20 Troubleshooting Generic Technology Connectors

This chapter describes how to troubleshoot problems that you might encounter during development. It contains these sections:

20.1 General Issues for Generic Technology Connectors

This section describes general issues for generic technology connectors. It contains these topics:

20.1.1 Creation Issues

This section describes the following known issues related to the connector objects that are automatically created by the generic technology connector framework:

  • Summary:

    • No warning is displayed if the name that you specify for a generic technology connector is the same as the name of an existing connector object.

    • No warning is displayed if an existing connector object is overwritten by a new connector object when you import a connector XML file.

    Description:

    This point has also been discussed in the "Names of Generic Technology Connectors and Connector Objects" section.

  • Summary:

    After an error occurs during generic technology connector creation, form names are not displayed on the Step 4: Verify Connector Form Names page when you revisit that page by clicking Back on the Step 5: Verify Connector Information page.

    This is intentional and not the result of an issue or limitation of the software.

    Description:

    As mentioned earlier in this guide, some connector objects are automatically created even if the overall generic technology connector creation process fails. This set of connector objects includes process forms whose names you specify on the Step 4: Verify Connector Form Names page. In the event that the connector creation process fails, you are prompted to enter new form names through the display of blank fields on the Step 4: Verify Connector Form Names page. This is to ensure that the uniqueness checks on the process form names are reapplied when you submit the new form names.

    As an alternative to revisiting the previous pages and providing input for creating the generic technology connector, you can start all over again from the Step 1: Provide Basic Information page and re-create the generic technology connector.

  • Summary:

    You cannot provision generic technology connector resource objects to organizations defined in Oracle Identity Manager.

    Description:

    A resource object is one of the connector objects that get created automatically during generic technology connector creation. This resource object can be provisioned only to Oracle Identity Manager Users. You must not attempt to provision it to organizations defined in Oracle Identity Manager.

  • Summary:

    Customization work done on objects of a generic technology connector would be overwritten if you perform a Manage Generic Technology Connector operation.

    Description:

    You can use the Design Console to customize connector objects that are automatically created during generic technology connector creation. However, after you customize connector objects, if you perform a Manage Generic Technology Connector operation, then all the customization done on the connector objects would be overwritten. Therefore, Oracle recommends that you apply one of the following guidelines:

    • Do not use the Design Console to modify generic technology connector objects.

      The exception to this guideline is the IT resource. You can modify the parameters of the IT resource by using the Design Console. However, if you have enabled the cache for the GenericConnector and GenericConnectorProviders categories, then you must purge the cache either before or after you modify IT resource parameters.

    • If you use the Design Console to modify generic technology connector objects, then do not use the Manage Generic Technology Connector feature to modify the generic technology connector.

  • Connector objects that are automatically created are not deleted even if the generic technology connector creation process fails.

  • Summery:

    When you create a new GTC based on Database Application Table, configure connection parameters, and select the custom transformation provider in the reconciliation staging to apply a concatenation to the attribute, such as ID_EMPLEADO, the custom transformation provider is visible and you can select it, but when you click Continue to provide mapping information, an error is loggged, and you are not able to provide parameters to the Transformation. The error is similar to the following:

    <Sep 29, 2011 6:31:32 PM CDT> <Error>
    <org.apache.struts.tiles.taglib.InsertTag> <BEA-000000> <ServletException in
    '/gc/ModifyConnectorTransParamsTiles.jsp': null
    javax.servlet.ServletException: java.lang.reflect.InvocationTargetException
    

    Description:

    The possible reason of this error is missing entries in the properties files. To resolve this issue, the resource bundles must be added in the following files:

    • $MW_HOME/Oracle_IDM1/server/customResources/customResources_en.properties

    • The corresponding translations for the other locales used

20.1.2 Multi-language Support

This section describes the following known issues related to the Multilanguage Support feature:

  • Summary:

    No warning is displayed if there are non-ASCII characters in the first or second line of the data files in the staging directory.

    Description:

    There is no support for non-ASCII data in the metadata of target system user data. If you use the CSV Reconciliation format provider, then this limitation means that you cannot include non-ASCII characters in the metadata line (second line) of the parent and child data files that you store in the staging directory.

    The reason for this limitation is as follows:

    The generic technology connector framework creates User Defined process forms in Oracle Identity Manager and names the forms and their fields on the basis of the input metadata. In addition, database tables and columns are created for these forms and their fields, respectively. Because non-ASCII characters cannot be used in database object names, these characters are not supported in the target system metadata.

