OIM 11G-PS3 Thor.API.Exceptions.tcAPIException: Invalid Profile

Hello all,

  I passed thru an issue configuring my OIM Trusted reconciliation with GTC flat file and I would like to show how to fix this issue here:

First: I configured successfully my GTC connector as you can see here:

Once all my Flat File GTC Recon was configured I started running the related job, but the problem that happened was this:

[2018-06-18T13:30:16.380-07:00] [oim_server1] [WARNING] [] [XELLERATE.GC.FRAMEWORKRECONCILIATION] [tid: OIMQuartzScheduler_Worker-5] [userId: oiminternal] [ecid: 0000MG4vW9yFw000jzwkno1R91FW000004,1:18463] [APP: oim#11.1.2.0.0] Reconciliation Encountered error: [[
Thor.API.Exceptions.tcAPIException: Invalid Profile - OIMTHFLAT_GTC
at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.createReconciliationEvent(ReconOperationsServiceImpl.java:383)
at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.createReconciliationEvent(ReconOperationsServiceImpl.java:370)
at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.createReconciliationEvent(ReconOperationsServiceImpl.java:366)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)

....
Caused by: oracle.iam.reconciliation.exception.ReconciliationException: Invalid Profile - OIMTHFLAT_GTC
at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.getProfile(ReconOperationsServiceImpl.java:1507)
at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.createReconciliationEvent(ReconOperationsServiceImpl.java:349)
at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.createReconciliationEvent(ReconOperationsServiceImpl.java:381)
... 82 more
Caused by: oracle.iam.reconciliation.exception.ConfigNotFoundException: Invalid Profile - OIMTHFLAT_GTC
at oracle.iam.reconciliation.impl.config.CoreProfileManagerImpl$ProfileMarshaller.unMarshal(CoreProfileManagerImpl.java:669)
at oracle.iam.reconciliation.impl.config.CoreProfileManagerImpl$ProfileMarshaller.unMarshal(CoreProfileManagerImpl.java:652)
at oracle.iam.reconciliation.impl.config.CoreProfileManagerImpl$ProfileMarshaller.access$100(CoreProfileManagerImpl.java:602)


The main problem here is that, even if you completed successfully the flat file GTC configuration, you need to create, enable and activate your reconciliation rules, and then after that generate another profile for your GTC flat file reconciliation.


In order to do this.

STEP1: You need to go to your Design Console --> Reconciliation Rules --> Create your rule on Reconciliation Rule Builder as below:

Once you have it created, make sure you mark it as valid and active.


STEP2: Go to Design Console --> Resource Objects --> Select the RO related to your GTC Connector --> Click on Object Reconciliation tab and generate another profile(Click on Create Reconciliation Profile) --> Save it.

Once you have this created you should see something similar to this into your diagnostic logs:

  [2018-06-18T13:33:48.149-07:00] [oim_server1] [NOTIFICATION] [] [oracle.iam.reconciliation.impl.config] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 1479db58b6b48524:232e7d39:16404eda4b3:-8000-0000000000000782,0] [APP: oim#11.1.2.0.0] Generic Information: New profile will be created for  :: OIMTHFLAT_GTC

  [2018-06-18T13:33:48.397-07:00] [oim_server1] [NOTIFICATION] [] [oracle.iam.reconciliation.impl.config] [tid: Thread-53] [userId: <anonymous>] [ecid: 0000MG4vW9yFw000jzwkno1R91FW000004,1:18474] [APP: oim#11.1.2.0.0] Generic Information: Operation UPDATE on MetadataObject /db/OIMTHFLAT_GTC

STEP3: Now that you have your rule created and profile saved, please go to your schedule job and run it again.

STEP4: if you go to reconciliation events tab, now you should be able to see events and users created.

Now everything works as expected on your logs:

[2018-06-18T13:53:40.383-07:00] [oim_server1] [WARNING] [] [oracle.iam.platform.kernel.impl] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 0000MG4vW9yFw000jzwkno1R91FW000004,0] [APP: oim#11.1.2.0.0] Kernel Information: Process Id 2020 name 47adcac8-9d0f-49bf-8fa3-24cf8bc49530 status:COMPLETED type:User operation:CREATE stage:FINALIZATION changetype:null retryCount:0 startStage:ACTION stopStage:POSTPROCESS stoppable:false isObjectSaved:false hasDeferredChanges:false hasChildrenFromBulk:false target:{"operation":"CREATE","sync":true,"isPostprocessingAsync":false,"isActionAuditInTransaction":true,"target":{"entityId":["5","6"],"entityType":"User"},"parameters":[{"Email":"john.doe@acme.com","Display Name":{"base":"John Doe"},"Role":"Full-Time","usr_password":"3725:2SKMWTIg5X1ERb6a+dBlTg==","act_key":1,"User Login":"TGUIMARAES","Xellerate Type":"End-User","Last Name":"Doe","usr_change_pwd_at_next_logon":"1","First Name":"John"},{"Email":"susan.joe@acme.com","Display Name":{"base":"Susan Doe"},"Role":"Full-Time","usr_password":"7415:BVIC8peXjQzh+P+cVafi8A==","act_key":1,"User Login":"SDOE","Xellerate Type":"End-User","Last Name":"Doe","usr_change_pwd_at_next_logon":"1","First Name":"Susan"}],"interEventData":{"CURRENT_USER":[null,null],"NEW_USER_STATE":[{"m_userAttrs":{"Status":"Active","Email":"john.doe@acme.com","Display Name":{"base":"John Doe"},"Role":"Full-Time","act_key":1,"User Login":"TGUIMARAES","Last Name":"Doe","Xellerate Type":"End-User","First Name":"John"},"entityId":"5"},{"m_userAttrs":{"Status":"Active","Email":"susan.joe@acme.com","Display Name":{"base":"Susan Doe"},"Role":"Full-Time","act_key":1,"User Login":"SDOE","Last Name":"Doe","Xellerate Type":"End-User","First Name":"Susan"},"entityId":"6"}]},"contextVal":"<?xml version = '1.0' encoding = 'UTF-8'?>\n<context id=\"0\" contextKey=\"1\" contextType=\"RECON\" contextSubType=\"BATCH\"><context-value name=\"profileName\" class=\"oracle.iam.platform.context.ContextAwareString\"><string-value>OIMTHFLAT_GTC</string-value></context-value><parent-context id=\"0\" contextKey=\"\" contextType=\"ADMIN\" contextSubType=\"\"><context-value name=\"TASKNAME\" class=\"oracle.iam.platform.context.ContextAwareString\"><string-value>OIMTHFLAT_GTC</string-value></context-value><context-value name=\"JOBHISTORYID\" class=\"oracle.iam.platform.context.ContextAwareNumber\"><numeric-value>54</numeric-value></context-value><context-value name=\"JOBNAME\" class=\"oracle.iam.platform.context.ContextAwareString\"><string-value>OIMTHFLAT_GTC</string-value></context-value><parent-context id=\"0\" contextKey=\"\" contextType=\"ADMIN\" contextSubType=\"\"><context-value name=\"origuser\" class=\"oracle.iam.platform.context.ContextAwareString\"><string-value>oiminternal</string-value></context-value><context-value name=\"oimuser\" class=\"oracle.iam.platform.context.ContextAwareString\"><string-value>oiminternal</string-value></context-value><context-value name=\"counter\" class=\"oracle.iam.platform.context.ContextAwareString\"><string-value>16</string-value></context-value></parent-context></parent-context></context>","valid":false} currentHandler:Id 18 name CreateUserFinalizationHandler running:false [[

Handler List:

event:Id 1 name CreateUsersActionHandler operation:CREATE class:oracle.iam.identity.usermgmt.impl.handlers.create.CreateUserActionHandler sync:true status:COMPLETED stage:ACTION order:1000 transactional:false event: handlerClass:oracle.iam.identity.usermgmt.impl.handlers.create.CreateUserActionHandler handler:oracle.iam.identity.usermgmt.impl.handlers.create.CreateUserActionHandler@77f6ca27 result:["5","6"] execTime :nullms

event:Id 2 name UserAuditHandler operation:ANY class:oracle.iam.transUI.impl.handlers.user.UserAuditHandler sync:true status:COMPLETED stage:AUDIT order:1000 transactional:false event: handlerClass:oracle.iam.transUI.impl.handlers.user.UserAuditHandler handler:oracle.iam.transUI.impl.handlers.user.UserAuditHandler@30150770 result:null execTime :133.534823ms

........

