Logging in OIM custom code

Proper logging is one of the main considerations during custom development. This is no different in OIM projects in which custom code is being developed and deployed to OIM. Proper logging is fundamental part of development, helping in finding issues, fixing them and also in reporting relevant runtime conditions. This post shows how to leverage […]

OIM Reset Password Customization Example

Out-of-the-box, the OIM reset password functionality is available to system administrators, and to delegated administrators who have administrative privileges on users’ accounts and have the ‘reset password’ privilege assigned to them. The data of the user who is having his/her password reset plays no role on how this functionality is presented to delegated administrators. This […]

Customizing specific instances of a WebCenter task flow

Introduction Customizing the framework task flows in WebCenter is a common requirement for customers.  With MDS, customization rules are layered but often customers will need to customize specific instances of their task flows, or have different levels of customization on different instances or pages which are all under the same MDS layer. This post walks […]

Oracle GoldenGate – A Guide to Globalization aspects when working with OGG

Introduction The goal of this paper is to describe the concepts related to globalization and provide best practice guidelines when configuring Oracle GoldenGate (OGG). Main Article We will begin by defining character set and discuss the various usage contexts of character sets which are referred to when configuring OGG. The complete document can be found […]

OIM 11g R2 UI Customization Tips and Tricks

Introduction OIM 11g R2 provides OIM Developers with the means to implement very sophisticated and functional rich customization to the Out-of-the-Box User Interface. These customizations are capable of surviving the installation of patches, which means that when the OIM installation is patched, the UI customizations don’t have to be re-applied. The customizations are stored as […]

Showing Mobile Number in WebCenter Spaces

One of our customers recently had trouble with Hierarchy viewer in Webcenter Spaces. They were unable to see Mobile numbers for any user other than the logged in user. All other info was visible.

Here’s how to enable viewing mobile numbers in Hierarchy viewer Org chart:

· Login to Spaces as Administrator

· Navigate to Administration > Configuration > People Connections > Profile


· You will notice in the Profile Attributes sections that the Mobile Phone is in Business Contact section while Phone is in Summary section

· In the Profile Access section (as shown in the screenshot above), Change the “Who can view this section” for Business contact to “Authenticated users”

· For Testing purposes only, change the Profile Cache Settings to have a lower timeout value.

· Restart Spaces for timeout changes to take effect.


Simplifying OIM 11g (Chapter Two)

  Introduction This is the second article in a series of posts with the common goal of providing customers with ideas and techniques that can be used to simplify the use of advanced features of OIM 11g. In Chapter One of this series, we described the components of a framework that would allow users at […]

Simplifying OIM 11g Series (Chapter One)

Introduction This is the first one in a series of posts dedicated to the design of tools that have the common goal of simplifying or enhancing the functionality provided by OIM 11g. As more and more customers implement OIM 11g, new challenges arise and new issues are uncovered. OIM 11g is a very powerful platform […]

Custom transformation provider for OIM GTC connector

GTC based connector is one of the most used approaches for reconciling data into OIM, specially through the use of flat files. A common issue is that some customers do not allow direct communication between OIM and the HR system (for different reasons …

Portal and Content – Components, part 3 – Applied Customization Framework (4 of 7)


Have you ever been challenged with the situation where your work task asks you to implement functionality in the WebCenter Portal and you browse through the Resource Catalog (Business Dictionary) and find the functionality you need. However when you get started there is small short comings and you ask your self
– how can I re-use what is out of the box ca?
– I wonder what code I need to use to produce the similar functions and include my new requirements?
– Must I write a new taskflow?

The answer to above questions are in many times answered with simply you can  do a taskflow customization to out-of-the-box taskflows. In this post I will help you understand how to do such customization.

Best described is a 4 step process, see image flow below for illustration:

Just to clarify few naming confusions that might occur when go through above process.

