Easiest way to customize UI for logo

Customize UI for Logo in OIM

1) Go to this URL- https://websemantics.uk/tools/image-to-data-uri-converter/
2) Drag and Drop the image you want to make as Logo 
3) Select Data-URI and copy from data:image/png;base64, ..... till end.
4) Now, Login to Identity console
5) Create and activate the sandbox.
6) Click on Customize and go to CommandImageLink

7) Edit component properties and Paste the copied Data URI in Icon field.

8) Click on Apply and OK.

9) Voila! Logo is customized! 

How to configure WebLogic Server (WLS) log filters to exclude logging certain messages based on MessageID?

How to configure WebLogic Server (WLS) log filters to exclude logging certain messages based on MessageID?

--> There are certain times when we see some error messages continuously in logs but those are not harmful the functionality is working fine, the error code is misleading, so to avoid this we can apply the logging filter on the error code and we don't see such misleading errors again.

Please follow these steps to exclude logging certain messages based on MessageID:

1. Configure a log filter first.

• Click on <domain-name> in the left pane. In the right pane, under Configuration --> Log filters, create a new log filter.
• Click on the newly created log filter and click on 'Add Expression.'
• For the Expression, specify the following:
• Message Attribute: MSGID
• Operator: =
• Value: complete MessageId (for example: ADFC-62004)
• Click on finish.

 

2. Now select the expression, and click on the "Negate" button to include the "NOT" condition. Now the condition looks like this:

NOT(MSGID = 'ADFC-62004')

3. Save and activate the changes.

4. Now assign this filter to all servers.

• Click on the server to which this has to be configured.
• Go to Logging --> Advanced section.
• In the log file section, select the filter that is newly created.
• If the stout redirection is enabled, then specify the filter for stdout also.

5. Restart the server.

SQL Queries to clean up connector related data

SQL Queries to clean up connector related data

 

I have freshly installed a active directory connector with OBJ_NAME ADTarget and I would like to clean up all the data related to this connector as I would run the reconciliation job to get all the data from Target system and the OIM system should be clean for that reconciliation job to run.

Below are the sql queries I had to run in case of cleaning up the connector related data. The order of executing these queries should be the same which is mentioned as below:

delete from sug where svr_key in (select svr_key from svr where svr_key in (select itresource_key from app_instance where object_key=(select obj_key from obj where obj_name = 'ADTarget)));

delete from svp where svr_key in (select svr_key from svr where svr_key in (select itresource_key from app_instance where object_key=(select obj_key from obj where obj_name ='ADTarget')));

delete from svr where svr_key in (select itresource_key from app_instance where object_key=(select obj_key from obj where obj_name = 'ADTarget'));

delete from ent_assign where oiu_key in (select oiu_key from oiu where app_instance_key in (select app_instance_key from app_instance where object_key=(select obj_key from obj where obj_name = 'ADTarget')));

delete from oiu where app_instance_key in (select app_instance_key from app_instance where object_key=(select obj_key from obj where obj_name = 'ADTarget'));

delete from app_instance where object_key=(select obj_key from obj where obj_name = 'ADTarget');

commit;

Loggers that are helpful to Debug an ADF Issue

Loggers that are helpful to Debug any ADF Issue in OIM

Set the following loggers to TRACE:32 level logging:

oracle.iam.identitytaskflow
oracle.iam.platform.canonic
oracle.iam.consoles.faces
oracle.iam.consoles.common
oracle.iam.transUI
Xellerate.WebApp

In other words for some more debugging:

<logger name='oracle.jbo' level='FINEST'/>
<logger name='oracle.adfdiagnostics' level='CONFIG'/>
<logger name='oracle.adf.model' level='FINEST'/>
<logger name='oracle.adf.view' level='FINE'/>
<logger name='oracle.adfinternal.view' level='FINE'/>

Note: Revert back to Notification as soon as you finish the debugging at runtime as these takes lot of space on the server.

Invalid signature file digest for Manifest main attributes

Issue on Connector Server while starting.

