Oracle® Identity Manager Release Notes Release 9.1.0 Part Number E10367-03 |
|
View PDF |
Release Notes
Release 9.1.0
E10367-03
August 2008
This document contains release notes for Oracle Identity Manager release 9.1.0 and includes the following topics:
The following guides are located on your installation media. You can refer to them for detailed information about Oracle Identity Manager.
Note:
For information about updates to the Oracle Identity Manager release 9.1.0 documentation set, visit Oracle Technology Network atOracle Identity Manager Installation and Configuration Guide for BEA WebLogic Server
Oracle Identity Manager Installation and Configuration Guide for IBM WebSphere Application Server
Oracle Identity Manager Installation and Configuration Guide for JBoss Application Server
Oracle Identity Manager Installation and Configuration Guide for Oracle Application Server
Oracle Identity Manager Administrative and User Console Guide
Oracle Identity Manager Administrative and User Console Customization Guide
Oracle Identity Manager Integration Guide for Crystal Reports
The following sections discuss what's new in Oracle Identity Manager release 9.1.0:
This section discusses the following new features and enhancements:
Attestation enhancements in this release can be divided into the following categories:
Attestation Process Configuration Enhancements
The following are attestation process configuration enhancements:
The definition of user scope and resource scope can be based on rule-based expressions. These expressions can be used to specify if the scope includes the hierarchy for hierarchical attributes such as organization, user's manager, location, user group, and department.
A new multiselect attribute has been introduced for the resource entity. This attribute enables the categorization of resources based on mandate and attestation frequency. This enables administrators to create a regulatory-mandate attestation process.
In addition to a specific reviewer or the user's manager, a reviewer that you select can be a resource administrator, resource authorizer, or a named group user.
You can configure a grace period for attestation. After the grace period has passed, on the basis of a priority-based algorithm, the attestation request is automatically delegated to a specific user from the attestation process owner group.
Attestation Request Run-Time Enhancements
The following are attestation request run-time enhancements:
Attestation requests that are in the Declined state are automatically delegated to a specific user from the attestation process owner group. This enables process owners of the requests to delegate the requests to new reviewers.
Attestation reviewer comments are automatically propagated to the associated corrective process tasks.
Attestation Audit and Analytical Enhancements
Administrators can drill down into responses from all historical runs of an attestation process.
Details of new standard reports and exception reports are divided across the following sections:
Standard Reports
The following standard reports have been introduced in this release:
Account Activity in Resource
This report provides details of various user-related provisioning activities including creation and deletion of user account profiles for a given resource.
Resource Activity
This report provides various provisioning-related metrics for a given resource, including the number of users provisioned/deprovisioned, policy retrofits, password resets, requests, and approvals.
Reports for Created, Deleted, Disabled, and Unlocked Users
These reports provide details of users created, deleted or deprovisioned, unlocked, or disabled in a specific time period for specific resources. The details include reasons for these actions.
Password Reset Success Failure
This report provides password reset metrics, including password changes attempted by beneficiaries of other users and the outcome of password reset attempts. The report allows aggregation of password reset metrics by time interval.
Delegated Administrators & Permissions By Organization
This report provides detailed information about administrative user groups, group memberships, and privileges granted to the groups for organizations.
Delegated Administrators & Permissions By Resource
This report provides information about the administrative user groups, including group memberships and the associated privileges granted to the groups for resources.
Organization Structure
This report provides the hierarchical organization structure including all suborganizations identified through a recursive search. The report also includes details of users in the organizations.
Requests Details by Status
This report provides details (such as requester, current approver, and current status) of all requests. In addition, this report displays details of resources that will be provisioned as a result of the request approval.
Requests Initiated
This report provides the current status of all requests initiated during the specified time interval.
Task Assignment History
This report provides the assignment history of tasks.
Exception Reports
The following exception reports have been introduced in this release:
Rogue Accounts by Resource
This report provides details of all rogue accounts for the specified resource. It also includes the attestation data required to determine if the rogue accounts represent accepted exceptions in the system.
Fine Grained Entitlement Exceptions By Resource
This report provides details of all entitlement exceptions for all users of a specified resource. It also includes the corresponding attestation data required to determine if the entitlement exceptions represent accepted exceptions in the system.
The Graphical Workflow Designer module has been added to the Administrative and User Console. This user interface simplifies the creation and maintenance of provisioning and approval workflows, as well as the management of tasks in the Task Library.
For more information, refer to Oracle Identity Manager Administrative and User Console Guide.
From this release onward, you can:
Configure multiple target systems as trusted sources for users belonging to specific user types.
For example, Microsoft Active Directory is used as the trusted source for information about users belonging to the Contractor
user type, and Oracle e-Business Suite is used as the trusted source for information about users belonging to the Employee
user type.
Configure multiple target systems as trusted sources for different attributes of the OIM User.
For example, Microsoft Active Directory is used as the trusted source for employees' first names and last names, and IBM Lotus Notes is used as the trusted source for employees' e-mail addresses.
For more information, refer to Oracle Identity Manager Design Console Guide.
Note:
If you are using a predefined connector, then refer to the Oracle Identity Manager Connector Pack release notes and documentation to determine whether or not this feature is supported for the release of the connector that you are using.Group profile auditing features have been included in this release. Like the user profile auditing module, the group profile auditing module includes changes to group profile attributes, group administrators, and direct subgroups.
For more information, refer to Oracle Identity Manager Audit Report Developer's Guide.
The SPML Web Service is an interface for inbound SPML-based provisioning requests. This Web service supports the creation, modification, deletion, and lookup of OIM Users, user groups and organizations. It also provides features for managing references (such as assignment and revocation of group memberships), reset of user passwords, and disabling and reenabling of user accounts.
Note:
The SPML Web Service supports the SPML v2.0 specification.For more information about this feature, refer to Oracle Identity Manager Tools Reference.
This section discusses features that reduce the need for customization:
The enhanced password policy management feature provides various options for defining and associating complex password policies with resource objects.
For more information, refer to Oracle Identity Manager Design Console Guide.
You can create and enable the display of custom error messages for adapter-related operations on the Administrative and User Console. This enhancement makes it easy to identify the cause of errors encountered during adapter operations.
For information about this feature, refer to Oracle Identity Manager Design Console Guide and Oracle Identity Manager Tools Reference Guide.
The following new features are related to the ease of deployment:
In earlier releases, the procedure to deploy predefined connectors required you to manually perform the tasks that constitute the deployment procedure. From this release onward, the major deployment tasks are automated when you use the connector installation pages of the Administrative and User Console.
Note:
For more information, refer to Oracle Identity Manager Administrative and User Console Guide.
Before you use the Administrative and User Console to install a predefined connector, refer to the Oracle Identity Manager Connector Pack release notes and documentation to determine whether or not the automated installation of that release of the connector is supported.
Enhancements made to this release of the generic technology connector framework can be divided into the following categories:
See Also:
Oracle Identity Manager Administrative and User Console Guide for detailed information about generic technology connectorsThis section discusses the following generic technology connector framework enhancements:
Metadata Detection and Definition
The following are metadata detection and definition enhancements:
Support for manual definition of metadata
The unavailability of sample target system data does not stop you from creating a generic technology connector. If metadata detection does not take place, you can manually create fields and field mappings and then complete the connector creation process.
Support for new field types
You can designate user attribute fields as lookup fields. In addition, you can assign password-like properties to fields. These new features of the generic technology connector framework are the same as those available through the Design Console.
Display of all OIM User attributes on the Step 3: Modify Connector Configuration page
On the Step 3: Modify Connector Configuration page, the OIM - User data set now shows all the OIM User attributes. In the earlier release, the display of fields was restricted to the ones that were most commonly used.