  1. Customization Role is a function within JDeveloper that will allow you to implement view and flow customizations to existing taskflows
  2. WebCenter Portal – Spaces Taskflow Customization Framework this technology scope do not only refer to WebCenter Spaces, this also include WebCenter Portal/Framework
  3. A taskflow customization do not overwrite or replace any code, it just creates an additional tip view of the taskflow in the MDS for the current application (WebCenter Portal or WebCenter Spaces)

To sum up this simple procedure I also like to help you find your way around the main topic for this post series, this post series is focusing primarily on Content integration with WebCenter Portal, so where can I find content related taskflows in the WebCenter Libraries. The list below mention some useful locations to taskflows and each taskflow page fragments.


Library Reference – WebCenter Document Library Service View

Content Presenter
Path: oracle.webcenter.doclib.view.jsf.taskflows.presenter
Taskflow: contentPresenter.xml – The Content Presenter taskflow
Taskflow: contentPresenterWizard.xml – The publishing wizard to select content, select template and preview including contribution

Document Manager
Path: oracle.webcenter.doclib.view.jsf.taskflows.docManager
Taskflow: documentManager.xml – The Document Manager taskflow which includes references to document management feature including browsing, download, uploading and viewing.

For more information on Taskflow customizations please see following documentation:


  1. Introduction – Introduction to the series of posts and what to expect at the end of the series
  2. Components, part 1 – UCM, Site Studio and Content Templates
  3. Components, part 2 – Page Templates and  Navigation model
  4. Components, part 3 – Applied Customization Framework
  5. Scenario 1 – Enable a Portal for runtime administration
  6. Scenario 2 – Enable a Portal for Internationalization
  7. Scenario 3 – Enable a Portal for Content Workflows

How to Customize Pre and PostUpdate to work with DASH GUI

PreUpdate and PostUpdate are standard XML elements that are executed during creating and updating assets. Yet neither have an obvious way of determining if they are being invoked from the Advanced Interface versus the DASH interface. (for example, you might want to send a warning back to DASH if a certain error condition was met). The following customization allows you to add code to do just that.

Extreme Customizations – LoV for Navigation Parameters

When composing a new portal application there is various important steps that has to be taken into account, one of them is navigation model. For a very comprehensive portal experience and low cost of ownership the navigation model must be flexible enough so the business can take ownership of this asset. Today this can be hard to realize since the navigation administration in run-time leaves a lot of room for mistakes. One step into making this less error prone and more user friendly is to allow the user to configure the navigation model and its associated parameters from predefined value lists or pickers. A picker is a more complete component that will support the user when setting values on important parameters.
Lately we have investigated what effort it would take to support LoV’s and pickers in the navigation model and we found this to be pretty trivial. This post will in short explain how this can be implemented using existing architecture.

Step 1 – Create Customization Application

1. Create a new WebCenter Spaces Taskflow Customization Application – note that the name here indicates this only applies to WebCenter Spaces, this is however not the case.

2. Enable the application to show libraries by selecting the filter menu and selecting “Show libraries

3. Restart JDeveloper using Role: Customization Developer

Step 2 – Add customization to navigation editor

1. Now you should see all libraries in the ViewController project – browse to following jar file and location
Jar: WebCenter Navigation Editor
Location: oracle.webcenter.navigationeditor.view.resourceeditor.jsff