C:\connector_server_java-1.5.0\bin>ConnectorServer.bat /run

Exception in thread "main" java.lang.SecurityException: Invalid signature file digest for Manifest main attributes

at sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:317)

at sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:259)

at java.util.jar.JarVerifier.processEntry(JarVerifier.java:323)

at java.util.jar.JarVerifier.update(JarVerifier.java:234)

at java.util.jar.JarInputStream.read(JarInputStream.java:212)

at java.util.zip.ZipInputStream.closeEntry(ZipInputStream.java:140)

at java.util.zip.ZipInputStream.getNextEntry(ZipInputStream.java:118)

at java.util.jar.JarInputStream.getNextEntry(JarInputStream.java:142)

at java.util.jar.JarInputStream.getNextJarEntry(JarInputStream.java:179)

at org.identityconnectors.framework.impl.api.local.LocalConnectorInfoManagerImpl.processURL(LocalConnectorInfoManagerImpl.java:199)

at org.identityconnectors.framework.impl.api.local.LocalConnectorInfoManagerImpl.expandBundles(LocalConnectorInfoManagerImpl.java:91)

at org.identityconnectors.framework.impl.api.local.LocalConnectorInfoManagerImpl.<init>(LocalConnectorInfoManagerImpl.java:72)

at org.identityconnectors.framework.impl.api.ConnectorInfoManagerFactoryImpl.getLocalManager(ConnectorInfoManagerFactoryImpl.java:81)

at org.identityconnectors.framework.server.impl.ConnectorServerImpl.start(ConnectorServerImpl.java:68)

at org.identityconnectors.framework.server.Main.run(Main.java:206)

Solution:

1) Check the folder structure of your connector server

2) Remove any other jars from bundles folder and keep only bundle jar in it.

In my case, somebody kept supporting jars as well in the same folder along with my bundle jar(org.identityconnectors.dbum-12.3.0.jar)

SQLServerException:This driver is not configured for integrated authentication

Seeing Error while provisioning to MSSQL Connector:

[ERROR] [] [ORACLE.IAM.CONNECTORS.ICFCOMMON.RECON.LOOKUPRECONTASK] [tid: OIMQuartzScheduler_Worker-4] [userId: oiminternal] [ecid: 73ac5db7-f9df-4987-82d4-b6bf434d2467-000000a6,0:296] [APP: oim] [partition-name: DOMAIN] [tenant-name: GLOBAL] oracle.iam.connectors.icfcommon.recon.LookupReconTask : execute : Error during execution[[

java.lang.RuntimeException: com.microsoft.sqlserver.jdbc.SQLServerException: This driver is not configured for integrated authentication. ClientConnectionId:0edda621-37af-41bb-89d8-3542d00f387b

Solution:

1) mssql-jdbc-<latest_version>.jar is missing

Note: check the jdk version for your target and oim.
If you are 11g then the jar must be compatible with jdk1.7 but if you are on 12c then it should be working be jdk1.8. same way check the jdk versions on your connector server and target database.

2) Register this jar on oim server using UploadJars utility

3) Give the reference of this jar in setDomainEnv.sh

POST_CLASSPATH="/opt/oracle/apps/OIM_Middleware/oracle_common/modules/thirdparty/mssql-jdbc-9.4.0.jre8.jar${CLASSPATHSEP}${POST_CLASSPATH}"

export POST_CLASSPATH

4) You need to give the below jars reference additionally.

POST_CLASSPATH="/opt/oracle/apps/OIM_Middleware/idm/server/ThirdParty/ojdbc8.jar${CLASSPATHSEP}${POST_CLASSPATH}"

export POST_CLASSPATH

POST_CLASSPATH="/opt/oracle/apps/OIM_Middleware/oracle_common/lib/ons.jar${CLASSPATHSEP}${POST_CLASSPATH}"

export POST_CLASSPATH

SEVERE: com/microsoft/sqlserver/jdbc/SQLServerDriver Version Issue

I am seeing error while provisioning to DBUM connector

org.identityconnectors.framework.impl.api.local.ConnectorPoolManager getPool2
INFO: Creating new pool: ConnectorKey( bundleName=org.identityconnectors.dbum bundleVersion=12.3.0 connectorName=org.identityconnectors.dbum.DBUMConnector )
org.identityconnectors.dbum.DBUMConnector init
INFO: Connection Properties are {integratedSecurity=true, database=QPulse6Training}
org.identityconnectors.framework.server.impl.ConnectionListener processOperationRequest
SEVERE: com/microsoft/sqlserver/jdbc/SQLServerDriver has been compiled by a more recent version of the Java Runtime (class file version 60.0), this version of the Java Runtime only recognizes class file versions up to 52.0
java.lang.UnsupportedClassVersionError: com/microsoft/sqlserver/jdbc/SQLServerDriver has been compiled by a more recent version of the Java Runtime (class file version 60.0), this version of the Java Runtime only recognizes class file versions up to 52.0

Solution:
1) Check the version of the jar required for your target
mssql-jdbc-<latest_version>.jar
Note: check the jdk version for your target and oim.
If you are 11g then the jar must be compatible with jdk1.7 but if you are on 12c then it should be working be jdk1.8. same way check the jdk versions on your connector server and target database.

