| Oracle® Access Manager Customization Guide 10g (10.1.4.2.0) Part Number E10354-01 |
|
|
View PDF |
| Oracle® Access Manager Customization Guide 10g (10.1.4.2.0) Part Number E10354-01 |
|
|
View PDF |
Oracle Access Manager Portal Inserts provide a way to insert content generated by Oracle Access Manager into other applications without programming. The typical use of this is to build a subset of Oracle Access Manager functionality into your own Web application. You can, for instance, use the Identity System's search feature to add a company directory search to your site.
This chapter describes how portal inserts work and how to implement them with your installation, including:
The generic method for using Portal Inserts, including the URL format to be used.
A method that provides a quick return to the calling portal.
The Identity applications that use Portal Inserts and the functions that each one supports.
The parameters used by the functions.
An example for using Portal Inserts.
The following topics are discussed
The following diagram illustrates how you might construct a Web application with the help of Portal Inserts:
Figure 3-1 Using Portal Inserts in a Web Application
In this scenario, the Web application uses three HTML frames (A, B and C) to lay out its content. Frame A might provide a search function, the search controls themselves being provided by a Portal Insert. Frame B might contain an unrelated report using non-identity information, generated by the application itself.
Frame C might contain detailed information about a particular identity, such as you see in User Manager's profile page. The contents of this frame could be provided entirely by a second Portal Insert requested from the search function in frame A. The Portal Insert may optionally be combined with a custom stylesheet to display the page in a way that better suits the Web application's look and feel. This kind of customization is described in "Designing the GUI with PresentationXML".
Note:
The application may also use Oracle Access Manager to generate the data contained in frame B, through the IdentityXML interface for instance. That page may contain links that can be used to request a new Portal Insert (with or without a custom stylesheet) for frame C.To use Portal Inserts, you typically begin by identifying a Oracle Access Manager feature that you want to integrate into your application. Before accessing a function as a Portal Insert, it is a good idea to verify that you can access it as an Oracle Access Manager user.
When you have constructed the URL that generates the content you require, you add the request to your application wherever you want the content displayed. For instance, in a Web application, you might specify the URL as the target of a link, or as the source document for a frame.
WebPass receives the HTTP request when the Portal Insert page is to be displayed. WebPass interprets the URL with its additional parameters as a portal request. If the URL contains invalid data, access is denied. Otherwise, an HTTP response is returned, typically providing much the same interactive HTML GUI as the base Oracle Access Manager system provides.
The URL format for Portal Inserts conforms to Internet RFC 2396 - Uniform Resource Identifiers (URI): Generic Syntax. The text of the RFC is located at
http://www.ietf.org/rfc/rfc2396.txt
Specifically, the URL for a Portal Insert looks like this:
http://host:port/appname.cgi?param1=value1¶m2=value2...
Note the following components
The Identity Server location.
This is the http://host:port/ part of the entry. It is exactly the same location you would use to login in to Oracle Access Manager as a user.
Note:
The http scheme may be https if a secure connection is used.The application location.
This is the appname.cgi part of the entry. You point to the exact application, such as User Manager, that you want to use. A list of locations for each application is provided in "Identity System Applications and Portal Inserts". These are the "portals" to the functions that you want to carry out.
One or more sets of parameter name and value pairs.
These are provided in the form param=value. The first set immediately follows the application choice and starts with a ?. The second and any additional sets start with a &. The parameters can be provided in any order.
Remember that this text is being received as a URL and any non-URI characters, such as spaces and punctuation, that appear in parameter values must be encoded as discussed in the RFC.
Table 3-0 lists some common characters and their URI-safe encoded equivalents:
The following is an example URL to access a portal insert, first as one long string and then with the parts broken out for discussion:
http://domain.com:81/identity/oblix/apps/userservcenter/bin/ userservcenter.cgi?program=search&tab_id=employees&comp=true&STy1=cn&SLk1=OSM&SSt1=john
The following is the meaning of each part:
http://domain.com:81/: The server location.
identity/oblix/apps/userservcenter/bin/userservcenter.cgi: The User Manager application location.
?program=search: The first parameter, which in this case requests a search. The program parameter is always required. A good convention is to have it always be the first parameter. You can then quickly identify what function the request is expected to perform.
Note:
The leading ? separates the resource from the parameter list. Only the first parameter starts with ?. If there are subsequent parameters, they are delimited by the & character.&tab_id=employees: A second parameter, in this case requesting that the search be done under the employees tab.
&comp=true: A third parameter, in this case comp, which specifies that only the requested information (and not the Oracle Access Manager navigation controls) is to be displayed.
&STy1=cn: The first (indicated by the 1) search criterion is that the search is against the cn attribute.
