Monday, January 28, 2013

Populating request attributes in OIM 11g R2 Part II - UI Customization

This is the second post of a two-post series about pre-populating requests in OIM 11g R2. The first post is available here. This post is also part of OIM 11g Academy Series.

The approach describe in this post is more sophisticated when compared to the pre-populate plug-in described in the previous post. The emphasis here is UI interaction. It is also important to mention that this approach does not work for requests created through the APIs, it works only for UI based requests. Another difference is that while the pre-populated plug-ins are specific to request attributes, this approach is application instance specific. In other words, each different application instance request form will require a different customization.

Wednesday, January 23, 2013

Populating request attributes in OIM 11g R2 Part I - Prepopulate Plug-in

This is the first of a two posts series about pre-populating requests in OIM 11 R2. This post is also part of the OIM 11g Academy Series.

With the introduction of the Catalog, request creation process changed from a wizard to a shopping cart experience style. But request pre-populating is still a common requirement for OIM customers.

There are two different approaches to pre-populate a request:
  1. Pre-populate plug-ins
  2. UI customization

Monday, January 21, 2013

Twitter Jam Tomorrow

Date: Tuesday, January 22, 2013
Time: 10 am PT / 1 pm ET
Topic: Authentication – Stronger or More Often?
Platform: Twitter
Hashtag: #authchat

Get Your Tweets On…

If you are on Twitter, join the tweet jam on Authentication on Jan 22nd at 10 am PT. You will be tweeting with the industry heavyweights and the IDM twitterati. Mike Neuenschwander will take control of the @OracleIDM handle and jam with industry experts on this year’s hot topic – Authentication! You don’t have to sit on the sidelines. Join in the discussion. Mike will kick it off at 10 am PST. Just follow #authchat.

Some housekeeping notes for the tweet jam:
-           Please make sure to use #authchat for every tweet you send on this topic
-           Pls use A1, A2… et al when responding to questions so it is easy for anyone following the discussion.
-           You can amplify others’ comments by retweeting. When modifying a tweet before retweeting, it is generally acceptable to use “MT” rather than “RT”
-           If replying to another tweet, pls don’t forget to use #authchat  and put a “.” (period) in front of the initiator’s twitter handle so everyone can see the response.
-           Feel free to solicit responses/comments from specific individuals by calling out their twitter handles. Just don’t forget to put the hashtag #authchat

Follow @OracleIDM today. And let your followers know about the upcoming tweet jam by tweeting about it. Perhaps something along the lines of:
Looking forward to the tweet jam on #authentication and getting the industry’s take. Join on Jan 22, 10 a PT #authchat #oracleidm

They will be archiving and posting the discussion on our blog OracleIDM afterwards.

Friday, January 4, 2013

OIM 11g R2 Requests Lifecycle Management API’s


OIM 11g R2 being such a comprehensive provisioning solution, it provides API’s for almost every aspect of functionality available in the product. This makes it a little difficult to decide which examples are needed the most in the documentation. Fortunately, the documentation does supply samples that can definitely serve as a foundation for more complex pieces of code. Some of the API’s I found developers using more often than others are the ones related to the operations associated with users’ requests for resources. Amongst those the following API’s are mostly required:
  • Request Creation/Submission
  • Request History Data Access
  • Child Table Data Manipulation
  • Approval Information Data Access
This blog post will include a few samples on how to accomplish each one of the above mentioned operations within the context of a use case described shortly. The intent is to provide some useful API’s code samples that customers and partners can use to write their own custom code that requires such functionality.

Thursday, January 3, 2013

Authenticating OIM APIs without end user's password

A common requirement in an OIM implementation is to not expose OIM user interface to all types of end users. To address this requirement, usually a custom application using OIM APIs is developed and deployed. Such application will expose specific OIM functionalities to end users. In most of the cases, customers want the custom application/OIM APIs to act as the end user, and not as a service account; this approach leverages OIM security model, and the actions will be correctly audited in OIM. Usually this custom application will be protected by a SSO solution, and asking the end user to provide his/her password is not an option. So the big question is: how to authenticate the OIM APIs against OIM server and make them act as the end user?

This is another post in the OIM Academy series. To view the entire OIM 11g Academy series click here

In OIM 9.x, the APIs provide two different ways of authentication: through OIM user's credentials (username and password) and through the so called digital signature authentication. The digital signature authentication process allows authentication without a password, and because of that it is a largely used approach in custom OIM APIs based applications.

With the introduction of OIM 11g, the digital signature APIs are being deprecated. They will still work when correctly configured, but they may be discontinued in future OIM releases.

In R2 there is an easier way of using OIM APIs without the need of end's user password. This post shows how this can be done.