Welcome to Venkata Nunna's Blog: January 2013

The following is the code snippet that is used for getting the credentials from CSF map.

Setting your environment:
Add jps-manifest.jar to your class path.

Sample Code:

public Map<String,String> getUserCredentialsFromCSF() throws Exception {         
         Map<String,String> credentials=new HashMap<String,String>();
  
         try {
            final String mapName = "custom.oim.sysadmin.map"; 
            final String key = "sysadmin";
            ServiceLocator locator = oracle.security.jps.service.JpsServiceLocator.getServiceLocator();
            final CredentialStore cs = locator.lookup(CredentialStore.class);

            Credential cred = AccessController.doPrivileged(new PrivilegedExceptionAction<Credential>() {
                                    public Credential run() throws CredStoreException {
                                        return cs.getCredential(mapName, key);
                                    }
                                    }, null);

            PasswordCredential pwCred = (PasswordCredential)cred;           
            credentials.put("User Name",pwCred.getName());
            credentials.put("Password",new String(pwCred.getPassword()));                
            }
        }catch (Exception e){
            logger.error(e.getMessage()+e); 
   throw e;
        }
        logger.debug(this.getClass().getSimpleName(), "getUserCredentialsFromCSF()");
        return credentials;                                               
    }

Giving permission to the jar that contains this code:

1. Login to Oracle Enterprise Manager.
2. On the left pane, expand the WebLogic domain.
3. Right-click WLS_DOMAIN. Select Security, System Policies.
4. Click Create
5. Add the following entry in Codebase.

File$MIDDLEWARE_HOME/user_projects/domains/IAMDomain/servers/oim_server1/tmp/_WL_user/oracle.iam.ui.custom/9h3lys/WEB-INF/lib/CustomClientAPI.jar

Note: Replace $MIDDLEWARE_HOME with actual value. Make sure you locate the correct path for CustomClientAPI jar under oim_server1 tmp folder.

6. Click Add Permission a popup will appear. Check “Select here to enter details for a new permission” check box and enter the below values and Click OK.

Permission Class: oracle.security.jps.service.credstore.CredentialAccessPermission
Resource Name: context=SYSTEM,mapName= custom.oim.sysadmin.map,keyName=*
Permission Actions: read

7. Click OK.

In OIM 11g R2 the administrative tab in the self service console is available OOTB (Out Of The Box) for general users as well. In order to remove this Admin tab for general users the following steps have to be performed.

1. Log in as As Admin user to the Self Service page
2. Create a new sandbox and Activate.
3. Click Customize.
4. Click on View and select Source which will open new frame.
5. Click on Administration Tab in left pane.
6. This will cause Pop up to verify Edit., click Edit
7. Click on the Administration Tab again.
8. In the Source pane, then showDetailHeader: Administration should be highlighted.
9. Click Edit icon
10. New pop up.
11. Scroll to bottom of Display Options tab.
12. Click on down arrow to right of Show Component.
13. Click on Expression Builder
14. Replace "true" with the #{oimcontext.currentUser.roles['SYSTEM ADMINISTRATORS'] != null}
15. Click on Test to confirm that for Admin user this returns TRUE
16. Click OK
17. Click Apply and then OK
18. Click Close in the Source pane

Now Login as a general user to the Self Service page. You should not see the Admin Tab.

Welcome to Venkata Nunna's Blog

About Me

Sunday, January 13, 2013

Getting Credentials using CSF

Friday, January 11, 2013

Removing Admin tab for general users in OIM11g R2 self service screen