2. Locate following snippet, towards the end of the file:

   1: <!-- Tab 3: Parameters (ppr if path or page template changes) -->
   2:  <af:showDetailItem id="sdip" text="#{neb.PARAMETERS}"
   3:                     rendered="#{pageFlowScope.resourceEditorBean.parametersAvailable}">
   4:    <af:panelGroupLayout id="pglp" layout="scroll">
   5:      <af:panelFormLayout id="pflp" labelWidth="30%">
   6:        <af:iterator value="#{pageFlowScope.resourceEditorBean.sourceValues}"
   7:                     var="srcx" id="its">
   8:          <af:group id="g1">
   9:            <af:iterator value="#{pageFlowScope.resourceEditorBean.parameters}"
  10:                         var="prm" id="itp">
  11:              <af:panelLabelAndMessage label="#{prm.displayName}"
  12:                                       rendered="#{prm.visibleOnTab and prm.source == srcx}"
  13:                                       id="plam22">
  14:                <pedc:showProperty id="ot7" simple="true"
  15:                                   columns="#{prm.name == 'xml' ? 80 : 40}"
  16:                                   rows="#{prm.name == 'xml' ? 10 : 1}"
  17:                                   taskFlowId="#{prm.taskFlowId}"
  18:                                   taskFlowParam="#{prm.name}"
  19:                                   unselectedLabel="#{neb.NO_SELECTION}"
  20:                                   shortDesc="#{prm.description}"
  21:                                   value="#{prm.value}"/>
  22:              </af:panelLabelAndMessage>
  23:            </af:iterator>
  24:          </af:group>
  25:        </af:iterator>
  26:      </af:panelFormLayout>
  27:    </af:panelGroupLayout>
  28:  </af:showDetailItem>

5. We are now going to update the pedc:showProperty configuration to support LoV’s by adding a dummy taskflow reference
   – Update taskflowId property to include a dummy taskflow name – I will set it to  /oracle/webcenter/portalapp/taskflows/nav-lov-support.xml#nav-lov-support
   – Best practice is to support both the current EL expression and the dummy taskflow, the idea is if no taskflow is present this property will be empty,
     at this stage you should inject the  dummy taskflow name



6. Save the Customization project, this will be deployed to the actual portal when the last configuration is done

Step 3 – Prepare Portal Application for the customization

1. Open the Portal Application that you will deploy the customization to

2. Open Portal project and navigate to WebContent

3. Create a new Bounded Taskflow called nav-lov-support.xml in following location /oracle/webcenter/portalapp/taskflows
Make sure to set a default activity on the taskflow, i.e. an empty page

4. Register Taskflow as a resource by right clicking the Taskflow and select Create Portal Resource. Leave all fields as default
    This Taskflow is only used as a placeholder for our parameter extensions used in the navigation model

5. Finally we are about to setup the Page Editor Extension file (pe_ext.xml) in following location Portal\adfmsrc\META-INF

6. Add following markup to the empty xml file (pe_ext.xml)

   1: <?xml version="1.0" encoding="UTF-8" ?>
   2: <pe-extension xmlns="http://xmlns.oracle.com/adf/pageeditor/extension">
   3:   <lov-config>
   4:     <task-flow-definition taskflow-id="/oracle/webcenter/portalapp/taskflows/nav-lov-support.xml#nav-lov-support">
   5:       <input-parameter-definition>
   6:         <name>color</name>
   7:         <enumeration inline="true">
   8:           <item>
   9:             <name>Blue</name>
  10:             <value>BLUE</value>
  11:             <description></description>
  12:           </item>
  13:           <item>
  14:             <name>Green</name>
  15:             <value>GREEN</value>
  16:             <description></description>
  17:           </item>
  18:           <item>
  19:             <name>Red</name>
  20:             <value>RED</value>
  21:             <description></description>
  22:           </item>
  23:         </enumeration>
  24:       </input-parameter-definition>
  25:     </task-flow-definition>
  26:   </lov-config>
  27: </pe-extension>

7. The new parameter that will have value support in the navigation model parameters in run-time in this example will be color, the values that the user can pick from is (Blue, Green, Red). The next step is to test this.

8. The best approach to test parameters in Navigation Model is by allowing the navigation entry inherit the parameter from the selected page, therefore I recommend for this instance to just add a page parameter to the home.jspx page called color. You can leave the parameter value empty since this will be set in run-time in the navigation model.




OIM 11g Event Handlers

Event Handlers are among the most common customizations in OIM 11g implementations. They have been available in OIM for a long time, but with 11g and its new frameworks, they certainly are becoming even more popular.

The most common use of event handlers is for extending the user management operations. Although a variety of business requirements can be achieved through custom event handlers, they must be used with care and with focus on the performance impact they may bring to OIM transactions.

