11 Creating and Testing a Remote Manager IT Resource

This chapter describes the tasks for creating and testing a Remote Manager IT Resource. It contains the following topics:

• Post-installation Configuration

• To Create and Test a Remote Manager IT Resource

Remote Manager is an Oracle Identity Manager component that acts like a proxy in directly communicating with a third-party system. The Remote Manager is used to invoke non-remotable APIs through Oracle Identity Manager and APIs that do not support SSL over secure connections.

After installing the Remote Manager and establishing the trust relation between the Oracle Identity Manager Server and the Remote Manager (trusting the certificate), you can create an IT Resource for the Remote Manager and then test it.

Post-installation Configuration

After installing the Remote Manager, you need to ensure that the certificate is trusted between the application server and the Remote Manager. To do so, first open the Remote Manager form in the Administration folder of the Design Console (Java client). The Remote Manager form will show all Remote Managers that are connected but not necessarily "trusted".

Perform the following steps to ensure that the trust relation between the application server and the Remote Manager is established through the certificate. In this procedure, the JBoss Application Server is used as an example. The keytool utility is used to import/export the certificates.

1. Using a command prompt, open the directory path and use the keytool utility o list the certificate fingerprints:

   <XLREMOTE_HOME>\xlremote>

2. Enter the command:

   <JAVA_HOME>\bin\keytool -list -keystore config\.xlkeystore

3. Enter the default password for xellerate keystore: xellerate

   Your keystore contains 1 entry

   xell, Jan 7, 2005, keyEntry,

   Certificate fingerprint (MD5):

   B0:F2:33:C8:69:E4:25:A3:CB:59:E8:51:27:EE:5C:52

   The certificate fingerprint is marked in bold. Compare this to the list of certificates in the keystore.

4. Open the Java SDK folder used for the application server. Again, enter the path and use the keytool to list the certificates in the keystore:

   <JAVA_HOME>\jre\lib\security\cacerts

5. Enter the command to see the list of trusted certificates:

   <JAVA_HOME>\bin\keytool -keystore cacerts -storepass changeit -storetype jks -provider <provider_name>

   The output showing the keystore entries are as follows:

