C Configuring Identity System Navigation

The Identity System ships with an interface that supports four types of users: End User, Delegated Administrator, Delegated Identity Administrator, and Master Administrator. Each user type has different rights and is limited to different levels of Oracle Access Manager functionality. When users log in to Oracle Access Manager, they will be presented with a series of screens, a navigation system, that is defined for their user type.

This system can be modified to:

Support new user types
Select the screens to be shown, and determine the order in which they are presented
Specify a default user type.

This Appendix describes obnavigation.xml, the configuration file that controls the navigation system, and explains how to work with it.

C.1 Overview

The Identity System uses the obnavigation.xml file as a guide to build the OutPutXML. PresentationXML uses OutPutXML to build the Navigation Bar that appears at the top of each Oracle Access Manager page. It includes the application name, help and logout buttons, and the various tabs to select other modules within the application. The stylesheet of course provides the final definition of how to display this information, but the file described in "Obnavigation.xml File" determines its content. The interaction with the stylesheet is described in more detail.

C.2 Obnavigation.xml File

When you installed the Identity System you put it into an Identity_install_dir directory, for example:

/var/coreid/identity/oblix (UNIX)

C:/coreid/identity/oblix (Windows NT)

The obnavigation.xml file is installed under this, in the directory:

Identity_install_dir/identity/oblix/apps/common/bin

The file is provided in an XML format, the schema for which is provided under "File Schema" .

C.2.1 File Content

The following is a part of the installed obnavigation.xml file showing all the element types. The elements are discussed in a table immediately after the example:

<?xml version="1.0" ?> 
               <ObNavigation defaultUserType="systemAdmin">
               <ObHierarchy name="oblix" elementName="ObNavbar"
                  userType="endUser" obdisplayName="End User"
                     bgcolor="CCCC66">
               <ObCollection name="ObMisc">
                     <ObLink appName="common" name="T1help" /> 
                     <ObLink appName="common" name="T1about" /> 
                     ObLink appName="common" name="T1logout" /> 
               </ObCollection>
               <ObCollection name="ObApps">
                     <ObLink appName="common"
                           name="userservcenter_application_info"
                           elementName="ObApplication">
                        <ObCollection name="ObTitle">
                        <ObLink appName="userservcenter"
                                    name="T1TABusermanager" /> 
                        </ObCollection>
                        <ObCollection name="ObFunctions">
                           <ObLink appName="userservcenter"
                                 name="MyProfile" /> 
                           <ObLink appName="userservcenter"
                                 name="Report">
                              <ObCollection name="ObReportFunctions">
                                 <ObLink appName="userservcenter"
                                    name="generateReport" /> 
                                 <ObLink appName="userservcenter"
                                    name="viewPredefinedReports" />
                              </ObCollection>
                           </ObLink>
                           <ObLink appName="userservcenter"
                                 name="Workflow">
                              <ObCollection
                                       name="ObWorkflowFunctions">
                                 <ObLink appName="userservcenter"
                                    name="wfOutgoingRequest" /> 
                              </ObCollection>
                           </ObLink>
                        </ObCollection>
                  </ObLink>
                  ...
                  <ObLink appName="common"
                           name="groupservcenter_application_info"
                           elementName="ObApplication">
                  ...
                  <ObLink appName="common"
                           name="objservcenter_application_info"
                           elementName="ObApplication">
                  ...
                  <ObLink appName="common"
                           name="corpdir_application_info"
                           elementName="ObApplication">
                  ...
               </ObCollection>
               ....
               </ObHierarchy>
               ....
               </ObNavigation>

Elements in this file are the following:

