×

IDMWORKS Blog

Fixing an OIM 11gR2 Access Policy Based Application Instance Provisioning Resource Level Approval Policy


I ran into an issue at a client that I figured I would share. They extensively use access policies in their business process to handle provisioning of resources. This worked fine in R1 and then in R2 there was an issue OOTB. Side note: To kick off this style of request you need to have your access policy set to be “with approval” instead of “without approval”

 

The Request Type for using Access Policy Requests is Access Policy Based Application Instance Provisioning (It used to be Access Policy Based Provisioning in R1).  If you try to create a Request Level (RL) policy for that request type, OOTB it appears that you cannot use “Request.Request Type = Access Policy Based Application Instance Provisioning” as your rule. If you create a new policy you won’t get an error, but your rule will look like this “Request.Request Type Equals null” seen below:

 

 

 

If you modify an existing policy you will see “Rule Condition Value(s) are invalid. Please check for rules with condition value Invalid Data.” as shown below:

 

 

 

According to Oracle support article 1613878.1, this is allegedly expected behavior.  In truth, it’s due to a missing Resource Bundle Key.

You can ignore this warning message in UI & save the approval policy, the approval policy will get triggered anyway on “Access Policy Based Application Instance Provisioning” request type.

But fixing it is simple, the issue as mentioned is because of a missing resource bundle key so we can fix that. Try the following workaround to fix the UI issue:

1. Go to the following directory:

 

2. Backup the OIMUI jar:

 

3. Expand the jar:

 

4. Modify the Agent.Properties file:

Edit oracle/iam/request/agentry/resources/Agent.properties and add the following:

 

5. Re-jar the file with the modified file:

 

6. Restart the OIM server

I tried this workaround and it fixed my issue.  Hope that helps if you run into the same problem

Questions, comments or concerns? Feel free to reach out to us below, or email us at IDMWORKS to learn more about how you can protect your organization and customers.

Leave a Reply

Your email address will not be published. Required fields are marked *