   Your keystore contains 25 entries
   equifaxsecureebusinessca1, Jul 23, 2003, trustedCertEntry,
   Certificate fingerprint (MD5): 64:9C:EF:2E:44:FC:C6:8F:52:07:D0:51:73:8F:CB:3D
   verisignclass4ca, Jun 29, 1998, trustedCertEntry,
   Certificate fingerprint (MD5): 1B:D1:AD:17:8B:7F:22:13:24:F5:26:E2:5D:4E:B9:10
   entrustglobalclientca, Jan 9, 2003, trustedCertEntry,
   Certificate fingerprint (MD5): 9A:77:19:18:ED:96:CF:DF:1B:B7:0E:F5:8D:B9:88:2E
   gtecybertrustglobalca, May 10, 2002, trustedCertEntry,
   Certificate fingerprint (MD5): CA:3D:D3:68:F1:03:5C:D0:32:FA:B8:2B:59:E8:5A:DB
   entrustgsslca, Jan 9, 2003, trustedCertEntry,
   Certificate fingerprint (MD5): 9D:66:6A:CC:FF:D5:F5:43:B4:BF:8C:16:D1:2B:A8:99
   verisignclass1ca, Jun 29, 1998, trustedCertEntry,
   Certificate fingerprint (MD5): 51:86:E8:1F:BC:B1:C3:71:B5:18:10:DB:5F:DC:F6:20
   thawtepersonalbasicca, Feb 12, 1999, trustedCertEntry,
   Certificate fingerprint (MD5): E6:0B:D2:C9:CA:2D:88:DB:1A:71:0E:4B:78:EB:02:41
   entrustsslca, Jan 9, 2003, trustedCertEntry,
   Certificate fingerprint (MD5): DF:F2:80:73:CC:F1:E6:61:73:FC:F5:42:E9:C5:7C:EE
   thawtepersonalfreemailca, Feb 12, 1999, trustedCertEntry,
   Certificate fingerprint (MD5): 1E:74:C3:86:3C:0C:35:C5:3E:C2:7F:EF:3C:AA:3C:D9
   verisignclass3ca, Oct 24, 2003, trustedCertEntry,
   Certificate fingerprint (MD5): 10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67
   gtecybertrustca, May 10, 2002, trustedCertEntry,
   Certificate fingerprint (MD5): C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
   thawteserverca, Feb 12, 1999, trustedCertEntry,
   Certificate fingerprint (MD5): C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D
   equifaxsecureca, Jul 23, 2003, trustedCertEntry,
   Certificate fingerprint (MD5): 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4
   thawtepersonalpremiumca, Feb 12, 1999, trustedCertEntry,
   Certificate fingerprint (MD5): 3A:B2:DE:22:9A:20:93:49:F9:ED:C8:D2:8A:E7:68:0D
   thawtepremiumserverca, Feb 12, 1999, trustedCertEntry,
   Certificate fingerprint (MD5): 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
   entrust2048ca, Jan 9, 2003, trustedCertEntry,
   Certificate fingerprint (MD5): BA:21:EA:20:D6:DD:DB:8F:C1:57:8B:40:AD:A1:FC:FC
   verisignserverca, Jun 29, 1998, trustedCertEntry,
   Certificate fingerprint (MD5): 74:7B:82:03:43:F0:00:9E:6B:B3:EC:47:BF:85:A5:93
   entrustclientca, Jan 9, 2003, trustedCertEntry,
   Certificate fingerprint (MD5): 0C:41:2F:13:5B:A0:54:F5:96:66:2D:7E:CD:0E:03:F4
   baltimorecybertrustca, May 10, 2002, trustedCertEntry,
   Certificate fingerprint (MD5): AC:B6:94:A5:9C:17:E0:D7:91:52:9B:B1:97:06:A6:E4
   geotrustglobalca, Jul 23, 2003, trustedCertEntry,
   Certificate fingerprint (MD5): F7:75:AB:29:FB:51:4E:B7:77:5E:FF:05:3C:99:8E:F5
   gtecybertrust5ca, May 10, 2002, trustedCertEntry,
   Certificate fingerprint (MD5): 7D:6C:86:E4:FC:4D:D1:0B:00:BA:22:BB:4E:7C:6A:8E
   equifaxsecureglobalebusinessca1, Jul 23, 2003, trustedCertEntry,
   Certificate fingerprint (MD5): 8F:5D:77:06:27:C4:98:3C:5B:93:78:E7:D7:7D:9B:CC
   baltimorecodesigningca, May 10, 2002, trustedCertEntry,
   Certificate fingerprint (MD5): 90:F5:28:49:56:D1:5D:2C:B0:53:D4:4B:EF:6F:90:22
   equifaxsecureebusinessca2, Jul 23, 2003, trustedCertEntry,
   Certificate fingerprint (MD5): AA:BF:BF:64:97:DA:98:1D:6F:C6:08:3A:95:70:33:CA
   verisignclass2ca, Oct 24, 2003, trustedCertEntry,
   Certificate fingerprint (MD5): B3:9C:25:B1:C3:2E:32:53:80:15:30:9D:4D:02:77:3E
   
   

   For clarity, the certificate fingerprints are highlighted in bold. The certificate fingerprint that is required is Certificate fingerprint (MD5.

   B0:F2:33:C8:69:E4:25:A3:CB:59:E8:51:27:EE:5C:52) is not in the trusted certificates. So, you will need to import the certificate.