Table C-1 ObNavigation.xml File

Element Name Description Example

Element Name	Description	Example
`ObNavigation`	This is the root element for the XML structure. It contains one attribute: `defaultUserType` - This specifies the default user type. The value entered for the attribute must match one of the user types defined in the rest of the file. The `ObNavigation` element contains one or more `ObHierarchy` elements.	<ObNavigation defaultUserType= "systemAdmin"> ... </ObNavigation>
`ObHierarchy`	The ObHierarchy element defines the navigation structure, as a nested hierarchy, for a user type. It contains five attributes: `name`: Reserved for future enhancements, currently not used. `elementName`: The element name in the Output XML that contains the navigation information. The installed stylesheets expect its value to be ObNavBar ; change this value only if you are willing to do extensive stylesheet changes. userType: A unique value specifying the user type that uses this hierarchy. obdisplayName: The display name for this user type. bgcolor: Reserved for future enhancements, currently not used. Each `ObHierarchy` element contains one or more `ObCollection` elements.	<ObHierarchy name="oblix" elementName="ObNavbar" userType="endUser" obdisplayName="End User" bgcolor="CCCC66"> ... </ObHierarchy>
`ObCollection`	The `ObCollection` element is a grouping of links. The collection itself does not enforce any navigation structure. Instead, it is a conceptual element used to group links with common themes together. It contains one attribute: `name`: This matches an element name in the Output XML. The installed stylesheets expect this to be either `ObMisc` or `ObApps`. Each `ObCollection` element contains one or more `ObLink` elements.	`<ObCollection name="ObMisc">` ... `</ObCollection>`
`ObLink`	The `ObLink` element represents a link, where a link is a set of information that enables user navigation to a certain functionality within Oracle Access Manager. Some `ObLink` elements (but not all) are allowed to contain `ObCollection` elements. This means that, rather than directly providing functionality, the link presents the users with another set of links for navigation. Each ObLink contains the following attributes: `appName` and `name`: These must be provided as a pair, meaning within the named application allow use of the named functionality. There is a limited set of valid combinations, predefined within the Identity System. See the table in "Valid ObLink Combinations" for the full list. `name` values which are allowed to contain nested `ObCollection` elements are marked with an * in this list. `elementName`: This element is optional. It provides a description for `ObLink` elements which contain nested `ObCollection` elements.	<ObLink appName="common" name= `"userservcenter_` `application_info"` `elementName="ObApplication">` ... `</ObLink>`

ObNavigation

This is the root element for the XML structure.

It contains one attribute:

defaultUserType - This specifies the default user type. The value entered for the attribute must match one of the user types defined in the rest of the file.

The ObNavigation element contains one or more ObHierarchy elements.

<ObNavigation defaultUserType=

"systemAdmin">

...

</ObNavigation>

ObHierarchy

The ObHierarchy element defines the navigation structure, as a nested hierarchy, for a user type.

It contains five attributes:

name: Reserved for future enhancements, currently not used.
elementName: The element name in the Output XML that contains the navigation information. The installed stylesheets expect its value to be ObNavBar ; change this value only if you are willing to do extensive stylesheet changes.
userType: A unique value specifying the user type that uses this hierarchy.
obdisplayName: The display name for this user type.
bgcolor: Reserved for future enhancements, currently not used.

Each ObHierarchy element contains one or more ObCollection elements.

...

</ObHierarchy>

ObCollection

The ObCollection element is a grouping of links. The collection itself does not enforce any navigation structure. Instead, it is a conceptual element used to group links with common themes together.

It contains one attribute:

name: This matches an element name in the Output XML. The installed stylesheets expect this to be either ObMisc or ObApps.

Each ObCollection element contains one or more ObLink elements.

<ObCollection name="ObMisc">

...

</ObCollection>

ObLink

The ObLink element represents a link, where a link is a set of information that enables user navigation to a certain functionality within Oracle Access Manager.

Some ObLink elements (but not all) are allowed to contain ObCollection elements. This means that, rather than directly providing functionality, the link presents the users with another set of links for navigation.