Note:
You may specify further search criteria by passing more than one group of (STYn, SLkn, SStn) parameters. The n is always a number, used to group parameters together that belong to the same search criterion. See "Parameter Reference" for more details, in particular the description of the
noOfFields parameter.&SLk1=OSM: The search type is to be a substring match.
&SSt1=john: The data containing the string john.
Portal inserts provide a way to embed Oracle Access Manager functionality into user Web applications. Once the goal is accomplished, the user may be several layers deep in Oracle Access Manager product pages. The user could return to the calling page by clicking the browser back button several times. Another way is to use the Portal ID feature. This inserts a back button on the Oracle Access Manager pages. Clicking this button returns the user to the calling portal or to any other user-specified URL.
To use this feature you append the portalid parameter to the URL, provided at the calling portal, and specify a label for the return URL. The portalid parameter value persists, meaning that its value is known to all successive screens, all of which will contain the appropriate back button. The example URL provided earlier is easily modified to use the portalid parameter:
http://domain.com:81/identity/oblix/apps/userservcenter/bin/userservcenter.cgi?program=search&tab_id=employees&comp=true&STy1=cn&SLk1=OSM&SSt1=john&portalid= mychoice
In this example, mychoice is a label for the precise URL that the portal designer wants to return to. The portal designer associates the label with the actual URL by changing the content of the Portal Inserts Caller Identification Parameter File (PICI Parameter File), portalidparams.xml. A generic version of this file is provided as part of the Identity installation, in the following location:
identity/oblix/apps/common/bin/portalidparams.xml
The content of this file is as follows:
<?xml version="1.0"?>
<ParamsCtlg xmlns="http://www.oblix.com"
CtlgName="portalidparams">
<CompoundList ListName="">
<ValNameList ListName="oblix1" >
<NameValPair ParamName="portalIdBackUrl"
Value="http://www.oblix.com"/>
<NameValPair ParamName="portalIdBackButton"
Value="../../common/ui/style0/
NAVportalreturn1.gif"/>
<NameValPair ParamName=
"portalIdBackButtonMouseOver"
Value="Click here to go to oblix main page..1"/>
</ValNameList>
<ValNameList ListName="oblix2" >
<NameValPair ParamName="portalIdBackUrl"
Value="http://www.oblix.com"/>
<NameValPair ParamName="portalIdBackButton"
Value="../../common/ui/style0/
NAVportalreturn2.gif"/>
<NameValPair ParamName=
"portalIdBackButtonMouseOver"
Value="Click here to go to oblix main
page..2"/>
</ValNameList>
</CompoundList>
</ParamsCtlg>
Note:
The example contains two portalids,oblix1 and oblix2. You may add more.The information provided for each ValNameList item in the file associates a user-created label with the return URL, the image of a back button, and mouseover text to be associated with the button. All four of these items can be changed by the user, as shown in Table 3-3:
Table 3-2 ValNameList items
| Parameter | Description |
|---|---|
|
ListName |
A unique id for the calling portal. This is any user defined label, mychoice in the earlier example. The id value none is reserved; it has special meaning to Identity. (See the discussion of the "Portal ID and BackURL".). |
|
Value for portalIDBackURL |
A back URL. This could be the URL of the calling portal, or any other user specified URL. |
|
Value for portalIDBackButton |
The file path to the image to display for the back button. The button image is presented at the top of the page. When the user clicks on this button, the browser will return to the location specified in the value for the portalIDBackURL. The path can be relative to the Identity_install_dir/identity/oblix/apps/bin directory, or a fully specified URL. |
|
Value for portalIDBackButton MouseOver |
The mouse-over message for this button, that is displayed when the user puts the mouse cursor over the button. |
The PICI Parameter file is loaded when Oracle Access Manager starts. If its content is subsequently changed, the user should reload the file in order to make the changes usable. Rather than stopping and starting Oracle Access Manager, you reload the file by entering the following URL to your browser:
http://host:port/identity/oblix/apps/admin/bin/genconfig.cgi? program=flushCache&cachetype=portalid
The following are applications that respond to portal requests. For each application, the text shown replaces the appname.cgi information in the URL format.
For Group Manager: identity/oblix/apps/groupservcenter/bin/groupservcenter.cgi
For Lost Password Management: identity/oblix/apps/lost_pwd_mgmt/bin/lost_pwd_mgmt.cgi
For Organization Manager: identity/oblix/apps/objservcenter/bin/objservcenter.cgi
For User Manager: identity/oblix/apps/userservcenter/bin/userservcenter.cgi
Each application provides one or more functions that can be accessed by URL parameters. These functions are also referred to as services. The functions fall into three major categories:
Present: These services present standard Oracle Access Manager pages, for user interaction.
Get: These services show current directory content, but do not change it.
Set: These services change current directory content or perform an action, such as logging out.