2) Register this jar on oim server using UploadJars utility

3) Give the reference of this jar in setDomainEnv.sh

POST_CLASSPATH="/opt/oracle/apps/OIM_Middleware/oracle_common/modules/thirdparty/mssql-jdbc-9.4.0.jre8.jar${CLASSPATHSEP}${POST_CLASSPATH}"

export POST_CLASSPATH

4) If you have connector server, make sure you have this latest jar enclosed in the bundle on the connector server as well.

Migration of Oracle SOA Suite Composites

Migration of Oracle SOA Suite Composites from 11GR2PS3 to 12C

Follow the below steps:

--> Deploy the jar in 11g version to import in 12C version.

1) Open the SOA project in JDeveloper version 11.1.1.7.0 and create the SAR ( deployable) file into your deploy folder. ( Ex: scaProjectName_rev00*.jar )

2) Close the JDeveloper 11.1.1.7.0 and now open JDeveloper 12c.

3) File -> Import -> select "SOA Archive Into SOA Project" -> OK -> Next -> Composite Archive Browse to the above SAR file created ( Ex: scaProjectName_rev00*.jar )

4) The composite.xml and corresponding BPEL swim lanes will show the content now .

Note: To Deploy the Jar in 11gR2PS3 version we need to install the jDeveloper(11.1.1.7) then SOA extension separately to be installed either via offline file  (download available at OTN or through jDeveloper top menu >> Help >> Check for Updates >> SOA Extension.

unless, 12C Jdeveloper is readily available with QuickStart Installer(download available at https://www.oracle.com/technetwork/middleware/soasuite/downloads/index.html). 

Issue:./sqlplus: error while loading shared libraries: libnsl.so.1: cannot open shared object file: No such file or directory

1) Run the below command :  ldd $ORACLE_HOME/bin/sqlplus

[oracle@ontoimd0bav101 instantclient]$ ldd $ORACLE_HOME/bin/sqlplus

linux-vdso.so.1 (0x00007ffccf3d8000)

libsqlplus.so => /opt/oneid/Oracle/Middleware/Oracle_OIM/instantclient/libsqlplus.so (0x00007f3d0d98c000)

libclntsh.so.18.1 => /opt/oneid/Oracle/Middleware/Oracle_OIM/instantclient/libclntsh.so.18.1 (0x00007f3d099ce000)

libclntshcore.so.18.1 => /opt/oneid/Oracle/Middleware/Oracle_OIM/instantclient/libclntshcore.so.18.1 (0x00007f3d093eb000)

libmql1.so => /opt/oneid/Oracle/Middleware/Oracle_OIM/instantclient/libmql1.so (0x00007f3d0918b000)

libipc1.so => /opt/oneid/Oracle/Middleware/Oracle_OIM/instantclient/libipc1.so (0x00007f3d08d19000)

libnnz18.so => /opt/oneid/Oracle/Middleware/Oracle_OIM/instantclient/libnnz18.so (0x00007f3d085c4000)

libdl.so.2 => /lib64/libdl.so.2 (0x00007f3d083c0000)

libm.so.6 => /lib64/libm.so.6 (0x00007f3d0803e000)

libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f3d07e1e000)

libnsl.so.1 => not found

librt.so.1 => /lib64/librt.so.1 (0x00007f3d07c16000)

libaio.so.1 => /lib64/libaio.so.1 (0x00007f3d07a13000)

libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f3d077fc000)

libc.so.6 => /lib64/libc.so.6 (0x00007f3d07439000)

libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007f3d07221000)

libnsl.so.1 => not found

libons.so => /opt/oneid/Oracle/Middleware/Oracle_OIM/instantclient/libons.so (0x00007f3d06fd1000)

/lib64/ld-linux-x86-64.so.2 (0x00007f3d0dc80000)

libnsl.so.1 => not found

libnsl.so.1 => not found

 

You will see the missing packages

 

2) Install the libnsl

NOTE: to install this you need to have root user access

3) sudo su root

4) Yum install libnsl

5) dnf install libnsl.x86_64

 

Now that you have all the necessary package you will not see this error.

