Forum Stats

  • 3,758,583 Users
  • 2,251,412 Discussions
  • 7,870,249 Comments

Discussions

Oracle Identity Manager 11G R2 PS2 Catalog Cart Items Customization

Bob Rhubart-Oracle
Bob Rhubart-Oracle Member Posts: 692 Silver Badge
edited Mar 13, 2015 12:12PM in Identity Manager

by Venkata Siva Rami Reddy Kurri

Introduction

Oracle Identity Manager (OIM) is a highly flexible and scalable enterprise identity administration system that provides operational and business efficiency by providing centralized administration and complete automation of identity and user provisioning events across enterprise as well as extranet applications.

OIM provides a centralized catalog of access rights, including enterprise and application roles, standard and privileged accounts (OOTB integration with Oracle Privileged Access Manager) and entitlements. OIM enables customers to create multiple views of the centralized catalog, like catalog by location, by department or a hierarchical catalog showing all applications along with associated entitlements etc, tailored to their needs.

This article describes how OIM Catalog Cart Items can be customized by using OIM user interface customization capabilities to achieve the described business use case.

This article assumes the reader has basic knowledge of the business processes that can be supported in the OIM Access Request Catalog. This document also assumes basic knowledge of OIM UI customization capabilities.

Glossary

  • Resource: Account, role or entitlement being requested

  • Beneficiary: Target user who will be provisioned a resource once approval is received

  • Requestor: User submitting the request

Introduction

Oracle Identity Manager is an enterprise identity management system that manages user's access privileges in enterprise IT resources by controlling users, roles, accounts, and entitlements. It provides the functionalities for provisioning, identity and role administration, approval and request management, policy-based entitlement management, technology integration, and audit and compliance automation. Oracle Identity Manager is designed to administer intranet as well as extranet users, roles, and organizational access privileges across a company's resources throughout the entire identity management life cycle.

A sample business requirement

OIM out of box catalog search results and details page do not provide any indication to a requester as to whether a cart item is already provisioned to a beneficiary or not. Requestor is assumed to first verify what a beneficiary has access to via the User Details page before requesting new access for the beneficiary. While this is alright if the beneficiary only has a few cart items provisioned, it can be very confusing to determine this if a beneficiary has hundreds of cart items provisioned (e.g. Entitlements). Further, with no indication, a request getting submitted for a user who already has the same access could result   in lost productivity for the requestor, any approvers involved in the access request and any access fulfillment teams involved in manual fulfillment scenarios.

A customer’s business requirement may outline that they would like to provide an indication to requestor about what access a beneficiary already has or not.

kurri-oim-catalog-cart-fig01.jpg

Customization Example

The following screenshot shows how this requirement can be implemented in OIM. On the Catalog Checkout page, in the target users table, an indication can be shown for users who already have some access provisioned based on checked out items.

kurri-oim-catalog-cart-fig02.jpg

kurri-oim-catalog-cart-fig03.jpg

  • If any of the selected resource (cart items) are already provisioned to a selected user, a warning icon can be displayed next to the user in the Target Users table.
  • If we click on warning icon, we will get a warning message with the provisioned resources which are selected in the cart.
  • Until all the warnings are resolved, the Catalog Submit button is disabled.
  • Requestor can either remove the beneficiary or cart item to resolve the warnings.
  • Requestors can be warned about duplicate access requests of this type and forced to cleanup a request before submission.

Solution

This solution consists of following steps:

  1. Create a custom application using JDeveloper and generating a jar file.
  2. Deploy the jar file created in step1 as part of oracle.iam.ui.custom shared library.
  3. Create a sandbox to invoke custom code from UI and publishing it.

1. Creating the Application in Jdeveloper

  1. Open Jdeveloper

kurri-oim-catalog-cart-fig04.jpg

  1. Choose Default Role and click OK.
        kurri-oim-catalog-cart-fig05.jpg
  2. Create a New Application, as illustrated in the following set of images:
        kurri-oim-catalog-cart-fig06.jpg
    kurri-oim-catalog-cart-fig07.jpgkurri-oim-catalog-cart-fig08.jpgkurri-oim-catalog-cart-fig09.jpgkurri-oim-catalog-cart-fig10.jpg
  3. In OIMCustomView Project, create a new Java class, as shown below.