All available functions are listed in the sections that follow, grouped under the Present, Get, and Set categories. For each function, the following are provided:
Name: This is the name of the program that carries out the function. It is good practice to use this parameter first, in the form program=xxxx, before appending other parameters.
Description: An explanation of the function
Works with: A list of applications with which the function works. Note that many of the functions work with more than one application.
Parameters: A table of parameters that either must (REQ) or may (OPT) be used in a URL that invokes the function. If you fail to specify a required parameter in the URL, an error page is returned. If you specify any parameter name but no value, or an invalid value, an error page is returned.
The parameters themselves are described in detail starting at "Parameter Reference".
In the following function descriptions, required parameters are listed first, followed by optional parameters. In the URL, you can specify parameters in any order you prefer, but because these URLs can become unwieldy, it is a good idea to follow a guideline such as function, followed by required parameters, followed by optional parameters.
The Note column calls attention to any issues that you should keep in mind while using the parameter with a particular function, but that are not part of the parameter's description per se.
Note:
You must have the appropriate rights assigned to you in order to use a function. Your searchbase must include the information you want to view or change. You require read rights for any attributes you expect to view, or tabs whose configured attributes you expect to view. You require write rights for any information you expect to change.Following is a list of functions that present interactive pages.
Description: Use this function to generate a page, including a delete button, from which you can delete a group or an organization. See "workflowDeactivateUser" to generate a page from which you can remove a user.
Works with: Group Manager, Organization Manager
| Parameter | REQ/OPT |
|---|---|
| uid | REQ |
| comp | OPT |
Description: Use this function to present an interactive page from which data can be changed.
Works with: Group Manager, Organization Manager, User Manager
| Parameter | REQ/OPT |
|---|---|
| uid | REQ |
| comp | OPT |
Description: Use this function to display a page from which you can change the location of an individual or organization.
Works with: Organization Manager, User Manager
| Parameter | REQ/OPT |
|---|---|
| locId | REQ |
| uid | REQ |
| comp | OPT |
| locObjClass | OPT |
| rectangle | OPT |
| scopeResolved | OPT |
| tab_id | OPT |
Description: Two URLs have been configured for your system, one to be used for password changes and the other for challenge response. This function sends the user to the challenge-response page, and from there, if the response is correct, to the password change page. From there, the function sends the user to the page specified by the backUrl.
Works with: Lost Password Management
| Parameter | REQ/OPT |
|---|---|
| login | REQ |
| backurl | OPT |
| target | OPT |
Description: Use this function to present an interactive page showing a set of predefined reports.
Works with: Group Manager, Organization Manager, User Manager
| Parameter | REQ/OPT | Note |
|---|---|---|
| comp | OPT | |
| tab_id | OPT | Default varies by application. |
Description: Use this function to present an interactive page from which proxy administration can be done.
Works with: User Manager
| Parameter | REQ/OPT |
|---|---|
| comp | OPT |
Description: A URL will have been configured for your system, to be used for password changes. This function sends the user to the password change page. From there, the function sends the user to the page specified by the backUrl.
Works with: Lost Password Management
| Parameter | REQ/OPT |
|---|---|
| login | REQ |
| backurl | OPT |
| target | OPT |
Description: Use this function to present an interactive search page, where you can enter search parameters.
Works with: Group Manager, Organization Manager and User Manager
| Parameter | REQ/OPT | Note |
|---|---|---|
| advSearch | OPT | |
| comp | OPT | |
| tab_id | OPT | Default varies by application. |
Description: Use this function to present an interactive page from which you can subscribe to a group.
Works with: Group Manager
| Parameter | REQ/OPT |
|---|---|
| uid | REQ |
| comp | OPT |
Description: Use this function to get a page from which you can view the location of an organization or user.
Works with: Organization Manager, User Manager
| Parameter | REQ/OPT |
|---|---|
| locId | REQ |
| uid | REQ |
| comp | OPT |
| coords | OPT |
| locObjClass | OPT |
| rectangle | OPT |
| scopeResolved | OPT |
| show_all | OPT |
| tab_id | OPT |
Description: Use this function to present an interactive page from which a new entry can be created using a workflow.
Works with: Group Manager, Organization Manager, User Manager
| Parameter | REQ/OPT | Note |
|---|---|---|
| comp | OPT | |
| tab_id | OPT | Default varies by application. |
Description: Use this function to present a page from which you can deactivate a user.
Works with: User Manager
| Parameter | REQ/OPT | Note |
|---|---|---|
| uid | REQ | DN of the user who is to be deactivated. |
| ObWorkflowName | REQ | |
| comp | OPT |
Description: Use this function to present a page from which you can add yourself to an organization, or as a user.