The main types of Event Handlers are:

  • Pre-Process: triggered BEFORE the actual transaction is executed
  • Post-Process: triggered AFTER the actual transaction is executed, but within the transaction
  • Validation: triggered BEFORE the actual transaction starts and can prevent the transaction from happening if the validation fails
Because they are executed after the actual transaction happens, the post-process event handlers are asynchronous to the main transaction. In other words, they do not impact the main transaction performance.
But keep in mind that they can and will affect OIM overall performance, they are just another code to be executed by the application server.
Event Handlers are tied to specific entities in OIM like ‘Users’ and ‘Groups’. They are also tied to specific transactions, like ‘CREATE’, ‘MODIFY’ or ‘DELETE’, and they can also be tied to any transaction.

In OIM 11g, the Event Handlers are implemented through the plugin framework. An Event Handler comprises of:
  • The XML file that defines the event handler and specifies (among other things): Event Handler name, Java class with the implementation, entity type, the stage that the event handler will be executed (preprocess, postprocess) and other information depending on the type
  • The plugin that contains the code to be executed

Finally getting to the point: a list of recommendations that should be considered in Event Handlers implementation.

  •  Use OIM 11APIs whenever possible; avoid using ‘Thor.API.tcUserOperationsIntf for searching users. Make use of the new APIs like ‘oracle.iam.identity.usermgmt.api.UserManager’ and ‘oracle.iam.identity.usermgmt.vo.User’APIs like
  • Use the class ‘oracle.iam.platform.Platform’ to get instances of the APIs. When this class is used, there is no need for API authentication. The instances returned run under ‘internal’ user in OIM, therefore the update operations can be done without authenticating: Platform.getService(UserManager.class)
  • Avoid long running operations in Event Handlers. Even if the code can be executed as post process asynchronous operation, think about moving any long running operation to scheduled tasks and/or other OIM features
  • Use ‘oracle.iam.platform.entitymgr.EntityManager’ for updating user attributes. This will prevent OIM from triggering the event handlers once again
  • Avoid things like accessing external database (or other database schemas), reading files and other ‘external to OIM’ operations. They will slow down the event handler execution.
  • Do not forget that OIM invokes the event handlers in two different ways: bulk and non-bulk. Make sure that your Event Handler code is smart enough to handle both situations.
  • OIM instantiates one instance of each event handler during application server startup and keeps invoking it. Take this into consideration when designing and implementing your Event Handler.
The recommendations above may or may not apply to your business cases and implementation, but they are a good start point when designing Event Handler implementations.

Check the Oracle Identity Manager Academy for other OIM 11g related posts

Developing Workflows to OIM 11g – the basics

OIM & BPEL Working together? 

OIM 11g release brought us the powerful world of Oracle BPEL based workflows: from this release on, Oracle BPEL is the workflow engine to be used by OIM in all sorts of requests and their related approval processes. While this integration makes OIM workflows way more powerful and flexible when compared to OIM 9.x, the development process is quite different. The idea for this article is to provide tips for making the development process more straightforward.

First let’s take a look in the main development steps for having a new workflow:
1. Generating basic workflow: OIM provides an utility that can be used to generate a JDeveloper project that contains a basic BPEL Workflow process:

‘ant -f new_project.xml -f new_project.xml’

The ‘new_project.xml’ is located at $OIM_HOME/server/workflows/new-workflow.

You have to provide the application name (which will become the JDeveloper Applciation Name), the project name (which will become the JDeveloper project in the application) and the process name (which needs to be unique across applications and will be the BPEL process name).

The command line will generate a JDeveloper application and you can copy it to wherever your JDeveloper is installed and start working on your customizations.

2. Customizing the workflow: using JDeveloper you can customize the workflow generated in the previous steps and code the logic to achieve your business requirements.

This is the step where you do all your customizations in the BPEL workflow. You can use OIM APIs to get information back from OIM, you can make external calls to legacy systems to verify data, you can easily integrate with existing WebServices, and you can pretty much do whatever is needed to achieve your business requirements.