    The generic technology connector framework may be able to parse and correctly display non-ASCII characters in the first and second lines of the data files. However, to ensure that the connector objects are created correctly, you must ensure that non-ASCII characters are not used in the first and second lines of the data files.

    Note:

    From the third line onward in the data files, the field data values can contain non-ASCII characters. These data values are reconciled and stored in the Oracle Identity Manager database.
  • Summary:

    For any language that Oracle Identity Manager supports, if the browser language setting does not match the operating system language setting of the Oracle Identity Manager server, then data is not displayed correctly on the Step 3: Modify Connector Configuration page.

    Description:

    The Step 3: Modify Connector Configuration page displays an image that is dynamically created by the generic technology connector framework. The following are limitations related to the display of localized text items on this page:

    The language in which you want field labels to be displayed must match the following language settings:

    • Oracle Identity Manager language

    • Operating system language

    • Browser language

    If the browser language setting is the same as the operating system language setting of the Oracle Identity Manager server, then all the text items (field names and GUI element labels) are displayed in the required language.

    Note:

    • Localized GUI element labels are displayed only if you create and use resource bundles that contain localized labels for these GUI elements.

    • If you are using the Traditional Chinese or Simplified Chinese language, then the browser locale (language and country/region) must be the same as the operating system locale (language and country/region) for all the text items to be displayed in the required language.

    If the browser language is not the same as the operating system language, then the following static labels would be displayed in English (regardless of the browser language):

    • Labels of the OIM - User and OIM - Account data sets: "User" and "Account"

    • Labels of the fields that constitute the OIM - User data set:

      • "User ID"

      • "Email"

      • "First Name"

      • "Last Name"

    For non-ASCII languages, labels for the remaining items on the Step 3: Modify Connector Configuration page would not be displayed correctly.

  • Summary:

    Certain text items displayed on the Step 3: Modify Connector Configuration page are always displayed in English.

    Description:

    Some of the static text displayed on the Step 3: Modify Connector Configuration page are not localized. For example, suppose you create a generic technology connector named MyGTC. When you provision the resource object of this connector to a user, the following text is displayed on the page:

    Provisioning form for MyGTC

    Child Form of MyGTC representing child-dataset: child_data_set_name

    The static part of this text is always displayed in English.

    If required, you can localize the static text as follows:

    1. For the language to which you want to localize the text, open the corresponding customResources.properties file by importing it from MDS. The files for all the languages that Oracle Identity Manager supports are in MDS. To import the customResources.properties file from MDS, see "Migrating User Modifiable Metadata Files".

      The following example illustrates this step of the procedure.

      Suppose you specify the following values while creating a generic technology connector:

      • Connector Name: MyGTC

      • Parent Form name: ADUser

      • Child data set name: ADUserRole

      • Child form name: ADURole1

      If you want the static text to be displayed in the Spanish language, then open the customResources_es.properties file. This file is in MDS.

    2. In the customResources.properties file for the required language, add the following lines:

      Note:

      You can access the customResources.properties file for the required language from the Oracle Identity Manager page on the Oracle Technology Network (OTN) Web site at the following URL:

      http://www.oracle.com/technetwork/index.html

      global.UD_PARENT_FORM_NAME.description=Localized_text_for_"Provisioning form for" GTC_name
      
      global.UD_CHILD_FORM_NAME.description=Localized_text_for_"Child Form of" GTC_name Localized_text_for_"representing the child data set": child_data_set_name
      

      In these two lines, replace:

      • PARENT_FORM_NAME with the name of the parent form

        The parent form name is always converted to uppercase letters in Oracle Identity Manager. Therefore, the name that you enter must be in uppercase letters.

      • Localized_text_for_"Provisioning form for" with localized text for the words "Provisioning form for"

      • GTC_name with the name of the generic technology connector

      • CHILD_FORM_NAME with the name of the child form

        The child form name is always converted to uppercase letters in Oracle Identity Manager. Therefore, the name that you enter must be in uppercase letters.

      • Localized_text_for_"Child Form of" with localized text for the words "Child form for"

      • child_data_set_name with the name of the child data set

      For example:

      For the Spanish language, add the following lines in the customResources_es.properties file:

      global.UD_ADUSER.description=Spanish_text_for_"Provisioning form for" MyGTC
      
      global.UD_ADUROLE1.description=Spanish_text_for_"Child Form of" MyGTC Spanish_text_for_"representing the child data set": ADUserRole
      

20.1.3 Other General Issues

This section describes the following known issues that do not fall under any of the preceding categories:

  • Summary:

    Unsafe-Filename exceptions may be thrown during the generic technology connector creation process.