Configure Logout URL for OIM

For OIM-OAM integration, how can the logout URL be configured in OIM or else on the click on log out in identity console throws 404 page not found error

 

Solution:

change the logout.url property in $OIM_DOMAIN_HOME/config/fmwconfig/jps-config.xml file.
from:
value="/oamsso/logout.html"

to:

value="https://:<OAM_PORT>/oam/server/logout?end_url=https://<identity host>:<SSL port>/identity"

 

for example:

<property name="logout.url" value="https://am.dev.idambuzz.com/oam/server/logout?end_url=https://im.dev.idambuzz.com:443/identity"/>
 

Cannot connect to peoplesoft : DOWNbea.jolt.ServiceException: Invalid Session

 Issue:

<Jul 6, 2021 4:15:23,318 PM EDT> <Notice> <Stdout> <BEA-000000> <<Jul 6, 2021 4:15:23,317 PM EDT> <Error> <ORACLE.IAM.CONNECTORS.ICFCOMMON.PROV.ICPROVISIONINGMANAGER> <BEA-000000> <oracle.iam.connectors.icfcommon.prov.ICProvisioningManager : createObject : Error while creating user
org.identityconnectors.framework.common.exceptions.ConnectorException: Cannot connect to peoplesoft : DOWNbea.jolt.ServiceException: Invalid Session
        at org.identityconnectors.peoplesoft.common.SessionWrapper.connectS(SessionWrapper.java:115)
        at org.identityconnectors.peoplesoft.common.PeopleSoftSpecifics$1$1.access(PeopleSoftSpecifics.java:58)
        at org.identityconnectors.common.security.GuardedString.access(GuardedString.java:105)
        at org.identityconnectors.peoplesoft.common.PeopleSoftSpecifics$1.access(PeopleSoftSpecifics.java:56)
        at org.identityconnectors.common.security.GuardedString.access(GuardedString.java:105)
        at org.identityconnectors.peoplesoft.common.PeopleSoftSpecifics.craeteWrappedConnection(PeopleSoftSpecifics.java:50)
        at org.identityconnectors.peoplesoft.common.PeopleSoftSession.getConn(PeopleSoftSession.java:64)
        at org.identityconnectors.peoplesoft.compintfc.PeopleSoftCompIntfcSession.checkAlive(PeopleSoftCompIntfcSession.java:86)
        at org.identityconnectors.peoplesoft.compintfc.PeopleSoftCompIntfcConnector.checkAlive(PeopleSoftCompIntfcConnector.java:71)
        at org.identityconnectors.framework.impl.api.local.ConnectorPoolManager$ConnectorPoolHandler.testObject(ConnectorPoolManager.java:105)
        at org.identityconnectors.framework.impl.api.local.ConnectorPoolManager$ConnectorPoolHandler.testObject(ConnectorPoolManager.java:74)
        at org.identityconnectors.framework.impl.api.local.ObjectPool.borrowObject(ObjectPool.java:229)
        at org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:83)
        at com.sun.proxy.$Proxy684.schema(Unknown Source)
        at sun.reflect.GeneratedMethodAccessor9034.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:107)
        at com.sun.proxy.$Proxy684.schema(Unknown Source)
        at sun.reflect.GeneratedMethodAccessor9034.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.identityconnectors.framework.impl.api.DelegatingTimeoutProxy.invoke(DelegatingTimeoutProxy.java:107)
        at com.sun.proxy.$Proxy684.schema(Unknown Source)
        at sun.reflect.GeneratedMethodAccessor9034.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.identityconnectors.framework.impl.api.LoggingProxy.invoke(LoggingProxy.java:76)
        at com.sun.proxy.$Proxy684.schema(Unknown Source)
        at org.identityconnectors.framework.impl.api.AbstractConnectorFacade.schema(AbstractConnectorFacade.java:113)
        at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.getConnectorSchema(ICProvisioningManager.java:1148)
        at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.createObject(ICProvisioningManager.java:329)

Solution:

Patch 18391274: SUPPORT FOR DOMAIN ADMIN PASSWORD FEATURE OF PSFT CONNECTION

1) It is strongly recommended that you create a backup of the Oracle Identity Manager database & Connector Jars before applying the patch.