Right click on the project and select New:
  kurri-oim-catalog-cart-fig11.jpgFrom the New gallery, choose Java in the General category tree. Then choose Java Class, then click OK:kurri-oim-catalog-cart-fig12.jpg

Provide the class name ("CatalogCartDetailsBean") and package name ("com.oracle.oim.cust.view.bean"), the click OK:
  kurri-oim-catalog-cart-fig13.jpg

  1. Copy and paste the following file source code as part of the newly created class as above:   

  2. Additionally we need the following two utility files inside the com.oracle.oim.cust.view.utils package:

  1. Add the following additional jars inside classpath.
  • Oimclient.jar
  • adflibPlatformModel.jar

We can get these jars from the following OIM server locations, respectively.

  • $OIM_HOME$/server/client
  • $OIM_HOME$/server/apps/oracle.iam.ui.model.ear/APP-INF/lib

kurri-oim-catalog-cart-fig17.jpg

  1. Register the bean in adfc-config.xml, as show below:
        kurri-oim-catalog-cart-fig18.jpg
  2. Create the deployment profile:

Open project properties by right clicking on the OIMCustomView project, then choose Project Properties.
  kurri-oim-catalog-cart-fig19.jpg

Choose Deployment (on the left), then click New to create a new deployment profile:

kurri-oim-catalog-cart-fig20.jpg

Choose ADF Library Jar File from the drop down, provide the jar name, then click OK:
  kurri-oim-catalog-cart-fig21.jpgClick OK.
  kurri-oim-catalog-cart-fig22.jpgClick OK again.kurri-oim-catalog-cart-fig23.jpg

  1. Generate the jar from the view project.

Right click on the OIMCustomView project. Choose Deploy, then choose the deployment profile created in the previous step.kurri-oim-catalog-cart-fig24.jpg

Click Finish.kurri-oim-catalog-cart-fig25.jpg

The jar location will be indicated in the Logs.
  kurri-oim-catalog-cart-fig26.jpg

We have completed creating the source code for our use case and generating the jar file. Just two more simple steps remain to complete our use case.

2. Deploying the jar file

  1. Copy the oracle.iam.ui.custom-dev-starter-pack.war to your machine from the server location $OIM_HOME$/server/apps.
  2. Use the following commands to unzip the war file, copy the jar, and repackage the war file.
        kurri-oim-catalog-cart-fig27.jpg
  3. Copy the latest war file back to OIM server location: $OIM_HOME$/server/apps.
  4. Bounce the OIM server to reflect the latest changes.
  5. Congrats, you have completed Step 2. We just have one more step to complete our use case.

3. Sandbox Creation and Publishing

  1. Login to Identity Self Service using admin user (Eg: xelsysadm)
        kurri-oim-catalog-cart-fig28.jpg
  2. Click Sandbox:
        kurri-oim-catalog-cart-fig29.jpg
  3. Click Create Sandbox. Provide a name for the sandbox, check Activate Sandbox, then click Save and Close.
        kurri-oim-catalog-cart-fig30.jpg
  4. Click OK on the confirmation message popup.
        kurri-oim-catalog-cart-fig31.jpg
  5. Click on Catalog:
        kurri-oim-catalog-cart-fig32.jpg
  6. Click the search arrow to display some of the catalog items, as shown below.
        kurri-oim-catalog-cart-fig33.jpg
  7. Add some of the items to cart and do a checkout:
        kurri-oim-catalog-cart-fig34.jpg

  1. Once the cart details page has loaded, click Customize.
        kurri-oim-catalog-cart-fig35.jpg
  2. From the View menu on top left corner, choose the Source option:
        kurri-oim-catalog-cart-fig36.jpg
  3. Click the System Administrator information icon in the Target Users section:
        kurri-oim-catalog-cart-fig37.jpg
  4. Choose Edit in the popup.
        kurri-oim-catalog-cart-fig38.jpg
  5. Choose CommandImageLink on source and click Add Content:
        kurri-oim-catalog-cart-fig39.jpg
  6. Choose Web Components from the popup. (hint: scroll down to the bottom of the list).
        kurri-oim-catalog-cart-fig40.jpg
  7. Add Command Image Link:kurri-oim-catalog-cart-fig41.jpg
  8. Click Close:
        kurri-oim-catalog-cart-fig42.jpg
  9. Choose the newly created commandImageLink and click Edit.
        kurri-oim-catalog-cart-fig43.jpg
  10. Update the following attributes on the commandImageLink. Once the changes are made, click OK.

