Introduction
An under the hood inspection of what happens when we perform actions on a user profile in OIM 11g. The intended audience for this experiment is experienced OIM 9.x developers who are learning OIM 11.x
The Setup
I am using
Component
|
Version
|
Operating System
|
Windows 2003 R2 (Enterprise x64 Edition)
|
Application Server
|
Weblogic 10.3.5
|
Database Server
|
Oracle 11gR2
|
OIM
|
11.1.1.5.0
|
The Code
All adapters in this document are for entity User. The extension points that have used for creating plugins are
Action
|
Extension Point
|
Plugin Class Name
|
Create
|
oracle.iam.platform.kernel.spi.ValidationHandler
|
CreateUserValidateHandler
|
oracle.iam.platform.kernel.spi.CreateUserFinalizeHandler
|
CreateUserFinalizeHandler
| |
oracle.iam.platform.kernel.spi.VetoHandler
|
CreateUserVetoHandler
| |
oracle.iam.platform.kernel.spi.PreProcessHandler
|
CreateUserPreHandler
| |
oracle.iam.platform.kernel.spi.PostProcessHandler
|
CreateUserPostHandler
| |
Modify
|
oracle.iam.platform.kernel.spi.PreProcessHandler
|
ModifyUserPreHandler
|
oracle.iam.platform.kernel.spi.PreProcessHandler
|
ModifyUserPostHandler
|
NOTE: Some more classes are added in the later scenarios. They are not listed here. Please see the respective scenario for more information on that.
Reconciliation Setup
The resource and process definition for Xellerate User has been configured for reconciliation in the following way.
Resource Object (Xellerate User)
NOTE: Click on “Create Reconciliation Profile” for sure after this!!
Process Definition (Xellerate User)
Reconciliation Rule (Xellerate User)
Hello World Scenarios
Scenario 1: Create User from the OIM console
We want to create a user. Let us do that from the OIM web application.
Here is what I got in the logs
So the event invocation hierarchy seems to be this
Validate
|
Pre-Create
|
Post-Create
|
Finalize
|
Veto adapter was not executed. How can I get this working?
Scenario 2: Modify User from the design console
We want to modify a user. Let us do that from the web console.
Here is what I get:
Invocation Sequence:
Pre-Update
|
Post-Update
|
Veto and Validation adapter were not executed.
Scenario 3: Create a user by reconciliation
We want to create a user, but we will create it using reconciliation. I don’t have any targets to connect, so I simply created a reconciliation event using API. The code is here
Here is what I get:
Invocation Sequence:
Pre-Create
|
Post-Create
|
Finalize
|
Scenario 4: Update a user by reconciliation
I already have a user created by reconciliation in the last scenario. Let us modify that using a reconciliation event. For our case First Name is the primary key, so I have made sure that the recon event that I created had the same First Name as generated in the last scenario.
Invocation Sequence:
Pre-Update
|
Post-Update
|
Scenario 5: Create User - Let us force some failures
So far we have just created users and the plug-in has not done much. Let us create one more plug-in that deliberately tries to stop the user from getting created.
Most of the code is similar to CreateUserPreHandler, but it differs in the execute function
Here is what I get:
Create user does not go through, although it reports no error.
The veto adapter got called twice! Let us add one more veto adapter. Here is what I get
Scenario 6: Modify User - Let us force some failures
We will do a similar thing now, for the modify user operation. I don’t want the modify user operation to work. So I am going to force a veto in the pre-update process. I don’t have a veto adapter for the modify process, but we are not doing anything there, so let us skip that for now.
I am changing the middle name
The pre-update fail plug-in gets executed and the modification fails. Bingo!
Scenario 7: User Creation from Reconciliation revisited
Now that we are forcing the create user process to fail deliberately, let us try creating users by reconciliation again.
The user creation failed!
Let us check the plug-in logs:
Scenario 8: User Modification from Reconciliation revisited
Let us try to modify a user, using a reconciliation event. I will use the same code as in the older scenario(ReconManualUpdate.java). There is just one small change which is this
Modification fails!!
The reason:
My plug-in logs:
Summary
The documentation says that the Pre-Update will not be called during reconciliation. But the test speaks otherwise. I can see the initialize function being called for all the adapters registered, but the veto adapter never got called. The veto adapter gets called only when I set it true in the execute method for the Pre-Update adapters. The plug-in XML has a XSD definition that is orchestration-handlers.xsd. The XSD has different values listed for stage and elements. A lot of them seem to be undocumented.
No comments:
Post a Comment