2) If Connector is not deployed on Connector Server, then follow below steps:

  a) Delete the existing ICF Bundle org.identityconnectors.peoplesoftintfc-1.0.5963.jar from OIM Database using DeleteJars utility using option-4. 

     When you run the DeleteJars utility, you are prompted to enter the login credentials of the Oracle Identity Manager administrator, URL of the Oracle Identity Manager host computer, context factory value, type of JAR file and the name of the JAR file to be removed.

     To delete the ICF bundle jar file, specify 4 as the value of the JAR type.

  b) Copy the ICF Bundle org.identityconnectors.peoplesoftintfc-1.0.5963.jar from $PATCH to some temp folder. Create lib folder in the temp folder and copy psjoa.jar third-party jar in that lib folder. 

  Do the jar update on the ICF Bundle org.identityconnectors.peoplesoftintfc-1.0.5963.jar with the lib folder.

  Example: jar uvf org.identityconnectors.peoplesoftintfc-1.0.5963.jar lib

  c) Run the Oracle Identity Manager Upload JARs utility to post the ICF bundle org.identityconnectors.peoplesoftintfc-1.0.5963.jar file to the Oracle Identity Manager database. 

  When you run the UploadJars utility, you are prompted to enter the login credentials of the Oracle Identity Manager administrator, URL of the Oracle Identity Manager host computer, context factory value, type of JAR file being uploaded, and the location from which the JAR file is to be uploaded.

  To upload the ICF bundle jar file, specify 4 as the value of the JAR type.

  See Also:
  Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager for detailed information about the Upload JARs utility.

  Note: If you have configured the connector for multiple versions of target system, then perform the procedure described in the section "Configuring the Connector to Support Multiple Versions of the target System" in the connector guide.


3) Add IT Resource property "domainPassword"  with encrypted check box enabled (like password property) in the IT Resource Type Defintion "PSFT UM IT Resource Definition" using design console.

4) If PSFT Application server is configured with domain connection password other than default, then provide that domainPassword value in the IT Resource "PSFT User" or PSFT IT Resource that is configured for your deployment.

5) Restart the Application server running Oracle Identity Manager.

IAM-1020021 Unable to execute job : Refresh Role Memberships with Job History Id:xxxxx

Refresh Role Memberships schedule job is failing

 

 

 

 

 

 

 

 

 

The schedule job "Refresh Role Memberships" is failing every time. The following error is seen in the log file.

[2022-05-17T11:39:49.111+00:00] [oim_server1] [WARNING] [] [oracle.iam.scheduler.vo] [tid: OIMQuartzScheduler_Worker-6] [userId: oiminternal] [ecid: 8d6118d3-c0fd-4fd4-8f76-d7cce785005b-000000ae,1:17] [APP: oim] [partition-name: DOMAIN] [tenant-name: GLOBAL] IAM-1020021 Unable to execute job : Refresh Role Memberships with Job History Id:148269[[
oracle.iam.platform.utils.SuperRuntimeException: Role membership rule evaluation failed for following roles :497
at oracle.iam.identity.scheduledtasks.RefreshRoleMembershipsTask.execute(RefreshRoleMembershipsTask.java:181)

 

Troubleshooting:

 

checked UGP and DYN_EVAL_CHANGELOG tables
UGP table does not have a record for UGP_KEY=497;
DYN_EVAL_CHANGELOG have a record for ENTITY_ID=497; 

Solution:

There is a record for 497 Entity_ID in DYN_EVAL_CHANGELOG table for relationship_type = ROLE_USER.
So, one can take backup of db and delete that entry.
Rerun Refresh Role Memberships job to resolve the issue.

ORA-00845: MEMORY_TARGET not supported on this system

Error : ORA-00845: MEMORY_TARGET not supported While starting the Oracle Database.

SQL> startup

ORA-00845: MEMORY_TARGET not supported on this system

Solution:

1) Set the ORACLE_HOME to DB Product Home

export ORACLE_HOME=/u01/app/oracle/product/12.1.0.2/db_1

2) login as root

[root@oracle oracle]# df -h

Filesystem            Size  Used Avail Use% Mounted on

/dev/mapper/vg_oracleem-lv_root

                              93G   19G   69G     22% /

tmpfs                     7.2G   112K  7.2G     0% /dev/shm

/dev/sda1               485M   99M  362M  22% /boot

Note: The highlighted mount is 0% used though does not have enough memory to start the DB

3) Change the size of file system to 12g 

[root@oracle oracle]# mount -t tmpfs shmfs -o size=12g /dev/shm

This will be temporary solution to start the DB.