Enhanced features for adding or editing fields on the Step 3: Modify Connector Configuration page
An enhanced set of validations is applied when you add or edit fields on the Step 3: Modify Connector Configuration page. In addition, the options that are available on the Form Designer form of the Design Console are now available when you add or edit fields.
Attributes of the ID field are editable
On the Step 3: Modify Connector Configuration page, you can modify some of the attributes of the ID field. The ID field stores the value that uniquely identifies a user in Oracle Identity Manager and in the target system.
Data Transformations
The following are data transformation enhancements:
Transformation providers
The Concatenation Transformation Provider and Translation Transformation Provider are predefined providers that are shipped with this release. In addition, you can create custom Transformation Providers.
Support for provisioning and reconciliation date formats
You can specify the format in which date values can be accepted by the generic technology connector during reconciliation. In addition, you can specify the format into which date values must be converted before they are sent to the target system during provisioning.
Reconciliation
The following are reconciliation enhancements:
Trusted source reconciliation
You can configure a generic technology connector for trusted source reconciliation.
User account status reconciliation
User account status information is used to track whether or not the owner of a target system account is to be allowed to access and use the account. You can use a generic technology connector to implement user account status reconciliation.
Reconciliation of Multivalued Attribute Data (Child Data) Deletion
You can specify whether or not you want to reconcile into Oracle Identity Manager the deletion of multivalued attribute data on the target system.
Support for the "Multiple Trusted Source Reconciliation" feature
As mentioned earlier in this section, the "Multiple Trusted Source Reconciliation" feature has been introduced in this release of Oracle Identity Manager. Generic technology connectors that you create have built-in support for this feature.
Provisioning
The following is a provisioning enhancement:
Provisioning is triggered when values of any OIM - User fields are changed. In other words, if you create mappings between fields of the OIM - User data set and fields of the Provisioning Staging data set, then provisioning is triggered for changes made in any field of the OIM User.
Support for Custom Provider Development
If the predefined providers do not address your provider requirements, then you can create and use custom providers. This release includes comprehensive documentation, Javadocs, and samples that you can use while creating custom providers.
Task Automation
The following are task automation enhancements:
Support for automatic adapter compilation
In the earlier release, you had to manually compile the adapter that is created when a generic technology connector is created. From this release onward, the adapter is automatically compiled after the generic technology connector is created.
Automatic purging of cache
Provider cache is automatically purged if an error occurs during generic technology connector creation. You need not restart Oracle Identity Manager to clear the cache before you can retry creating a generic technology connector.
This section discusses the following predefined provider enhancements:
SPML Provisioning Format Provider enhancements
The SPML Provisioning Format Provider is SOAP-compatible, and it can send and receive SPML requests and responses that are based on the SPML v2.0 specification.
Web Services Provisioning Transport Provider enhancements
The Web Services Provisioning Transport Provider can be used to communicate over Secure Sockets Layer (SSL) with a target system Web service. The SOAP message sent through this provider can be authenticated using either WS-Security authentication or custom authentication.
Support for Provisioning Operations on a Target Oracle Identity Manager Installation
A generic technology connector in which you include the SPML Provisioning Format Provider can be used to perform provisioning operations on a target Oracle Identity Manager installation.
Flat-File Reconciliation Enhancements
The metadata detection process has been enhanced to enable the display of error messages for certain types of errors. You can extend this functionality to include custom error messages.
In earlier releases, functionality to create and manage IT resources and scheduled tasks was available only in the Design Console. From this release onward, this functionality is also available in the Administrative and User Console.
For more information, refer to Oracle Identity Manager Administrative and User Console Guide. Specific features of this functionality that are available only in the Design Console are listed in the sections of Oracle Identity Manager Administrative and User Console Guide that discuss these features.
This section discusses additional enhancements made in this release:
Section 2.4.10, "Instructions to Configure SSL for the Design Console"
Section 2.4.11, "Instructions to Configure the Advanced Queuing (AQ) Feature for JMS Queues"
The Danish language has been added to the list of supported languages. Refer to the "Certified Languages" section for the complete list of supported languages.
The Remove Open Tasks
scheduled task has been introduced to manage the removal of references to pending approval and open tasks after a user-specified amount of time. This feature helps speed up the retrieval and display of tasks on the Welcome, Pending Approval, and Open Task pages of the Administrative and User Console. Note that the pending approval and open tasks are not removed from the system. On the Tracking Request page, you can still search for and display tasks whose references have been removed.
For more information, refer Oracle Identity Manager Administrative and User Console Guide.
From this release onward, adapters are compiled automatically when you import connector XML files by using the Deployment Manager.
For information about this feature, refer to Oracle Identity Manager Tools Reference.
The following tests have been added to the set of tests that you can run by using the Diagnostic Dashboard utility:
Test Basic Connectivity
Test Provisioning
Test Reconciliation
Note:
For more information, refer to Oracle Identity Manager Administrative and User Console Guide.
If you want to run these tests on a predefined connector, then first refer to the Oracle Identity Manager Connector Pack release notes and documentation for information about whether or not these tests are supported for the connector.
From this release onward, Oracle Identity Manager supports Java 2 Security. For instructions to implement Java 2 Security, refer to the Oracle Identity Manager Installation and Configuration Guide for the application server that you use.
In earlier releases, Oracle Identity Manager used a single JMS queue (named xlQueue
) for all asynchronous operations including requests, reconciliation, attestation, and offline tasks. From this release onward, by default, Oracle Identity Manager uses separate JMS queues for specific operations to optimize JMS queue processing.
For more information, refer to the Oracle Identity Manager Installation and Configuration Guide for the application server that you use.
The Task Archival utility is a command-line interface utility that archives completed tasks from the active task tables.
For more information, refer to Oracle Identity Manager Best Practices Guide.
From this release onward, you can configure user account status reconciliation for trusted sources and target resources. For details, refer to Oracle Identity Manager Design Console Guide and Oracle Identity Manager Administrative and User Console Guide.
In this release, the following components have been added to the list of certified components:
See Also:
Certified ComponentsIBM WebSphere Application Server 6.1.0.9
Microsoft Internet Explorer 7.0
Instructions to configure SSL communication with the Design Console have been documented in the "Installing and Configuring the Oracle Identity Manager Design Console" chapter of the Oracle Identity Manager Installation and Configuration Guide for the application server that you use.
Instructions on configuring database-based storage of JMS queues are provided in the "Setting Up Database-Based Storage of JMS Queues (Recommended)" section of Oracle Identity Manager Installation and Configuration Guide for Oracle Application Server.
