When we set up a IT Resource in OIM that will be used by either SMTP provider or the UMS to send out emails, there is an issue with emails not going through when an user other than xelsysadm (SYSTEM ADMINISTRATORS role) tries to send emails.
The exception in the logs will be similar to the one below:
[NOTIFICATION] [] [oracle.iam.notification.provider] [tid: [ACTIVE].ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: user123] [ecid: 894fa193dcd2578d:50eb0ada:13d63a1396f:-8000-0000000000004597,0] [APP: oim#11.1.2.0.0] IT Resource Email Server is not present.
[ERROR] [] [oracle.iam.notification.impl] [tid: [ACTIVE].ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: user123] [ecid: 894fa193dcd2578d:50eb0ada:13d63a1396f:-8000-0000000000004597,0] [APP: oim#11.1.2.0.0] Provider EmailServiceProvider has encountered exception : Authentication failed; nested exception is javax.mail.AuthenticationFailedException
ERROR] [] [oracle.iam.notification.impl] [tid: [ACTIVE].ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: user123] [ecid: 894fa193dcd2578d:50eb0ada:13d63a1396f:-8000-0000000000004597,0] [APP: oim#11.1.2.0.0] Sending notification with Provider EmailServiceProvider has encountered exception : Error occured while Sending Notification through Provider EmailServiceProvider : Authentication failed; nested exception is javax.mail.AuthenticationFailedException
ERROR] [] [oracle.iam.notification.impl] [tid: [ACTIVE].ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: user123] [ecid: 894fa193dcd2578d:50eb0ada:13d63a1396f:-8000-0000000000004597,0] [APP: oim#11.1.2.0.0] Sending notification with Provider EmailServiceProvider detailed exception : Authentication failed; nested exception is javax.mail.AuthenticationFailedException
The fix for this issue is to add the roles that will use this resource to send out emails to the IT Resource as Administrative Roles. For example if all the users in helpdesklevel1 and helpdesklevel2 roles should also send emails.
Edit the IT resource and then add these roles under Administrative Roles of the It Resource.
Note: Giving Read Access is enough.
Now when any user under these roles try to send an notification from OIM. It would not fail.
The exception in the logs will be similar to the one below:
[NOTIFICATION] [] [oracle.iam.notification.provider] [tid: [ACTIVE].ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: user123] [ecid: 894fa193dcd2578d:50eb0ada:13d63a1396f:-8000-0000000000004597,0] [APP: oim#11.1.2.0.0] IT Resource Email Server is not present.
[ERROR] [] [oracle.iam.notification.impl] [tid: [ACTIVE].ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: user123] [ecid: 894fa193dcd2578d:50eb0ada:13d63a1396f:-8000-0000000000004597,0] [APP: oim#11.1.2.0.0] Provider EmailServiceProvider has encountered exception : Authentication failed; nested exception is javax.mail.AuthenticationFailedException
ERROR] [] [oracle.iam.notification.impl] [tid: [ACTIVE].ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: user123] [ecid: 894fa193dcd2578d:50eb0ada:13d63a1396f:-8000-0000000000004597,0] [APP: oim#11.1.2.0.0] Sending notification with Provider EmailServiceProvider has encountered exception : Error occured while Sending Notification through Provider EmailServiceProvider : Authentication failed; nested exception is javax.mail.AuthenticationFailedException
ERROR] [] [oracle.iam.notification.impl] [tid: [ACTIVE].ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: user123] [ecid: 894fa193dcd2578d:50eb0ada:13d63a1396f:-8000-0000000000004597,0] [APP: oim#11.1.2.0.0] Sending notification with Provider EmailServiceProvider detailed exception : Authentication failed; nested exception is javax.mail.AuthenticationFailedException
The fix for this issue is to add the roles that will use this resource to send out emails to the IT Resource as Administrative Roles. For example if all the users in helpdesklevel1 and helpdesklevel2 roles should also send emails.
Edit the IT resource and then add these roles under Administrative Roles of the It Resource.
Note: Giving Read Access is enough.
Now when any user under these roles try to send an notification from OIM. It would not fail.
No comments:
Post a Comment