    Description:

    On Oracle WebLogic Server and Oracle Application Server, the Unsafe-Filename exception may be thrown during the generic technology connector creation process. This exception can be ignored. The generic technology connector creation process is not affected by the occurrence of these exceptions. This issue is not seen on IBM WebSphere Application Server and JBoss Application Server.

  • Generic technology connectors do not support the reconciliation of parent data deletion.

    You cannot use a generic technology connector to reconcile the deletion of parent data. For example, if the account of user John Doe is deleted from the target system, then you cannot use a generic technology connector to reconcile this user deletion in Oracle Identity Manager.

  • Summary:

    The contents of a UDF are not encrypted if the Password Field and Encrypted attributes have been set for the field by using the Design Console.

    Description:

    As mentioned earlier, the Password field is one of the predefined fields of the OIM - User data set. The Password Field and Encrypted attributes are set for this field. By using the Design Console, you can set the Password Field and Encrypted attributes for a UDF that you create. This would give the newly created UDF the same properties as the existing Password field. However, the generic technology connector framework treats this field the same as any other text field (with the String data type) and the contents are not encrypted in the Identity System Administration or database.

  • The generic technology connector framework does not provide some of the functionality that the Design Console offers for creating reconciliation rules. Only reconciliation rules of the following pattern can be created:

    A equals B

    "and"

    C equals D

    "and"

    E equals F

  • While creating a generic technology connector, you cannot specify that the target system requires a remote manager to communicate with the target system. Therefore, a generic technology connector cannot use a remote manager.

  • You use the Target Date Format parameter to specify the format in which date values must be sent to the target system during provisioning. Date validation for this parameter does not take place if you enter a date in numeric format. For information about the date formats that you can specify, see the following Web page:

    http://java.sun.com/docs/books/tutorial/i18n/format/simpleDateFormat.html#datepattern

  • Scheduled tasks that are not currently running have the INACTIVE status. These tasks run at the next specified date and time. Under certain conditions, a scheduled task is automatically assigned the NONE status. However, this status change does not affect the functionality of the task, which continues to run at the specified date and time.

  • During a Manage Generic Technology Connector operation, if you change the data type of a field in the OIM - Account data set, then an error is thrown when you click Create on the Step 5: Verify Connector Information page.

20.2 Configuration Issues for Generic Technology Connectors

This section contains these topics:

20.2.1 Names of Generic Technology Connectors and Connector Objects

This section describes the following known issues related to the names that you specify for generic technology connectors and connector objects:

Summary:

  • No warning is displayed if the name that you specify for a generic technology connector is the same as the name of an existing connector object.

  • No warning is displayed if an existing connector object is overwritten by a new connector object when you import a connector XML file.

Description:

During the creation or modification of a generic technology connector, various objects are automatically created or modified by the generic technology connector framework. You are prompted to specify names for the generic technology connector and process forms. The framework automatically generates names for the remaining objects. These autogenerated names are based on the name that you specify for the generic technology connector.

When you specify a name for the generic technology connector, you must ensure that the name is unique across all object categories (such as resource objects and IT resources) for that Oracle Identity Manager installation. Similarly, you must also ensure that the process form names are unique. This guideline must be followed even while importing a generic technology connector XML file to a different Oracle Identity Manager installation. You must ensure that the names of objects defined in the XML file are not the same as the names of objects belonging to the same category on the destination Oracle Identity Manager installation. For example, the name of the scheduled task defined in the XML file must not be the same as the name of any other scheduled task on the destination Oracle Identity Manager installation.

The scope of this guideline covers all connector objects, regardless of whether the object is used by a predefined connector or a generic technology connector on the destination Oracle Identity Manager installation.

If you do not follow this guideline, then existing objects that have the same name as imported objects are overwritten during the XML file import operation. No message is displayed during the overwrite process, and the process leads to eventual failure of the affected connectors.

This point has also been discussed in the "Connection Objects" section .

20.2.2 Step 3: Modify Connector Configuration Page

This section describes the following known issues related to the input that you specify on the Step 3: Modify Connector Configuration page:

  • Summary:

    While modifying an existing generic technology connector, if you modify the fields or child data sets of the OIM - Account data set, then corresponding changes are not made in the Oracle Identity Manager database entries for the forms that are based on these data sets. At the same time, no error message is displayed.

    Description:

    The Step 3: Modify Connector Configuration page provides features to add, modify, and delete fields and field mappings. You can use these features to modify the length or data type of fields in the OIM - Account data set or its child data sets. However, this action would not translate into corresponding changes in the Oracle Identity Manager database entries for these data sets. At the same time, no error message is displayed.

