)
at oracle.iam.scheduler.vo.TaskSupport.access$000(TaskSupport.java:46)
at oracle.iam.scheduler.vo.TaskSupport$1.processWithoutResult(TaskSupport.java:221)
at oracle.iam.platform.tx.OIMTransactionCallbackWithoutResult.process(OIMTransactionCallbackWithoutResult.java:9)
at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:13)
at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:6)
at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:128)
at oracle.iam.platform.tx.OIMTransactionManager.execute(OIMTransactionManager.java:22)
at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:201)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at oracle.iam.scheduler.impl.quartz.QuartzJob$TaskExecutionAction.run(QuartzJob.java:285)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:266)
at oracle.security.jps.internal.jaas.AccActionExecutor.execute(AccActionExecutor.java:65)
at oracle.security.jps.internal.jaas.AbstractSubjectSecurity$ActionExecutorWrapper.execute(AbstractSubjectSecurity.java:228)
at oracle.security.jps.internal.jaas.CascadeActionExecutor$SubjectPrivilegedAction.run(CascadeActionExecutor.java:68)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.security.Security.runAs(Security.java:41)
at oracle.security.jps.wls.jaas.WlsActionExecutor.execute(WlsActionExecutor.java:47)
at oracle.security.jps.internal.jaas.CascadeActionExecutor.execute(CascadeActionExecutor.java:50)
at oracle.security.jps.internal.jaas.AbstractSubjectSecurity$ActionExecutorWrapper.execute(AbstractSubjectSecurity.java:228)
at Thor.API.Security.LoginHandler.AssertionLoginSession.runAs(AssertionLoginSession.java:93)
at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:85)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
Wednesday, May 17, 2017
OIM Bulkload Utility - "Utility is already running"
If the Bulkload Utility hasn't been run cleaning, you may got the "Utility is already running' while executing the oim bulk load utility. The solution is to drop the temporary table "OIM_BLKLD_TMP".
After the bulkload, the following should be checked to see is there any indexes and constraints in DISABLED or UNUSABLE state.
Being a database-intensive operation by design, Bulk Load disables the constraints and indexes on the relevant Oracle Identity Manager entity tables during the start of the operation. Bulk Load operation failure towards the end of the load might at times render the indexes and constraints in disabled state. To identify and fix this issue, manually restore the indexes and constraints as follows:
After the bulkload, the following should be checked to see is there any indexes and constraints in DISABLED or UNUSABLE state.
Being a database-intensive operation by design, Bulk Load disables the constraints and indexes on the relevant Oracle Identity Manager entity tables during the start of the operation. Bulk Load operation failure towards the end of the load might at times render the indexes and constraints in disabled state. To identify and fix this issue, manually restore the indexes and constraints as follows:
- Identify the unusable indexes and disabled constraints. To do so, the following SQL queries or similar mechanism can be used:
SELECT TABLE_NAME, CONSTRAINT_NAME FROM user_constraints WHERE status = 'DISABLED'; SELECT index_name FROM user_indexes WHERE status = 'UNUSABLE';
- Enable the constraints and rebuild the indexes manually, as shown:
ALTER TABLE TABLE_NAME ENABLE CONSTRAINT CONSTRAINT_NAME; ALTER INDEX INDEX_NAME REBUILD;
Tuesday, May 16, 2017
OIM11gR2: Bulk Load Bugs
Got the following error when bulk laoad user data to OIM 11.1.2.3
java.sql.SQLException: ORA-01400: cannot insert NULL into ("HA_OIM"."OIM_BLKLD_LOG"."LOAD_SOURCE")
ORA-06512: at "DEV_OIM.OIM_BLKLD_SP_LOG_MSG", line 21
ORA-06512: at "DEV_OIM.OIM_BLKLD_PKG_USR", line 1505
ORA-06502: PL/SQL: numeric or value error: character string buffer too small
Google found this:
http://ajmerasunny.blogspot.com.au/2014/07/oim11gr2-bulk-load-bugs.html
java.sql.SQLException: ORA-01400: cannot insert NULL into ("HA_OIM"."OIM_BLKLD_LOG"."LOAD_SOURCE")
ORA-06512: at "DEV_OIM.OIM_BLKLD_SP_LOG_MSG", line 21
ORA-06512: at "DEV_OIM.OIM_BLKLD_PKG_USR", line 1505
ORA-06502: PL/SQL: numeric or value error: character string buffer too small
Google found this:
http://ajmerasunny.blogspot.com.au/2014/07/oim11gr2-bulk-load-bugs.html
Monday, April 10, 2017
IdAM product landscape in cloud and on-premise
This matrix from the following link has listed the products by vendors of IdAM in cloud and on-premise.