This section identifies components certified with Oracle Identity Manager release 9.1.0 and contains the following topics:
Oracle Identity Manager release 9.1.0 is certified for the following operating systems:
AIX 5L Version 5.3 (pSeries 64-bit)
Microsoft Windows Server 2003 R2
Microsoft Windows Server 2003 R2 (EMT/AMD/IA 64-bit)
Oracle Enterprise Linux Release 4
Oracle Enterprise Linux Release 4 (EMT/AMD 64-bit)
Oracle Enterprise Linux Release 5
Oracle Enterprise Linux Release 5 (EMT/AMD 64-bit)
Oracle Virtualization Server - EL4
Red Hat Enterprise Linux AS Release 4
Red Hat Enterprise Linux AS Release 4 (EMT/ADM/IA 64-bit)
Solaris Operating System 10 (UltraSparc 64-bit)
HP-UX 11.23 (PA-RISC/IA 64-bit)
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Server 10 (EMT/AMD/IA 64-Bit)
Oracle Identity Manager release 9.1.0 is certified for the following application servers:
BEA WebLogic Server 8.1 SP6 and later service packs
IBM WebSphere Application Server 6.1.0.9 and later fix packs (that is, 6.1.0.11 and later)
JBoss Application Server 4.0.3 SP1 and later service packs
Note:
In Oracle Identity Manager release 9.1.0, JBoss Application Server supports only nonclustered environments.Oracle Application Server 10.1.3.3 (Upgrade patch 10.1.3.3 applied on top of the base package bundled in Oracle SOA Suite 10g Release 10.1.3.1)
Oracle Identity Manager release 9.1.0 is certified for the following databases:
Oracle Database Deployment
Oracle9i Database Enterprise Edition release 9.2.0.7 and later patch sets (that is, 9.2.0.8 and later)
Oracle Database 10g Enterprise Edition releases:
10.1.0.5 and later patch sets (that is, 10.1.0.6 and later)
10.2.0.1 and later patch sets (that is, 10.2.0.2 and later)
Oracle Database 10g Standard Edition release 10.2.0.3
Oracle Database 11g Standard Edition release 11.1.0.6 and later patch sets
Oracle Database 11g Enterprise Edition release 11.1.0.6 and later patch sets
Oracle RAC Deployment
Oracle Database 10g Enterprise Edition release 10.2.0.3 and later patch sets
Oracle Database 11g Enterprise Edition release 11.1.0.6 and later patch sets
Note:
Oracle Identity Manager release 9.1.0 does not support Microsoft SQL Server 2005.For each certified application server, Oracle Identity Manager release 9.1.0 is certified for the JDKs listed in Table 1.
See Also:
Invalid JDK CombinationsTable 1 Certified JDKs
Application Server | Certified JDK |
---|---|
BEA WebLogic Server |
For Microsoft Windows:
For Linux: BEA jrockit_R27.3.1-jdk 1.4.2_14 and later (that is, 1.4.2_x) |
IBM WebSphere Application Server |
IBM JDK 1.5.0 and later (supported with IBM WebSphere) |
JBoss Application Server |
Sun JDK 1.4.2_15 and later (that is, 1.4.2_x) |
Oracle Application Server |
Sun JDK 1.5.0_06 and later Sun JDK 1.5.0_12 and later (for Microsoft Windows Vista Ultimate only) IBM JDK 1.5.0 and later, included with Oracle Application Server (for AIX only) |
Oracle Identity Manager release 9.1.0 is certified for the configurations listed in Table 2.
Note:
Unless stated otherwise, the configurations listed in Table 2 are certified for both clustered and nonclustered configurations.
For information about the certified releases of application servers and databases, refer to the "Certified Application Servers" and "Certified Databases" sections.
Table 2 Certified Configurations for Release 9.1.0
Operating System | Application Server | Database | Languages |
---|---|---|---|
AIX |
IBM WebSphere Application Server |
Oracle Database |
All 10 administrative languages and Danish |
Oracle Application Server |
Oracle Database |
All 10 administrative languages and Danish |
|
Microsoft Windows Server |
BEA WebLogic Server |
Oracle Database |
All 10 administrative languages and Danish |
IBM WebSphere Application Server |
Oracle Database |
All 10 administrative languages and Danish |
|
JBoss Application Server Note: For nonclustered environments only. |
Oracle Database |
All 10 administrative languages and Danish |
|
Oracle Application Server |
Oracle Database |
All 10 administrative languages and Danish |
|
Microsoft Windows Vista Ultimate |
Oracle Application Server Refer to the note after this table for additional information about the Microsoft Windows Vista and Oracle Application Server combination. |
Oracle Database |
All 10 administrative languages and Danish |
Oracle Enterprise Linux |
Oracle Application Server |
Oracle Database |
All 10 administrative languages and Danish |
Oracle Virtualization Server |
Oracle Application Server |
Oracle Database |
All 10 administrative languages and Danish |
Red Hat Enterprise Linux AS |
BEA WebLogic Server |
Oracle Database |
All 10 administrative languages and Danish |
IBM WebSphere Application Server |
Oracle Database |
All 10 administrative languages and Danish |
|
JBoss Application Server Note: For nonclustered environments only. |
Oracle Database |
All 10 administrative languages and Danish |
|
Oracle Application Server |
Oracle Database |
All 10 administrative languages and Danish |
|
Solaris Operating System |
BEA WebLogic Server |
Oracle Database |
All 10 administrative languages and Danish |
JBoss Application Server Note: For nonclustered environments only. |
Oracle Database |
All 10 administrative languages and Danish |
|
Oracle Application Server |
Oracle Database |
All 10 administrative languages and Danish |
|
IBM WebSphere Application Server |
Oracle Database |
All 10 administrative languages and Danish |
|
HP-UX |
Oracle Application Server |
Oracle Database |
All 10 administrative languages and Danish |
SUSE Linux Enterprise 10 |
Oracle Application Server |
Oracle Database |
All 10 administrative languages and Danish |
JBoss Application Server Note: For nonclustered environments only. |
Oracle Database |
All 10 administrative languages and Danish |
Note:
For the production deployment of Oracle Identity Manager, you must configure Oracle AQ as the JMS provider. Because of Bug 6718332, Oracle AQ-based JMS cannot be configured on Microsoft Vista at this time. Microsoft Vista is, therefore, supported for only nonclustered development environments with file-based JMS.
To update Oracle Application Server JDKs for DST 2007 compliance, you must use the appropriate time zone update utility from your JDK vendor. For information about using JDK vendor time zone update utilities, refer to Note 414153.1 on the OracleMetaLink Web site.
You can access the OracleMetaLink Web site at
The Design Console of Oracle Identity Manager release 9.1.0 is certified on the following operating systems:
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows Vista Ultimate, for an Oracle Identity Manager installation on Oracle Application Server running on Microsoft Windows Vista Ultimate
The Remote Manager of Oracle Identity Manager release 9.1.0 is certified on the following operating systems:
Note:
The 64-bit operating systems mentioned in the following list are supported only with 32-bit JDK.Microsoft Windows Server 2003 R2
Microsoft Windows Server 2003 R2 (EMT/AMD 64-bit)
Oracle Enterprise Linux Release 4
Oracle Enterprise Linux Release 4 (EMT/AMD 64-bit)
Oracle Enterprise Linux Release 5
Oracle Enterprise Linux Release 5 (EMT/AMD 64-bit)
Red Hat Enterprise Linux AS Release 4
Red Hat Enterprise Linux AS Release 4 (EMT/ADM/IA 64-bit)
Solaris Operating System 10 (UltraSparc 64-bit)
HP-UX 11.23 (PA-RISC/IA 64-bit)
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Server 10 (EMT/AMD/IA 64-Bit)
Oracle Identity Manager release 9.1.0 is certified for Single Sign-On with the following components:
Oracle Access Manager 10.1.4.0.1 (formerly known as Oracle COREid) using both ASCII and non-ASCII character logins.
Note:
Single Sign-On with Oracle Access Manager 10.1.4.0.1 for non-ASCII character logins requires an Oracle Access Manager patch. Contact your Oracle Support representative and refer to Bug 5552617 for information about the appropriate Oracle Access Manager patch.OracleAS Single Sign-On 10g 10.1.4.0.1 for both ASCII and non-ASCII character logins.
RSA ClearTrust 5.5 for ASCII character logins only.
See Also:
Oracle Identity Manager Best Practices Guide for additional information about configuring Single Sign-On for Oracle Identity Manager with Oracle Access Manager and OracleAS Single Sign-OnOracle Identity Manager release 9.1.0 is certified for the following languages:
Chinese (Simplified)
Chinese (Traditional)
Danish
English
French
German
Italian
Japanese
Korean
Portuguese (Brazilian)
The combination of the Portuguese (Brazilian) locale and IBM WebSphere Application Server is not supported. For more information, refer to APAR IZ01077 on the IBM WebSphere Application Server Web site.
