OIM 11g r2 ps2 - how to use tcDataSet from remote client without logging in as XELSYSADM
Hi All, I have a client application which uses the oimclient.jar to interface with OIM 11g r2 ps2 system. When i execute the tcDataSet as any other user than XELSYSADM then i get tcDataAccessException. Please note my client application is also hosted in the same server as the OIM application but in different weblogic domain. Is there any way where in I can decrypt the XELSYSADM password using OIMClient API classes (As i said since that my client and OIM runs in the same server, I have access to OIM domain/ keys/cert)orIs there any way to execute the tcDataSet as a non admin user? Please let me know.
If it's running on the same application server you can store the credentials in the enterprise manager in the same way it's used for the SOA integration and the CSF credential store. Then you can grab the xelsysadm or other credentials you've stored there. -Kevin
Thanks Kevin for your response. Both OIM and the client ADF application that interfaces with OIM are hosted in the same Linux server but in different Weblogic domains. Currently i am also maintaining in the XELSYSADM password in the enterprise manager where the client ADF application is hosted. I thought of checking if there is any other approach in reading the XELSYSADM password directly from OIM domain rather than maintaining in the client application EM - Credential store. Please let me know.
Do you have application protected by OAM? if yes, you can use below example:Oracle Fusion Middleware Security: Authenticating OIM APIs without end user's password ~J
Hi Abhishek, Thanks for your response. We are using OAM for both OIM and for the client application that interfaces with OIM. So when a user logins to the client application and places the request to OIM via API then the SSO works since I have established trust between the OIM and client application weblogic domains. But when logged in as non administrator (normal user) to OIM via API, you wont be able to use tcDataSet to execute the query as it throws tcData Access Exception. In OIM 11gR2PS2 tcDataSet query execution works fine only with administrator login like XELSYSADM. Also I do have a requirement where in I need to fetch second level manager of the logged in user via API. Only accessing logged in user manager details is allowed and to access second level manager detail as well you would need XELSYSADM login from API. So for the above reasons I need to maintain the XELSYSADM password in the client application. I am checking on which would be the ideal way to maintain the password.
Then Credential Store Framework (CSF) will be one way. You can use some SYSTEM service ID created in OIM ( User similar to XESLSYADM) with Infinite password expiry ( 10 years). Oracle Stack: Credential Store Framework (CSF) API Example ~J
Is IdXML going away from OAM?
when defining access control, Unable to expand searchbase
How to use assign someone the oracleDASEditUser priv with limitations
AD to OID integration problems bootstraping.
Oracle Access Manager 10.1.4.0.1 WebPass
How to hide fields in User Form in OIM?
Problem in SPML configuration
Oracle Access Manger
Approval workflow for EBS responsibilties and AD Groups
Disable Resource in OIM
CSV file feed to OIM
Problem in object form prepopulate
OID Compatibility with LDAP v3
OIM: How to use permissions