Bug Report Error: Password Reverse Synchronization from OAM to OIM

I have got a great experience while resolved this issue. I got an opportunity to work on password reverse synchronization. This post will cover the workaround plan to resolve this issue. 

Environment details: The architecture has OAS 10.1.4.3, OAM 10.1.4.3, and OIM 9.1.0.2 and installed in production server node. The OID version is 10.1.4.3. OID is used as user store for OAM. OIM DB is used to store for user provisioning details. OIM will provisioning the details to integrated target system. So if we modify any details in OIM it will reflect to all respected tracks. As per our project requirement we have tried to implement the forgot password. So if we modify a password it will reflect in OID not in OIM. By default oracle product have no option for this. So I have created own java pulgin to update the password in OIM. In this case I have not able to update the password in OIM and I have facing lot of issue. Here, I will mention some of the issue and workaround for that. We have option to trigger the java plugin from OAM and pass the event xml values into java pulgin. In that java code I have fetch the xml values from command line argument.

Event value should like that

<?xml version=”1.0″ encoding=”utf-8″?>

<ObEventParams xmlns=”http://www.oblix.com/”> 

           <ObParam name=”ObRequest.TARGET_UID”>                        <ObValue>cn=pwdtestuser,cn=Users,DC=carrera,DC=com</ObValue>          

  </ObParam>           

 <ObParam name=”ObRequest.Password”>             

           <ObValue>admin1234</ObValue>            </ObParam>    

        </ObEventParams>

Functionality of the java code:

1.    Extract the userid and password from the xml.

2.    Create an OIM connection through tcUtilityFactory.

3.    Update the password in OIM. 

Java plugin configured in oblixpppcatalog.lst under <Identity_Server_Install_Dir>\identity\oblix\apps\common\bin\ folder the file will capture the username/password (after the password is changed in OAM system) and calls the OIM API to change the user password in OIM user profile. 

Configured line is PWMGMT_PasswordValidation;exec;ObRequest.TARGET_UID,ObRequest.Password,; /u01/apps/oraclesoa/jdk/bin/java;Resetpwd; 

Copied the Resetpwd class file into <Identity_Server_Install_dir>\identity\oblix\apps\common\bin\ folder and give the permission to class file as 777. Set the classpath in .bash_profile.In our case if I tried to change a password in OAM it trigger the java pulgin and its update the password in OIM but not in OAM and I am getting bug error in OAM side.After some workaround finally I come to know the root cause of the problem. 

The problem is unformatted returned value from OIM.  

Error in logs file

“Function returned” _CallName^ObLaunchExecuteable _CallDuration^14.659752 DataIn^%0a——————————————————-%0aGMS: address is hostname:30305%0a——————————————————-%0ahashtable%0astoring userid%0aputting into hashtable%0aSuccess%0apwd updated%0a retVal^0 “ 

This is not a valid structure. 

Solution is Capture the Event XML stream at the beginning of the action by reading System.in, and re-write System.out to contain (only) the same data on termination. This action plan went into unsuccessful. Again finger as crossed.  Later I have found some alternative way to resolve this issue with the help of webservice.  

The action plan is as follows,

1.    Create one webservice, the functionality of the webservice is creating OIM connection, receive userid/password from client program and update the password in OIM.

2.    Deploy the webservice into server and generate the WSDL.

3.    Create a client program using WSDL.

4.    Add the java program to fetch the xml value from PWMGMT_PasswordValidation event.

5.    Functionality of the java code is capture the Event XML stream at the beginning of the action by reading System.in, and re-write System.out to contain (only) the same data on termination.

6.    Extract the user/password values and call the webservice method with user/password as a argument.

7.    Make it as jar file and mentioned the main class in manifest.mf file.

8.    Deployed the jar into the server under <Identity_Server_Install_Dir>\identity\oblix\apps\common\bin\ folder

9.    Later add the entry in oblixpppcatalog.lst file as like below.

 PWMGMT_PasswordValidation;exec;ObRequest.TARGET_UID,ObRequest.Password,;/u01/apps/oraclesoa/jdk/bin/java; -jar,pwdupdate.jar; 

10. Reset the identity server.

 Now I can able to update the password in OIM and OAM without any issue.  

Later I have seen the return value of CallName^ObLaunchExecuteable in log file.

The returned value is

2011/03/16@09:53:08.256339      29155   29155   PPP     TRACE   0x00000206      obeventaction.cpp:490   “Function returned”     _CallName^ObLaunchExecuteable   _CallDuration^3.600568  DataIn^ retVal^02011/03/16@09:53:08.256422      29155   29155   PPP     DEBUG3  0x00000201   obeventaction.cpp:183   “In function ObEventAction::UpdatePPPSnmpCounters”      retVal^0  

I hope this action plan will helps people who have facing this issue.

About the Author sarath

An Oracle Identity and Access Management professional, having working on Oracle Access Manager Single Sign-On implementations, Installation/Configuration of Identity Server, Web Pass, Web Gate, Access Gate, Policy Manager, Access Server, Policy Domains, Authentication /Authorization schemes, Single Sign-On (single and multi-domain), OIM, OVD, OID, OAAM, OIF, High Availability/Failover/ SSL deployment.

Leave a Comment:

2 comments
Vijay Chinnasamy says March 16, 2011

Great post. Thank you.

I thought this would be supported in OAM itself (may be later versions). OAM and OIM are tightly integrated starting with 11g.

Regards
Vijay chinnasamy

Reply
» Bug Report Error: Tried to change the password through Lost Password redirect URL Online Apps DBA: One Stop Shop for Apps DBA’s says October 18, 2011

[…] Recent change, we have implemented reverse password synchronization OAM to OIM. More info clicks here. […]

Reply
Add Your Reply

Not found