To Create and Test a Remote Manager IT Resource

To create and test a Remote Manager IT resource, perform the following steps:

1. In the Oracle Identity Manager Design Console, open the Resource Object form.

2. Create a Resource object. In this example, the following parameters are set:

   • The name is MyObj

   • The option, Order for User is enabled

   • The Type is Application

   • The following checkboxes are enabled:

     • Allowed Multiple

     • Auto Save

     • Self Request Allowed

     • Allow All

     • Auto Launch

3. Create an IT Resource Type Definition for Resource Object. Open the IT Resource Type Definition form. In this example, the following parameters are set:

   • The Server Type name is MyObjServer

   • The Password field name is encrypted

4. Create an IT Resource for the Remote Manager. In this example, the following parameters are set:

   • The name of the IT Resource is remote

   • The name of the Type is Remote Manager

     Ensure that the IT resource has the proper URL and service name, and that the Remote Manager is installed at the location indicated by the URL.

   • Note:

     Check to see if the name itself is not present in the URL. For example, the Remote Manager is composed of the service name and URL, as such:

     service name: RManager url: rmi://w2kevandanwkstn:12346

5. Create an instance of the MyObjServer IT Resource Type created previously. Open the IT Resource Information Form. In the Remote Manager field, ensure that the Remote Manager created in the Step 4 is selected.

6. After saving the information in the IT Resources Information form, you can provide any additional details required for that IT resource. In this example, the user name and password are entered.

7. Create the .jar files that contains code and will be executed in the Remote Manager. For this you need to perform the following:

8. Copy these .jar files to the JavaTasks folder in <xlremote_home>/JavaTasks and <XL_HOME>/xellerate/JavaTasks.

   The following lines of code tests the settings you have made so far:

   package testme;
   import java.io.PrintStream;
   public class test
   {
       public test ()
       {
       }
       public static int addme(int i, int j)
       {
        /*6*/System.out.println(i + "+" + j + "=" + (i + j));
        /*7*/return i + j;
        }
        public static void main(String args[])
        {
         /*  11*/addme(5, 10);
        }
   }
   
   

9. Create an adapter that will be run in the Remote Manager. Open the Adapter Factory form. In this example, the following parameters are set:

   • The Adapter Name is remotetest

   • The Adapter Type is Process Task

     For this example, you need to create three variables for this adapter (based on example code in the .jar file). Click Add. The Java code takes two integers as arguments and the IT resource as the third variable.

10. In the first variable, the following parameters are set:

11. • The Variable name is var1

    • The Variable type is Integer

    • The Map To option is set to Resolve at Runtime

12. Create the second variable in the same way you did the first. The following parameters are set:

    • The Variable name is var2

    • The Variable type is Integer

    • The Map To option is set to Resolve at Runtime

13. Create the third variable for IT Resource. The parameters are set as follows:

    • The Variable name is ITRes

    • The Variable type is ITResource

    • The Map To option is set to Resolve at Runtime

    • The Resource Type is MyObjServer

      Note:

      The Resource Type field must be the same "ITResource Type" created in Step 5 and not Remote Manager.

14. Add a New Remote Java Task. In the Adapter Factory Form, click Add. Ensure that the Functional Task option is active. Select the Remote option. Click Continue.

15. The Object Instance Selection dialog box is displayed. Create a new Object Instance. Ensure that the New Object Instance option is active. Click Continue.

16. The Remote window is displayed. In this example, the following parameters are set:

    • The Task Name is remote

    • The API Source references the .jar file in the JavaTask folder

    • The Application API is Testme.test

    • The Constructor is set to 0 public testme.test ()

    • The Method is set to testme.test.addme (int, int)

      After clicking the Save icon, the IT Resource is automatically added as an argument. The Application Method Parameters are ready for mapping.