    Therefore, you must not make changes in the fields or child data sets of the OIM - Account data set.

  • Summary:

    Suppose you create a generic technology connector, use it for provisioning or reconciliation, and then delete fields or child data sets of the OIM - Account data set. An error occurs the next time you perform provisioning or reconciliation by using the same generic technology connector.

    Description:

    Suppose you create a generic technology connector and then use it for provisioning or reconciliation. You then delete some fields or child data sets of the OIM - Account data set of this generic technology connector. The next time you perform provisioning or reconciliation by using the same generic technology connector, an exception is thrown.

    After you use the generic technology connector for provisioning or reconciliation even once, deleting the fields or child data sets of the OIM - Account data set is an invalid operation. This is because data linked to the fields or child data sets that you delete has already been stored in the Oracle Identity Manager database.

    Therefore, you must not delete fields or child data sets of the OIM - Account data set if the generic technology connector has already been used to perform provisioning or reconciliation.

  • Summary:

    If the name of a reconciliation staging field used in a matching-only mapping were to be reused as the name of a field in a reconciliation staging child data set, then reconciliation would fail.

    Description:

    You create a reconciliation rule by creating matching-only mappings between fields of the reconciliation staging data set and OIM - User data set. If there are child data sets, then you must ensure that the names of fields of the reconciliation staging data set that are input fields for the matching-only mappings are not used in any of the reconciliation staging child data sets. If the name of a reconciliation staging field used in a matching-only mapping were to be reused as the name of a field in a reconciliation staging child data set, then reconciliation would fail.

    The following example illustrates this scenario:

    The AD_User data set is the reconciliation staging parent data set. The following are the fields of this data set:

    • User ID

    • Name

    • Designation

    • Location

    The Admin_Groups data set is a child data set of the AD_User data set. If you use the User ID field of the AD_User data set to create a matching-only mapping with the OIM - User data set, then you cannot have a field with the name User ID in the Admin_Groups data set. If this child data set were to contain a field with the name User ID, then reconciliation would fail.

  • Summary:

    The Password field is displayed in the OIM – User data set, even though this field is not reconciled by the reconciliation engine.

    Description:

    If you select the Trusted Source Reconciliation option on the Step 1: Provide Basic Information page, then the Password field is displayed in the OIM – User data set on the Step 3: Modify Connector Configuration page, even though this field is not reconciled by the reconciliation engine. If you create a mapping between this field and the corresponding target system field in the reconciliation staging data set, then the reconciliation field mapping that is automatically generated would try to map the field to the Password field. This, in turn, would cause the reconciliation event to fail.

  • There are limitations related to creating transformation mappings across the following data sets:

    • Source and reconciliation staging

    • Oracle Identity Manager and Provisioning Staging

    These limitations are as follows:

    • You cannot create a transformation mapping between a child data set of the Source or Oracle Identity Manager data set and a different (that is, not corresponding) child data set of the reconciliation staging or provisioning staging data sets. This also means that you cannot create a many-to-one mapping from multiple child data sets of one parent data set to a single child data set of another parent data set.

      The following example illustrates this limitation:

      Suppose the Source parent data set has the following child data sets:

      MyGTC:Group data set

      • Field 1: Group Name

      • Field 2: Group Type

      MyGTC:Role data set

      • Field 1: Role Name

      • Field 2: Role Type

      Suppose the reconciliation staging parent data set has the following child data sets:

      MyGTC:Group data set

      • Field 1: Group Name

      • Field 2: Group Type

      MyGTC:Role data set

      • Field 1: Role Definition

      According to this limitation, you cannot create a transformation mapping between, for example, the Group Name field of the Source data set and the Role Definition field of the reconciliation staging data set.

      However, you can create a many-to-one transformation mapping between, for example, the Role Name and Role Type fields of the Source data set and the Role Definition field of the reconciliation staging data set.

    • You cannot create a transformation mapping between a Source or Oracle Identity Manager parent data set and a reconciliation staging or provisioning staging child data set.

      The following example illustrates this limitation:

      Suppose the following are Oracle Identity Manager data sets and their fields:

      OIM - Account data set

      • Field 1: Name

      • Field 2: Address

      • Field 3: User ID

      • .. .

      Suppose the following are provisioning staging child data sets and their fields:

      Group data set

      • Field 1: Group Name

      • Field 2: Group Type

      According to this limitation, you cannot create a transformation mapping between, for example, the Name field of the OIM - Account data set and the Group Name field of the Group data set.