Spanish
See Also:
Oracle Identity Manager Globalization Guide for detailed information about Oracle Identity Manager globalization supportOracle Identity Manager release 9.1.0 is certified for Microsoft Internet Explorer 6.0 (SP2) and Internet Explorer 7 with SUN Java Plug-in 1.4.2_xx.
Oracle Identity Manager release 9.1.0 resolves the known issues from previous releases listed in Table 3.
Table 3 Issues Resolved by Release 9.1.0
Bug # | Description |
---|---|
5180356 |
The maximum length for the name of a group was limited to 30 characters. In release 9.1.0, this field size has been increased to 2000. |
5180622 |
Disabled users could be assigned as approvers. |
5345236 |
Resource dependencies were not correctly displayed by the Deployment Manager. |
5355907 |
In Historical reports, the User Status filter of the search results displayed the historical status in addition to the current status of the user. It should display only the current status of the user. |
5472481 |
The Resource Access List report would retrieve records of deleted users. |
5473780 |
When you shut down Oracle Application Server, the shutdown process does not continue until it times out. |
5572632 |
List entries on User Defined Forms (UDFs) were not correctly ordered. |
5582818 |
When using the Request Wizard, status-based filtering was not supported. |
5635699 |
On some pages of the Administrative and User Console, users' first and last names were not displayed along with the user ID. |
5722940 |
If a target user in a request was disabled while the request was pending approval, then the user was still provisioned with the resource after the approvals were completed. |
5738024 |
When a user was deleted, resource objects associated with the user were not revoked. |
5749592 |
Expand the input parameters for Resource Access List report to include UDF fields. |
5740274, 5741955, 5741957, 5572825 |
If the User ID Reuse property was enabled, then the user could not:
|
5751018 |
A single user was not allowed to belong to more than 1000 groups, through either direct or indirect group membership. |
5850591 |
Menu items were displayed in inconsistent order on the Assign Menu Item page. |
5855534 |
The CSV Export Reporting feature did not support data filtering based on UDF input parameters. |
5881279 |
In the Administrative and User Console, users could not cancel a rejected task. |
5894269 |
Child table data was not updated completely after reconciliation. |
5900783 |
The |
5906333 |
When parents objects were approved, corresponding child (dependent) objects in the same request that were in the Waiting state were not provisioned. |
5946898 |
When you reassigned an open task to a group, the |
5950480 |
On the Search Member Groups and Search Member Users pages, the UDF search criteria were not supported. |
5958717 |
The current status of the Xellerate Organization resource object would not reflect the most recent status change. |
5960996 |
For an Oracle Identity Manager installation running on Oracle Application Server, an appropriate error message is displayed when you try to log in with an expired password. |
5962155 |
On the Resource Detail page, resources with the Waiting status were not displayed when you selected the Users Associated With This Resource menu item under Resource management. |
5966360 |
For lookups on Oracle Identity Manager wizard forms, the attributes on which lookup values could be filtered were not configurable. |
5972327 |
If a target organization in a request were disabled while the request was pending approval, then the organization was still provisioned with the resource after the approvals were completed. |
5973216 |
The |
6007987 |
The Oracle Identity Manager Installer did not enforce confirmation of the WebLogic Administrative Console password when the Confirm Password value was not provided. |
6010176 |
Some reconciliation events could not be processed and remained in Event Received state after reconciliation completion. |
6011557 |
When a resource was provisioned for a user through a request, the request ID was not displayed on the User Resource Profile page. |
6012554 |
Under Resource Management in the Administrative and User Console, the "User Associated with this Resource" selection may display duplicate entries. |
6017967 |
When an e-mail definition was opened from the search done on an empty Email Definition form, the variable targets were not refreshed and process data information could not be added to the e-mail definition. |
6019070 |
Information about using the "Increasing the Oracle Application Server Heap Size" setting has been documented in Oracle Identity Manager Installation and Configuration Guide for Oracle Application Server. |
6021828, 6071356 |
The "Request More Information" actions, such as Include Add Comments, Change Request Status, and Send Notification to Requester, were not successful. |
6030253 |
In the User Profile History report, records other than those effective for the specified date range were displayed. |
6031304 |
On the My Request page, users could not filter requests against the "Request Raised for me" criterion. |
6037360 |
During attestation process definition, the user's resource status could not be used as the attestation resource scope. In addition, the attestation process scope included the "Revoked" and "Waiting" statuses when the resource status scope was not defined. |
6041881 |
When a proxy user rejected a request, the approval details were updated with the original approver instead of the proxy. In addition, the rejected task could not be reassigned to another user. |
6055618 |
Creation of rules for User Defined Fields for self-registration was not supported. |
6055716 |
Creation of rules for using the Organization Name attribute as an element for self-registration was not supported. |
6073842 |
When an approver requested additional information from a user after the manager's approval, the approval sequence showed that the manager's approval was completed by the approver and not by the manager. |
6194484 |
The User Profile Audit post processor failed to correctly update the data in the reporting table when the original user profile data was missing. |
6369028 |
If an approval process denied a parent resource object for an organization, then the dependent resource object was not automatically revoked. |
6378508 |
While defining approval tasks, request-related e-mail definitions were not displayed. |
This section describes known issues for Oracle Identity Manager release 9.1.0. If a suitable workaround exists for a known issue, it is listed with the description of the issue to provide a temporary solution.
This section contains the following topics:
This section describes known issues related to the installation of Oracle Identity Manager release 9.1.0 components. This section contains the following topics:
Section 5.1.2, "Installer Program Does Not Verify WebLogic Server Name (Bug 5389372)"
Section 5.1.5, "Installer Window May Not Get Focus On Startup (Bug 6373008)"
Section 5.1.6, ""Null input buffer" Exception Thrown During Installation Can Be Ignored"
By default, JBoss Application Server does not encrypt data source passwords, as described in the JBoss document at
http://wiki.jboss.org/wiki/Wiki.jsp?page=EncryptingDataSourcePasswords
This section describes how to encrypt the Oracle Identity Manager database password in JBoss Application Server deployments. Specifically, you must perform the following steps to manually encrypt a password, and then modify the xell-ds.xml
and login-config.xml
files so that they can access the encrypted form of the password instead of the clear text version:
Open a console window and navigate to the JBOSS_HOME
directory.
Run one of the following commands to encrypt the Oracle Identity Manager database password. In this command, replace password
with the actual password that you want to encrypt.
UNIX/Linux
java -cp "JBOSS_HOME/lib/jboss-jmx.jar:lib/jboss-common.jar:server/ default/lib/jboss-jca.jar:server/default/lib/jbosssx.jar"org.jboss.resource.security.SecureIdentityLoginModule password
Microsoft Windows
java -cp "JBOSS_HOME/lib/jboss-jmx.jar;lib/jboss-common.jar;server/ default/lib/jboss-jca.jar;server/default/lib/jbosssx.jar" org.jboss.resource.security.SecureIdentityLoginModule password
The command you run in the previous step returns an encoded form of the password you specify. For example, the password Welcome1
is encoded as 3146f9cc50afd6a6df8592078de921bc
. Highlight and copy the encoded password.
Open the JBOSS_HOME
/server/default/deploy/xell-ds.xml
file in a text editor.
Delete the <user-name>
and <password>
elements from the <local-tx-datasource>
element.
Add the following <security-domain>
element to the end of the <local-tx-datasource>
element:
<security-domain>EncryptDBPassword</security-domain>
Delete the <xa-datasource-property name="User">
and <xa-datasource-property name="Password">
elements from the <xa-datasource>
element.
Add the following <security-domain>
element to the end of the <xa-datasource>
element:
<security-domain>EncryptXADBPassword</security-domain>
Save and close the JBOSS_HOME
/server/default/deploy/xell-ds.xml
file.