Works with: Organization Manager, User Manager
| Parameter | REQ/OPT | Note |
|---|---|---|
| ObDomainName | REQ | |
| ObWorkflowName | REQ | |
| comp | OPT | |
| ObWfComment | OPT | |
| tab_id | OPT | Default varies by application. |
Following is a list of all those functions that return data.
Description: Use this function to get the profiles for groups you are a member, owner, or administrator of.
Works with: Group Manager
| Parameter | REQ/OPT | Note |
|---|---|---|
| attrName | OPT | |
| comp | OPT | |
| showAdministratorOfGroups | OPT | At least one of the parameters names starting with show must be used. |
| showDynamicGroups | OPT | |
| showMemberOfGroups | OPT | |
| showNestedGroups | OPT | |
| showOwnerOfGroups | OPT | |
| showStaticGroups | OPT |
Description: Use this function to present the result of a search.
Works with: Group Manager, Organization Manager, and User Manager
| Parameter | REQ/OPT | Note |
|---|---|---|
| SLkn | REQ | |
| SStn | REQ | |
| SStn | REQ | At least one of the parameters names starting with show must be used. |
| comp | OPT | |
| noOfFields | OPT | |
| noOfRecords | OPT | |
| showAllResults | OPT | |
| sortBy | OPT | |
| sortOrder | OPT | |
| startFrom | OPT | |
| tab_id | OPT | Default varies by application. |
Description: Use this function to view selected attributes for a group, organization, or user.
Works with: Group Manager, Organization Manager, and User Manager
| Parameter | REQ/OPT | Note |
|---|---|---|
| uid | REQ | DN of the user, group or organization whose attributes are to be viewed, depending upon the application.For User Manager only, this is optional. If no uid is specified, the profile of the logged in user will be shown. |
| attrName | OPT | If you do not use this parameter, then all attributes for the uid, that you are authorized to see, are returned. To get values for more than one attribute, use this parameter multiple times, once for each named attribute. |
| comp | OPT |
Description: Use this function to view the members of a group.
Works with: Group Manager
Rights: Read rights on the Member attribute. Also, for dynamic members the read right on the Dynamic Filter attribute.
| Parameter | REQ/OPT | Note |
|---|---|---|
| uid | REQ | DN of the group whose members are to be listed. |
| attrName | OPT | |
| comp | OPT | |
| showDynamicUserMembers | OPT | At least one of the show parameters in the list must be used, set to true. |
| showNestedUserMembers | OPT | |
| showStaticUserMembers | OPT | |
| SLk1 | OPT | At most one set of these parameters is allowed with this function. The set is required if groupMemberSearchStringMinimumLength is not zero. See the parameter file shown in Table B-2. |
| SSt1 | OPT | |
| STy1 | OPT |
Description: Use this function to get information about a specific request.
Works with: Group Manager, Organization Manager, User Manager
| Parameter | REQ/OPT |
|---|---|
| workflowInstanceDn | REQ |
| workflowStepInstanceId | REQ |
| comp | OPT |
Description: Use this function to present the result of a search for pending, completed, or all workflow requests.
Works with: Group Manager, Organization Manager, User Manager
| Parameter | REQ/OPT | Note |
|---|---|---|
| requestType | REQ | If the required type is an outgoing request, then requestType is not needed. |
| targetApplication | REQ | |
| ticketType | REQ | If the required type is an outgoing request, then ticketType is not needed. If the required type is an incoming request, There are three possible entries.
WfAllTickets: Search for all requests, regardless of status. WfCompletedTickets: Search for requests that have been completely processed. WfPendingTickets: Search for requests that are pending, only partially processed. |
| comp | OPT | |
| days | OPT | |
| noOfRecords | OPT | |
| sortBy | OPT | For workflow tickets, the class sorting attribute can have only one of the following values:
If the attribute is invalid, then an error message is returned, such as "Invalid value for parameter sortBy". If no attribute is specified, the default is the first attribute (most likely obticketid) in the admin-configured workflow ticket search table. (You can see this table in the Identity System Console, Common Configuration, Configure Workflow Panels, Ticket Search Table). |
| sortOrder | OPT | |
| startFrom | OPT |
Following is a list of all those functions that set data.
Description: Log out of Group Manager, Organization Manager, User Manager.
Works with: Group Manager, Organization Manager, User Manager
Takes no parameters.
Description: Use this function to expand a dynamic group into its current static members.
Works with: Group Manager
Rights: VIEW for the Group Dynamic Filter and Group Expansion attributes; VIEW for the group class attribute; MODIFY for the Member attribute.
| Parameter | REQ/OPT | Note |
|---|---|---|
| comp | OPT | |
| groupsToExpand | OPT | One or the other of these must be provided. |
| expandAllGroups | OPT |
The following table describes each of the parameters in detail. In general, parameters have the same meaning for each function. When a function behaves differently with respect to a parameter, this is noted in a Notes column of the functions tables.
