Skip Headers
Oracle® Identity Manager Connector Guide for Database Application Tables
Release 9.1.0

E11194-13
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

A An Example of the Procedure to Create Connectors

In this appendix, a sample scenario has been used to demonstrate the procedure to create Database Application Tables connectors.

This appendix is divided into the following sections:

A.1 Sample Scenario

Example Inc. has some database-driven custom applications. These applications store user and transaction data in an installation of Oracle Database 10g release 2 (10.2.0.3). The applications cannot be LDAP enabled, and they do not have any APIs for identity administration. The company wants to deploy an identity management and provisioning system that can be linked with their database.

Oracle Identity Manager is the solution to this business problem. The company can create and use a Database Application Tables connector to enable the exchange of user data between the database and Oracle Identity Manager.

The following sections describe the sample target system:

A.1.1 Sample Target System to Be Configured As a Target Resource

The ACMEDBAPP table stores parent user data. The following is the structure of this table:

Column Name Data Type Nullable

APP_USERID

Note: This is the primary key.

VARCHAR2

No

APP_AUTH_MODE

VARCHAR2

Yes

APP_DFLT_HOME

VARCHAR2

Yes

APP_ACCT_STATUS

VARCHAR2

Yes

APP_CREATED_BY

DATE

Yes

APP_CREATED_ON

DATE

Yes

APP_UPDATED_BY

TIMESTAMP

Yes

APP_ UPDATED_ON

TIMESTAMP

Yes


The ACMEDBROLES table stores child user data. The following is the structure of this table:

Column Name Data Type Nullable

APP_USERID

Note: This is the foreign key.

VARCHAR2

No

APP_ROLE_ID

VARCHAR2

No


A.1.2 Sample Target System to Be Configured As a Trusted Source

The ACMEHR table stores user data. The following is the structure of this table:

Column Name Data Type Nullable

EMPLOYEE_ID

VARCHAR2

No

FIRST_NAME

VARCHAR2

No

LAST_NAME

VARCHAR2

No

EMAIL

VARCHAR2

Yes

PHONE_NUMBER

VARCHAR2

Yes

HIRE_DATE

DATE

Yes

LAST_UPDATE

TIMESTAMP

Yes

SALARY

NUMBER

Yes

STATUS

VARCHAR2

Yes


A.2 Tasks to Be Performed Before You Create the Connector

Note:

Unless specified otherwise, the steps listed in this section are common to both target resource and trusted source configurations.

Before you start creating the connector, perform the following steps:

  1. Verify that the target system meets the requirements for creating and using the connector.

    See "Certified Components" for details.

  2. Enable logging for the connector.

    See "Enabling Logging" for details.

  3. Copy the JDBC drivers to the specified application server directories.

    See "Copying the JDBC Drivers" for details.

  4. You want to configure account status reconciliation. To achieve this, create a lookup definition that maps the status values stored in one of the following fields with the status values used by Oracle Identity Manager during reconciliation:

    • For the target resource scenario, the APP_ACCT_STATUS field of the target system

    • For the trusted source scenario, the STATUS field of the target system

    Note:

    Status values used in Oracle Identity Manager are different for target resource and trusted source reconciliation.

    See "Configuring Account Status Reconciliation" for details.

  5. For the target resource scenario, you want to configure account status provisioning. To achieve this, create the Lookup.ACME.Status lookup definition that maps the status values stored in the APP_ACCT_STATUS field of the target system with the status values used in Oracle Identity Manager for provisioning operations.

    See "Configuring Account Status Provisioning" for details.

  6. For the trusted source scenario, the PHONE_NUMBER field is a mandatory field of the target system. There is no corresponding OIM User field. Therefore, you must create a UDF that can accept and store values from the PHONE_NUMBER field during trusted source reconciliation. For this example, it is assumed that you have created the Telephone UDF.

    See the following guides for information about creating UDFs:

  7. Run the Connector Installer to copy the provider files to specified destination directories on Oracle Identity Manager.

    See "Copying the Provider Files" for details.

A.3 Configuring the Target System As a Target Resource

You want to configure the target system as a target resource of Oracle Identity Manager. To create the connector for this purpose:

  1. Log in to the Administrative and User Console as the user described in the following guides:

  2. To navigate to the first Administrative and User Console page for creating generic technology connectors, expand Generic Technology Connector, and then click Create.

  3. On the Step 1: Provide Basic Information page, specify the values listed in Table A-1 and then click Continue.

    Table A-1 Sample Entries for the Step 1: Provide Basic Information Page

    Label on the Step 1: Provide Basic Information Page Value/Action

    Name field

    ACMEDBAPP

    Reconciliation check box

    Select this check box.