  • To create a reconciliation rule, you create matching-only mappings between fields of the reconciliation staging data set and the OIM - User data set. If there are child data sets, then ensure that the names of fields of the reconciliation staging data set that are input fields for the matching-only mappings are not used in any of the reconciliation staging child data sets.

    If this guideline is not followed, then reconciliation would fail.

  • Suppose you set the Date data type for a field on a child form. A Delete Child Record provisioning operation would fail if there is a date value in this field during the operation.

20.2.3 Errors During Connector Creation

The following are error messages that may be displayed at the end of the generic technology connector creation process. Each message explains the event that causes or during which the error message is displayed.

  • An error was encountered while generating the import XML file for generic technology connector connector_name.

  • An error was encountered while updating the IT resource parameters with the values provided for the run-time provider parameters of generic technology connector connector_name.

  • An error was encountered while either generating the XML file for generic technology connector connector_name or saving it in the Oracle Identity Manager database.

  • An error was encountered while importing the XML file for generic technology connector connector_name. The required lock on the import operation could not be acquired.

  • An error was encountered while saving the information for generic technology connector connector_name. Check the application logs for more details.

  • An error was encountered while creating a resource object for the generic technology connector connector_name. An existing resource object has the same name as the one being assigned to this resource object.

20.2.4 Errors During Reconciliation

Table 20-1 provides solutions to some commonly encountered problems associated with the reconciliation process.

Note:

These errors are logged only if you are using the shared drive reconciliation transport provider and the CSV Reconciliation format provider.

If any of these errors occurs, then the error message is written to the application server log file.

Table 20-1 Common Errors Encountered During Reconciliation

Problem Description (Error Message) Solution

No run time provider parameters available

Use the Manage Generic Technology Connector feature to check the values specified for the run-time parameters. Then, retry reconciliation.

No design time provider parameters available

Use the Manage Generic Technology Connector feature to check the values specified for the design parameters. Then, retry reconciliation.

Staging directory location is not defined

Use the Manage Generic Technology Connector feature to check the value specified for the Staging Directory (Parent Identity Data) parameter. Then, retry reconciliation.

File encoding is not defined

Use the Manage Generic Technology Connector feature to check the value specified for the File Encoding (Parent Data) parameter. Then, retry reconciliation.

Archive directory location is not defined

Use the Manage Generic Technology Connector feature to check the value specified for the Archiving Directory parameter. Then, retry reconciliation.

Cannot process files as not even fixed-width delimiter has been defined

Use the Manage Generic Technology Connector feature to check if a value has been specified for one of the following parameters:

  • Specified Delimiter

  • Tab Delimiter

  • Fixed Column Width

Then, retry reconciliation.

No Parent files in staging directory

No files available for reading

Ensure that data files are present in the directory specified as the value of the Staging Directory (Parent Identity Data) parameter. Then, retry reconciliation.

No child data present in staging directory

No files available for reading

Ensure that data files are present in the directory specified as the value of the Staging Directory (Multivalued Identity Data) parameter. Then, retry reconciliation.

The staging directory cannot be accessed. Either the directory path does not exist or necessary access permissions are missing

Ensure that the directories specified as parameter values have the required permissions. See Section 17.1, "Shared Drive Reconciliation Transport Provider" for information about the required permissions. Then, retry reconciliation.

Data files could not be read as its File encoding is not supported.

Use the Manage Generic Technology Connector feature to check the value specified for the File Encoding parameter. Then, retry reconciliation.

Not able to parse metadata

Check the metadata (contents of the second row) present in the parent and child data files. There may be a problem with the delimiter used in the files. Fix the problem, and then retry reconciliation.

Not able to parse header

Check the header (contents of the first row) of the data files. There may be a problem in the format of the header. See Section 17.1, "Shared Drive Reconciliation Transport Provider" for information about the header format.

Fix the problem, and then retry reconciliation.

Current Record is erratic and cannot be parsed

Check the entry that is written to the application server log file. It may contain errors that cannot be parsed. Fix the problem, and then retry reconciliation.


20.2.5 Errors During Provisioning

Table 20-2 provides solutions to some commonly encountered problems associated with the provisioning process.

Note:

Most of these errors are logged only if you are using the Web Services provisioning transport provider and the SPML provisioning format provider.

If any of these errors occurs, then the error message is displayed on the UI and written to the application log file.

Table 20-2 Common Errors Encountered During Provisioning

Problem Description Solution

Response code:

SPML Velocity Properties Not Read

Response Description:

The SPML template properties could not be read.

