Projects‎ > ‎

OIM11g Service

Oracle Identity Manager 11g Service Design

OIM 11g OpenPTK Service

A service was created for Project OpenPTK which leverages the Oracle Identity Manager 11g (OIMClient) Java APIs. The service is architected with an abstract base class and two sub-class which implement the User and unauthenticated OIMClient implementations:

Class Description
OIMClientOperations.java Abstract class, implements common facilities used by the oracle.iam packages
OIMClientUnauthenOperations.java Extends the abstract class and support unauthenticated Self Service Registration (Create)
OIMClientUserOperations.java Extends the abstract class and support the full OpenPTK Operations: Create, Read, Update, Delete, Search, PwdChange, PwdReset, PwdForgot, Authenticate
OIMClientRequestOperations.java Abstract class, implements common facilities related to Request processing
OIMClientRequestResourceOperations.java Extends abstract class, implements Resource Request processing 
OIMClientRequestRoleOperations.java Extends abstract class, implements Resource Role processing 

Unauthenticated Operations

The unauthenticated Operations class (implementation) is primarily used to support Self Service Registration. See the below <Context> ... </Context> sample that can be used to configure OpenPTK to support registration.

<Context id="Register-Oracle-OIMClient" enabled="true" definition="UnauthenOIM11g" connection="OIM11g" association="OIM11G-UNAUTHEN">
   <Properties>
      <Property name="context.description"      value="Oracle Identity Manager 11g, OIMClient Registration" />
      <Property name="operation.classname"      value="org.openptk.spi.operations.OIMClientUnauthenOperations" />
      <Property name="key"                      value="uniqueid" />
      <Property name="template.registration"    value="Self-Register User" />
   </Properties>
   <Operations>
      <Operation id="create" attrgroup="register-oim11g-create">
         <Properties>
            <Property name="timeout" value="%{timeout.write}" />
         </Properties>
      </Operation>
   </Operations>
</Context>

User Operations

The user Operations class (implementation) supports all of the OpenPTK operations. It does require the use of a "proxy user" with the proper privileges (xelsysadm). See the below <Context> ... </Context> sample that can be used to configure OpenPTK to support user operations.

<Context id="User-Oracle-OIMClient" enabled="true" definition="UserOIM11g" connection="OIM11g" association="OIM11G-USER"> <Properties> <Property name="context.description" value="Oracle Identity Manager 11g, OIMClient API" /> <Property name="operation.classname" value="org.openptk.spi.operations.OIMClientUserOperations" /> <Property name="key" value="uniqueid" /> <Property name="search.default.order" value="firstname,lastname,uniqueid,email" /> <Property name="search.operators" value="AND,OR,CONTAINS,EQ" /> </Properties> <Operations> <Operation id="create" attrgroup="user-oim11g-create"> <Properties> <Property name="timeout" value="%{timeout.write}" /> </Properties> </Operation> <Operation id="read" attrgroup="user-oim11g-read"> <Properties> <Property name="timeout" value="%{timeout.read}" /> </Properties> </Operation> <Operation id="search" attrgroup="user-oim11g-search"> <Properties> <Property name="timeout" value="%{timeout.read}" /> <Property name="sort" value="lastname,firstname" /> </Properties> </Operation> <Operation id="update" attrgroup="user-oim11g-update" > <Properties> <Property name="timeout" value="%{timeout.write}" /> </Properties> </Operation> <Operation id="delete" attrgroup="user-oim11g-delete"> <Properties> <Property name="timeout" value="%{timeout.write}" /> </Properties> </Operation> <Operation id="pwdchange" attrgroup="user-oim11g-pwd"> <Properties> <Property name="timeout" value="%{timeout.write}" /> </Properties> </Operation> <Operation id="pwdreset" attrgroup="user-oim11g-pwd"> <Properties> <Property name="timeout" value="%{timeout.write}" /> </Properties> </Operation> <Operation id="pwdforgot" attrgroup="user-oim11g-forgot" > <Properties> <Property name="timeout" value="%{timeout.write}" /> </Properties> </Operation> <Operation id="authenticate" attrgroup="user-oim11g-pwd" /> </Operations> </Context>

Query Converter

The query converter OIMClientQueryConverter.java has been implemented to support multi-level complex queries:

  • Different attributes (firstname, lastname, email)
  • Operators (equals, begins, contains)