Open the JBOSS_HOME
/server/default/conf/login-config.xml
file in a text editor.
Add the following elements to the <application-policy>
element:
Note:
Replacedatasource_username
with the datasource user name and encoded_password
with the encoded password you copy in Step 3.<application-policy name = "EncryptDBPassword"> <authentication> <login-module code = "org.jboss.resource.security.SecureIdentityLoginModule" flag = "required"> <module-option name = "username">datasource_username</module-option> <module-option name = "password">encoded_password</module-option> <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=jdbc/xlDS</module-option> </login-module> </authentication> </application-policy>
<application-policy name = "EncryptXADBPassword"> <authentication> <login-module code = "org.jboss.resource.security.SecureIdentityLoginModule" flag = "required"> <module-option name = "username">datasource_username</module-option> <module-option name = "password">encoded_password</module-option> <module-option name = "managedConnectionFactoryName">jboss.jca:service=XATxCM,name=jdbc/xlXADS</module-option> </login-module> </authentication> </application-policy>
Save and close the JBOSS_HOME
/server/default/deploy/login-config.xml
file.
During installation on BEA WebLogic, the Oracle Identity Manager Installer does not verify the application server name. If you enter the wrong BEA WebLogic server name, then the installation process fails at the end.
For example, suppose you want to install Oracle Identity Manager on a BEA WebLogic installation named myWebLogic
. On the Weblogic Application Server Information page of the Installer, you enter the IP address for myWeblogic
, but incorrectly enter yourWebLogic
as the name of the application server. The Installer begins the installation process although the application server name is incorrect, and the installation process fails at the end.
To avoid this issue, when installing Oracle Identity Manager, double-check the name of the BEA WebLogic Server installation that you enter.
Clicking the Cancel button while Oracle Identity Manager is being installed results in the display of the following error message:
The current operation cannot be cancelled.
You can ignore this error message. Clicking the Cancel button does stop the Oracle Identity Manager server installation process.
The Oracle Identity Manager Installer fails when you specify a string that includes any of the following special characters for the database user name:
Asterisks (*)
Commas (,)
Hyphens (-)
Apostrophes or single quotation marks (')
Double quotation marks (")
To avoid this issue, you must specify a database user name that meets the following criteria:
All characters are alphanumeric.
The first character is a letter.
Special characters are not included.
When the language selection window opens on starting the Oracle Identity Manager Installer, the window may not get the focus while there are other open windows on the same computer. You must click the Installer window in the taskbar and then continue with the installation process by selecting a language.
During installation, the Null input buffer
exception thrown while attempting to encrypt empty or NULL fields can be safely ignored.
This section describes known issues related to the general run-time operation of Oracle Identity Manager release 9.1.0, including known issues for Oracle Identity Manager server and known issues for the Administrative and User Console not related to reporting.
This section contains the following topics:
Section 5.2.3, "Stack Overflow Exception Thrown When Importing an XML File (Bug 5350771)"
Section 5.2.4, "Pending Approvals Cannot Be Filtered by Requester Name (Bug 5365516)"
Section 5.2.9, "Null Pointer Exception Thrown When Running the purgecache.bat Utility (Bug 5388849)"
Section 5.2.14, "Deployment Manager Requires JRE 1.4.2 (Bug 5565793)"
Section 5.2.18, ""Illegal Script Tag or Characters" Message Is Displayed in Lookup Forms"
Section 5.2.19, "Error Message Logged When a Scheduled Task Is Viewed or Modified (Bug 6379143)"
Section 5.2.21, "Exception Thrown on Logging in to WebSphere 6.1.0.9 (Bug 6355328)"
Section 5.2.22, "WSLoginFailedException May Be Thrown in IBM WebSphere Log (Bug 6442226)"
Section 5.2.28, "Special Characters Are Not Allowed in Attestation Process Definition (Bug 6514208)"
Section 5.2.30, "Reconciliation Event Does Not Exist/Reconciliation Message Failed Log Messages"
Section 5.2.32, "Error Message Not Displayed on Assign Proxy Page (Bug 6607120)"
Section 5.2.33, "Resource Name Field of the Create Attestation Process Is Case-Sensitive"
Section 5.2.37, "User ID Containing Special Characters Is Not Displayed in User ID Lookup Fields"
Section 5.2.38, "Database Error May Be Thrown When Disabling an Organization (Bug 6608036)"
Section 5.2.40, "Authentication Warning in BEA WebLogic Server Logs (Bug 6714117)"
Section 5.2.43, "Known Issues Related to Generic Technology Connectors"
Section 5.2.44, "Exception May Be Thrown When a Scheduled Task Runs for Many Hours"
Section 5.2.45, "Exception May Be Thrown When the PurgeCache.sh Script Runs on UNIX (Bug 6807733)"
Section 5.2.46, "Mapping Icons Are Not Displayed While Configuring Data Flow (Bug 6807841)"
An exception similar to the following one may be thrown the first time you log in to the Administrative and User Console using SSO in a UNIX/Linux environment:
[XELLERATE.WEBAPP],Class/Method: tcWebAdminHomeAction/setChallengeQuestions encounter some problems: USER_QUES_NOT_DEFINED Thor.API.Exceptions.tcAPIException: USER_QUES_NOT_DEFINED
To resolve this issue, you must use the Design Console to assign a value of FALSE
to the Force to set questions at startup
system property.
The combination of a Remote Manager on IBM JDK and the Oracle Identity Manager server on Sun JDK is not supported. Similarly, the combination of a Remote Manager on Sun JDK and the Oracle Identity Manager server on IBM JDK is also not supported.
When you import an XML file, a stack overflow exception may be thrown if the import operation changes the organizational hierarchy. You can safely ignore this exception.
If you attempt to use the Requester filter to refine the results in the Pending Approvals page, a message indicating that the search did not return any results is displayed. You can use the Requester filter only to refine results by requester ID and not by requester first name or last name.
In the Administrative and User Console, searching based on the Date Type User Defined Field may return all records instead of just the records matching the specified dates. Using character string input as search criteria may also return all records. To avoid these issues, use the following date format:
YYYY-MM-DD
All dates in the Administrative and User Console must be edited using the calendar icon associated with the Date field. Do not edit dates directly by entering text in a Date field. Instead, use that field's calendar icon to edit the date value.
Do not modify any settings or assignments for internal system-seeded users. If you attempt to modify any settings or assignments for internal system-seeded users, then you may encounter errors.
After a Single Sign-On session times out, clicking Restart in the Deployment Manager or WorkFlow Visualizer window of the Administrative and User Console may cause a "Client-Side error occurred" error message to be displayed. If this message is displayed, close the browser and then access the Administrative and User Console by using a new browser window.
When you run the purgecache.bat
utility, the following exception is thrown:
java.lang.NullPointerException at com.opensymphony.oscache.base.AbstractCacheAdministrator .finalizeListeners(Abs tractCacheAdministrator.java:323) at com.opensymphony.oscache.general.GeneralCacheAdministrator .destroy(GeneralCacheAdministrator.java:168) at net.sf.hibernate.cache.OSCache.destroy(OSCache.java:59) at net.sf.hibernate.cache.ReadWriteCache.destroy(ReadWriteCache.java:215) at net.sf.hibernate.impl.SessionFactoryImpl.close(SessionFactoryImpl.java:542)
This exception can be safely ignored.
In the Single Sign-On mode, when the Force to set questions at startup
system property is set to TRUE
, the Challenge Questions page is displayed instead of the Welcome page of the Administrative and User Console. In the Single Sign-On mode, the Force to set questions at startup
system property must be set to FALSE
.
Each application server exhibits different behavior when a database connection is lost during execution. While JBoss Application Server can automatically reestablish a database connection, BEA WebLogic Server and IBM WebSphere Application Server cannot. For BEA WebLogic, you can define settings for testing reserved connections, in which case the connections are established automatically. For IBM WebSphere, you must configure your database for high-availability.