IDaaS – Vendor + Product + Feature Matrix – November 2016
IDaaS – Vendor + Product + Feature Matrix – November 2016
Wednesday, March 29, 2017
OIM Services
UserManager
RequestService
RoleManager
PlatformService
ProvisioningService
ApplicationInstanceService
tcLookupOperationsIntf
tcITResourceInstanceOperationsIntf
tcFormInstanceOperationsIntf
RoleCategoryManager
AuthorizationService
AuthorizationOPSSService
AuthenticatedSelfService
ConfigManager
OrganizationManager
UnauthenticatedSelfService
UnauthenticatedRequestService
tcITResourceDefinitionOperationsIntf
PasswordMgmtService
SystemConfigurationService
tcObjectOperationsIntf
RequestDataSetService
EntitlementService
CatalogService
OIMService
EntityPublicationService
AdminRoleService
tcFormDefinitionOperationsIntf
RequestProfileService
AttestationOperationsIntf
SODCheckService
MetaDataDefinitionManager
CertificationService
CertificationAdministrationService
ConnectorBundleService
ConnectorInfoService
ReconConfigService
tcAccessPolicyOperationsIntf
ConnectorServerService
ApplicationService
ScanDefinitionManager
ScanRunManager
IDAConfigurationManager
PolicyManager
PolicyViolationManager
PolicyViolationCauseManager
PolicyTypeManager
RuleManager
EntityManager
OrchestrationEngine
NotificationService
AuditEventManager
SchedulerService
RequestService
RoleManager
PlatformService
ProvisioningService
ApplicationInstanceService
tcLookupOperationsIntf
tcITResourceInstanceOperationsIntf
tcFormInstanceOperationsIntf
RoleCategoryManager
AuthorizationService
AuthorizationOPSSService
AuthenticatedSelfService
ConfigManager
OrganizationManager
UnauthenticatedSelfService
UnauthenticatedRequestService
tcITResourceDefinitionOperationsIntf
PasswordMgmtService
SystemConfigurationService
tcObjectOperationsIntf
RequestDataSetService
EntitlementService
CatalogService
OIMService
EntityPublicationService
AdminRoleService
tcFormDefinitionOperationsIntf
RequestProfileService
AttestationOperationsIntf
SODCheckService
MetaDataDefinitionManager
CertificationService
CertificationAdministrationService
ConnectorBundleService
ConnectorInfoService
ReconConfigService
tcAccessPolicyOperationsIntf
ConnectorServerService
ApplicationService
ScanDefinitionManager
ScanRunManager
IDAConfigurationManager
PolicyManager
PolicyViolationManager
PolicyViolationCauseManager
PolicyTypeManager
RuleManager
EntityManager
OrchestrationEngine
NotificationService
AuditEventManager
SchedulerService
Monday, March 20, 2017
OIM (11.1.2.3) - Full list of entity-type/operations
Full list of entity-type/operations:
| Entity Type | Operation |
| PendingRoleUser | ANY |
| RoleUser | ANY |
| CREATE | |
| DELETE | |
| User | ANY |
| ADD_PROXY | |
| CHANGE_PASSWORD | |
| CREATE | |
| DELETE | |
| DISABLE | |
| ENABLE | |
| EVALUATE_POLICIES | |
| GET_ALL_PROXIES | |
| LOCK | |
| MODIFY | |
| REMOVE_ALL_PROXIES | |
| REMOVE_PROXY | |
| RESET_PASSWORD | |
| SELFSETCHALLENGE | |
| UNLOCK | |
| UPDATE_PROXY | |
| Config | ANY |
| ADD_DERIVED_ATTRIBUTES | |
| CONFIGURE_SEARCH_ATTRIBUTES | |
| CREATE_ATTRIBUTE | |
| CREATE_CATEGORY | |
| DELETE_ATTRIBUTE | |
| MODIFY_ATTRIBUTE | |
| UPDATE_CATEGORY | |
| Resource | ACCESS_POLICY_BASED_DISABLE |
| ACCESS_POLICY_BASED_ENABLE | |
| ACCESS_POLICY_BASED_MODIFY | |
| ACCESS_POLICY_BASED_PROVISION | |
| ACCESS_POLICY_BASED_REVOKE | |
| DEPROVISION | |
| DISABLE | |
| ENABLE | |
| MODIFYRESOURCE | |
| PROVISION | |
| SAMPLEPROVISION | |
