Thursday, May 7, 2009

IdentityXML example, Netpoint/Oblix/CoreId/Oracle Access Manager

In the project I was working on there was a question to find out how users could change their password without using the GUI of the identity server. An Oracle Sales Consultant pointed me to IdentityXML as a possible solution for this problem. Together with a colleague (JAVA consultant) of IT-eye, Ron Weverwijk we found out how this works.

This blog is a simple description how IdentityXML works and we used the Oracle documentation which you can find at the end of this blog.

In the documentation there is an sample JAVA program which we used:


/**
* This is a very simple SOAP example of how to invoke Oracle Access Manager
* through SOAP.
*
* This program will make a soap request (send the request in soap.xml)
* to the argument hostname:port/oblix/apps/corpdir/bin/corpdir.cgi
*
* Requirements:
* *** ObSoapClient, a complete http client library from innovation, is
* required to run this test. The software is free, and licensed under the
* GNU Lesser General Public License.
* HTTPClient is available at http://www.innovation.ch/java/HTTPClient
* This program has been tested with HTTPClient Version 0.3-2
*
* To run:
* *** java ObSoapClient [-h hostname] [-p port] [-f inputfile] [-u oblixurl]
*
*/

import java.net.URL;
import java.io.IOException;
import java.io.FileReader;
import java.io.BufferedReader;
import HTTPClient.CookieModule;
import HTTPClient.HTTPConnection;
import HTTPClient.HTTPResponse;
import HTTPClient.ModuleException;
import HTTPClient.NVPair;

public class ObSoapClient
{
static String hostname = "sunlight.oracle.com";
static String filename = "soap.xml";
static int port = 80;
static String oburl = "/identity/oblix/apps/userservcenter/bin/userservcenter.cgi";

public static void collectArgs(String args[])
{
for (int i = 0; i < args.length; i++) {
if (args[i].equals("-h") && args.length >= i+1)
hostname = args[i+1];
else if (args[i].equals("-f") && args.length >= i+1)
filename = args[i+1];
else if (args[i].equals("-p") && args.length >= i+1)
port = Integer.parseInt(args[i+1]);
else if (args[i].equals("-u") && args.length >= i+1)
oburl = args[i+1];
else if (args[i].equals("-h") || args[i].equals("-help")) {
System.out.println("Usage: java ObSoapClient [-h hostname] [-p port] [-f filename] [-u oblixurl] \n");
}
}
}

/**
* Read from soap.xml in current directory and return as string.
*/
public static String getRequestFromFile()
{
StringBuffer data = new StringBuffer();
try {
BufferedReader reader = new BufferedReader(new FileReader(filename));

for (String line = reader.readLine(); line != null;
line = reader.readLine()) {
data.append(line);
data.append("\r\n");
}
} catch (Exception e) {
System.out.println(e.toString());
}
return data.toString();
}

public static void main(String args[]) throws Exception
{
try {
CookieModule.setCookiePolicyHandler(null);

// initiate connection
collectArgs(args);
HTTPConnection con = new HTTPConnection(hostname, port);

// collect response
NVPair header[] = new NVPair[1];
header[0] = new NVPair("Content-Type", "text/xml");
HTTPResponse rsp =
con.Post(oburl,
getRequestFromFile(),
header);

// get status and act accordingly
if (rsp.getStatusCode() >= 300) {
System.err.println("Received Error: "+rsp.getReasonLine());
System.err.println(new String(rsp.getData()));
} else
System.out.println(new String(rsp.getData()));
} catch (IOException ioe) {
System.err.println(ioe.toString());
} catch (ModuleException me) {
System.err.println("Error handling request: " + me.getMessage());
} catch (Exception e) {
System.out.println(e.toString());
}
}

}

/*
NVPair form_data[] = new NVPair[2];

form_data[0] = new NVPair("login", "J.Smith");
form_data[1] = new NVPair("password", "J.Smith");
// form_data[2] = new NVPair("uid",
// "cn=John Smith,ou=Corporate,o=Company,c=US");
// form_data[3] = new NVPair("program", "personPage");
// form_data[4] = new NVPair("tab_id", "Employees");

// HTTPResponse rsp = con.Post("/oblix/apps/corpdir/bin/corpdir.cgi", form_data);

*/



This program needs a jar file http_client.jar this file can be found in a $ORACLE_HOME of an Oracle Application Server in the directory $ORACLE_HOME/j2ee/home/lib.

First this program needs to be compiled (We used a Linux client)
cd $HOME
mkdir IdentityXML
cd IdentityXML
cp $ORACLE_HOME/j2ee/home/lib/http_client.jar .
vi ObSoapClient.java

Fill this file with the code example.

Compile the java file:

javac -classpath .:http_client.jar ObSoapClient.java


Now you have an ObSoapClient.class file.

