tag:blogger.com,1999:blog-1816408742331555186.comments2023-05-22T03:03:54.478-07:00Oracle Fusion Middleware SecurityChris Johnson (Oracle)http://www.blogger.com/profile/13331466366556759355noreply@blogger.comBlogger718125tag:blogger.com,1999:blog-1816408742331555186.post-85491466643226649772013-09-20T02:22:01.564-07:002013-09-20T02:22:01.564-07:00Hi Newbie.
I'm not sure I completely understa...Hi Newbie.<br /><br />I'm not sure I completely understand what your requirement is, but I think it's possible you may be confusing the concepts "scheme" , "module" and "plugin". <br /><br />If I understand what you're trying to do, you probably need to build a new authentication module which ties together a number of out-of-the-box plugins with appropriate flow logic. You would then create a new scheme to use this module. <br /><br />HTH<br />Rob<br />Rob Ottohttps://www.blogger.com/profile/05129932765232969521noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-59891559609353371712013-05-17T06:58:20.714-07:002013-05-17T06:58:20.714-07:00That is a bit more complicated than populating the...That is a bit more complicated than populating the main form, especially if you have more than one child form. Unfortunately I do not have an example for that.Daniel Gralewskihttps://www.blogger.com/profile/05627459432973623605noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-39940469092602537082013-05-17T06:55:24.932-07:002013-05-17T06:55:24.932-07:00yes and yes. ICF is either Java (multi platform) o...yes and yes. ICF is either Java (multi platform) or MS based (Windows). And the connectors running on it cam talk different protocols.Daniel Gralewskihttps://www.blogger.com/profile/05627459432973623605noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-87173155219186822962013-05-17T06:53:38.974-07:002013-05-17T06:53:38.974-07:00I did not understand the issue.I did not understand the issue.Daniel Gralewskihttps://www.blogger.com/profile/05627459432973623605noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-18199461772861922662013-05-17T06:44:33.946-07:002013-05-17T06:44:33.946-07:00OSB and ICF are not meant to solve the same proble...OSB and ICF are not meant to solve the same problems. So it is not a choice of going with one or another. Service bus are like a front end for published web servers, whereas ICF is specific for identity management connectors.Daniel Gralewskihttps://www.blogger.com/profile/05627459432973623605noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-16035014874841034092013-05-17T06:30:55.791-07:002013-05-17T06:30:55.791-07:00Shidart, I didn't get the whole picture. If yo...Shidart, I didn't get the whole picture. If your servlet is running in a different domain than OIM, then you have to enable cross domain trust: http://docs.oracle.com/cd/E15051_01/wls/docs103/secmanage/domain.htmlDaniel Gralewskihttps://www.blogger.com/profile/05627459432973623605noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-6090119851923966252013-05-17T06:27:26.905-07:002013-05-17T06:27:26.905-07:00Manoj,
Due to some missing authorization policies...Manoj,<br /><br />Due to some missing authorization policies, it is not possible to customize that page via sandbox route. That might be fixed in upcoming bundle patches.<br /><br />ThanksDaniel Gralewskihttps://www.blogger.com/profile/05627459432973623605noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-82625441796287100212013-05-08T03:43:36.039-07:002013-05-08T03:43:36.039-07:00Hi Daniel,
When user login for the first time via...Hi Daniel,<br /><br />When user login for the first time via user console, oim redirects on change password and set challenge questions page. Can i customize that page e.g. adding a new component or so, Ff yes then how to access customize that page ??<br />Please reply. Thanks in Advance.<br /><br /> Anonymoushttps://www.blogger.com/profile/11000659524724545292noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-13476269808864363282013-05-05T19:55:14.793-07:002013-05-05T19:55:14.793-07:00Is there any special configuration needed if this ...Is there any special configuration needed if this servlet is deployed on a remote weblogic domain which participates in the same OAM SSO realm. I am getting exception when i attempt this:<br />https://forums.oracle.com/forums/thread.jspa?threadID=2531885&tstart=0Shidharthhttps://www.blogger.com/profile/15513952274125016776noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-39354754976493108312013-05-01T12:21:25.622-07:002013-05-01T12:21:25.622-07:00Hi,