| SELFDEPROVISION | |
| SELFMODIFYRESOURCE | |
| BulkRequest | ANY |
| ApplicationInstance | CHANGEACCOUNTPASSWORD |
| MODIFY | |
| PROVISION | |
| Account | ANY |
| DELETE | |
| AdminRole | SET_MEMBERSHIP_RULE |
| Organization | ANY |
| CREATE | |
| DELETE | |
| DISABLE | |
| ENABLE | |
| MODIFY | |
| SET_MEMBERSHIP_RULE | |
| myentity | REVERSE |
| oracle.iam.request.vo.RequestTemplate | CREATE |
| JobDetails | ANY |
| SystemProperty | ANY |
| oracle.iam.request.vo.ApprovalPolicy | CREATE |
| RoleRole | ANY |
| DELETE | |
| RoleCategory | ANY |
| oracle.iam.notification.vo.LocalTemplate | ANY |
| oracle.iam.requestprofile.vo.RequestProfile | CREATE |
| DELETE | |
| MODIFY | |
| Role | ANY |
| ASSIGNROLES | |
| CREATE | |
| DELETE | |
| MODIFY | |
| REMOVEROLES | |
| SELFASSIGNROLES | |
| SELFREMOVEROLES | |
| Entitlement | MODIFY |
| PROVISION | |
| REVOKE |
Monday, February 6, 2017
OIM Siebel Connector (11.1.1.6.0) - User out of organization 'Xellerate Users' fail to provision Siebel Account
After implementing the Siebel Connector (11.1.1.6.0) on OIM 11.1.2.3, fail to provision Siebel Account unless the user is under organization 'Xellerate Users'.
Cross-checked everything, it fails because the Pre-Populate Rule - 'Siebel Rule' is 'Organization Name == Xellerate Users'. Anything pre-populated attributes in Siebel Process Form using the 'Siebel Rule' are not able to be pre-populated if the user's organization is not 'Xellerate Users'.
The fix is to use 'Default' Pre-Populate Rule instead of 'Siebel Rule' for all pre-populated attributes in Siebel Process Form.
Shared this solution to Oracle and you can find it via My Oracle Support - Admin User Out Of Organization 'Xellerate Users' Fail To Provision Siebel Account (Doc ID 2231147.1)
Cross-checked everything, it fails because the Pre-Populate Rule - 'Siebel Rule' is 'Organization Name == Xellerate Users'. Anything pre-populated attributes in Siebel Process Form using the 'Siebel Rule' are not able to be pre-populated if the user's organization is not 'Xellerate Users'.
The fix is to use 'Default' Pre-Populate Rule instead of 'Siebel Rule' for all pre-populated attributes in Siebel Process Form.
Shared this solution to Oracle and you can find it via My Oracle Support - Admin User Out Of Organization 'Xellerate Users' Fail To Provision Siebel Account (Doc ID 2231147.1)
Thursday, January 19, 2017
OIM Connector - provisioning set the default value to 1/1/1970 for Date attribute
There is a bug in OIM for Connector provisioning for the date format attribute. OIM adapter sets the date to '1/1/1970' and provision that to the target system.
There is a simple workaround for this:
In the provisioning lookup to map the date attribute as follows:
There is a simple workaround for this:
In the provisioning lookup to map the date attribute as follows:
| Code Key | Decode |
| SampleDate | targetSampleDate=SampleDate!=null&&!SampleDate.startsWith("1970-01-01")?SampleDate:null |
Thursday, November 10, 2016
Wednesday, September 21, 2016
Monday, August 29, 2016
Tuesday, August 9, 2016
OIM11gR2PS3 - System Properties
As a reference.
| Property Name | Keyword | Default Value | Description |
|---|---|---|---|
Access Policy Revoke If No Longer Applies Enhancement
|
XL.AccessPolicyRevokeIfNoLongerAppliesEnhancement
|
FALSE
|
Determines if the Revoke if no longer applies flag in access policy is applicable.