17. Begin mapping the parameters by highlighting the first item in the Parameter Data Mapping list. This output parameter is an integer. The following mapping is set:

    • The Map To pull-down option is Adapter Variables

    • The Name pull-down option is Return variable

18. Click Set.

19. Highlight the second parameter to map. This input parameter is an integer. The following mapping is set:

    • The Map To pull-down option is Adapter Variables

    • The Name pull-down option is var1

20. Click Set

21. Highlight the third parameter to map. This input parameter is an integer. The following mapping is set:

    • The Map To pull-down option is Adapter Variables

    • The Name pull-down option is var2

22. Click Set

23. Highlight the final parameter to map. Map this ITResource to the variable passed as input to the adapter. The following mapping is set:

    • The Map To pull-down option is Adapter Variables

    • The Name pull-down option is ITRes

24. Click Set.

25. Click Set. Then click Save. The Adapter Factory form is displayed.

26. Compile the adapter by clicking Build.

To invoke the adapter, you need to create a provisioning process that calls this adapter as one task. To do this:

1. Open the Process Definition Form. In this example, the following parameters are set:

   • The Name field is MyObjProv

   • The Type field is Provisioning

   • The Object name is MyObj

     The following checkboxes are enabled:

     • Default Process

     • Auto Pre-populate

     • Auto Save Form

2. Click the Save icon. The provisioning tasks automatically appear in the Tasks tab.

3. Click Add to create a new task. In this example, the parameters are set:

   • The Task Name field is Call Remote Adapter

   • The Task Description field explains the task's function

4. Click the Save icon. Then click the Integration tab. Next, click Add to add an adapter to this task. The Handler Type window is displayed.

5. Enable the Adapter option and select the adapter to be executed.

6. Click the Save icon. In the Integration tab, the adapter name appears in the Name field. The Status field shows that the Mapping is incomplete. The Adapter Variables pane shows the variables are not mapped.

7. Select the first variable, Adapter return value, then click Map. The Edit Data Mapping for Variable window is displayed. The parameters are set to:

   • The Data Type is automatically set to Object

   • The Map To pull-down option is Response Code

8. Select the second variable, var1 then click Map. The Edit Data Mapping for Variable window appears. The parameters are set to:

   • The Data Type is automatically set to Integer

   • The Map To pull-down option is Literal

   • The Qualifier pull-down option is Integer

   • The Literal Value is 10

9. Select the third variable, var2, then click Map. The Edit Data Mapping for Variable window is displayed. The parameters are set to:

   • The Data Type is automatically set to Integer

   • The Map To pull-down option is Literal

   • The Qualifier pull-down option is Integer

   • The Literal Value is 20

10. Select the fourth variable, ITRes, and then click Map. The Edit Data Mapping for Variable window is displayed. The parameters are set to:

    • The Data Type is automatically set to IT Resource (MyObjServer)

    • The Map To pull-down option is IT Resource

    • The Qualifier pull-down option is MyObjServerInstance

11. Click the Responses tab of the Editing Task window. Click Add to add the possible responses from the adapter. In this example, the only possible response is 30. Set Description to Completed and Status to C.

12. Click the Task to Object Status Mapping tab. In the Completed category, set Object Status to Provisioned.

13. At this point, you are ready to directly provision a user with the newly created resource to test the execution of the remote task. However, you must first ensure that the Remote Manager is running. Open the Remote Manager Form and verify that the service is available.

14. Launch the Oracle Identity Manager Admin Console (Web client) and login as Administrator. Navigate to Users, Manage and select a user to provision this resource (MyObj). The User Detail page appears with the selected user. In the View Additional Details About This User pull-down option, select Resource Profile.

15. The User Detail, Resource Profile page is displayed. Click Provision New Resource and select the newly created resource (MyObj).

16. The Provision Resource to User wizard is displayed. Click Continue to complete the provisioning process.

17. Continue with the provisioning process until you come to the Resource Successfully Provisioned page is displayed.

18. Check the Remote Manager log file to see if the code is executed. The Remote Manager log file is located in the XL_RM_HOME/xlremote/log directory. The last line in the log should be similar to the following:

    DONE5+10=15
    
    

    The preceding line shows that the two input integers are added to equal 15. This indicates that the code executed correctly and that the resource object was provisioned.