There is a problem with the Oracle Identity Manager installation. Contact Oracle Support, and send them information about this problem and the response code and description displayed. In addition, send the relevant logs generated after running Oracle Identity Manager with logging set to the DEBUG level.

Response code:

SPML Template Not Read

Response Description:

The SPML template file was not found.

There is a problem with the Oracle Identity Manager installation. Contact Oracle Support, and send them information about this problem and the response code and description displayed. In addition, send the relevant logs generated after running Oracle Identity Manager with logging set to the DEBUG level.

Response code:

SPML Unknown Operation

Response Description:

This provisioning operation is not one of the permitted operations: Create, Delete, Enable, Disable, Modify, and Child Table Operations.

There is a problem with the Oracle Identity Manager installation. Contact Oracle Support, and send them information about this problem and the response code and description displayed. In addition, send the relevant logs generated after running Oracle Identity Manager with logging set to the DEBUG level.

Response code:

SPML Provisioning Input Null

Response Description:

SPML provisioning input data is null.

Check if the provider parameters have been correctly specified.

Check if provisioning was initiated by direct provisioning or request provisioning. Retry the procedure by using the direct provisioning option.

Response Code:

SPML Template Context Processing Error

Response Description:

An error was encountered while processing the template context for generation of SPML request.

There is a problem with the Oracle Identity Manager installation. Contact Oracle Support, and send them information about this problem and the response code and description displayed. In addition, send the relevant logs generated after running Oracle Identity Manager with logging set to the DEBUG level.

Response code:

SPML Provisioning Operation Name Missing

Response Description:

The operation name for provisioning is missing.

The generic technology connector may not have been created correctly. Try creating another connector by using the same set of configurations (providers) but with fewer attributes. Try direct provisioning.

Response code:

SPML Provisioning Child Name Missing

Response Description:

The child name is missing.

You may have been trying to perform provisioning for one particular type (for example, role or membership) of multivalued attribute when this error occurred.

The connector may not have been created correctly. Try creating another connector by using the same set of configurations (providers) but only one multivalued attribute, which is the one that failed the first time. Try direct provisioning.

Response code:

SPML Provisioning Child Meta-Data Null

Response Description:

The child metadata list is null.

You may have been trying to perform provisioning for one particular type (for example, role or membership) of multivalued attribute when this error occurred.

The connector may not have been created correctly. Try creating another connector by using the same set of configurations (providers) but only one multivalued attribute, which is the one that failed the first time. Try direct provisioning.

Response code:

SPML Provisioning Child Metadata Problem

Response Description:

An error was encountered while sorting the child metadata list.

You may have been trying to perform provisioning for one particular type (for example, role or membership) of multivalued attribute when this error occurred.

The connector may not have been created correctly. There is a problem in the order that has been set for the provisioning fields. Try creating another connector with fewer attributes for the relevant multivalued field. Try direct provisioning. After each successful round of provisioning, try adding fields one by one by performing the Manage Generic Technology Connector procedure. The point at which you start facing this issue again identifies the field that is not in the correct order.

Response code:

SPML Provisioning ID Missing

Response Description:

The unique ID is missing.

You are trying to run an operation on a created user. However, the Create User operation itself may not have run successfully and the unique ID (psoID) that was expected as the response was not received. Therefore, the provisioned instance data was not updated in Oracle Identity Manager. Check why this operation failed.

Response code:

SPML Provisioning Target ID Missing

Response Description:

The unique Target ID is missing.

Check the provider parameters that have been entered. TargetID may be missing.

Response code:

OIM API Error

Response Description:

An error was encountered in the Oracle Identity Manager API layer.

Check if Oracle Identity Manager is operating correctly for other operations. Check the connectivity between the Oracle Identity Manager front end and the database.

Note: This error is not related to the providers that you use.

Response code:

OIM Process Form Not Found

Response Description:

The process form was not found in Oracle Identity Manager.

The generic technology connector may not have been created correctly. Try creating another connector by using the same set of configurations. Try direct provisioning.

Note: This error is not related to the providers that you use.

Response code:

OIM Process Form Instance Not Found

Response Description:

The process form instance was not found for the specified form during update.

The provisioned instance information in the Oracle Identity Manager database may have become corrupted. Try direct provisioning.

If the problem persists, then there may be an issue with the generic technology connector. Create another generic technology connector by using the same set of configurations.

Note: This error is not related to the providers that you use.

Response code:

OIM Atomic Process Instance Not Found

Response Description:

The process instance found is not an atomic process.

The provisioned instance information in the Oracle Identity Manager database may have become corrupted. Try direct provisioning.