If the value is true, then this flag is applicable to child table data (entitlements) along with parent data. The user can determine if child data must be removed or retained when access policy no longer applies to user based on this flag.
If the value if false, then child table data (entitlements) are always removed after access policy is no longer applied.
Note: This property is not used in Oracle Identity Manager Release 2 (11.1.2) or later.
|
Allows access policy based provisioning of multiple instances of a resource
|
XL.AllowAPBasedMultipleAccountProvisioning
|
FALSE
|
Determines if multiple instances of a resource can be provisioned to multiple target resources.
When the value is false, provisioning multiple instances of resource object via access policy is not allowed.
When the value is true, provisioning multiple instances of resource object via access policy is allowed.
|
Allows linking of access policies to reconciled and bulk loaded accounts
|
XL.AllowAPHarvesting
|
FALSE
|
Determines if access policy engine can link access policies to reconciled accounts and to accounts created by the Bulk Load Utility.
This property is used in the context of evaluating access policies for reconciled accounts and to accounts created by the Bulk Load Utility. For more information, see"Evaluating Policies for Reconciled and Bulk Load-Created Accounts".
Note: This property is used in Oracle Identity Manager 11g Release 2 (11.1.2.2.0) or later.
|
Are challenge questions disabled in OIM
|
OIM.DisableChallengeQuestions
|
FALSE
|
Determines if challenge questions are enabled or disabled when a user logs in to Oracle Identity Manager for the first time.
When value is False, challenge questions are enabled.
When value is True, challenge questions are disabled.
This property is primarily used in the context of Oracle Adaptive Access Manager (OAAM) configuration. When the value is TRUE, the challenge questions are handled by OAAM.
When the value is FALSE, then PWR.PWR_CHA_POLICY_ENABLED is honored to determine if challenge policy is enabled or not.
|
Catalog Additional Application Details Task Flow
|
CatalogAdditionalApplicationDetailsTaskFlow
|
/WEB-INF/oracle/iam/ui/common/tfs/empty-tf.xml#empty-tf
|
A custom task flow is to be displayed when an application is selected from the catalog checkout page. The task flow page will display as a tab in the cart details section.
|
Catalog Additional Entitlement Details Task Flow
|
CatalogAdditionalEntitlementDetailsTaskFlow
|
/WEB-INF/oracle/iam/ui/common/tfs/empty-tf.xml#empty-tf
|
A custom task flow is to be displayed when an entitlement is selected from the catalog checkout page. The task flow page will display as a tab in the cart details section.
|
Catalog Additional Role Details Task Flow
|
CatalogAdditionalRoleDetailsTaskFlow
|
/WEB-INF/oracle/iam/ui/common/tfs/empty-tf.xml#empty-tfs
|
A custom task flow is to be displayed when a role item is selected from the catalog checkout page. The task flow page will display as a tab in the cart details section.
|
Catalog Advanced Search Maximum Applications
|
CatalogAdvancedSearchMaxApps
|
15
|
In the default form for catalog advanced search, you can search for entitlements by specifying the list of applications to search from. This system property controls the maximum number of applications that can be selected for entitlement search.
|
Catalog Advanced Search Taskflow
|
CatalogAdvancedSearchTaskflow
|
/WEB-INF/oracle/iam/ui/catalog/tfs/catalog-advanced-search-tf.xml#catalog-advanced-search-tf
|
Determines the taskflow used for catalog search. If you create custom taskflow for catalog search, then change the value of this property to the complete path of the custom taskflow.
|
Catalog Attributes for Sorting Search Results
|
CatalogSortAttributes
|
ENTITY_DISPLAY_NAME; ENTITY_TYPE
|
This property determines the attributes that are displayed in the Sort By drop down in the catalog results tab.
|
Catalog Audit Data Collection
|
XL.CatalogAuditDataCollection
|
none
|
Determines if catalog auditing is enabled or disabled. The default value is
none, which specifies that catalog auditing in disabled. To enable catalog auditing, set the value of this property to catalog. |
Catalog Regex for special characters
|
Catalog.SpecialCharacterRegex
|
[^\w]
|
Enables text parsing and escaping of special characters when performing a catalog search by using some special characters. If you do not want any text parsing and escaping of special characters, then change the value of this property to
[^\w^\W]. |
Catalog search MAX result size. Default value is -1 which means return all
|
XL.CatalogSearchResultCap
|
-1
|
When the data is huge in the request catalog and you encounter any issue with the performance of the catalog, you can change the value of this system property and provide some reasonable values, such as 500. As a result, catalog search will not return more than the specified value. If the value is -1, then no result size limit is applied on the catalog search result.