Just faced this issue where session cookies o...Hi,<br /><br />Just faced this issue where session cookies of our Custom EAR deployments were colliding with the Oracle Discoverer Viewer cookie named "JSESSIONID". Resolved issue by changing the cookie name in the weblogic.xml of the web app in our Custom EAR.<br /><br />Nonetheless, very disappointing that Oracle Discoverer Viewer did not explicitly name its own cookie.<br /><br />Thank You for this blog. I will definitely look forward to new posts.Richardhttps://www.blogger.com/profile/07006034142465815327noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-28922526341555166322013-04-26T14:03:31.251-07:002013-04-26T14:03:31.251-07:00Keith,
I tested in my environment and the date sh...Keith,<br /><br />I tested in my environment and the date shows up fine in the View User Details page. I used ADF Output Text with Label.<br /><br />make sure the data component you are selecting for this specific page is "Data Component - Manage Users" and not the "Data Component - Catalog"Daniel Gralewskihttps://www.blogger.com/profile/05627459432973623605noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-47608248639176638002013-04-26T13:29:24.568-07:002013-04-26T13:29:24.568-07:00Jeremy,
No, it is not a best practice to never co...Jeremy,<br /><br />No, it is not a best practice to never commit. It is true you cannot export it after you commit, so you have to export it before.<br /><br />But you should always commit the sandbox so it gets tested by the end users/testers. When you create a sandbox, you usually do that as system administrator, and first test it that way, but that is not a complete test case, the users to whom the functionality is meant to need to test it as well.<br /><br />Keep in mind that sandboxes are not only used for UI customization, they are also used in some OIM functionalities like UDF and application instance forms. And for being able to use these ones you have to publish the sandbox.Daniel Gralewskihttps://www.blogger.com/profile/05627459432973623605noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-88677021453161844702013-04-26T13:16:37.075-07:002013-04-26T13:16:37.075-07:00So is it a best practice to never commit your sand...So is it a best practice to never commit your sandbox in a dev environment? it looks like once committed, it's no longer a sandbox, and no longer exportable. I'd prefer maintain all my cumulative customizations in a single deployment package, rather than accruing multiple deployment packages that must be applied one at a time to a new target environment.Jeremyhttps://www.blogger.com/profile/09512239479465487946noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-87408418594451288212013-04-26T13:05:48.795-07:002013-04-26T13:05:48.795-07:00Pallavi,
You can have a code within the task to t...Pallavi,<br /><br />You can have a code within the task to trigger the notification. <br /><br />But you cannot directly associate the notification to the task completion.<br />Hope this helpsDaniel Gralewskihttps://www.blogger.com/profile/05627459432973623605noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-45890683889410334632013-04-26T12:51:02.583-07:002013-04-26T12:51:02.583-07:00Anyone who can answer this question. I have a USR...Anyone who can answer this question. I have a USR_UDF_LASTUPDATEDDATE which is a date field in the USR table and comes from my custom connector through a Trusted Source Reconciliation. I am able to verify it is in the database. When I customize the "View User Details" page (see page 7-23 of the e27149 Administrators Guide) and add that field to the page, it shows up blank. I have tried this with a ADF Output Text w/Label and an ADF Output Formatted w/Label. Neither works and none of the other dates show up. How do I get these dates to show on the page?Keith Smithhttps://www.blogger.com/profile/15821753238898004952noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-82078784807643218902013-04-26T12:46:45.288-07:002013-04-26T12:46:45.288-07:00And by that logic they are incremental.And by that logic they are incremental.Keith Smithhttps://www.blogger.com/profile/15821753238898004952noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-57068331852030722372013-04-26T12:45:41.544-07:002013-04-26T12:45:41.544-07:00I will say this is no small challenge. I have mig...I will say this is no small challenge. I have migrated a number of changes from my sandbox VM into a client's DEV environment, and will be migrating those changes plus many many more into the client's TEST environment soon. Best advice I can give is (1) Name your sandboxes