4) Start the DB

5)To permanently fix it you have to edit the file /etc/fstab by logging in as root user and commit the changes by saving the file.

[root@oracle ~]# cat /etc/fstab

tmpfs                   /dev/shm                tmpfs   size=12g        0 0

6) Start the DB.

SQL> startup

ORACLE instance started.

Total System Global Area 1.1758E+10 bytes

Fixed Size                  2239056 bytes

Variable Size            5939135920 bytes

Database Buffers         5804916736 bytes

Redo Buffers               12128256 bytes

Configure Default User Search to User Login attribute

In OIM 12c, The user search is by default comes with Display Name and Everytime you login and look for the user you have to select User Login from drop-down, to make this user search to User Login permanently follow the below mentioned steps:

1)      Take the backup of the oracle.iam.ui.view.war from the OIM Server location                 /idm/server/apps

2)      Copy the war at desktop

3)      Follow the below process to make the change in the war file.

To change this functionality you will need to customize the following file where the labels are set for defining default values: iam/iam-product/consoles/Identity/ManageUsersUI/adfmsrc/oracle/iam/ui/manageusers/pages/search_usersPageDef.xml

This file which is part of adflibManageUsersUI.jar which is is located in OIM_HOME\server\apps\oracle.iam.ui.view.war

Extract the jar file ,navigate to oracle.iam.ui - manageusers - pages - search_usersPageDef.xml .

In this the following section sets the default search attribute viz "DefaultQuickSearchAttrName" :

From:

<executables>

    <iterator Binds="UserVO1" RangeSize="25"
              DataControl="ManageUsersAMDataControl" id="UserVO1Iterator"/>
    <searchRegion Criteria="UserVOCriteria"
                  Customizer="oracle.jbo.uicli.binding.JUSearchBindingCustomizer"
                  Binds="UserVO1Iterator" id="UserVOCriteriaQuery"
                  InitialQueryOverridden="false"
                  DefaultQuickSearchAttrName="displayName"/>
  </executables>

To-

  <executables>
    <iterator Binds="UserVO1" RangeSize="25"
              DataControl="ManageUsersAMDataControl" id="UserVO1Iterator"/>
    <searchRegion Criteria="UserVOCriteria"
                  Customizer="oracle.jbo.uicli.binding.JUSearchBindingCustomizer"
                  Binds="UserVO1Iterator" id="UserVOCriteriaQuery"
                  InitialQueryOverridden="false"
                  DefaultQuickSearchAttrName="userLogin"/>
  </executables>

4)   Save it

5)   Copy the updated oracle.iam.ui.view.war in persistent volume location

6)   Login to weblogic console

7)   Click on deployments

8)   Lock and Edit

9)   Look for oracle.iam.ui.view

10)  Select the checkbox and click on update

11)  Click on change path

12)  And select the updated war from persistent volume location which is /u01/oracle/user_projects

13)  Click on Next

14)  Click on Next

15)  Click on Next

16)  Finish

17)  Click on Activate changes

18)  Ignore the Error

19)  Click on Activate Changes again.

20)  Restart the servers.

21)  Check if you see user login by default search.

Process to clean an unused process task in OIM process definition

OIM Tables used while clean up and it’s meanings:

MIL -Table stores task information
TOS -Holds information about a process.
EVT -Defines event handlers by providing a the process and class name. In addition the scheduling time of when the event handler can execute is set to pre (insert, update, delete) or post (insert, update, delete).
ADP -Defines an adapter created through the Adapter Factory.
DEP -Dependencies Among Tasks Within A Workflow Process.
MAV -Stores the runtime data mappings for ‘Process Task’ adapters. The data source being a process form, Location, User, Organization, Process, IT Resource, or Literal data.
MEV -E-mail notification events.
MSG -Defines the user groups that have permission to set the status of a process task.
MST -Task Status And Object Status Information. Holds All The Task Status To Object Status Mappings.
OSI -Holds information about tasks that are created for an order.
OSI_RESTORE - Table does not exists
OTI -Holds specific information such as status or scheduled dates about an instance of a task which are in Pending(Provisioning/Approval tasks ) and Rejected (Provisioning tasks) status buckets.
RGM -Table for Response Code Generated Milestones.
UNM -“UnDo Milestone” Feature.
RSC -Defines The All The Possible Response Code For A Process Task.
RVM -Holds Recovery Milestones.
RML -Rules To Apply To Task, Defines The Task Assignment Rules Attached To A Process Task.
 