event:Id 18 name CreateUserFinalizationHandler operation:CREATE class:oracle.iam.identity.usermgmt.impl.handlers.create.CreateUserFinalizationHandler sync:true status:COMPLETED stage:FINALIZATION order:1000 transactional:false event: handlerClass:oracle.iam.identity.usermgmt.impl.handlers.create.CreateUserFinalizationHandler handler:oracle.iam.identity.usermgmt.impl.handlers.create.CreateUserFinalizationHandler@20a6f4b0 result:null execTime :0.038471ms invokeWithResult:null

]]

[2018-06-18T13:53:40.387-07:00] [oim_server1] [NOTIFICATION] [] [oracle.iam.platform.kernel.impl] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 0000MG4vW9yFw000jzwkno1R91FW000004,0] [APP: oim#11.1.2.0.0] Kernel Information: >>>>>>> Not going to save Id 2020 name 47adcac8-9d0f-49bf-8fa3-24cf8bc49530

[2018-06-18T13:53:40.387-07:00] [oim_server1] [WARNING] [] [oracle.iam.platform.kernel.impl] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 0000MG4vW9yFw000jzwkno1R91FW000004,0] [APP: oim#11.1.2.0.0] Kernel Information: [[

====================================

Flow for Process Id 2020 name 47adcac8-9d0f-49bf-8fa3-24cf8bc49530

Status : ACTIVE

Id 1 name CreateUsersActionHandler : COMPLETED

Id 2 name UserAuditHandler : COMPLETED

Id 3 name LwUserAuditHandler : COMPLETED

Id 4 name ReconUserLoginHandler : COMPLETED

Id 5 name ReconUserPasswordHandler : COMPLETED

Id 6 name ReconUserDisplayNameHandler : COMPLETED

Id 7 name ReconUpdateUsrPwdFields : COMPLETED

Id 8 name CreateUserPostProcessHandler : COMPLETED

Id 9 name ReconScheduledTaskUserHandler : COMPLETED

Id 10 name CreateUserOrgChangeCalculator : COMPLETED

Id 11 name SelfServiceNotificationHandler : COMPLETED

Id 12 name CreateUserPasswordNotificationHandler : COMPLETED

Id 13 name CreateUserPasswordHistoryPostProcessHandler : COMPLETED

Id 14 name CreateUserPostProcessActionHandler : COMPLETED

Id 15 name UserAdminRoleAutoGrantHandler : COMPLETED

Id 16 name SelfServicePostHandler : COMPLETED

Id 17 name CustomPostProcessHandler : COMPLETED

Id 18 name CreateUserFinalizationHandler : COMPLETED

Status : COMPLETED

====================================

As well as on your OIM User details:

I hope it helps and happy coding,

Thiago Guimaraes

How to configure OIM GTC flat file - Trusted reconciliation in OIM 11G PS3

Hello all,

   Please check this video that explains how to configure the OIM - GTC flat file - Trusted reconciliation. It shows the real scenario and common issues that you could get setting OIM GTC in 11G PS3.

I hope it helps and happy coding,
Thiago Guimaraes

Oracle DBCA Configuration Assistant fails with Error in Process: /perl/bin/perl error

Hello everybody,

Troubleshooting this error today Oracle DBCA 12c:

Error while executing "$ORACLE_HOME/db/rbdms/admin/dbmssml.sql". Refer to "ORACLE_HOME/cfgtoollogs/dbca/orcl/dbmssml0.log" for more details. Error in Process: /perl/bin/perl

You will notice that the execution failed with a “Segmentation fault”. In looking at the command, I noticed that this is running perl from the $ORACLE_HOME/perl/bin directory. When I did a “which perl”, the perl that the operating system is using is coming from /usr/bin/perl. This is not the correct one being used by the root.sh script. Also if I did a “perl -v” from the command line it returns that the version of perl is 5.10.

Now that it is established that the operating system installed perl is fine, I took a look at the perl in $ORACLE_HOME/perl/bin. When I navigated to the $ORACLE_HOME/perl/bin directory and executed “perl -v”; I was met with the “Segmentation fault” issue (above). Knowing that the problem is within the Oracle binaries; how can this be resolved?

To resolve this “Segmentation fault” issue, I had to recompile the perl binaries that Oracle uses in the $ORACLE_HOME path. 

To do this, I had to download and recompile the perl binaries in the $ORACLE_HOME directories.