|
Catalog Searchable UDF In Tags
|
CATALOG.SearchableUdfInTags
|
FALSE
|
If want to use searchable UDF in TAGS, then you can set the value of this property to TRUE. Then, you can run the scheduled task in recalculate tags mode and searchable UDF values are part of the TAGS column. The same value can be used in keyword search.
|
Catalog Table Rows To Display Size
|
CatalogTableRowsToDisplaySize
|
10
|
This property is used to control the number of rows displayed in all tables found in all catalog-related pages.
|
CommonName generation plugin
|
XL.DefaultCommonNamePolicyImpl
|
oracle.iam.ldapsync.impl.plugins.FirstNameLastNamePolicy
|
Determines the common name generation plugin to generate common name.
|
Compiler Path for Connectors
|
XL.CompilerPath
|
Specifies the Java home depending on the application server.
Note: If the path of the JDK directory is not included in the System Path variable, then you must set the path of the JDK directory in the XL.CompilerPath system property. If this is not done, then an error is encountered during the adapter compilation stage of the process performed when you import an XML file by using the Deployment Manager.
| |
Compute and Persist Min Age On Password Change
|
ComputePersistMinAgeOnPasswordChange
|
proactive
|
Password minimum age calculation has two modes, proactive and reactive mode.
In proactive, where minimum age date is calculated at password change time, any subsequent change to the user's applicable password policy's minimum age property will not be honored until the next password change, where as with the reactive approach, policy changes are applied immediately.
To enable proactive or reactive approach, system property Compute Persist Min Age On Password Change is introduced.
|
Copy both user and manager of user in the create user email notification
|
XL.NotifyUserCreateToOther
|
TRUE
|
Copies the user and user's manager in the email notification that is sent when a user is created.
|
Data Collection Session ID
|
XL.DataCollectionSessionID
|
dummy
|
Specifies the session ID of the current Oracle Identity Analytics (OIA) Data collection session.
|
Data Collection Status
|
XL.DataCollectionStatus
|
FINALIZED
|
Specifies the status of the current OIA data collection session.
|
Default Date Format
|
XL.DefaultDateFormat
|
yyyy/mm/dd hh:mm:ss z
|
When creating reconciliation events by calling the APIs and date format is not passed as one of the arguments to the API, Oracle Identity Manager assumes that all the date field values are specified in Default Date Format.
|
Default policy for username generation
|
XL.DefaultUserNamePolicyImpl
|
oracle.iam.identity.usermgmt.impl.plugins.DefaultComboPolicy
|
Determines the username policy to use when generating a username.
|
Default user name domain
|
XL.UserNameDomain
|
oracle.com
|
This property is used by the DefaultComboPolicy to generate a user name in e-mail format.
|
Display Certification or Attestation
|
OIM.ShowCertificationOrAttestation
|
attestation
|
This property has been superseded by the
Identity Auditor Features Enabledsystem property, and attestation is no longer supported.
Note: In this release, this property is not used as Attestation is not supported. This property is superceded by the
Identity Auditor Features Enabled system property. |
Does user have to provide challenge information during registration
|
PCQ.PROVIDE_DURING_SELFREG
|
TRUE
|
If the value is TRUE, then users will have to provide challenge information during registration.
|
Email Server
|
XL.MailServer
|
Email Server
|
Name of the e-mail server.
Note: After modifying the Email Server system property value, you must restart the server for the change to take effect.
|
Email Validation Pattern
|
XL.EmailValidationPattern
|
[A-Za-z0-9\.\_\#\!\$\&\'\*\/\=\?\^\`\{\}\~\|\%\+\-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}
|
This property contains the regular expression used to validate the email ID of a user.
|
Enable Exception Reports
|
XL.EnableExceptionReports
|
TRUE
|
This property is used to enable the exception reporting feature. Exception reporting is enabled only if the value is set to TRUE.
|
Evaluate LDAP Container Rules for Entity Modification
|
LDAPEvaluateContainerRulesForModify
|
FALSE
|
If the property value is TRUE, then the LDAP container rules defined in LDAPContainerRules.xml are evaluated for entity modification. However, if none of the rules match, then the default container is not returned. The original parent container of the entity is returned, which means that there is no change in the entity DN.