If the problem persists, then there may be an issue with the generic technology connector. Create another generic technology connector by using the same set of configurations.

Note: This error is not related to the providers that you use.

Response code:

Column Not Found

Response Description:

An expected column was not found in the result set.

The generic technology connector may not have been created correctly. Try creating another connector by using the same set of configurations. Try direct provisioning.

Note: This error is not related to the providers that you use.

Response code:

Invalid Provider

Response Description:

The provider name specified is invalid.

The Provisioning Format, Transformation, or provisioning transport provider in use may not have been registered correctly. Check if you have correctly followed the steps to register the providers. If this error is displayed when a predefined provider is used, then check the directory on the Oracle Identity Manager server for the XML files of these providers. These XML files are in MDS. The locations for schema and provider definition XML files are as follows:

PROVIDER_DEF_XSD_LOCATION = "/db/GTC/Schema";

PROVIDER_DEF_XML_LOCATION = "/db/GTC/ProviderDefinitions";

Response code:

IT Resource Instance Not Found

Response Description:

The IT resource instance was not found in Oracle Identity Manager.

The generic technology connector may not have been created correctly. Try creating another generic technology connector by using the same set of configurations. Try direct provisioning.

Note: This error is not related to the providers that you use.

Response code:

Version Not Found

Response Description:

The required process form version was not found in Oracle Identity Manager.

The generic technology connector may not have been created correctly. Try creating another connector by using the same set of configurations. If you have edited an existing connector by adding a new field to an existing data set, then that operation may have failed. Try making the same change again in the connector.

Note: This error is not related to the providers that you use.

Response code:

Version Not Defined

Response Description:

The required process form version was not defined in Oracle Identity Manager.

The generic technology connector may not have been created correctly. Try creating another connector by using the same set of configurations. If you have edited an existing connector by adding a new field to an existing data set, then that operation may have failed. Try making the same change again in the connector.

Note: This error is not related to the providers that you use.

Response code:

Web Service Not Found

Response Description:

The Web service was not found on the target server. Check the service name and IP address.

Check the service name and IP address provided in the Web service URL. If these are correct, then check if the Web service is running.

Response code:

Web Service Connection Refused

Response Description:

The Web service connection could not be established. Check that the server is running and the specified port is correct.

Check if the Web service is running.

Response code:

Web Service No Such Method

Response Description:

The Web service method could not be started. Check the operation name and parameters.

Check the operation name and parameters.

Response code:

Web Service Null Parameter Value

Response Description:

The parameter value passed to the Web service is null.

Check if the provisioning process ran correctly. The provisioning format provider may not have run correctly and, therefore, may have generated NULL output.

Response code:

Web Service HTTP Library Missing

Response Description:

The Web service HTTP library is not included in the classpath.

There is a problem with the Oracle Identity Manager installation. Contact Oracle Support and send them information about this problem and the response code and description displayed. In addition, send the relevant logs generated after running Oracle Identity Manager with logging set to the DEBUG level.

Response code:

Web Service Null Result Value

Response Description:

The Web service result value is null.

Check if the Web service is running correctly. At present, it is generating NULL output as the response to the Oracle Identity Manager provisioning request.

Response code:

Web Service Invocation Issue

Response Description:

An error was encountered while invoking the Web service.

Check the credentials of the Web service.

Response code:

Web Service Target URL Missing

Response Description:

The Web service target URL required to invoke the Web service is missing.

Check the values of the provider parameters. The Web service URL may be missing. Modify the generic technology connector and provide this value again.

Response code:

Web Service Target Method Name Missing

Response Description:

The Web service target method name required to invoke the Web service is missing.

Check the values of the provider parameters. The Web service operation name may be missing. Modify the generic technology connector and provide this value again.

Response code:

Web Service Response XML Parsing Error

Response Description:

An error was encountered during XML parsing of the Web service response.

Check if the Web service is running correctly. It is generating an SPML response that does not conform to the format specified for the Web service provider.

Response code:

Web Service Response ID Error

Response Description:

Either a unique ID is not getting generated from the Web service, or its value could not be parsed because of an incorrect attribute name in the response XML file.

Check if the Web service is running correctly. For the Create User operation, it is generating an SPML response that does not conform to the specified format. In addition, it is not returning the psoID created in the target system. The provider specification for the Web Service provider expects the return of the psoID field.

Response code:

Web Service Protocol Connection Error

Response Description:

An error was encountered in the Oracle-SOAP HTTP connection.