Then:

1- $wget http://www.cpan.org/src/5.0/perl-5.14.4.tar.gz

2- $tar -xzf perl-5.14.4.tar.gz

3- $cd perl-5.14.4 <br>$./Configure -des -Dprefix=$ORACLE_HOME/perl $make

4- $make test










5- $make install










Now, finally you should see your perl on ORACLE_HOME working as well as your DBCA 12c:





NOTE: If you retry and the errors appear again, please double check the logs
and see if the variable is not still getting the old values of perl.
Sometimes it happens.





I hope it helps,

Thiago Guimaraes







Oracle OCI Architecture

Hello everyone, let's start talking about OCI. 

Picture details:

Tenancy 

When you sign up for Oracle Cloud Infrastructure, Oracle creates a tenancy for your company, a secure and isolated partition where you can create, organize, and administer your cloud resources.

To use any of the API operations, you must be authorized in an IAM policy. If you’re not authorized, talk to an administrator.

                                    

Compartment  

The compartment is a logical container. This container organizes and controls access to the Oracle Cloud Infrastructure (OCI) Resources (Network, Storage, Compute, Load Balancer, etc.) created within that compartment. You impose some policies to that compartment, which restricts who can use the resources created within than chamber other than administrators of your account.

Route Tables 

VCN uses virtual route tables to send traffic out of the VCN (for example, to the internet, to your on-premises network, or a peered VCN). These virtual route tables have rules that look and act like traditional network route rules you might already be familiar with. Each rule specifies a destination CIDR block and the target (the next hop) for any traffic that matches that CIDR.

CIDR - Classless inter-domain routing - Classless inter-domain routing (CIDR) is a set of Internet protocol (IP) standards that are used to create unique identifiers for networks and individual devices. The IP addresses allow particular information packets to be sent to specific computers.

Security List

A security list is a group of one or more instances that you can specify as the destination or source in a security rule. Instances within a networking group can communicate adequately with one another on all ports. When you attach an instance to a security list, the inbound and outbound policies defined in the security list apply to that instance.

Availability Domain

Availability Domain (AD) is one or many data centers located within a region. A region is composed of three availability domains. Services/Resources are related to a region (like VCN) or Availability Domain Specific (like Compute). We can also say that a low latency connects all the available domains in a region, high bandwidth network, which makes it possible for you to provide high-availability connectivity to the Internet and customer premises.

Service Gateway

A service gateway is a single access point and acts as a proxy for multiple services. A service gateway enables transformations, routing, and standard processing across all the services. A service gateway module is a single mediation that handles the requests for multiple service consumers and providers. Oracle Cloud Infrastructure service gateway allows access to Oracle services within the region to protect your data from the internet. Oracle Cloud Infrastructure service gateway enables consumer-to-service private connections (C2S). 

Let's share some examples of integration with OCI and on-premise systems:

  

1 - The Oracle Database Adapter - enables you to integrate the Oracle database residing behind the firewall of your on-premises environment with Oracle Integration through the use of the on-premises connectivity agent. Use the Oracle Database Adapter to poll for new and updated records for processing in Oracle Integration. For example, any new record added to the Employee table in your Oracle database can be synchronized with Oracle HCM Cloud using Oracle Integration. Besides, use the Oracle Database Adapter to execute SQL queries or stored procedures in the Oracle database. 

2- The Oracle SalesForce Adapter - Supports all custom objects defined by the user and custom fields created at SalesForce.com, along with the standard objects and fields.

Support for consuming custom Apex classes developed and exposed as SOAP services in SalesForce.com.

3- The REST Adapter - supports standard and custom HTTP request and response headers in the invoke and trigger directions.

• Outbound (Invoke) direction
• HTTP headers enable you to use an outbound invocation to specify header properties. Many REST APIs expect certain properties to be specified in the HTTP headers (similar to SOAP APIs, where you can specify header properties such as the WS address). Use the standard HTTP headers to specify these properties. You can also use the custom HTTP headers to specify properties. The REST APIs can expect the client application to pass properties in the custom headers, which can influence the behavior of the APIs. The standard and custom HTTP header properties configured in the Adapter Endpoint Configuration Wizard automatically start appearing in the mapper. You can map the header properties in the mapper.
• Inbound (trigger) direction
• You can expose integration flows as REST endpoints and enable client applications to populate the properties in the standard and custom headers. You can use these properties to create routing expressions in your integrations. The standard and custom HTTP header properties configured in the Adapter Endpoint Configuration Wizard automatically start appearing in the mapper. You can map the header properties in the mapper. 

I am going to be providing more details related to Oracle adapters and OCI integration in the next articles, stay tuned.

Thiago