Each ObLink contains the following attributes:

appName and name: These must be provided as a pair, meaning within the named application allow use of the named functionality. There is a limited set of valid combinations, predefined within the Identity System. See the table in "Valid ObLink Combinations" for the full list. name values which are allowed to contain nested ObCollection elements are marked with an * in this list.
elementName: This element is optional. It provides a description for ObLink elements which contain nested ObCollection elements.

<ObLink appName="common"

name=

"userservcenter_

application_info"

elementName="ObApplication">

...

</ObLink>

C.2.2 File Schema

Following is the schema describing the logical structure of the obnavigation.xml file. This schema definition is not provided as part of the Oracle Access Manager installation files. See the reference provided in Appendix A, "XML Background" for more information on XML schema structures.

<?xml version="1.0" encoding="UTF-8"?> 
               <xsd:schema
                  xmlns:xsd="http://www.w3.org/2000/10/XMLSchema"
                  elementFormDefault="qualified">
               <xsd:element name="ObCollection"> 
                  <xsd:complexType> 
                        <xsd:sequence> 
                           <xsd:element ref=
                              "ObLink" maxOccurs="unbounded"/>
                        </xsd:sequence> 
                        <xsd:attribute name="name" use="required"
                              type="xsd:string"/> 
                  </xsd:complexType>
               </xsd:element> 
               <xsd:element name="ObHierarchy"> 
                  <xsd:complexType> 
                        <xsd:sequence> 
                           <xsd:element ref=
                              "ObCollection" maxOccurs="unbounded"/> 
                        </xsd:sequence> 
                        <xsd:attribute name="name" type="xsd:string"
                              use="required"/> 
                        <xsd:attribute name="elementName"
                              type="xsd:string" use="required"/>
                        <xsd:attribute name="userType"
                              type="xsd:string" use="required"/>
                        <xsd:attribute name="obdisplayName"
                              type="xsd:string" use="required"/> 
                        <xsd:attribute name="bgcolor" use="required">
                           <xsd:simpleType> 
                              <xsd:restriction base="xsd:binary"> 
                                 <xsd:encoding value="hex"/>
                              </xsd:restriction> 
                           </xsd:simpleType> 
                        </xsd:attribute> 
                  </xsd:complexType> 
               </xsd:element> 
               <xsd:element name="ObLink"> 
                  <xsd:complexType> 
                        <xsd:sequence> 
                           <xsd:element ref="ObCollection"
                              minOccurs="0"    maxOccurs="unbounded"/>
                        </xsd:sequence> 
                        <xsd:attribute name="appName" use="required"> 
                           <xsd:simpleType>
                              <xsd:restriction base="xsd:NMTOKEN"> 
                                 <xsd:enumeration value="common"/>
                                 <xsd:enumeration value=
                                       "groupservcenter"/> 
                                 <xsd:enumeration value=
                                       "objservcenter"/> 
                                 <xsd:enumeration value=
                                       "userservcenter"/>
                              </xsd:restriction> 
                           </xsd:simpleType> 
                        </xsd:attribute> 
                        <xsd:attribute name="name" use="required"> 
                           <xsd:simpleType>
                              <xsd:restriction base="xsd:NMTOKEN"> 
                                 <xsd:enumeration value="Admin"/>
                                 <xsd:enumeration value="Create"/> 
                                 <xsd:enumeration value=
                                       "FTABconfiguration"/> 
                                 <xsd:enumeration value=
                                       "FTABcreatereports"/> 
                                 <xsd:enumeration value=
                                       "FTABorgchart"/> 
                                 <xsd:enumeration value=
                                       "FTABrequests"/> 
                                 <xsd:enumeration value=
                                       "FTABviewreports"/> 
                                 <xsd:enumeration value="MyProfile"/> 
                                 <xsd:enumeration value=
                                       "T1TABgroupmanager"/>
                                 <xsd:enumeration value=
                                       "T1TABorgmanager"/> 
                                 <xsd:enumeration value=
                                       "T1TABusermanager"/> 
                                 <xsd:enumeration value="T1about"/> 
                                 <xsd:enumeration value="T1help"/> 
                                 <xsd:enumeration value="T1logout"/> 
                                 <xsd:enumeration value="Workflow"/> 
                                 <xsd:enumeration value=
                                       "adminDelegate"/> 
                                 <xsd:enumeration value=
                                       "adminExpandGroups"/> 
                                 <xsd:enumeration value=
                                       "adminPreWorkflowDef"/> 
                                 <xsd:enumeration value=
                                       "adminProxy"/> 
                                 <xsd:enumeration value=
                                       "adminSetContainmentLimit"/>
                                 <xsd:enumeration value=
                                       "adminSetSearchbase"/> 
                                 <xsd:enumeration value=
                                       "adminWorkflowDef"/> 
                                 <xsd:enumeration value="dashline"/> 
                                 <xsd:enumeration value=
                                       "front_page_admin
                                          _application_info"/>
                                 <xsd:enumeration value=
                                       "groupservcenter
                                          _application_info"/> 
                                 <xsd:enumeration value=
                                       "multipleObjectTabs"/> 
                                 <xsd:enumeration value=
                                       "objservcenter
                                          _application_info"/> 
                                 <xsd:enumeration value=
                                       "userservcenter
                                          _application_info"/> 
                                 <xsd:enumeration value=
                                       "policyservcenter
                                          _application_info"/> 
                                 <xsd:enumeration value=
                                       "wfCreateProfile"/> 
                                 <xsd:enumeration value=
                                       "wfDeactivateProfile"/> 
                                 <xsd:enumeration value=
                                       "wfIncomingRequest"/> 
                                 <xsd:enumeration value="wfMonitor"/> 
                                 <xsd:enumeration value=
                                       "wfOutgoingRequest"/> 
                              </xsd:restriction> 
                           </xsd:simpleType> 
                        </xsd:attribute> 
                        <xsd:attribute name="elementName"
                              type="xsd:string"/> 
                  </xsd:complexType> 
               </xsd:element> 
               <xsd:element name="ObNavigation"> 
                  <xsd:complexType> 
                        <xsd:sequence> 
                           <xsd:element ref="ObHierarchy"
                                 maxOccurs="unbounded"/> 
                        </xsd:sequence> 
                        <xsd:attribute name="defaultUserType"
                           type="xsd:string" use="required"/>
                  </xsd:complexType> 
               </xsd:element> 
               </xsd:schema>