If the property value is FALSE, then the LDAP container rules defined in LDAPContainerRules.xml are not evaluated. The entity DN does not change.
Note: This property only applies to a modification scenario and not to the entity creation scenario.
|
Force to set questions at startup
|
PCQ.FORCE_SET_QUES
|
False
|
When the user logs into the Oracle Identity Self Service or Oracle Identity System Administration for the first time, the user must set the default questions for resetting the password.
Note: After modifying the value of this property, you must restart Oracle Identity Manager server for the changes to take effect.
|
GTC Auto Import
|
XL.GTCAutoImport
|
true
|
Based on the value of this property, the DM xml that is generated while Generic Technology Connector (GTC) creation can be saved to a directory.
The default value of this property is true.
When the value of this property is set to "False", then while creating GTC, the DM xml (the xml that GTC creates and imports using Deployment Manager internally while GTC creation) created by the GTC framework is stored in the following directory:
OIM_HOME/GTC/XMLOutput
The naming convention followed for the DM xml is:
GTCNAME_CURRENTDATE_ TIMESTAMPcreated using date format "yyyy-MM-dd-HH-mm-ss".xml
For example:
TRUSTEDCSV_2009-02-05-22-41-11.xml
|
Homepage for Self Service console
|
OIM.IdentityHomepage
|
none
|
This property is used to set the page to be displayed after a user logs in to Oracle Identity Manager Self Service.
You can set one of the following as the value of this property:
After modifying the value of this property, you must restart Oracle Identity Manager server for the changes to take effect.
Note: This property is not used in Oracle Identity Manager 11g Release 2 (11.1.2.3.0).
|
Identity Auditor Feature Set Availability
|
OIG.IsIdentityAuditorEnabled
|
FALSE
|
When the value of this property is TRUE, role lifecycle management, Segregation of Duties (SoD), and identity certification are enabled.
Note: After modifying the value of this system property, you must restart Oracle Identity Manager server for the changes to take effect.
|
Inbox Task Tabs (none/all)
|
UI.INBOX.VIEW.TaskTabs
|
none
|
This property determines whether or not to show additional links, such as Initiated tasks, Reportees and Administrative tasks, in the Inbox. When set to all, the following links are displaied in the Inbox:
My tasks,Initiated tasks, Reportees, Administrative tasks.
When set to none, only the My tasks link is displayed in the Inbox.
|
Indicates if referential integrity is enabled in target LDAP directory
|
XL.IsReferentialIntegrityEnabledInLDAP
|
FALSE
|
The value of this property is TRUE if referential integrity in target LDAP directory is turned on.
The value of this property is FALSE if referential integrity in target LDAP directory is turned off.
To be able to modify an entity stored in LDAP, this prop must be set to TRUE.
|
Is DataProvider LDAP/DB
|
OIM.DataProvider
|
DB
|
Specifies the data provider, which is Oracle Identity Manager database. The default value is DB, which indicates that the database is the data provider.
|
Is disabled manager allowed
|
AllowDisabledManagers
|
FALSE
|
Specifies whether a user in the disabled state can be set as a manager for another user.
|
Is OIM Notifications disabled (true/false)
|
XL.DisableAllNotifications
|
false
|
This property is used to enable or disable all notifications in Oracle Identity Manager. When the value of this property is set to false, notifications are enabled. When the value of this property is true, notifications are disabled.
|
Is Self-Registration Allowed
|
XL.SelfRegistrationAllowed
|
TRUE
|
If the value is TRUE, then the users are allowed to self-register.
|
LDAP Reservation Plugin
|
XL.LDAPReservationPluginImpl
|
oracle.iam.identity.usermgmt.impl.plugins.reservation.ReservationInOID
|
This property determines the LDAP reservation plugin implementation to be picked up for reservation of user attributes.
|
Level of Role Auditing
|
XL.RoleAuditLevel
|
None
|
This property controls the amount of audit data collected when an operation is performed on a role, such as creation or modification. The supported levels are:
|
Notify other recipients with the password reset email if email of user is null
|
XL.NotifyPasswordGenerationToOther
|
TRUE
|
When the value of this property is TRUE, the email notification for reset password is sent to other recipients if the email ID of the user is not specified.
|
Number of records to be executed in a batch during Catalog Enrichment
|
XL.CatalogEnrichmentBatchSize
|
500
|
This property determines how many records must be processed in a batch by the catalog job during catalog enrichment.
|
OIA integration status
|
OIM.IsOIAIntegrationEnabled
|
FALSE
|
Specifies whether OIA is integrated with Oracle Identity Manager.
