OIM 11g – Plug-in points in Oracle Identity Manager

Plug-in Point Description
oracle.iam.ldapsync.LDAPContainerMapper This is used by LDAP synchronization to determine which user/role container should be used to create the user/role in LDAP.
EventHandler This is the kernel event handler.
oracle.iam.platform.auth.api.LoginMapper This is an implementation of a LoginMapper maps the JAAS user principal name to the corresponding Oracle Identity Manager username. This plug-in point is used to override the default mapping of JAAS user principal name to Oracle Identity Manager username for SSO scenarios. The default implementation returns the same value as the JAAS user principal name.This plug-in point is typically used in SSO scenarios where the JAAS user principal name and the Oracle Identity Manager username might be different. For example, the SSO system might set the email as the JAAS username but no user with that username exist in Oracle Identity Manager. For Oracle Identity Manager to recognize that user, the JAAS user principal name must be mapped to the Oracle Identity Manager username. This can be done by implementing a plug-in for LoginMapper, as shown:

public class CustomLoginMapper implements LoginMapper{
public String getOIMUserID(String jaasPrincipal) throws MappingException {
return getUserName(jassPrincipal);
private String getUserName(String emailID){
String userName = null;
//Use usermgmt APIs to get the username corresponding to this email id
return userName;
oracle.iam.identity.usermgmt.api.PasswordVerifier This is used for verification of old password while changing the user’s password. The class that is to be used for this validation is configured in the OIM.OldPasswordValidator system property. By default, use the container based authentication for verifying old password.
oracle.iam.request.plugins.StatusChangeEvent This allows running of custom code during request status change.
oracle.iam.request.plugins.RequestDataValidator This is used for custom validation of request data after submission.
oracle.iam.request.plugins.PrePopulationAdapter This is used to prepopulate an attribute value by running custom code during request creation.
oracle.iam.scheduler.vo.Task This is used to run the job in context. Execute method of the task is retrieved through the plug-in and is loaded.
oracle.iam.identity.usermgmt.api.UserNamePolicy This is an implementation of username policies that are used to generate/validate username.
oracle.iam.identity.usermgmt.api.ReservationInLDAP This is an implementation for reservation of user attributes in LDAP. 

Leave a Reply

Your email address will not be published. Required fields are marked *