Check the service name and IP address provided in the Web service URL. If these are correct, then check if the Web service is running. Check the operation name and parameters.

Response code:

Web Service Protocol Processing Error

Response Description:

An error was encountered while calling the Oracle-SOAP API.

Check the service name and IP address provided in the Web service URL. If these are correct, then check if the Web service is running. Check the operation name and parameters.

Response Code:

Unable to parse the date

Response Description:

Error encountered while parsing the date.

The value specified for the Target Date Format parameter is not correct. For information about the date formats that you can specify, see the following Web page:

http://java.sun.com/docs/books/tutorial/i18n/format/simpleDateFormat.html#datepattern

Response Code:

Data Access Error

Response Description:

A data access error occurred while executing the query or loading the result set.

Check if Oracle Identity Manager is operating correctly for other operations. Check the connectivity between the Oracle Identity Manager front end and the database.

Note: This error is not related to the providers that you use.

Response Code:

SSL Handshake Did Not Happen

Response Description:

An SSL handshake did not happen during the secure communication with the target Web service.

Check if the SEcure Sockets Layer (SSL) configuration between Oracle Identity Manager and the target system has been correctly completed. If required, perform the procedure again.

Response Code:

Error in Initialization of SSL-Related Properties

Response Description:

An error was encountered during the initialization of SSL-related properties. The relevant values are read from the "RMSecurity" element in the oim-config.xml file in the MDS.

Check the configuration entries corresponding to the RMSecurity element of the oim-config.xml file.

Response Code:

Invalid Web Service Keystore or password

Response Description:

An invalid keystore name or password was encountered in the oim-config.xml file in the MDS. Check the configuration entries corresponding to the "RMSecurity" element.

Check the configuration entries corresponding to the RMSecurity element of the oim-config.xml file.

Response Code:

Error Encountered During Web Service Keystore Initialization

Response Description:

Keystore initialization failed. Credentials of the keystore are mentioned in the oim-config.xml file under the "RMSecurity" element.

Check the configuration entries corresponding to the RMSecurity element of the oim-config.xml file.

Response Code:

Invalid ID

Response Description:

An invalid ID is present in the input SPML request.

Check the value specified for the Target ID parameter.

Response Code:

Object already exists

Response Description:

This object already exists in the target system.

Check if the object that you are trying to create already exists on the target system.

Response Code:

Operation Not Supported

Response Description:

The requested provisioning operation is not supported.

Check if the target system supports the requested provisioning operation. For information about the types of SPML provisioning operations that can be performed by using the SPML provisioning format provider, see the "SPML provisioning format provider" section.

Response Code:

Invalid ID Type in Input SPML Request

Response Description:

An invalid ID type is present in the input SPML request.

Check the sample SPML request corresponding to the type of request that was sent, and determine if the target system supports all the ID values that were included in the request.

Response Code:

ID in Input SPML Request Does Not Exist in the Target System

Response Description:

The ID in the input SPML request does not exist in the target system.

Ensure that the psoID value that was sent in the request exists in the target system.

Response Code:

Requested Execution Mode Not Supported

Response Description:

The requested execution mode is not supported.

Ensure that the target system supports the execution of requests in synchronous mode.

Response Code:

Invalid Container

Response Description:

The object cannot be added to the specified container. Refer to the log file for more information. Check the value of the "errorMessage" element in the SPML response.

Check if a container corresponding to the container ID specified in the request exists on the target system.

Response Code:

Nonstandard SPML Error

Response Description:

A target-specific error was encountered. Refer to the log file for more information. Check the value of the "errorMessage" element in the SPML response.

Check the value of the errorMessage element in the SPML response. This element contains the target system error message that was generated when the error was encountered.

Response Code:

SPML Response Is for Asynchronous Mode

Response Description:

The SPML response is for asynchronous mode, which is not supported.

Ensure that the target system sends responses corresponding to the synchronous mode of request execution.

Response Code:

Error Encountered While Parsing Constituent Elements of Web Service URL

Response Description:

An error was encountered while parsing the constituent elements of the Web service URL. Check if the specified URL contains the protocol, host name, port, and the endpoint. Oracle recommends copying the URL from the relevant WSDL file while specifying provider parameter values during connector creation.

Check if the specified URL contains the protocol, host name, port, and endpoint. Oracle recommends copying the URL from the relevant WSDL file while specifying provider parameter values during connector creation.

Response Code:

SPML Response failed V2 schema validation

Response Description:

SPML Response received is not compliant with the SPML V2 standard specifications.

Ensure that the SPML response returned by the target system conforms to the SPML V2 standard specification.