Set the value of this property to
TRUE before you add role memberships in Oracle Identity Manager.
If you set the value of this property to
FALSE,incremental role memberships into OIA will not work.
Note: You must do a full import of role memberships at least once after this property is enabled.
|
Old Password Validator
|
OIM.OldPasswordValidator
|
oracle.iam.identity.usermgmt.impl.ContainerLoginPasswordVerifier
|
The property specifies the name of the plugin class to be used for verifying old passwords.
|
OMSS Enabled
|
OMSS Enabled
|
false
|
When the value of this property is true, OMSS integration is enabled, and the OMSS links and tabs are displayed in Oracle Identity Self Service.
Note: After modifying the value of this system property, you must restart Oracle Identity Manager server for the changes to take effect.
|
Period to Delay User Delete
|
XL.UserDeleteDelayPeriod
|
0
|
This property is used to specify the time period before deleting a user. When this property is set and a user is deleted, the user's state is changed to disabled and "automatically delete on date" is set to current date plus the delay period.
If this property is not set, then the user is automatically deleted at the expiration of the end date by the Disable/Delete User After End Date scheduled job.
|
Proxy User Email Notification
|
XL.ProxyNotificationTemplate
|
Notify Proxy User
|
The corresponding PTY_VALUE is the e-mail definition name that is sent when a proxy user is created. User gets a notification e-mail when the user is made the proxy for some other user.
|
Recon Batch Size
|
OIM.ReconBatchSize
|
500
|
This property is used to specify the batch size for reconciliation. You can specify 0 as the value for this to indicate that the reconciliation will not be performed in batches.
Note: When using trusted source reconciliation from Oracle Directory Server Enterprise Edition (ODSEE), the value of this property must not be 0. When the value is 0, users are not created in Oracle Identity Manager.
Note: You must restart Oracle Identity Manager server after setting this property.
|
Request Notification Level
|
RequestNotificationLevel
|
0
|
This property indicates whether or not notification is sent to the requester and beneficiary when a request is created or the request status is changed. This property can have the following values:
For request notification level 2, notifications are sent for request creation and change of status to any of the Request End statuses. Request End statuses include Request Failed and other failure related statuses, Request Completed, Request Withdrawn, and Request Closed.
|
Retry Count for recon event
|
Recon.RetryCount
|
5
|
This property determines the reconciliation retry count. The retry count value is picked up from the value of this property.
If you specify a value that is greater than 0, then auto retry is configured. If you specify 0 as the value of this property, then auto retry is not configured.
|
Search Stop Count
|
XL.IDADMIN_STOP_COUNT
|
300
|
This property determines the maximum number of records that are displayed in the advanced search result. If the search criteria specified returns more number of records than that value of this property, then the number of records displayed is limited to this value. In addition, a warning is displayed stating that the results exceed maximum counts and you must refine your search with additional attributes.
|
Segregation of Duties (SOD) Check Required
|
XL.SoDCheckRequired
|
FALSE
|
This property indicates whether or not Segregation of Duties (SoD) check is required.
|
Send email notification based on user locale
|
XL.SendEmailNotificationBasedOnUserLocale
|
false
|
This property determines whether an email notification is sent based on the receiver's (user/manager/assignee/requestor) locale when the value is set to true. If the value is set to false, then notification is sent in the server locale.
Note: This system property has been deprecated in this release of Oracle Identity Manager.
|
Should send notifications in recon or not
|
Recon.SEND_NOTIFICATION
|
true
|
Determines if notification is sent to the user when the user login and password are generated in postprocess event handler for user creation via trusted source reconciliation.
If the value is set to true, then notification is sent when user login and password are generated in postprocess event handler for user creation via trusted source reconciliation.