Action listener = #{CatalogCartDetailsBean.WarningsActionListener}

Icon = /images/warning.png

shortDesc=User is already provisioned with one or more cart items.

immediate=true

visible=#{CatalogCartDetailsBean.cartItemsAlreadyProvisioned}
  kurri-oim-catalog-cart-fig44.jpg

  1. Choose the Cart Details panel header:
        kurri-oim-catalog-cart-fig45.jpg
  2. Choose Panel Header and click Add Content.
        kurri-oim-catalog-cart-fig46.jpg
  3. Add Output Text from the popup, then click Close:
        kurri-oim-catalog-cart-fig47.jpg
  4. Choose outputText in the source, then click Edit:
        kurri-oim-catalog-cart-fig48.jpg
  5. Modify the following attributes on outputtext component.
       
        value=Please make sure that, there is no warning in target users section.

inlineStyle= color:#ff6347;
 

visible=#{CatalogCartDetailsBean.assignRequestType}
  kurri-oim-catalog-cart-fig49.jpgkurri-oim-catalog-cart-fig50.jpg

  1. Click Submit, then click Edit in the source pane:
        kurri-oim-catalog-cart-fig51.jpg
  2. Change the disabled property as shown below

Disabled=#{CatalogCartDetailsBean.submitButtonEnabled}

kurri-oim-catalog-cart-fig52.jpg

  1. Click Close:
        kurri-oim-catalog-cart-fig53.jpg

Congratulations, you have completed all the steps for the customization.If the results are accurate you can publish the sandbox.

About the Author

Venkata Siva Rami Reddy Kurri is a Senior Principal Consultant with Oracle, specializing in Middleware, with a particular focus on ADF and WebCenter.

«1

Comments

  • Kevin Pinsky
    Kevin Pinsky Member Posts: 5,322 Silver Crown
    edited Mar 17, 2015 9:21AM

    [Removed Comment]

    -Kevin

  • [Removed Comment]

    -Kevin

    Hi Kevin,

         May be functional requirement might be same. But, this article presentation and implementation is completely different to A-team solution. A-team solution will be useful, when a requester\ beneficiary is trying to request a catalog resource for himself.  The solution described in this article, is useful when requester is trying to request resources, for himself or on behalf of someone else as well. Technical implementation is completely different. I request you to go through both the implementations.

          Thanks for your comments.

    Note:

          This article is based on 11G R2 PS2. Catalog page is changed a bit, when compared to 11G R2. A-Team article is based on 11G R2. I believe this article is not a duplicate effort.

    Thanks and regards,

    Venkat

  • Kevin Pinsky
    Kevin Pinsky Member Posts: 5,322 Silver Crown

    Hi Kevin,

         May be functional requirement might be same. But, this article presentation and implementation is completely different to A-team solution. A-team solution will be useful, when a requester\ beneficiary is trying to request a catalog resource for himself.  The solution described in this article, is useful when requester is trying to request resources, for himself or on behalf of someone else as well. Technical implementation is completely different. I request you to go through both the implementations.

          Thanks for your comments.

    Note:

          This article is based on 11G R2 PS2. Catalog page is changed a bit, when compared to 11G R2. A-Team article is based on 11G R2. I believe this article is not a duplicate effort.

    Thanks and regards,

    Venkat

    After reading through again, you are right that there are differences between the implementation.

    Question on your code. In your isEntityProvisioned method, did you mean to retrieve a List<Role> for all types of catalog items?

    -Kevin

  • After reading through again, you are right that there are differences between the implementation.

    Question on your code. In your isEntityProvisioned method, did you mean to retrieve a List<Role> for all types of catalog items?

    -Kevin

    Yes, we might improve this method to retrieve only required catalog items.

  • Kevin Pinsky
    Kevin Pinsky Member Posts: 5,322 Silver Crown

    Yes, we might improve this method to retrieve only required catalog items.