Several parameters, such as locId and tab_id, take values that are not obvious from the GUI presentation. However, these can be obtained from the URL address for the function you want to implement as a portal.
For example, if you do a search within the User Manager and click one of the employees to do a view, you see that the tab_id used is employees.
Boolean parameter values must be set to true or false in the URL. Alternative representations of Boolean values, such as yes and no, 1 and 0, and so on are not supported.
Integer parameter values must be specified as an uninterrupted sequence of decimal digits.
String parameter values must be URI-encoded as described in the previous paragraphs (see "Using Portal Inserts") if they contain spaces or punctuation.
The values to be entered for many of the parameters listed here are the exact DN values as they appear in the directory, rather than the display values. To find these DN values, you will need to use a tool that will allow you to browse in the directory and display DN entries. An example of such a tool is ldp.exe, provided with Windows 2000 systems. Other methods are described in the following paragraphs.
Find schema names for an attribute for an application by following these steps (taking User Manager as an example): Identity System Configuration, User Manager, User Manager Configuration, Configure Tab. Click the link of the type of User you need, then click Modify Attributes. At this point, an applet will show up. The top left corner shows a list of schema names for the attribute, and the top right corner shows the display names of the attributes, where you can locate the attribute you want to refer to.
Find attribute names by using the Modify Attributes feature for the appropriate application. For example, look under User Manager, User Manager Configuration, Configure Tab. Select the appropriate tab (which you are not going to change). Select Modify Attributes. The attribute names for that tab are displayed in the field identified as Attribute.
Table 3-3 Parameters Used for Portal Functions
| Parameter Name | Description | Rules |
|---|---|---|
|
Use this parameter to specify that the advanced search form is to be used instead of the basic search form. |
Single-valued, Boolean, true or false. Default: false. |
|
|
Use this parameter to specify the names of one or more attributes to be viewed or changed, depending upon the function. Use the schema names, not the display names. |
Multi-valued, string. Default: If no names are provided, then the attributes that will be shown are all of those that the user is allowed to view, depending upon the function. |
|
|
Used with the two password change-related functions, this provides the URL for a link to go back to after the password change is made. |
Single-valued, a string. Default: none. |
|
|
Use this parameter to name the attribute whose value you want to change. This is the schema name of the attribute, not the display name. |
Required. Single-valued, a string. Default: none. |
|
|
Use this parameter to describe whether the request is to add or remove information. It has two values: newval remove |
Required. Single-valued, a string, one of the listed values. Default: none. |
|
|
Use this parameter to make sure the page returned shows only the component you requested and nothing more. For example, this omits the navigation bar. If comp is set to true, it will be considered true for the rest of the session, even if not explicitly set in the URL. This parameter is optional for all functions that use it, but strongly recommended. |
Single-valued, Boolean, true or false. Default: false. |
|
|
These are present if the user clicked on the location map. |
Single-valued, a text string representing a pair of coordinates, presented as xx, yy. Default: none. Either coords or rectangle may be part of the URL, but not both. |
|
|
Use this parameter to specify a limited window, n days back from the current time, within which to look for requests. |
Single-valued, an integer >=1. Default: 0, meaning no limit; look as far back as the oldest request. |
|
|
Use this parameter to specify the type of view for the results. |
Single-valued, an integer 2 - use table format. 3 - use custom format. |
|
|
Use this parameter to expand all groups that you have rights to expand. If set to true, then all such groups are expanded. If set to false, then only the groups specified with the groupsToExpand parameter are expanded. |
Single-valued, Boolean, true or false. Default: false. |
|
|
Use this parameter to specify the format of an organization chart. There are two possibilities: 1: A vertical presentation, with parents preceding the children. 2: A horizontal layout, with parents to the left of children. |
Single-valued. Default: 1. |
|
|
Use this parameter to specify one or more target groups you want to expand. |
Multi-valued, a DN. Default: none. |
|
|
Location at which the object resides. |
Single-valued, a DN. Default: none. |
|
|
The location objectclass name. |
Single-valued. Default: oblixlocation. |
|
|
The identifying string of characters provided by the user, along with the password, to log in. This is usually some variation on the user name. |
Single-valued. Default: none. |
|
|
Use this parameter to specify the number of attributes whose values are to be searched through. Depending on the value of this parameter, you must provide the same number of sets of STy, SLk and SSt parameters. For example, if the noOfFields is 2, then required parameters would be STy1, SLk1 and SSt1 and STy2, SLk2 and SSt2. The result of the search is an AND that satisfies all of the parameter sets. The value of noOfFields must be greater than or equal to the number of sets. If it is greater, no error is reported, and the behavior will be just as if you had entered the correct, smaller value for n. |
