by Venkata Siva Rami Reddy Kurri

Introduction

Oracle Identity Manager (OIM) is a highly flexible and scalable enterprise identity administration system that provides operational and business efficiency by providing centralized administration and complete automation of identity and user provisioning events across enterprise as well as extranet applications.

OIM provides a centralized catalog of access rights, including enterprise and application roles, standard and privileged accounts (OOTB integration with Oracle Privileged Access Manager) and entitlements. OIM enables customers to create multiple views of the centralized catalog, like catalog by location, by department or a hierarchical catalog showing all applications along with associated entitlements etc, tailored to their needs.

This article describes how OIM Catalog Cart Items can be customized by using OIM user interface customization capabilities to achieve the described business use case.

This article assumes the reader has basic knowledge of the business processes that can be supported in the OIM Access Request Catalog. This document also assumes basic knowledge of OIM UI customization capabilities.

Glossary

• Resource: Account, role or entitlement being requested

• Beneficiary: Target user who will be provisioned a resource once approval is received

• Requestor: User submitting the request

Introduction

Oracle Identity Manager is an enterprise identity management system that manages user's access privileges in enterprise IT resources by controlling users, roles, accounts, and entitlements. It provides the functionalities for provisioning, identity and role administration, approval and request management, policy-based entitlement management, technology integration, and audit and compliance automation. Oracle Identity Manager is designed to administer intranet as well as extranet users, roles, and organizational access privileges across a company's resources throughout the entire identity management life cycle.

A sample business requirement

OIM out of box catalog search results and details page do not provide any indication to a requester as to whether a cart item is already provisioned to a beneficiary or not. Requestor is assumed to first verify what a beneficiary has access to via the User Details page before requesting new access for the beneficiary. While this is alright if the beneficiary only has a few cart items provisioned, it can be very confusing to determine this if a beneficiary has hundreds of cart items provisioned (e.g. Entitlements). Further, with no indication, a request getting submitted for a user who already has the same access could result in lost productivity for the requestor, any approvers involved in the access request and any access fulfillment teams involved in manual fulfillment scenarios.

A customer’s business requirement may outline that they would like to provide an indication to requestor about what access a beneficiary already has or not.

Customization Example

The following screenshot shows how this requirement can be implemented in OIM. On the Catalog Checkout page, in the target users table, an indication can be shown for users who already have some access provisioned based on checked out items.

• If any of the selected resource (cart items) are already provisioned to a selected user, a warning icon can be displayed next to the user in the Target Users table.
• If we click on warning icon, we will get a warning message with the provisioned resources which are selected in the cart.
• Until all the warnings are resolved, the Catalog Submit button is disabled.
• Requestor can either remove the beneficiary or cart item to resolve the warnings.
• Requestors can be warned about duplicate access requests of this type and forced to cleanup a request before submission.

Solution

This solution consists of following steps:

1. Create a custom application using JDeveloper and generating a jar file.
2. Deploy the jar file created in step1 as part of oracle.iam.ui.custom shared library.
3. Create a sandbox to invoke custom code from UI and publishing it.

1. Creating the Application in Jdeveloper

1. Open Jdeveloper

2. Choose Default Role and click OK.
   
3. Create a New Application, as illustrated in the following set of images:
   
   
4. In OIMCustomView Project, create a new Java class, as shown below.

Right click on the project and select New:
From the New gallery, choose Java in the General category tree. Then choose Java Class, then click OK:

Provide the class name ("CatalogCartDetailsBean") and package name ("com.oracle.oim.cust.view.bean"), the click OK:

5. Copy and paste the following file source code as part of the newly created class as above:

6. Additionally we need the following two utility files inside the com.oracle.oim.cust.view.utils package:
   *
   *

7. Add the following additional jars inside classpath.

• Oimclient.jar
• adflibPlatformModel.jar

We can get these jars from the following OIM server locations, respectively.

• $OIM_HOME$/server/client
• $OIM_HOME$/server/apps/oracle.iam.ui.model.ear/APP-INF/lib

8. Register the bean in adfc-config.xml, as show below:
   
9. Create the deployment profile:

Open project properties by right clicking on the OIMCustomView project, then choose Project Properties.

Choose Deployment (on the left), then click New to create a new deployment profile:

Choose ADF Library Jar File from the drop down, provide the jar name, then click OK:
Click OK.
Click OK again.

10. Generate the jar from the view project.

Right click on the OIMCustomView project. Choose Deploy, then choose the deployment profile created in the previous step.

Click Finish.

The jar location will be indicated in the Logs.

We have completed creating the source code for our use case and generating the jar file. Just two more simple steps remain to complete our use case.

2. Deploying the jar file

1. Copy the oracle.iam.ui.custom-dev-starter-pack.war to your machine from the server location $OIM_HOME$/server/apps.
2. Use the following commands to unzip the war file, copy the jar, and repackage the war file.
   
3. Copy the latest war file back to OIM server location: $OIM_HOME$/server/apps.
4. Bounce the OIM server to reflect the latest changes.
5. Congrats, you have completed Step 2. We just have one more step to complete our use case.

3. Sandbox Creation and Publishing

1. Login to Identity Self Service using admin user (Eg: xelsysadm)
   

2. Click Sandbox:
   

3. Click Create Sandbox. Provide a name for the sandbox, check Activate Sandbox, then click Save and Close.
   

4. Click OK on the confirmation message popup.
   

5. Click on Catalog:
   

6. Click the search arrow to display some of the catalog items, as shown below.
   

7. Add some of the items to cart and do a checkout:
   

8. Once the cart details page has loaded, click Customize.
   

9. From the View menu on top left corner, choose the Source option:
   

10. Click the System Administrator information icon in the Target Users section:
    

11. Choose Edit in the popup.
    

12. Choose CommandImageLink on source and click Add Content:
    

13. Choose Web Components from the popup. (hint: scroll down to the bottom of the list).
    

14. Add Command Image Link:

15. Click Close:
    

16. Choose the newly created commandImageLink and click Edit.
    

17. Update the following attributes on the commandImageLink. Once the changes are made, click OK.

Action listener = #{CatalogCartDetailsBean.WarningsActionListener}

Icon = /images/warning.png

shortDesc=User is already provisioned with one or more cart items.

immediate=true

visible=#{CatalogCartDetailsBean.cartItemsAlreadyProvisioned}

18. Choose the Cart Details panel header:
    

19. Choose Panel Header and click Add Content.
    

20. Add Output Text from the popup, then click Close:
    

21. Choose outputText in the source, then click Edit:
    

22. Modify the following attributes on outputtext component.

    value=Please make sure that, there is no warning in target users section.

inlineStyle= color:#ff6347;

visible=#{CatalogCartDetailsBean.assignRequestType}

23. Click Submit, then click Edit in the source pane:
    
24. Change the disabled property as shown below

Disabled=#{CatalogCartDetailsBean.submitButtonEnabled}

25. Click Close:
    

Congratulations, you have completed all the steps for the customization.If the results are accurate you can publish the sandbox.

About the Author

Venkata Siva Rami Reddy Kurri is a Senior Principal Consultant with Oracle, specializing in Middleware, with a particular focus on ADF and WebCenter.