All you need to test if it works is an example SOAP messages which can be found in the identity server directory. In this directory are examples of messages which can be used.

$IDENTITY_HOME/identity/oblix/unsupported/integsvcs

For this example we will query the OID for the attribute sn of an user in the OID.
The example used is: um_view.xml

To keep it simple we chosed to use orcladmin as the user in the authentication part of the message. But if you want to use another username a workflow should be created in the identity server which gives the user the privilege to view attributes of other users.

Create an file soap.xml with and fill this with:


<?xml version="1.0"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas-xmlsoap.org/soap/envelope/"
xmlns:oblix="http://www.oblix.com">
<SOAP-ENV:Body>
<oblix:authentication xmlns:oblix="http://www.oblix.com" type="basic">
<oblix:login>orcladmin</oblix:login>
<oblix:password>[PASSWORD]</oblix:password>
</oblix:authentication>
<oblix:request function="view">
<oblix:params>
<oblix:param name="uid">cn=[USER_NAME],cn=users,dc=test,dc=com</oblix:param>
<oblix:param name="attrName">sn</oblix:param>
</oblix:params>
</oblix:request>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>


Now execute the java program:


java -classpath http_client.jar:. ObSoapClient -f soap.xml -h [HOSTNAME] -p [HTTP_PORT] -u /identity/oblix/apps/userservcenter/bin/userservcenter.cgi


Output of the program:

<?xml version="1.0" encoding="utf-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<Oblix xmlns:oblix="http://www.oblix.com/" xmlns="http://www.oblix.com/" oblang="en-us">
<ObProfile>
<ObPanel obname="defaultPanel" obpanelId="20090504T03484759854" obpanelClass="inetorgperson">
<ObAttribute obattrName="sn">
<ObDisplay obdisplayName="Last Name" obdisplayType="textS" obname="sn" obmode="view" obcanRequest="false" obrequired="false">
<ObTextS>
<ObValue>[LASTNAME]</ObValue>
</ObTextS>
</ObDisplay>
</ObAttribute>
</ObPanel>
<ObHeaderPanel></ObHeaderPanel>
<ObRequestInfo>158720928</ObRequestInfo>
<ObScripts>
<ObScript obname="../../../lang/en-us/msgctlg.js"></ObScript>
<ObScript obname="../../../lang/shared/i18n.js"></ObScript>
<ObScript obname="../../../lang/shared/nsiesetup.js"></ObScript>
<ObScript obname="../../../lang/shared/misc.js"></ObScript>
<ObScript obname="../../../lang/shared/miscsc.js"></ObScript>
<ObScript obname="../../../lang/shared/horizontalprofile.js"></ObScript>
<ObScript obname="../../../lang/shared/userservcenter.js"></ObScript>
</ObScripts>
<ObForm obname="profileForm" obmethod="post" obaction="userservcenter.cgi?tab_id=Employees&uid=cn%3D[USERNAME]%2Ccn%3Dusers%2Cdc%3Dtest%2Cdc%3Dcom%2C">
<ObInput obtype="hidden" obname="program" obvalue="view"></ObInput>
<ObInput obtype="hidden" obname="visiblePanel"></ObInput>
</ObForm>
<ObDisplay obdisplayName="ObTextMessage" obdisplayType="textS" obname="ObTextMessage" obmode="view" obcanRequest="false" obrequired="false">
<ObTextS>
<ObTextMessage></ObTextMessage>
</ObTextS>
</ObDisplay>
<ObTextMessage></ObTextMessage>
<ObSelectorInfoForm>
<ObForm obname=""></ObForm>
</ObSelectorInfoForm>
<ObButton obaction="initiateDeactivateUser"></ObButton>
<ObButton obaction="userreactivate"></ObButton>
<ObButton obaction="wfTicketDelete"></ObButton>
<ObButton obaction="userModify" obimageUrl="NAVmodify" obmouseOver="Modify this profile." obhref="../../userservcenter/bin/userservcenter.cgi?program=modify&tab_id=Employees&uid=cn%3D[USERNAME]%2Ccn%3Dusers%2Cdc%3Dtest%2Cdc%3Dcom"></ObButton>
<ObStatus>0</ObStatus>
</ObProfile>
<ObStatus>0</ObStatus>
</Oblix>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>


Refer:
http://download.oracle.com/docs/cd/B28196_01/idmanage.1014/b25346/idxmlows.htm

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

2 comments:

  1. Well … this is simple example that you directly copy/paste from the oracle documentation.
    But, unfortunately you introduce error in the code sample.
    At least you could test it before posting this sample into you’re blog!

    ReplyDelete
  2. Nah...this one is quite useful. It works perfectly fine even on a Windows environment.

    ReplyDelete

comment