Single-valued, an integer value n >= 1. Default: 1. |
|
|
Use this parameter to specify a maximum number of entries to be returned in the search results. This parameter and its default values are overridden by the showAllResults parameter. Note the default is derived from the defaultDisplayResultVar parameter in the oblixbaseparams.xml file. (See the "Oracle Access Manager Parameter Files") However, there is one exception. When a predefined report is created, the report definition includes the number of records to be displayed. This takes its value from the default in effect when the report is generated, and cannot be modified. |
Single-valued, an integer value n >=1. Defaults to the value of the defaultDisplay ResultVal parameter. |
|
|
Use this parameter to provide a comment for a step in a workflow. |
Single-valued, string. Default: none. |
|
|
Use this parameter to specify the name of the domain in which you want to create, change, or remove an entry. The domain name must be defined under the workflow referred to by the ObWorkflowName parameter. |
Single-valued, a DN. Default: none. |
|
|
Use this parameter to specify the name of the workflow that you want to use to create, change, or delete a directory entry. |
Single-valued, a DN Default: none. |
|
|
Use this parameter to specify a label that applies to a combination of a backURL, button image, and mousover text that has been added to the PICI file. The label entered persists for the rest of the session, meaning that it continues to apply as though the parameter had been used in successive URLs. Use the value none to end persistence |
Any text. Default: none. |
|
|
Rectangle on the map indicating the location of the object. |
Single-valued, a text string holding two pairs of numbers, the coordinates of the upper left and lower right corners of the rectangle, in the form xx1,yy1:xx2,yy2. Default: (If not given, only the object's map is shown with the location of the object on that). Either coords or rectangle may be part of the URL, but not both. |
|
|
Use this parameter to provide the name of an existing report. |
Single-valued. Default: none |
|
|
Use this parameter to specify that you want the results of an existing report. Currently, the only legal value is predefinedreport. |
Single-valued. Default: none. |
|
|
Use this parameter to specify which of the two possible request queue types you want to search. incomingRequests: Requests you need to process. outgoingRequests: Requests you have originated. |
Single-valued. Default: none. |
|
|
If rectangle is specified, then scopeResolved must be set to true. |
Single-valued, Boolean, true or false. Default: if this parameter is not given, the scope is resolved again. |
|
|
Use this parameter to ask for groups for which you or another user serve as administrator. |
Single-valued, Boolean, true or false. Default: false. |
|
|
If set to true, displays all users on the location map. |
Single-valued, Boolean, true or false. Default: false. |
|
|
Use this parameter to force all results of the search to be returned to the user. If the parameter value is true, it overrides the value of the noOfRecords parameter. |
Single-valued, Boolean, valued true or false. Default: false, meaning return results up to the limit imposed by the noOfRecords parameter. |
|
|
Use this parameter to ask to be included in the response to groups in which you or another user serve as dynamic members. |
Single-valued, Boolean, true or false. Default: false. |
|
|
Use this parameter to specify whether dynamic members of a group are to be included in the response. |
Single-valued, Boolean, true or false. Default: false. |
|
|
Use this parameter to ask to be included in the output of groups in which you or another user serve as members. |
Single-valued, Boolean, true or false. Default: false. |
|
|
Use this parameter to ask for nested groups you, or another user, are a member of to be included in the response. |
Single-valued, Boolean, true or false. Default: false. |
|
|
Use this parameter to specify whether nested members of a group are to be included in the response. |
Single-valued, Boolean, true or false. Default: false. |
|
|
Use this parameter to ask for groups you, or another user, are an owner of to be included in the output. |
Single-valued, Boolean, true or false. Default: false. |
|
|
Use this parameter to ask for groups you, or another user, are a static member of to be included in the response. |
Single-valued, Boolean, true or false. Default: false. |
|
|
Use this parameter to specify whether static members of a group are to be included in the response. |
Single-valued, Boolean, true or false. Default: false. |
|
|
Use this parameter to choose the way string data is selected. Legal entries all begin with the letter O, and the next two letters are an abbreviation of the search type. Possible values are: OSM: Substring match. Search results include entries whose value contains the exact data entered for this parameter, including spaces. OGE: Greater than or equal to. Search results include entries whose string value is greater than or equal to the data entered for this parameter. OLE: Less than or equal to. Search results include entries whose string value is less than or equal to the data entered for this parameter. OBW: Begins with. Search results include entries whose string value begins with the data entered for this parameter. OEW: Ends with. Search results include entries whose string value ends with the data entered for this parameter. OSL: Sounds like. Attempts a phonic match on the entered data. OEM: Exact match. Search results include entries whose string value is the same as the data entered for this parameter. OOS: Oblix-specific substring match. Differs from OSM. Spaces are considered to be delimiters, and results include entries which match both of the two strings. Any other value than the ones specified in this table returns an error (Invalid parameters). |
