Oracle Identity Manager 11g Service Design
OIM 11g OpenPTK Service
A service was created for Project OpenPTK which leverages the Oracle Identity Manager 11g (OIMClient) Java APIs. The service is architected with an abstract base class and two sub-class which implement the User and unauthenticated OIMClient implementations:
Class |
Description |
OIMClientOperations.java |
Abstract class, implements common facilities used by the oracle.iam packages |
OIMClientUnauthenOperations.java |
Extends the abstract class and support unauthenticated Self Service Registration (Create) |
OIMClientUserOperations.java |
Extends the abstract class and support the full OpenPTK Operations: Create, Read, Update, Delete, Search, PwdChange, PwdReset, PwdForgot, Authenticate |
OIMClientRequestOperations.java |
Abstract class, implements common facilities related to Request processing |
OIMClientRequestResourceOperations.java |
Extends abstract class, implements Resource Request processing |
OIMClientRequestRoleOperations.java |
Extends abstract class, implements Resource Role processing |
Unauthenticated OperationsThe unauthenticated Operations class (implementation) is primarily used to support Self Service Registration. See the below <Context> ... </Context> sample that can be used to configure OpenPTK to support registration.
<Context id= "Register-Oracle-OIMClient" enabled= " true " definition= "UnauthenOIM11g" connection= "OIM11g" association= "OIM11G-UNAUTHEN" >
<Properties>
<Property name= "context.description" value= "Oracle Identity Manager 11g, OIMClient Registration" />
<Property name= "operation.classname" value= "org.openptk.spi.operations.OIMClientUnauthenOperations" />
<Property name= "key" value= "uniqueid" />
<Property name= "template.registration" value= "Self-Register User" />
</Properties>
<Operations>
<Operation id= "create" attrgroup= "register-oim11g-create" >
<Properties>
<Property name= "timeout" value= "%{timeout.write}" />
</Properties>
</Operation>
</Operations>
</Context>
User OperationsThe user Operations class (implementation) supports all of the OpenPTK operations. It does require the use of a "proxy user" with the proper privileges (xelsysadm). See the below <Context> ... </Context> sample that can be used to configure OpenPTK to support user operations. <Context id= "User-Oracle-OIMClient" enabled= " true " definition= "UserOIM11g" connection= "OIM11g" association= "OIM11G-USER" >
<Properties>
<Property name= "context.description" value= "Oracle Identity Manager 11g, OIMClient API" />
<Property name= "operation.classname" value= "org.openptk.spi.operations.OIMClientUserOperations" />
<Property name= "key" value= "uniqueid" />
<Property name= "search. default .order" value= "firstname,lastname,uniqueid,email" />
<Property name= "search.operators" value= "AND,OR,CONTAINS,EQ" />
</Properties>
<Operations>
<Operation id= "create" attrgroup= "user-oim11g-create" >
<Properties>
<Property name= "timeout" value= "%{timeout.write}" />
</Properties>
</Operation>
<Operation id= "read" attrgroup= "user-oim11g-read" >
<Properties>
<Property name= "timeout" value= "%{timeout.read}" />
</Properties>
</Operation>
<Operation id= "search" attrgroup= "user-oim11g-search" >
<Properties>
<Property name= "timeout" value= "%{timeout.read}" />
<Property name= "sort" value= "lastname,firstname" />
</Properties>
</Operation>
<Operation id= "update" attrgroup= "user-oim11g-update" >
<Properties>
<Property name= "timeout" value= "%{timeout.write}" />
</Properties>
</Operation>
<Operation id= "delete" attrgroup= "user-oim11g-delete" >
<Properties>
<Property name= "timeout" value= "%{timeout.write}" />
</Properties>
</Operation>
<Operation id= "pwdchange" attrgroup= "user-oim11g-pwd" >
<Properties>
<Property name= "timeout" value= "%{timeout.write}" />
</Properties>
</Operation>
<Operation id= "pwdreset" attrgroup= "user-oim11g-pwd" >
<Properties>
<Property name= "timeout" value= "%{timeout.write}" />
</Properties>
</Operation>
<Operation id= "pwdforgot" attrgroup= "user-oim11g-forgot" >
<Properties>
<Property name= "timeout" value= "%{timeout.write}" />
</Properties>
</Operation>
<Operation id= "authenticate" attrgroup= "user-oim11g-pwd" />
</Operations>
</Context>
Query Converter
The query converter OIMClientQueryConverter.java has been implemented to support multi-level complex queries:
- Different attributes (firstname, lastname, email)
- Operators (equals, begins, contains)
|
|