with Client_yyyyMMdd_HHmm so that each sandbox is basically date stamped by its name and is nearly impossible to accidently create a second time (a big no-no) (2) Always export your sandbox before publishing (3) Be meticulous (borderline psychotic) about documenting everything you do and (4) always follow the published documentation on migration.Keith Smithhttps://www.blogger.com/profile/15821753238898004952noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-3414448272323530572013-04-26T06:43:56.942-07:002013-04-26T06:43:56.942-07:00Can we use it to send notification to member of OI...Can we use it to send notification to member of OIM group on completion of provisioning task? Pallavihttps://www.blogger.com/profile/10529485566507708976noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-29811888058455266692013-04-17T20:54:18.230-07:002013-04-17T20:54:18.230-07:00Excellent post...the most real time scenario imple...Excellent post...the most real time scenario implementation and very helpful to understand the latest product...ThanksCoolguyhttps://www.blogger.com/profile/17650903773484351551noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-23003379765197190442013-04-15T22:39:11.842-07:002013-04-15T22:39:11.842-07:00Also does this framework support following,
1)Can ...Also does this framework support following,<br />1)Can Integration possible irrespective of the platform (linux,solaris,win etc) / protocal (http,https,jms, etc) ?<br />2) does it support application within org and outside the org/intranet (i mean in cloud))<br />example<br />Lets take a typical environment where we have CRM system (linux), HR sys (cloud) email system (window) , Billiing system. For example this application running on different platform, some running within org some on the cloud,. Different application,different protocol and different api<br /><br />can ICF framework support above ?iamcreativehttps://www.blogger.com/profile/11992269034874695620noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-55156096136387208702013-04-15T22:38:39.477-07:002013-04-15T22:38:39.477-07:00Hi Daniel,
I heard aboud below problem, is it sti...Hi Daniel,<br /><br />I heard aboud below problem, is it still exist?<br />1) complete LDAP schema with native object class. For example inetOrgPerson<br />2) On the other hand, the framework provides pre-defined and fixed object class names __ACCOUNT__ and __GROUP__<br /><br />Problem:<br />both __ACCOUNT__ and inetOrgPerson object classes are exposed by the LDAP identity connector and they are the same. Which one should be used, no clarity in the framework?<br /><br />Is there any other Issues you come accross this framework ?<br />Help Appreciated.iamcreativehttps://www.blogger.com/profile/11992269034874695620noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-87578130567317900522013-04-14T02:39:34.701-07:002013-04-14T02:39:34.701-07:00or can you highlight some example which can not fu...or can you highlight some example which can not fullfill using ICF and we must go for OSB/ESB.<br /><br />Help Appreciated.iamcreativehttps://www.blogger.com/profile/11992269034874695620noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-85305176666634570592013-04-14T02:36:51.881-07:002013-04-14T02:36:51.881-07:00OSB (oracle service bus) i mean ESB. I think even ...OSB (oracle service bus) i mean ESB. I think even many people prefer ESB for integration/connector rather than ICF, not sure why , do you have any thought ?iamcreativehttps://www.blogger.com/profile/11992269034874695620noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-82690910658991888062013-04-12T05:55:51.401-07:002013-04-12T05:55:51.401-07:00Hi there, I have not heard about ICF over OSB. One...Hi there, I have not heard about ICF over OSB. One should go for ICF when developing new connectors (or re-coding existing ones), Daniel Gralewskihttps://www.blogger.com/profile/05627459432973623605noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-25177693131074762532013-04-10T23:13:15.554-07:002013-04-10T23:13:15.554-07:00Hi Rob,
I have the following requirement:
We need ...Hi Rob,<br />I have the following requirement:<br />We need to implement a custom authentication scheme in OAM that will invoke the OOTB Form-based/WNA and then Certificate-based scheme. <br /><br />From what all you have mentioned above I understand, I should be invoking the two already existing schemes in OAM in the plugin?<br />Please confirm the understanding.<br /><br />Thanks,<br />Newbie.Newbiehttps://www.blogger.com/profile/10679607139258541282noreply@blogger.com