C.3 Customization

You can make the changes to the obnavigation.xml file as described in the following procedure. The changes take effect the next time the Identity Manager Server is restarted.

To customize the obnavigation.xml file

Remove a link.

To remove access to functionality for a user type, remove the ObLink element associated with that functionality. This example shows the original file part revised to remove the about functionality for an end user.

<ObHierarchy name="oblix" elementName="ObNavbar"
                        userType="endUser" obdisplayName="End User"
                        bgcolor="CCCC66">
                     <ObCollection name="ObMisc">
                        <ObLink appName="common" name="T1help"/>
                        <ObLink appName="common" name="T1logout"/>
                     </ObCollection>

Add a link.

Use the ObHierarchy for the SystemAdmin user type as a template for this. It shows the full standard navigation possibilities. Determine the link to add. Find the ObCollection that you would like to add the link to, and add the link. In the revised file part example, an end user is now able to navigate to the page where new users are created.

Note:

The end user will still need to be granted create rights in order to work with the page.

<ObCollection name="ObFunctions">
                  <ObLink appName="userservcenter"
                        name="MyProfile"/>
                  <ObLink appName="userservcenter"
                        name="wfCreateProfile"
                  <ObLink appName="userservcenter" name="Workflow">
                        <ObCollection name="ObWorkflowFunctions">
                           <ObLink appName="userservcenter"
                                 name="wfOutgoingRequest"/>
                        </ObCollection>
                  </ObLink>
               </ObCollection>

Remove a user type.