In Microsoft Windows Server 2003 Service Pack 1 (SP1) environments, the "Warning: Page has Expired" page may be displayed if you click the Back button after the "Illegal Script tag or Characters" error message is displayed. You can go back to the first page for creation by clicking the Refresh button on the browser toolbar.
After installing Oracle Identity Manager release 9.1.0 on Oracle Application Server and then starting Oracle Application Server, warning messages regarding files with the same name but that are not identical may appear in the Oracle Application Server log file. These warning messages are benign and can be safely ignored.
An export operation using the Deployment Manager may encounter problems when Microsoft Internet Explorer is configured to use Microsoft Virtual Machine. To reset the default Virtual Machine:
Download and install the Sun JRE 1.4.2_xx
from the following Web site:
Select Tools from the Internet Explorer menu.
Select Internet Options.
Select the Advanced tab.
Scroll down to Java (Sun).
Check Use Java 2v1.4.2_xx for <applet>.
Scroll down to Microsoft VM.
Deselect Java console enabled and Java logging enabled.
Restart the computer.
Note:
JRE 1.4.2
is not required to run the Oracle Identity Manager Administrative and User Console—it is only required to run the Deployment Manager.If you are running JBoss Application Server on Linux and the Linux kernel supports IPv6, you may encounter the following exception:
IP_MULTICAST_IF: java.net.SocketException: bad argument for IP_MULTICAST_IF: address not bound to any interface at java.net.PlainDatagramSocketImpl.socketSetOption(Native Method) at java.net.PlainDatagramSocketImpl.setOption(PlainDatagramSocketImpl.java:295)
This exception is caused by versions of Sun Microsystems JDK, up to and including JDK 5. If you do not need IPv6 support, you can avoid this exception by disabling IPv6 support in the JVM by adding -Djava.net.preferIPv4Stack=true
to the OIM_HOME
/bin/xlStartServer.sh
Java command used to start JBoss Application Server.
When more than one approval task is assigned to a user, multiple entries for the same request ID are displayed on the Pending Approvals page in the Administrative and User Console. You can select any of the displayed entries to perform the approval process.
The Request Submitted form of the Design Console does not display the Boolean Type User Defined Field check box. If the User Defined Field is set to the Boolean type, then the Request Submitted form displays the number 1 instead of the check box. If the Boolean type is not enabled, then the Request Submitted form displays a blank space.
In the Administrative and User Console, the "Illegal Script Tag or Characters" message is displayed if you enter the less than symbol (<), greater than symbol (>), or any combination of these symbols (such as << or >>) in a text field on any page that also has a lookup form, and then click the magnifying glass icon.
If this happens, close the lookup form, remove the illegal characters from the text field, and then click the magnifying glass icon to continue with the procedure.
See Also:
The "Special Character Restrictions" section in Oracle Identity Manager Globalization GuideWhen you view or modify a scheduled task on the Administrative and User Console, the following message may be recorded in the application server log file:
MessageDateFieldBean, localName='messageDateField': Illegal character (space) in "name" attribute
You can ignore this message.
The user profile information, which is specified in e-mail definitions of type General
, is not valid for approval tasks.
After installing IBM WebSphere Application Server 6.1.0.9, when you restart the server and log in to the Administrative Console as xelsysadm
, an exception is thrown. However, this does not affect functionality and you can safely ignore the exception.
The com.ibm.websphere.security.auth.WSLoginFailedException
exception may be thrown for IBM WebSphere 6.1.0.9 configurations. You can ignore this exception.
This exception has been acknowledged by IBM, and you can refer to the following IBM Web page for more information:
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg1PK47479
Note:
This applies only to IBM WebSphere and Oracle Application Server.The java.lang.IllegalArgumentException
and oracle.cabo.image.cache.CacheException
exceptions may be thrown after the application server is started. You can ignore these exceptions.
If password policies are enabled in Oracle Identity Manager, then the SPML Web Service does not support password reset operations.
On the Administrative and User Console, you can enable or disable a scheduled task displayed in the search results table for scheduled tasks. However, if you search for a scheduled task after you change its state, you must click the Search button once and then again for the task with the modified state to be displayed.
When you shut down Oracle Application Server, the java.lang.NullPointerException
from the com.thortech.xl.cache.CacheUtil component is written to the application server log file. You can safely ignore this exception.
When you use the Diagnostic Dashboard, although the Test Basic Connectivity, Test Provisioning, and Test Reconciliation tests are available even before you install Oracle Identity Manager, you can use these tests only after you install Oracle Identity Manager.
Special characters are not supported in the attestation process definition. Only alphanumeric characters and the underscore (_) character can be included.
While defining an attestation process using the Administrative and User Console, if an attestation scope is defined using user-defined fields (UDFs) on the User Scope or Resource Scope page, then columns names are displayed instead of labels in the list of selected attributes.
During reconciliation, an error message similar to the following may be written to the logs:
[XELLERATE.JMS],The Reconciliation Event with key 512312 does not exist [XELLERATE.JMS],Processing Reconciliation Message with ID 512312 failed.
Depending on the application server retry settings, these messages are retried for the specified number of times. If JMS is not able to process these messages after the specified number of retries, then these messages are moved to the dead letter queue.
On the Resource Detail page of the Administrative and User Console, the newly introduced Multiple Trusted Source flag and Reconciliation Sequence flag are not displayed. These flags can be viewed in the Design Console.
On the Assign Proxy page, no error message is displayed when the start date or end date is earlier than the current date.
In the Create Attestation process, the Resource Name field is case-sensitive. To correctly configure the attestation process, you must use the exact spelling and case (uppercase and lowercase) of the resource name.
The Retry Interval and Retry Attempt Limit values are not displayed on the Task Details page of the Workflow Visualizer.
If JDBC connection pool attributes are changed on Oracle Application Server, then the "ORA-28000: the account is locked" error message may be written to the application server log. When this error occurs, the database user account is locked. This is a known issue with Oracle Application Server when using an indirect password in the connection pool. Oracle Identity Manager connection pools use an indirect password.
If you want to change a connection pool attribute by using the Oracle Application Server Administrative Console, then you can work around this problem as follows:
Log in to the Oracle Application Server Administrative Console, and stop the application named Xellerate
.
Change the connection pool attributes.
Restart Oracle Application Server.
Log in to the Oracle Application Server Administrative Console, and start the Xellerate
application.
In the Graphical Workflow Designer, when you click Save after adding a new Workflow Event, the previously viewed workflow is displayed instead of the newly created workflow event.
During user creation in the Administrative and User Console, if special characters are included in the User ID value, then look-up fields for user IDs will not be able to display that specific user ID. For information about special character restrictions, refer to Oracle Identity Manager Globalization Guide.
When disabling an organization that has child organizations, a database error message may be displayed in addition to the Oracle Identity Manager error message. To avoid this problem, remove parent-child associations before disabling an organization.
A session timeout error may be thrown during creation of a workflow. You can safely ignore this error.
An exception similar to the following one may be thrown in the BEA WebLogic Server logs:
<Security> <BEA-090078> <User user in security realm myrealm has had 5 invalid login attempts, locking account for 30 minutes.> <Security> <BEA-090403> <Authentication for user User denied>
Because this warning message does not interfere with the run-time operation of Oracle Identity Manager, it can be safely ignored.
If you are running Oracle Identity Manager on JBoss Application Server, then the java.lang.ClassCircularityError exception may be thrown because of a known issue in Sun JVM. If this occurs, then implement the workaround given on the following JBoss Web page:
http://wiki.jboss.org/wiki/Wiki.jsp?page=ClassPreloadService
The "Page Cannot Be Found" error message may be displayed in the Administrative and User Console when you try to enable or disable a scheduled task by using the Enable or Disable link in the search results table displayed on searching for tasks by their state (Enabled or Disabled).