Multi-valued, 1 to n. For an explanation of n, see noOfFields. Default: none. If an invalid value or no value is provided, an error is returned. |
|
|
Use this parameter to specify which one of the attributes to use to sort the results. Use the schema name, not the display name. |
Single-valued. Default: if no value is specified, the class attribute of the structural objectclass of the tab specified by tab_id is used. |
|
|
Use this parameter to specify the sort order, ascending or descending. There are two possible values. ascending descending |
Single-valued. Default: ascending. |
|
|
Use this parameter to provide a string value to be searched for. Note: The value provided for this parameter must be equal to or greater than the value of SearchStringMinimumLength in the userservcenterparams.xml file. |
Multi-valued, 1 to n. For an explanation of n, see the noOfFields parameter. Default: If no value is specified, then the default is to do a blank search on the class attribute. This means, return everything that has any value (other than a NULL value) for the selected STy attribute. |
|
|
Use this parameter, for a long list of search results, to skip over a selected number of items and start the list with a specified item. For example, if 100 entries were found by the search, entering a value of 80 for this parameter gives a response showing only items 80 through 100. |
Single-valued, integer. Default: 0, meaning to start from the beginning of the search results list. |
|
|
Use this parameter to specify an attribute whose string values are to be searched. Attributes are associated, by application, with one or more tabs. The attribute must have been marked as searchable for the tab name provided or assumed for the tab_id parameter. If it is not, an error is returned. An administrator must have set the searchable flag for the attribute. |
Multi-valued, 1 to n. For an explanation of n, see the noOfFields parameter. Default: none. |
|
|
Use this parameter to specify the name of the tab which describes the information category you want to work within. Possible values for the parameter differ across applications. For User Manager and Group Manager, only one tab is allowed. For Organization Manager multiple tabs are allowed. If omitted, Oracle Access Manager can always find a default value for tab_id, as described in the Rules column. However, Oracle recommends you always provide a value for tab_id. This will provide self-documentation for each portal link you create and give you exactly what you want regardless of what other changes might be made to the system. For example, Organization Manager enables you to change the order in which tabs are displayed. If you rely on the default tab_id in this case, all your portal functions would be affected and might not work correctly. |
Single-valued. Default: For User Manager and Group Manager, which have only a single tab, tab_id is assumed. For Organization Manager, which has multiple tabs, the tab_id is assumed to be that for the leftmost tab. |
|
|
Determines the window in which the page is displayed. It takes two possible values: self: Displays in the same window from which it was called. top: Displays in the top browser window. |
Single-valued, a string. Default: self. |
|
|
Use this parameter to specify the application to be searched for tickets. If you want to search all applications, use the value allApplications. To search a specific application, enter the internal application name: groupservcenter: For Group Manager objservcenter: For Organization Manager userservcenter: For User Manager |
Single-valued. Default: none. |
|
|
Use this parameter to specify the status type for the requests to be searched for. There are three possible entries. WfAllTickets: Search for all requests, regardless of status. WfCompletedTickets: Search for requests that have been completely processed. WfPendingTickets: Search for requests that are pending, only partially processed. |
Single-valued. Default: none. |
|
|
Use this parameter to specify the DN of an entry you want to view or modify. NOTE: This parameter is used in many functions, and is NOT limited to User Manager activities, which might be assumed from its name. |
Single-valued, a DN. Default: none. |
|
|
Use this parameter to specify the DN of the workflow for which information is required. To specify the step for which the information is required, provide the workflowStepInstanceId parameter. The DN for the workflow is shown in the workflow definition view (see the Oracle Access Manager Administration Guide). |
Single-valued, a DN. Default: none. |
|
|
Use this parameter to specify a certain step, in the workflow specified by workflowInstanceDn, for which information is required. |
Single-valued, integer value Default: none |
This section illustrates one method of providing a Oracle Access Manager portal to users.
Task overview: One method of providing a Oracle Access Manager portal
Identify the Oracle Access Manager function(s) you intend to provide.
For each function, use the descriptions from this chapter to determine the URL components required to make the request to Oracle Access Manager, then construct the URL.
Develop a Web page in HTML to serve as a starting point for the Oracle Access Manager functionality you are providing. This page will contain links, forms, or links and forms that access Oracle Access Manager as a portal.
Deploy your page on the intranet.
Distribute the URL of your index page to users.
This example builds a portal insert that displays the Identity System profile page from User Manager for a given user using User Manager's view function.