3. Deploying the workflow: once the customization is done, it is time to deploy the workflow to Oracle BPEL engine. You can do this in two different ways:

  • Directly from JDeveloper: you have to create a WebLogic connection in JDeveloper.
  • Using a command line:

‘ant -f ant-sca-deploy.xml’

This script is located at $SOA_HOME/bin.

You will have to provide SOA Server connectivity information (username, password and URL) and also the path to the ‘.sar’ file. The ‘.sar’ file is generated by JDelevoper when you deploy the workflow to a file.

4. Registering the workflow: after the deployment to the SOA Server, the BPEL process must be registered in OIM. There is another script to accomplish this task:

‘ant -f registerworkflows-mp.xml’

This script is located at $OIM_HOME/server/workflows/registration

You will have to provide OIM connectivity information (URL, administrator username and password),  and also a path to a properties files you must create. The properties file must contain the BPEL workflow process information like category, domain, version and others.

What now? Are you done with the development cycle? 

Probably not, in most cases, it is necessary to make changes to the BPEL workflow to either fix bugs or make corrections. And there is a sequence of steps for that:

  1. Make the changes in JDeveloper
  2. Disable the workflow process in OIM
  3. Re-deploy the workflow to SOA Server
  4. Enable the workflow in OIM

To accomplish these steps, you have to use the same scripts you used in steps 3 and 4 from when you first deployed your workflow.

Ok, now finally to the point!

You probably noticed the number of scripts and the number of times you will have to run them when developing BPEL workflows to OIM. So to make the development process easier, I created some scripts to run OIM scripts. Scripting scripts is a good approach to lower the number of parameters you have to provide:  instead of typing the same parameters every time you run the script, you just provide the ones that make the difference. The scripts below are for Linux platforms, but they can be easily translated to other Unix-like platforms and also to Windows.

First we need to set all the environment variables we need in one script (substitute the values between ‘<>’ by the values from your environment):

middleware.env – this script will be sourced in the other ones

export MIDDLEWARE_HOME=<middleware_home>
export ANT_HOME=$MIDDLEWARE_HOME/modules/org.apache.ant_1.7.1
export PATH=$ANT_HOME/bin:$PATH
export SOA_HOME=$MIDDLEWARE_HOME/<soa_folder>
export OIM_HOME=$MIDDLEWARE_HOME/<iam_home>
export WL_USER=<weblogic>
export OIM_USER=<xelsysadm>
export OIM_URL=t3://<hostname>:<port>
export SOA_URL=http://<hostname>:<port>

Then we can use it in the ones that will actually do the work:

deployWorkflow.sh – deploys the workflow process to the BPEL server. To run this one all you have to provide is the WebLogic admin password and full path to the ‘.sar’ file.


. ./middleware.env

cd $SOA_HOME/bin

ant -f ant-sca-deploy.xml -DserverURL=$SOA_URL -Duser=$WL_USER -Dpassword=$1 -Doverwrite=true -DsarLocation=$2

disableWorkflow.sh – disables the workflow in OIM. You have to provide the OIM administrator password and the workflow process name.


. ./middleware.env

cd $OIM_HOME/server/workflows/registration

ant -f registerworkflows-mp.xml -DserverURL=$OIM_URL -Dusername=$OIM_USER -Dpassword=$1 -Dname=$2 -Ddomain=default -Dversion=1.0 disable

enableWorkflow.sh – enables the workflow in OIM. You have to provide the OIM administrator password and the workflow process name.


. ./middleware.env

cd $OIM_HOME/server/workflows/registration

ant -f registerworkflows-mp.xml -DserverURL=$OIM_URL -Dusername=$OIM_USER -Dpassword=$1 -Dname=$2 -Ddomain=default -Dversion=1.0 enable

Collateral Information

Product documentation will always be the primary source of information. You can find more information about how to work with OIM and BPEL at:

Oracle Fusion Middleware Developer’s Guide for Oracle Identity Manager

Oracle Fusion Middleware Developer’s Guide for Oracle SOA Suite