Contents

List of Examples

List of Figures

List of Tables

Title and Copyright Information

Preface

• Audience
• Documentation Accessibility
• Related Documents
• Documentation Updates
• Conventions

What's New in the Oracle Identity Manager Advanced Connector for IBM RACF?

• Software Updates
• Documentation-Specific Updates

1 About the Connector

• 1.1 Certified Components
• 1.2 Certified Languages
• 1.3 Connector Architecture
  • 1.3.1 Connector Components
  • 1.3.2 Connector Operations
    • 1.3.2.1 Full Reconciliation Process
    • 1.3.2.2 Incremental (Real-Time) Reconciliation Process
    • 1.3.2.3 Provisioning Process
• 1.4 Features of the Connector
  • 1.4.1 Target Resource and Trusted Source Reconciliation
  • 1.4.2 Full and Incremental Reconciliation
  • 1.4.3 Encrypted Communication Between the Target System and Oracle Identity Manager
  • 1.4.4 High Availability Feature of the Connector
• 1.5 Connector Objects Used During Reconciliation and Provisioning
  • 1.5.1 Supported Functions for Target Resource and Trusted Source Reconciliation
  • 1.5.2 Supported Functions for Provisioning
  • 1.5.3 User Attributes for Target Resource Reconciliation and Provisioning
  • 1.5.4 Group Attributes for Target Resource Reconciliation and Provisioning
  • 1.5.5 Dataset Profile Attributes for Target Resource Reconciliation and Provisioning
  • 1.5.6 Resource Profile Attributes for Target Resource Reconciliation and Provisioning
  • 1.5.7 User Attributes for Trusted Source Reconciliation
  • 1.5.8 Reconciliation Rule
  • 1.5.9 Reconciliation Action Rules

2 Connector Deployment on Oracle Identity Manager

• 2.1 Files and Directories That Comprise the Connector
• 2.2 Determining the Release Number of the Connector
• 2.3 Before Running the Connector Installer
• 2.4 Running the Connector Installer
• 2.5 Configuring the IT Resource
• 2.6 Configuring Oracle Identity Manager
  • 2.6.1 Clearing Content Related to Connector Resource Bundles from the Server Cache
  • 2.6.2 Enabling Logging
• 2.7 Configuring Trusted Source Reconciliation
• 2.8 Configuring Oracle Identity Manager for Request-Based Provisioning
  • 2.8.1 Copying Predefined Request Datasets
  • 2.8.2 Importing Request Datasets into the MDS
  • 2.8.3 Enabling the Auto Save Form Feature
  • 2.8.4 Running the PurgeCache Utility
• 2.9 Installing and Configuring the LDAP Gateway

3 Connector Deployment on the Mainframe

• 3.1 Summary of the Deployment Procedure
• 3.2 Reviewing Deployment Requirements
• 3.3 Deploying the Reconciliation Agent and Provisioning Agent
• 3.4 Configuring the Started Tasks
  • 3.4.1 Configuring Pioneer
  • 3.4.2 Configuring Voyager
• 3.5 Installing or Integrating the Reconciliation Agent Exits
  • 3.5.1 Installing the Reconciliation Agent Exits
  • 3.5.2 Integrating the Reconciliation Agent Exits
• 3.6 Creating an IBM RACF Account for Connector Operations
• 3.7 Starting Up and Shutting Down the Reconciliation Agent and Provisioning Agent
• 3.8 Removing the Exits
• 3.9 Operator Commands
  • 3.9.1 Pioneer Operator Commands
  • 3.9.2 Voyager Operator Commands
• 3.10 Operator Command Output
• 3.11 New Alias Process for Pioneer
• 3.12 Pioneer Post-Processing Flow
• 3.13 Other Pioneer Processes

4 Using the Connector

• 4.1 Guidelines on Using the Connector
• 4.2 Performing Provisioning Operations
  • 4.2.1 Provisioning Users
    • 4.2.1.1 Direct Provisioning
    • 4.2.1.2 Request-Based Provisioning
• 4.3 Configuring Full Reconciliation
• 4.4 Switching Between Request-Based Provisioning and Direct Provisioning on Oracle Identity Manager Release 11.1.1
• 4.5 Configuring Resource and Dataset, and Groups Pre-Population Scheduled Tasks

5 Extending the Functionality of the Connector

• 5.1 Adding New Attributes for Target Resource Reconciliation
• 5.2 Adding New Attributes for Provisioning
• 5.3 Removing Attributes Mapped for Target Resource Reconciliation and Provisioning
• 5.4 Using the Provisioning Agent to Run IBM z/OS Batch Jobs
• 5.5 Configuring the Connector for Multiple Installations of the Target System
• 5.6 Reconciling User's Datasets

6 Troubleshooting

7 Known Issues

A Reconciliation Agent (Voyager) Messages

B Provisioning Agent (Pioneer) Messages

C STARTUP Messages

D Creating Custom Scheduled Tasks

• D.1 Code for Searching All Users and All User Data
• D.2 Code for Searching All Groups and All Group Data
• D.3 Code for Searching All Datasets and All Dataset Data

Index