Refer to the "Known Issues of Generic Technology Connectors" chapter of Oracle Identity Manager Administrative and User Console.
For Oracle Identity Manager on Oracle Application Server, the following exception may be thrown when a scheduled task runs for many hours:
Primary Server went down going to get a fresh object elsewhere in the cluster. com.evermind.server.rmi.RMIConnectionException: LRU connection
This exception has no impact on the functioning of Oracle Identity Manager and can be ignored.
When you run the PurgeCache.sh
script on UNIX, you might get the following error message:
./PurgeCache.sh: test: unknown operator ==
To resolve this issue:
Open the PurgeCache.sh
script in edit mode.
Search for the following:
if [ "$1" == "" ]
Modify this line to the following:
if [ "$1" = "" ]
Save the PurgeCache.sh
script.
If your application server is running on UNIX, you might not be able to map form fields by using the Form Data Flow and Reconciliation Data Flow features of the Workflow Designer because the mapping icons are not displayed. To work around this issue, use the Design Console to create field mappings.
This section describes known issues related to tasks performed using the release 9.1.0 Design Console—it does not contain known issues related to the installation of the Design Console or its translated text. This section contains the following topics:
Section 5.3.6, "Cannot Save Multiple Rules Simultaneously (Bug 5457386)"
Section 5.3.8, "Error Thrown When the Caret (^) Character Is Encountered in a Challenge Question"
Section 5.3.11, "User Group Name Attribute for Reconciliation Mapping (Bug 6608943)"
Section 5.3.13, "Passwords As Child Table Fields Are Not Supported (Bug 6703251)"
When attempting to use the FVC utility in IBM WebSphere deployments, a dialog box with the error message Realm/cell is Null
may be displayed. You can close the dialog box and ignore this error message to continue.
To avoid this issue entirely, change the properties in the WEBSPHERE_HOME
\AppClient\properties\sas.client.props
file to the following:
Note:
WEBSPHERE_HOME represents the location where IBM WebSphere is installed.Change the existing values to the following:
Com.ibm.CORBA.loginSource = properties
Com.ibm.CORBA.loginTimeout = 300
Com.ibm.CORBA.securityEnabled = true
Com.ibm.CORBA.loginUserid = xelsysadm
Com.ibm.CORBA.loginPassword = xelsysadm
The Form Designer form in the Design Console will not save entries that contain any of the following special characters in the Column Name field:
; / % = | + , \ ' " < >
The xlclient.cmd
executable that launches the Design Console will fail if directory paths in the executable contain spaces.
You will have a space in a directory path in xlclient.cmd
if you installed the Design Console in a location that contains a space, for example, C:\Program Files\OIM\xlclient\java
. In addition, you will have a space in a directory path in xlclient.cmd
if while installing the Design Console you chose to use a JRE other than the one bundled with the Design Console and the path to that JRE includes a space, for example, C:\Program Files\Java\j2re1.4.2_15
.
To avoid this issue, do not install the Design Console in a directory whose path includes a space and do not specify a JRE using a directory path that includes a space. Another way to avoid this issue is to add double quotation marks (") to the paths in the xlclient.cmd
executable that include spaces. For example:
Use the following approach if you install the Design Console in a directory whose path includes a space:
"C:\Program Files\OIM\xlclient\java"\bin\java %DEBUG_OPTS% ^ -DXL.ExtendedErrorOptions=TRUE -DXL.HomeDir="C:\Program Files\OIM\xlclient" ^ -Djava.security.policy=config\xl.policy ^ -Dlog4j.configuration=config\log.properties ^ -Djava.security.manager -Djava.security.auth.login.config=config\auth.conf ^ com.thortech.xl.client.base.tcAppWindow -server server
Use the following approach if the path of the JRE directory that you specify includes a space:
"C:\Program Files\Java\j2re1.4.2_15"\bin\java %DEBUG_OPTS% ^
-DXL.ExtendedErrorOptions=TRUE -DXL.HomeDir=C:\oracle\xlclient ^
-Djava.security.policy=config\xl.policy ^
-Dlog4j.configuration=config\log.properties ^
-Djava.security.manager
-Djava.security.auth.login.config=config\auth.conf ^
com.thortech.xl.client.base.tcAppWindow -server server
In the Design Console, after changing the Process Definition type for a Resource Object from Approval to Provisioning, or from Provisioning to Approval, the Resource Object is not updated with the default tasks associated with each type of Process Definition. To avoid this issue, do not change the Process Definition type after setting it initially.
Attempting to delete User Defined Fields in the Design Console when the Required and Visible properties are set to true causes an error message to be displayed. To avoid this issue, first delete the properties and then delete the User Defined Column.
The Rule Designer feature in the Design Console cannot save multiple rules simultaneously. To avoid this issue, save each rule before creating additional rules.
Toolbars in the Creating New Task window may be disabled after adding event handlers or adapters from the Integration tab when using the same Create New Task window for a second time to add a task (by clicking the New Form icon). To avoid this issue, close the Creating New Task window before creating another task.
While setting challenge questions in the Lookup.WebClient.Questions
lookup definition, you must not include the caret (^) character in the text of the questions. The Design Console does not stop you from entering this character, but the Administrative and User Console will throw an error when this character is encountered.
An error message is displayed if there is conflicting input on the Password Policies form. For example, an error message is displayed if the minimum password length specified is greater than the maximum length. If there is more than one set of conflicting input, then the errors messages that are displayed are concatenated.
When you use the Design Console with non-English locales, you may encounter time-stamp display issues. To avoid this problem, replace all the files and directories under OIM_DC_HOME
/java
with the JRE 1.4.2_15 files and directories.
While defining reconciliation field mappings for trusted sources, you must not use the User Group Name user attribute.
Single quotation marks are not supported in the name of an IT resource. If a single quotation mark is included in the Name field on the IT Resources form, then a system error message is displayed.
Although you can use the Design Console to mark child table fields as password fields, Oracle Identity Manager does not support passwords as child table fields.
When you use Oracle Identity Manager on Oracle Application Server, the status of the Remote Manager is not displayed as "Running" in the Design Console.
This section describes known issues related to reporting functionality in release 9.1.0. This section contains the following topics:
When you run a Group Membership History report, the report results do not differentiate between active and deleted groups.
The User Profile columns in the User Disabled and User Unlocked reports display current values instead of historical values.
In the Administrative and User Console, clicking the Resource Name lookup icon on the Input Parameters page for various reports will display a lookup window. This lookup window may incorrectly display Organization resources in addition to User resources for the following reports:
Resource Access List
Entitlement Summary
Resource Access List History
Resource Password Expiration
Account Activity in Resource
Task Assignment History
Rogue Accounts By Resource
Fine Grained Entitlement Exceptions By Resource
Ignore the Organization resources listed in the lookup window. Running these reports for Organization resources will return no data.
Reports may not differentiate between information for a deleted user and information for a user that was created with the same user ID as the deleted user, regardless of whether or not the User ID Reuse property is enabled.
This section describes known issues in release 9.1.0 related only to globalization or translation. This section contains the following topics:
Section 5.5.4, "English Characters Required for Some Attributes"
Section 5.5.10, "Some Asian Languages Not Displayed Correctly With Sun JDK 1.4 (Bug 6314961)"
The release 9.1.0 Installer programs for non-English languages may contain some untranslated text that is displayed in English.