 

Steps to delete these tasks with the sql queries running from OIM Database:

 
NOTE: This is not recommended doing in the higher environments as running sql queries from OIM database directly is not recommended.

Get the MIL_KEY from the task name that needs to be deleted:
select * from MIL where MIL_NAME='<Task_Name to be deleted>';
select * from MIL where MIL_KEY='';

Run the following queries and record the number of rows returned by each query:
select * from EVT where EVT_KEY in (select EVT_KEY from MIL where MIL_KEY='');
select * from ADP where EVT_KEY in (select EVT_KEY from MIL where MIL_KEY='');
select * from DEP where MIL_KEY='';
select * from MAV where MIL_KEY='';
select * from MEV where MIL_KEY='';
select * from MSG where MIL_KEY='';
select * from MST where MIL_KEY='';
select * from OFFLINE_USER_ATTRIBUTES where MIL_KEY='';
select * from OSI where MIL_KEY='';
select * from OSI_RESTORE where MIL_KEY='';
select * from OTI where MIL_KEY='';
select * from RGM where MIL_KEY='';
select * from RML where MIL_KEY='';
select * from RSC where MIL_KEY='';
select * from RVM where MIL_KEY='';
select * from UNM where MIL_KEY='';


Clean the data found from the above queries returned:
delete from OSI where MIL_KEY='';
delete from RSC where MIL_KEY='';

Now, Login to design console to delete the task manually.

Errorcode IAM-3050056

IAM-3050056 : The specified value <RoleName> for attribute Role is not one of the predefined values.

Solution - Run PurgeCache.sh on OIM node.

org.identityconnectors.framework.common.exceptions.ConnectorException: Max objects exceeded

Provisioning to Peoplesoft is failing from OIM with the following error:

[ORACLE.IAM.CONNECTORS.ICFCOMMON.PROV.ICPROVISIONINGMANAGER] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: dded97417bc45818:-6db7af17:17722180206:-8000-0000000000000004,0] [APP: oim#11.1.2.0.0] oracle.iam.connectors.icfcommon.prov.ICProvisioningManager : createObject : Error while creating user[[

org.identityconnectors.framework.common.exceptions.ConnectorException: Max objects exceeded

        at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$13.createException(CommonObjectHandlers.java:265)

        at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$13.createException(CommonObjectHandlers.java:262)

        at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$ThrowableHandler.deserialize(CommonObjectHandlers.java:115)

        at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder$InternalDecoder.readObject(BinaryObjectDecoder.java:162)

Solution:

1) Login to Designconsole

2) Search for lookup "Lookup.PSFT.Configuration"

3) Add Below 4 Values to the lookup

4) Chart FYR

OIM View/Client/Model Libraries missing in 12c

OIM View/Client/Model Libraries missing in 12c:

OIM Client Library.library

OIM Model Shared Library.library

OIM View Shared Library.library

There is a Bug 28025965 : LIBRARIES FOR MANAGED BEANS AND TASK FLOWS ARE MISSING IN 12C.

Solution: 
Oracle do have a patch 28025965 for this issue but there's alternate solution which is as follows:

1. There is a script "GenerateModelViewJarOnDemand.sh" in "$OIM_HOME/server/modules" directory. 

1. It needs to be executed to extract the jar files.

1. Once the jar files are extracted, you can move them to your project.

Account Name of Reconciled Accounts is Shown as ORC_KEY

ORC_Key is visible as Account Name of Reconciled Accounts

Cause: Map Descriptive Field is not configured.

Solution:

1. Login to OIM Design Console.
2. Open Process Management - Process Definition - <Process Name>
3. Click Map Descriptive Field
4. Select Process Data for <Process Name> - User Login (or other name field)
5. Save.
6. Save the Process Definition.
7. Modify an account in target
8. Rerun reconciliation and check if Account Name is now shown correctly.