    I think you misread my post. I was referring to this code:

    public boolean isEntityProvisioned(Map provisionedMap, String entityType,

      String entityId) {

      boolean isProvisioned = false;

      if (provisionedMap != null && entityType != null) {

      if (entityType.equalsIgnoreCase(OIMType.Role.getValue())) {

      List<Role> roleList =

      (List<Role>)provisionedMap.get(OIMType.Role.getValue());

      if (roleList != null)

      isProvisioned = roleList.contains(entityId);

      } else if (entityType.equalsIgnoreCase(OIMType.Entitlement.getValue())) {

      List<Role> entitlementList =

      (List<Role>)provisionedMap.get(OIMType.Entitlement.getValue());

      if (entitlementList != null)

      isProvisioned = entitlementList.contains(entityId);

      } else if (entityType.equalsIgnoreCase(OIMType.ApplicationInstance.getValue())) {

      List<Role> applicationList =

      (List<Role>)provisionedMap.get(OIMType.ApplicationInstance.getValue());

      if (applicationList != null)

      isProvisioned = applicationList.contains(entityId);

      }

      }

      return isProvisioned;

      }

    The items in bold.  The first one is right, but shouldn't the second be List<Entitlement> and the third be List<Account>

    -Kevin

    Saurabh Tripathi
  • I think you misread my post. I was referring to this code:

    public boolean isEntityProvisioned(Map provisionedMap, String entityType,

      String entityId) {

      boolean isProvisioned = false;

      if (provisionedMap != null && entityType != null) {

      if (entityType.equalsIgnoreCase(OIMType.Role.getValue())) {

      List<Role> roleList =

      (List<Role>)provisionedMap.get(OIMType.Role.getValue());

      if (roleList != null)

      isProvisioned = roleList.contains(entityId);

      } else if (entityType.equalsIgnoreCase(OIMType.Entitlement.getValue())) {

      List<Role> entitlementList =

      (List<Role>)provisionedMap.get(OIMType.Entitlement.getValue());

      if (entitlementList != null)

      isProvisioned = entitlementList.contains(entityId);

      } else if (entityType.equalsIgnoreCase(OIMType.ApplicationInstance.getValue())) {

      List<Role> applicationList =

      (List<Role>)provisionedMap.get(OIMType.ApplicationInstance.getValue());

      if (applicationList != null)

      isProvisioned = applicationList.contains(entityId);

      }

      }

      return isProvisioned;

      }

    The items in bold.  The first one is right, but shouldn't the second be List<Entitlement> and the third be List<Account>

    -Kevin

    Yes, you are correct. Thanks for pointing. I will correct it.

  • 877259
    877259 Member Posts: 28
    edited May 16, 2015 2:59PM

    Thanks Venkata !! for such an helpful post on Cart Customization!!
    I followed all your steps as listed.

    I am getting the following errors:

    1.  In step "17. Update the following attributes on the commandImageLink. Once the changes are made, click OK."

    I am not able to update the Action listener = #{CatalogCartDetailsBean.WarningsActionListener}  and

    I have attached the screen shots. Am I missing something ?

    pastedImage_1.png

    1.1 and visible=#{CatalogCartDetailsBean.cartItemsAlreadyProvisioned}
    pastedImage_2.png

    2. Getting a similar error in Step 24:
    Disabled=#{CatalogCartDetailsBean.submitButtonEnabled}
    here it is not able to find CartEntitiesVOIterator

    Have I missed something ?

    Thanks,

    SK

  • 2876103
    2876103 Member Posts: 4

    Thanks Venkata !! for such an helpful post on Cart Customization!!
    I followed all your steps as listed.

    I am getting the following errors:

    1.  In step "17. Update the following attributes on the commandImageLink. Once the changes are made, click OK."

    I am not able to update the Action listener = #{CatalogCartDetailsBean.WarningsActionListener}  and

    I have attached the screen shots. Am I missing something ?

    pastedImage_1.png

    1.1 and visible=#{CatalogCartDetailsBean.cartItemsAlreadyProvisioned}
    pastedImage_2.png

    2. Getting a similar error in Step 24:
    Disabled=#{CatalogCartDetailsBean.submitButtonEnabled}
    here it is not able to find CartEntitiesVOIterator

    Have I missed something ?

    Thanks,

    SK

    Hi guys,
    I have the same error, any solution for this?

    Thanks in advance!

  • Hi!

    Same error over here. Would really appreciate some help on the matter.

    Thanks!

  • 3149882
    3149882 Member Posts: 14

    Hi Kevin,

    I am also getting same error while updating actionListener as:


    Action listener = #{CatalogCartDetailsBean.WarningsActionListener}


    Can you please guide how to resolve this error.

    Thanks

    HJ