In the Administrative and User Console, if the Export and Import pages of the Deployment Manager or the Workflow Visualizer page are open and the session times out, then the text on these pages may be displayed in the language of the default locale of the system where Oracle Identity Manager is installed. After closing the session timeout window and clicking any of the Administrative and User Console menu options, the Oracle Identity Manager Logout page is displayed and may also be displayed in the language of the default locale of the system where Oracle Identity Manager is installed.
In the Administrative and User Console, some text in the Notes field on the Task Details page may be displayed in English in non-English environments. Task instances that have the following names may encounter this issue:
Reconciliation Update Received
Reconciliation Insert Received
Reconciliation Delete Received
Release 9.1.0 requires that you use only English characters for the following:
Installation paths and directory names (Bug 5397854)
Host names (Bug 5360993)
E-mail addresses (Bug 5397105)
If used, external certificate names and certificate content (Bug 5387397)
The Administrative and User Console requires that you use only English characters for the E-mail Address fields on the Create/Edit User, Account Profile, and Self-Registration pages. In addition, when installing the Remote Manager, you must use only English characters for the Service Name on the Configuration page (Bug 5460100).
Refer to Oracle Identity Manager Globalization Guide for detailed information about the character restrictions for various components and attributes.
Some information may be displayed as box characters in the Workflow Visualizer of the Administrative and User Console due to a known limitation with Java Applets and globalized characters. The browser JVM displays only those characters that are in the current locale of the system where Oracle Identity Manager is installed. Globalized characters are displayed correctly in applets only if you set the browser to the same locale as the system where Oracle Identity Manager is installed.
In non-English environments, the following report requires that the given filter parameter use only English values:
Report: Entitlement Summary
Filter parameter: Account Status
For example, filtering on Account Status in the Entitlement Summary report in non-English environments and using a translated version of the status Active will return nothing. You must use the English value Active.
The Administrative and User Console's Deployment Manager import and export features use the Java AWT file dialog box that shows the All Files (*.*)
string in the dialog box filter. The All Files (*.*)
string is not translated for any locale and is displayed in English. This limitation is caused by the Java implementation, and the string cannot be translated. For more information, refer to the Sun Microsystems report for Bug ID 4152317 at
When you use the Reconciliation Archival utility or Task Archival utility, the name of the log files for some non-English environments may not include the time stamp. For example, for the Reconciliation Archival utility, you may see a log file that looks something like Arch_Recon____15_56.log
instead of Arch_Recon_Wed_31_2007_03_31.log
.
The server-side date and time displayed in the error message on the Administrative and User Console when a pre-populate adapter error is encountered are not localized.
Some Asian languages may not be displayed correctly with Sun JDK 1.4 on the Deployment Manager if you launch it on a non-Asian Windows computer in spite of installing a language package on the client host. If you encounter this issue, install SUN Java Plug-in 1.5.
The names of IT resource parameters displayed on the "Manage IT Resources" pages of the Administrative and User Console are not localized.
In non-English environments, the ordering of first and last names in some reports does not correspond to the browser locale of the logged in user. Table 4 lists the reports and their columns in which first and last names may be displayed in inconsistent order. You can modify the display of first and last names by modifying the stored procedures for these reports.
Table 4 Reports and Columns in Which First and Last Names May Be Inconsistently Ordered
Report | Sectional Header | Sectional Table | Display Format |
---|---|---|---|
Attestation Requests by Process |
Reviewer |
NA |
FirstName LastName |
Attestation Process List |
NA |
Reviewer |
FirstName LastName |
Policy List |
NA |
Created By |
FirstName MiddleName LastName |
Policy Detail |
Created By |
NA |
FirstName LastName |
Organization Structure |
NA |
Manager Name |
FirstName MiddleName LastName |
Requests Initiated |
NA |
Requester |
FirstName MiddleName LastName |
Requests Details by Status |
Requester |
NA |
FirstName MiddleName LastName |
Group Membership |
Group Created By |
NA |
FirstName LastName |
Task Assignment History |
NA |
Assigner User Name |
FirstName LastName |
Account Activity in Resource |
NA |
Manager Name |
FirstName LastName |
User Resource Access History |
NA |
Manager Name, Provisioned By |
FirstName LastName |
Group Membership History |
Group Created By |
NA |
FirstName LastName |
While trying to delete a menu item, you may encounter an error message that is not localized.
If Oracle Single Sign-On is used to provide authentication service to Oracle Identity Manager, then localization to the Chinese (Simplified), Chinese (Traditional), and Portuguese (Brazilian) languages is not supported. This is due to a known bug (6728226) in the Oracle Single Sign-On Plug-in deployed on Oracle HTTP Server.
Refer to the "What's New" chapter in Oracle Identity Manager API Usage Guide for information about API changes made in this release.
Our goal is to make Oracle products, services, and supporting documentation accessible, with good usability, to the disabled community. To that end, our documentation includes features that make information available to users of assistive technology. This documentation is available in HTML format, and contains markup to facilitate access by the disabled community. Accessibility standards will continue to evolve over time, and Oracle is actively engaged with other market-leading technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers. For more information, visit the Oracle Accessibility Program Web site at
http://www.oracle.com/accessibility/
Accessibility of Code Examples in Documentation
Screen readers may not always correctly read the code examples in this document. The conventions for writing code require that closing braces should appear on an otherwise empty line; however, some screen readers may not always read a line of text that consists solely of a bracket or brace.
Accessibility of Links to External Web Sites in Documentation
This documentation may contain links to Web sites of other companies or organizations that Oracle does not own or control. Oracle neither evaluates nor makes any representations regarding the accessibility of these Web sites.
TTY Access to Oracle Support Services
Oracle provides dedicated Text Telephone (TTY) access to Oracle Support Services within the United States of America 24 hours a day, 7 days a week. For TTY support, call 800.446.2398. Outside the United States, call +1.407.458.2479.
Oracle Identity Manager Release Notes Release 9.1.0
E10367-03
Copyright © 2007, 2008, Oracle. All rights reserved.
The Programs (which include both the software and documentation) contain proprietary information; they are provided under a license agreement containing restrictions on use and disclosure and are also protected by copyright, patent, and other intellectual and industrial property laws. Reverse engineering, disassembly, or decompilation of the Programs, except to the extent required to obtain interoperability with other independently created software or as specified by law, is prohibited.
The information contained in this document is subject to change without notice. If you find any problems in the documentation, please report them to us in writing. This document is not warranted to be error-free. Except as may be expressly permitted in your license agreement for these Programs, no part of these Programs may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose.
If the Programs are delivered to the United States Government or anyone licensing or using the Programs on behalf of the United States Government, the following notice is applicable:
U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the Programs, including documentation and technical data, shall be subject to the licensing restrictions set forth in the applicable Oracle license agreement, and, to the extent applicable, the additional rights set forth in FAR 52.227-19, Commercial Computer Software--Restricted Rights (June 1987). Oracle USA, Inc., 500 Oracle Parkway, Redwood City, CA 94065.
The Programs are not intended for use in any nuclear, aviation, mass transit, medical, or other inherently dangerous applications. It shall be the licensee's responsibility to take all appropriate fail-safe, backup, redundancy and other measures to ensure the safe use of such applications if the Programs are used for such purposes, and we disclaim liability for any damages caused by such use of the Programs.
Oracle, JD Edwards, PeopleSoft, and Siebel are registered trademarks of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.
The Programs may provide links to Web sites and access to content, products, and services from third parties. Oracle is not responsible for the availability of, or any content provided on, third-party Web sites. You bear all risks associated with the use of such content. If you choose to purchase any products or services from a third party, the relationship is directly between you and the third party. Oracle is not responsible for: (a) the quality of third-party products or services; or (b) fulfilling any of the terms of the agreement with the third party, including delivery of products or services and warranty obligations related to purchased products or services. Oracle is not responsible for any loss or damage of any sort that you may incur from dealing with any third party.