Getting set up to do Oracle OIM Certifications:
In OIM, Certifications are now used to drive attestation; for a manager and role owner to review and respond to a list of users and their Roles and Entitlements. With remediation, these entities can be automatically removed if the access is deemed inappropriate by the reviewers.
Certifications come with an OOTB composite to carry out the workflow for a standard single or two phase Certification campaign. If you need to have more than one campaign duration, reminder schedule or want to change the emails, you will need to create new SOA composites.
While you can build these composites on the server, I like to have them as part of my Eclipse workspace.
Create Composite Projects in Eclipse
Create a new Java Project.
Copy the <OIM_HOME>/server/workflows directory to your local drive.
From the local newly created workflows\new-workflow directory, copy the process-template directory and the new_project.xml file to the new project.
Open and explore new_project.xml.
The new_project ant script is, by default, set up to create a new project based on a template.
<project name="IAM" default="new_project">
<description>Builds a new BPEL project similar to the template project</description>
<target name="new_project" description="--> Generate structure and sample kernel handler for a new feature">
An alternate target and the script that is used to generate Certification composites occurs later:
<target name="certification" description="--> Generate a new composite for cert feature">
This is the target we want to use to generate the new Certification composits.
Open new_project with editor and change the default to run the target certifications
<project name="IAM" default="certification">
Run the new_project ant script, Ant Build.
Input new composite name
This builds the soa composite project by expanding a process-template for FlexibleCertificationProcess and creates a new directory structure for the new composite, SingePhase3Month.
Expanding: C:\work\ All WorkSpace\NewCertComposites\process-template\FlexibleCertificationProcess.zip into C:\work\ All WorkSpace\NewCertComposites\process-template
The output project, SinglePhase3Month, is created in the process-template directory.
Moving to JDeveloper
This SinglePhase3Month directory can now be copied into JDeveloper Studio.
(Inmportant: JDeveloper Studio must match the version and patch level as the SOA deployed. That is a different post.)
Open JDeveloper Studio.
Copy SinglePhase3Month directory and contents to C:\JDeveloper\mywork
From JDeveloper, File> Open> SinglePhase3Month> SinglePhase3Month.jpr
This creates a working Project in JDeveloper
Now we can get to the code that defines the Certification:
Click on SOA Content > composite.xml
Open CertificationTask in diagram
Common configurations will have to do with Deadlines and Notifications.
In Deadlines tab, one can set renewal after duration, expiration duration; or escalation duration, number of escalations and highest Approver title.
In Notifications tab, one can configure notifications in response to a number of Task status states.
For each state, one can configure who it will be sent to and the content.
- Request Info
- Update Outcome
- Other actions
Recipients can include
A different email template can be assigned to any combination of status and Recipient. Open Notification Reminder.
Under the Advanced sub Tab, Reminders can be set up as well as other options.
Once configured, the composite is compiled into a jar.
This jar can be deployed directly to the server or can be deployed as a jar.
Let’s do it the old fashioned way and create a jar.
If the composite state is not internally consistent, the validation error will be reported:
Go back and correct omissions.
When all is well:
Deploy using Enterprise Manager
Final step is to Deploy to server using Enterprise Manager.
Log into /em
Choose File and select SinglePhase3Month> deploy> sca_SinglePhase3Month_rev1.0.jar
These Composites can now be used to Define Certifications in /sysadmin