Thursday, August 2, 2007

How To - OIM : De provision a user from target through API

I have been asked for samples on how to de provision a user in OIM through API. It is possible to de provision a user from a target through API for direct deprovision. Here is the code for this.

/**
* This example shows how to de provision a resource from target . Given Login ID &
* Resource Name .
*
* This will only work for Direct De provision & not for Request Based Deprovision.
*/

import java.util.Collection;
import java.util.HashMap;
import java.util.Hashtable;
import java.security.PrivilegedAction;
import com.thortech.xl.util.config.ConfigurationClient.ComplexSetting;
import com.thortech.xl.util.config.ConfigurationClient;
import com.thortech.xl.crypto.tcSignatureMessage;
import com.thortech.xl.crypto.tcCryptoUtil;
import com.thortech.xl.security.tcLoginException;
import com.thortech.xl.crypto.tcCryptoException;
import Thor.API.*;
import Thor.API.Operations.*;
import Thor.API.Exceptions.tcAPIException;
import Thor.API.Exceptions.*;
import Thor.API.tcResultSet;
import Thor.API.tcUtilityFactory;
import Thor.API.Security.LoginHandler.LoginSession;
import Thor.API.Security.ClientLoginUtility;
import Thor.API.Security.XLClientSecurityAssociation;

public class deProvisionUser {

private tcUtilityFactory utilityFactory;
private tcUserOperationsIntf userIntf;

/** Connect to OIM as a standalone client make conection
* In order for this to work when you execute the pgm you should have
* these java options
* -Djava.security.auth.login.config=C:\oracle\oim_server\xellerate\config\auth.conf
* -DXL.HomeDir=C:\oracle\oim_server\xellerate
*
* Change the path according to installation.
**/
public deProvisionUser() {

System.out.println(" ************* Inside Access Policy constructor ****************");
try{
ComplexSetting config = ConfigurationClient.getComplexSettingByPath("Discovery.CoreServer");
System.out.println(" Config is "+config.toString());
final Hashtable env = config.getAllSettings();
System.out.println(" Hash Table env is "+ env);


tcSignatureMessage moSignature = tcCryptoUtil.sign("xelsysadm","PrivateKey");
utilityFactory = new tcUtilityFactory(env, moSignature);
System.out.println("utilityFactory = " + utilityFactory);
}catch(Exception ee){
System.out.println(" Exception in Constructor " +ee);
ee.printStackTrace();
}

}

/**
* This method will deprovision the user from the target. UserID/Login ID & Name of the Target ( Resource Object Name)
* needs to be passed as parameters.
* Method will find all the targets for which the user is currently provisioned
* Based on the Target you are interested (passed as method arugment) it will
* de provision the user from the target.
*
* It will only revoke the targets whos current status is provisioned.
*
*
* This will only work for Direct Deprovision & not for Request Based Deprovision.
*
*/
public void deprovision(String userID,String targetRevokeName){
tcResultSet rset;
try{
userIntf=(tcUserOperationsIntf)utilityFactory.getUtility("Thor.API.Operations.tcUserOperationsIntf");

// Now Lets get all the Active users in OIM , we can select which user
// to remove later
HashMap map = new HashMap();
map.put("Users.User ID",userID);
map.put("Users.Status","Active");
rset=userIntf.findUsers(map);

// Get the User Key for the User given his User ID

rset.goToRow(0);
long uKey=rset.getLongValue("Users.Key");
System.out.println(" Key for Given User IS " + uKey);

// Now get all the objects thats been provisioned for
// the user given user's Key
rset=userIntf.getObjects(uKey);
int count=rset.getRowCount();
// Try to deprovision only of user has provisioned into Target
if(count>0){
String cNames[] = rset.getColumnNames();

// If you want you can see all the properties of given targets
// Here in this section of code
for(int i=0;i for(int j=0;j System.out.println(cNames[j]+" "+rset.getStringValue(cNames[j]));
}
rset.goToRow(i);
}



// Get the Target Names & Users-Object Instance For User.Key
// of all the provisioned resources . The object instance key
// is used for revoking the target . Along with User Key which we
// Got earlier.

HashMap tmap = new HashMap();
for(int k=0;k rset.goToRow(k);
String targetName=rset.getStringValue("Objects.Name");
String objInstKey = rset.getStringValue("Users-Object Instance For User.Key");
String status =rset.getStringValue("Objects.Object Status.Status");
if(status.equalsIgnoreCase("provisioned"))
tmap.put(targetName,objInstKey);
}
System.out.println(" All The provisioned target for user " + tmap);
System.out.println("Revoking Target System");


// Now get the Object Instance Key for the Target that you are
// Interested in from the Map. Target name is passed to this method

String tKey=(String)tmap.get((Object)targetRevokeName);

long tObjKey = new Long(tKey).longValue();

System.out.println(" Key of the Target to be Revoked "+tObjKey);
// Revoke the Target for the User
System.out.println(" Revoking Target "+targetRevokeName);
userIntf.revokeObject(uKey,tObjKey);
System.out.println(" Target Revoked ");
}
}catch(Exception ee){
System.out.println(" Error in deprovision "+ ee);
ee.printStackTrace();
}
}

public static void main(String args[]){
// User ID / Login ID of the User.
String userID="TUSER3";
// Resource Object Name of the Target.
String targetToBeRevoked="Database Application Resource";
new deProvisionUser().deprovision(userID,targetToBeRevoked);
System.exit(0);
}
}

Posted by at

1 comment:

Vasu Kurukunda said...

Hey i was wondered after looking at the code regarding OIM user de-provisioning using API. I would like to request you to send some pointers on how to provision OIM user using API if possible.

Thanks for your help,
Vasavi.

September 14, 2009 at 12:22:00 AM PDT

Post a Comment

Subscribe to: Post Comments (Atom)