If the value is set to false, then notification is not sent when user login and password are generated in postprocess event handler for user creation via trusted source reconciliation.
|
Shows tasks assigned to group users with highest priority or least load only
|
XL.ShowTaskAssignedToGroupUserOnly
|
FALSE
|
If the value is TRUE, then the tasks are assigned to group users with highest priority or least load only when the assignment type is Group User With Least Load.
|
Specifies the LDAP container mapper plug-in to be used
|
LDAPContainerMapperPlugin
|
oracle.iam.ldapsync.impl.DefaultLDAPContainerMapper
|
When Oracle Identity Manager is installed with LDAP synchronization enabled, this plug-in determines in which container users and roles are to be created. Value of this system property indicates the default Oracle Identity Manager plug-in name used for computing the container values. If the default plug-in does not meet the requirement, then you can define your own plug-in to determine the container and specify the name of the plug-in in this system property.
|
URL for challenge questions modification
|
OIM.ChallengeQuestionsModificationURL
|
NONE
|
When a user is locked, an automatic unlock occurs after a prescribed time period. This property defines that time period in seconds. Therefore, for example, if a user account is locked and the value of this property is 86400 seconds (one day), then the account is automatically unlocked after one day.
The value of this property is the URL within OAAM that handles the challenge questions. For example:
http://OAAM_HOST:OAAM_PORT/OAAM_SERVER/userPreferences.do?showView=registerQuestions
|
URL for change password
|
OIM.ChangePasswordURL
|
NONE
|
This property is used in combination with the property OIM.DisableChallengeQuestions. The value of this property is the URL within OAAM that handles the change password functionality. For example:
http://OAAM_HOST:OAAM_PORT/OAAM_SERVER/userPreferences.do?showView=changePassword
|
User Attribute Reservation Enabled
|
XL.IsUsrAttribReservEnabled
|
TRUE
|
This property is used to enable user attribute reservation.
|
User Id reuse property.Requires dropping the index present on USR_LOGIN column
|
XL.UserIDReuse
|
FALSE
|
Determines whether a deleted user account can be reused. To reuse a deleted user account, assign this property a value of TRUE and drop the unique index for the USR_LOGIN column in the USR table and create a nonunique index. To prevent a user account from being reused, assign this property a value of FALSE.
Note: It is imperative to de-provision all accounts associated with a deleted user, because if you create a new user with the same user name as that of the deleted user by setting the
XL.UserIDReuse property totrue, then the new user might get access to offline accounts of the deleted user that was not deleted as part of the de-provisioning process. |
User Language
|
user.language
|
en
|
The user.language value is configured during installation for Locale handling at server side.
|
User profile audit data collection level
|
XL.UserProfileAuditDataCollection
|
Resource Form
|
This property controls the user profile data that is collected for audit purpose when an operation is performed on the user, such as creation, modification, or deletion of a user, role grants or revokes, and resource provisioning or deprovisioning. Depending upon the property value, such as Resource Form or None, the data is populated in the UPA table.
The audit levels are specified as values of this property. The supported levels are:
|
User Region
|
user.region
|
US
|
The user.region value is configured during installation for Locale handling at server side.
|
Whether or not email should be validated for uniqueness
|
OIM.EmailUniqueCheck
|
TRUE
|
This property is available in an Oracle Identity Manager 11g Release 2 (11.1.2.1.0) deployment that has been upgraded from an earlier release of Oracle Identity Manager.
If the value of this property is FALSE, then Email Uniqueness check is not performed by Oracle Identity Manager.
If the value if TRUE, then Email Uniqueness check is performed by Oracle Identity Manager.
Note: If this property is not present, then Email Uniqueness check is performed by Oracle Identity Manager.
|
Workflows Enabled
|
Workflows Enabled
|
TRUE
|
This property determines whether SOA server is turned on or turned off.
If the value of this property is TRUE, then SOA sever is turned on.
If the value of this property is FALSE, then SOA server is turned off.
Note: After setting the value of this system property, you must restart Oracle Identity Manager.
Note: Toggling between enabling and disabling workflows is not supported.
|
Workflow Policies Enabled
|
Workflow Policies Enabled
|
TRUE
|
This property determines whether approval workflows is enabled or disabled in Oracle Identity Manager. Approval workflows is used to determine if operation requires approval or not, and if approval is required, then which workflow is to be invoked.
If the value of this property is TRUE, then approval workflow is enabled.
If the value of this property is FALSE, then approval workflow is disabled.
For detailed information about approval workflow, see Chapter 4, "Managing Workflows".
|
Subscribe to:
Posts (Atom)
