6 Replies Latest reply: May 7, 2013 12:39 PM by 879617 RSS

    SPML Modify Request failure

    879617
      Hi,

      I am trying to trigger a SPML Modify request with the modification mode as Add.

      But it always returns failure with an IAM # . No specifc reason as such.

      Can any tell me as how the request identifies the User for the which the modify needs to apply , Is it purely based on PSO ID? I tried passing in the PSO Id as identity:orclguid

      What is the value we need to pass for PSO id?
        • 1. Re: SPML Modify Request failure
          Karthik Perath
          Looks like you are using SPML-DSML webservices for modify user request.

          psoID takes UserKey. You need to pass userKey to the SOAP message like this..
          "<modifyRequest returnData=\"data\" xmlns=\"urn:oasis:names:tc:SPML:2:0\" xmlns:dsml=\"urn:oasis:names:tc:DSML:2:0:core\"> "
                              + "<psoID ID=\"Users:"+userKey+"\"></psoID> "
          • 2. Re: SPML Modify Request failure
            879617
            Hi,

            Thanks for the reply.

            So SPML DSML webservice different from normal SPML webservice.

            So where can I find the User Key , I was checking in ODSM i could not find any attribute as user key.

            If I do not use the SPML DSML webservice and I user normal SPML webservice how will that call be ? and Dont I need to pass in the PSO Id there?

            Thanks in advance.

            Robin
            • 3. Re: SPML Modify Request failure
              AG IAM
              Are you using the OOTB SPML WS or a custom one and which version of OIM? OIM 11g use both DSML & XSD profiles.
              • 4. Re: SPML Modify Request failure
                879617
                Hi ,

                I use the OOTB SPML I suppose , I am totally new to this IDM .

                We are using OIM 11g .

                We have an usecase to create user and assign role to user from an externall application into OID , for this we are using the SPML webservice.

                SPML takes the PSO Id to identify the user , So I am not able to find the attribute which I could pass on.

                More over basic question , any resource I am created from SPML webservice , it creates a request in OIM and I am not sure how I can see the same in ODSM, So is this done by connectors and we need to have anconfiguration or mapping that needs to take care of the same?

                So using SPML is the right approach to provision users to OID (create User,Grant Role to User)

                I also do not see any Distingushed Name attribute in OIM , How wil the users i create using SPML go to the exact subtree I wish to insert. I am not able to find any docs which can help me , all the docs seems to be very generic

                Thanks,
                Robin
                • 5. Re: SPML Modify Request failure
                  Karthik Perath
                  You can call SearchUser webservice and get userKey from the response. Pass this userkey to call modifyUser webservice. If you use SPML-XSD webservice to peform any operation it creates request in OIM and this is maintained internally in OIM only. You will not see these requests in ODSM. But if you use SPML-DSML webservice then operations will not go through request.

                  If your task is to create users and assign roles in OID then you can use OID connector to provision users to OID. You may not need SPML webservice to do these operations in OID.
                  • 6. Re: SPML Modify Request failure
                    879617
                    Bit confused now on the need for OIM then.

                    How can I find the wsdl for spml-dsml , like the spml wdl I can use - http://<oimhost>:14000/spml-xsd/SPMLService?wsdl . Can I pass all the attributes the same way.

                    The reason we wanted to take the OIM route was to maintain track of the users placing the request and how the approval goes on .

                    I got the user key for an user in OIM and passed it the following way.

                    <env:Body>
                    <ns3:modifyRequest requestID="" executionMode="asynchronous" locale="" policyURI="" returnData="">
                    <ns3:psoID ID="Users:205" targetID="data"/>
                    <ns3:modification modificationMode=""/>
                    </ns3:modifyRequest>
                    </env:Body>

                    I am using http analyser to test the service

                    Somehow I need to get the final user in odsm in particular node and add membership for a user to Role