Remove all of the ObHierarchy elements associated with the user type. That user type will not be able to reach any pages.

Note:
Don't remove the default user type. If you must remove the user type that is the default user type, set another user type to be the default.
Add a user type.

Add an ObHierarchy element, specifying the new user type. Use the systemAdminObHierarch y as a template and remove any links and collections not suitable for the new user type.

Append &userType=(the user type attribute value in ObHierarchy) to the entry point URL when you first access the system. The user type information is stored in the cookie that is returned. It will be reset only if a new userType is used in the URL.
Set the default user type.

Change the ObNavigationdeafaultUserType attribute value to the desired user type. This is used if the user type has not been previously set in a returned cookie and there is no user type specified in the URL.

C.4 Valid ObLink Combinations

The following tables show Identity System functionality by application, to be used in defining a valid ObLink. For example, if you need to provide the User Manager functionality in User Manager then you would add:

<ObLink appname="userservcenter" name="T1TABUserManager"/>

In the tables, name values that are allowed to contain nested ObCollection elements are marked with an *.

Appnames in the tables correspond to applications this way:

common: Help, About, and Logout buttons, and Applications. See Table C-2 for details.

userservcenter: User Manager. See Table C-3 for details.

groupservcenter: Group Manager. See Table C-4 for details.

objservcenter: Organization Manager Table C-5 for details.

Table C-2 Valid ObLink name Values for appName=common

Name	Description of function common to all applications
`T1help`	Help button
`T1about`	About button
`T1logout`	Logout button
`userservcenter_application_info`	User Manager
`groupservcenter_application_info`	Group Manager
`policyservcenter_application_info`	Access System
`access_front_page_admin_application_info`	Access System Configuration
`front_page_admin_application_info`	Identity System configuration
`objservcenter_application_info`	Organization Manager

Table C-3 Valid ObLink name Values for appName=userservcenter

Name	User Manager Function
`T1TABusermanager`	User Manager
`MyProfile`	My Identity
`wfCreateProfile`	Create User Identity
`wfDeactivateProfile`	Deactivated User Identity
`adminProxy`	Substitute Rights
`Workflow *`	Requests
`wfIncomingRequest`	Incoming Requests
`wfOutgoingRequest`	Outgoing Requests
`wfMonitor`	Monitor Requests
`Admin *`	Configuration
`adminAccessControl`	adminAccessControl
`adminDelegate`	Delegate Administration
`adminWorkflowDef`	Workflow Definition
`adminSetSeachbase`	Set Searchbase

Table C-4 Valid ObLink name Values for appName=groupservcenter

Name	Group Manager function
`T1TABgroupmanager`	Group Manager
`MyProfile`	My Groups
`Create`	Create Group
`Workflow *`	Requests
`wfIncomingRequest`	Incoming Requests
`wfOutgoingRequest`	Outgoing Requests
`wfMonitor`	Monitor Requests
`Admin *`	Configuration
`adminAccessControl`	adminAccessControl
`adminDelegate`	Delegate Administration
`adminPreWorkflowDef`	Workflow Definition
`adminExpandGroups`	Expand Dynamic Groups

Table C-5 Valid ObLink name Values for appName=objservcenter

Name	Org. Manager function
`T1TABorgmanager`	Organization Manager
`multipleObjectTabs`	The set of tabs configured for Organization Manager
`wfCreateProfile`	Create Organization Profile
`FTABrequests *`	Requests
`wfIncomingRequest`	Incoming Requests
`wfOutgoingRequest`	Outgoing Requests
`wfMonitor`	Monitor Requests
`FTABconfiguration *`	Configuration
`adminAccessControl`	Attribute Access Control
`adminDelegate`	Delegate Administration
`adminWorkflowDef`	WorkflowDefinition
`adminSetContainmentLimit`	Container Limits