Collect the following information for the URL:
| Parameter | Description |
|---|---|
| uid | DN of the user whose profile you wish to view, this month's Star Employee, taken from the directory. (The index page administrator updates this each month). |
| attrName | Attributes to be returned. This parameter is used repeatedly to ask the Identity System to return the Full Name, Photo, Email, Title and Phone Number attributes, so that viewers can write or call to congratulate Star Employees on their achievement. |
For the example the base URL for User Manager is:
http://test.com:88/identity/oblix/apps/userservcenter/bin/ userservcenter.cgi
You manually learn from Human Resources, or an external system, who is this month's Star Employee, and locate them in the directory to get their DN. The DN in the example is:
cn=Rohit Valiveti,ou=Sales,ou=Dealer1k1,ou=Latin America,ou= Ford,o=Company,c=US
Applying URL encoding to this to escape special characters like = and space gives:
cn%3DRohit%20Valiveti%2Cou%3DSales%2Cou%3DDealer1k1%2Cou%3DLatin%20America%2Cou%3DFord%2Co%3DCompany%2Cc%3DUS
which is used for the value of the uid parameter in the URL.
In the example directory, the attribute names needed for the profile data you have decided to show in the profile page are as follows:
cn (Full Name)
genbadgephoto (Photo)
description
mail (Email address)
genphonenumber (phone number)
title (individual's title)
Note:
These attribute names are very likely to be different in your actual deployment environment; you must check the directory schema or ask the directory administrator for the names in use in your target environment.Finally, set comp to true, to exclude the navigation bar and search form from the result and display only the component.
You now have all the information required to construct the following URL:
http://techpubs.com:88/identity/oblix/apps/ userservcenter/bin/userservcenter.cgi?program=view&uid=cn%3DRohit%20Valiveti%2Cou%3DSales%2Cou%3DDealer1k1%2Cou%3DLatin%20America%2Cou%3DFord%2Co%3DCompany%2Cc%3DUS &attrName=cn &attrName=genbadgephoto&attrname=description &attrName=mail &attrName=genphonenumber &attrName=mail &attrName=genphonenumber &comp=true
Now you can develop a simple Web page with a link to the view function. You are of course free to design any page you like. As long as it can generate a similar URL request, Oracle Access Manager does not care how you did it.
For this example, you can replace the index page for the Web server through which you access Oracle Access Manager with the following HTML:
<html>
<head>
<title>
Revised iplanet Index File Demonstrating Portals
</title>
</head>
<body>
<p>
Click for this month's Star Employee
<a href="portalsexamples.html">
here
</a>
</p>
</body>
</html>
Now, users trying to access the Web server at the URL http://techpubs:88 see the following page instead of the iPlanet index page:
The users click the link to the portalsexamples.html page, whose content is the following:
<html>
<head>
<title>Portal Examples </title>
</head>
<body>
<p>Help us congrtulate our current <ahref="http://techpubs:88/identity/oblix/apps/userservcenter/bin/userservcenter.cgi ?program=view
&uid=cn%3DRohit%20Valiveti%2Cou%3DSales
%2Cou%3DDealer1k1%2Cou%3DLatin%20America
%2Cou%3DFord%2Co%3DCompany%2Cc%3DUS
&attrName=cn
&attrName=genBadgePhoto
&attrName=description
&attrName=mail&attrName=genphonenumber
&attrName=title
&comp=true
&xsl=usc_profilenew.xsl
">
Star Employee (user applies a custom XSL stylesheet)
</a>
</p>
<p>Help us congratulate our current
<a href="http://techpubs:88/identity/
oblix/apps/userservcenter/bin/
userservcenter.cgi
?program=view
&uid=cn%3DRohit%20Valiveti%2Cou%3DSales
%2Cou%3DDealer1k1%2Cou%3DLatin%20America
%2Cou%3DFord%2Co%3DCompany%2Cc%3DUS
&attrName=cn
&attrName=genBadgePhoto
&attrName=description
&attrName=mail&attrName=genphonenumber
&attrName=title
&comp=true
">
Star Employee (Oracle Access Manager applies default XSL
stylesheet)
</a>
</p>
</body>
</html>
They see this page:
Figure 3-3 Portal Inserts Sample Results Page
Then, depending upon which link they select, they get two different presentations of the view page. If they click the first link, the default XSL stylesheet is applied, they will see a page with the default View Panels and Modify buttons.
Figure 3-4 Page That Uses Default stylesheet
If the user clicks the second link, Oracle Access Manager uses a modified version of the stylesheet that controls the displayed content for this page. The following extra parameter:
&xsl=usc_profilenew.xsl
is provided in the URL. This stylesheet expressly removes the buttons from the presentation. It also modifies the title displayed in the browser window, as seen in the following example. Methods for creating this custom stylesheet are discussed in "Designing the GUI with PresentationXML".
Figure 3-5 Page That Uses Modified stylesheet
