Tuesday, May 7, 2013

OIM SPML Java Code for Searching User

SPML wsdl URL: http://oimhost:oimport/spml-xsd/SPMLService?wsdl

The XSD (oracle_common_pso.xsd) is available at:$OIM_HOME/features/spml-xsd.jar

Perform the following to ensure that SPML works with Oracle Identity Manager:

  • Need to assign required roles to SPML Admin user
  • The SPML Admin admin role has the following permissions:

    • Create, modify, and delete users via request
    • Search users on all the attributes
    • Enable user status via request
    • Disable user status via request
    • Add role memberships via request
    • Delete role memberships via request
    • Search roles on all the attributes
    • Create, modify, and delete roles via request
  • Login to OIM Identity Console --> Create New User --> 
SPML has two profiles: the XSD profile and the DSML profile. In 11g R2 PS1 it makes use of the XSD profile.

Creating SPML Admin User: 

1) Login to Identity Console and create new user(spmladmin)
2) Open TOP Organization --> Click on Admin Roles --> SPML Admin --> Add to created user 
3) Check Include Sub-orgs check box and apply 

Creating Auto Approval Policy :

Auto Approval is required so that SPML requests are auto approved. 

  • Create user request level
  • Create user operation level
  • Modify user request level
  • Modify user operation level
  • Delete user request level
  • Delete user operation level
  • Enable user request level
  • Enable user operation level
  • Disable user request level
  • Disable user operation level
  • Assign roles request level
  • Assign roles operation level
  • Remove roles request level
  • Remove roles operation level
  • Create role request level
  • Modify role request level
  • Delete role request level


Oracle Identity Manager 11g Release 2 (11.1.2.1.0) does not support the following SPML operations as part of the XSD profile:

Search user
Search role
Any operation, such as create, modify, delete, or search, on organizations


SPML Important API: 
https://code.google.com/p/oimexamples/source/detail?r=24


Sample Code for Searching:






    3 comments:

    1. Am trying similar code for add role membership to a user, but failing saying role capability data missing
      Did you try this?

      ReplyDelete
    2. Hi NVK,


      Do you have detailed error??


      Thanks

      ReplyDelete
    3. Bhanuchandar BobbiliJuly 7, 2014 at 8:16 AM

      Hi team.. I think SPML does not support SEARCHING a USER or ROLE.. It just validates the Username availability.... Even if it searches document does not have any
      "SPML Core Service" for searching a user!!!!

      ReplyDelete

    Other Posts