    Transport Provider list

    Database Application Tables Reconciliation Transport Provider

    Format Provider list

    Database Application Tables Reconciliation Format Provider

    Trusted Source Reconciliation check box

    Do not select this check box.

    Provisioning check box

    Select this check box.

    Transport Provider list

    Database Application Tables Provisioning Transport Provider

    Format Provider list

    Database Application Tables Provisioning Format Provider


    Figure A-1 shows the Step 1: Provide Basic Information page on which sample entries have been made.

    Figure A-1 Step 1: Provide Basic Information Page

    Description of Figure A-1 follows
    Description of "Figure A-1 Step 1: Provide Basic Information Page"

  4. On the Step 2: Specify Parameter Values page, specify the values listed in Table A-2 and then click Continue.

    Table A-2 Sample Entries for the Step 2: Specify Parameter Values Page

    Label on the Step 2: Specify Parameter Values Page Value/Action

    Run-Time Parameters

     

    Database Driver field

    oracle.jdbc.driver.OracleDriver

    Database URL field

    See "Determining Values for the Database URL and Connection Properties Parameters" for information about this parameter.

    jdbc:oracle:thin:@ten.mydomain.com:1521:orcl

    Database User ID field

    dbapps

    Database Password field

    dbappsPd

    Customized Query field

     

    Use Native Query check box

    Do not select this check box.

    Connection Properties field

    See "Determining Values for the Database URL and Connection Properties Parameters" for information about this parameter.

     

    Design Parameters

     

    Parent Table/View Name field

    ACMEDBAPP

    Child Table/View Names field

    ACMEDBROLES

    Unique Attribute field

     

    Timestamp Attribute field

    APP_UPDATED_ON

    Status Attribute field

    APP_ACCT_STATUS

    Status Lookup Code field

    Lookup.ACME.Status

    This is the lookup definition that you create by performing Step 5 of the procedure in the "Tasks to Be Performed Before You Create the Connector" section.

    Database Date Format field

     

    Target Date Format field

     

    Batch Size field

    All

    Stop Reconciliation Threshold field

    None

    Stop Threshold Minimum Records field

    None

    Source Date Format field

     

    Reconcile Deletion of Multivalued Attribute Data check box

    Select this check box.

    Reconciliation Type list

    Incremental


    Figure A-2 shows the first section of the Step 2: Specify Parameter Values page on which sample entries have been made.

    Figure A-2 First Section of the Step 2: Specify Parameter Values Page

    Description of Figure A-2 follows
    Description of "Figure A-2 First Section of the Step 2: Specify Parameter Values Page"

    Figure A-3 shows the second section of the Step 2: Specify Parameter Values page on which sample entries have been made.

    Figure A-3 Second Section of the Step 2: Specify Parameter Values Page

    Description of Figure A-3 follows
    Description of "Figure A-3 Second Section of the Step 2: Specify Parameter Values Page"

  5. Figure A-4 shows a screenshot of the Step 3: Modify Connector Configuration page after metadata detection has run on the sample target system. As mentioned in Table 3-2, the APP_USERID field (foreign key) is not included in the child data sets shown on this page.

    Figure A-4 Step 3: Modify Connector Configuration Page After Metadata Detection

    Description of Figure A-4 follows
    Description of "Figure A-4 Step 3: Modify Connector Configuration Page After Metadata Detection"

    On this page, perform the following actions:

    • Designate the APP_USERID field of the Reconciliation Staging and OIM - Account data sets as a mandatory field.

      To designate a field as a mandatory field, click the Edit icon for the field and select Required on the Step 1: Provide Field Information page.

      The following screenshot shows the Required check box highlighted for the APP_USERID field:

      Required check box highlighted
    • Create the reconciliation rule by creating a matching-only mapping between the APP_USERID (primary key) field of the Reconciliation Staging data set and the User ID field of the OIM - User data set.

      To create the matching-only mapping for the reconciliation rule:

      1. Click the Edit icon of the User ID field of the OIM - User data set.

      2. On the Step 1: Provide Field Information page:

        - From the Mapping Action list, select Create Mapping Without Transformation.

        - Select Matching Only.

        - Click Continue.

        The following screenshot shows the Step 1: Provide Field Information page for the User ID field:

        Mapping Action list and Matching Only check box
      3. On the Step 3: Provide Mapping Information page, select Reconciliation Staging from the Dataset list, select APP_USERID from the Field Name list, and then click Continue. The following screenshot shows the Step 3: Provide Mapping Information page:

        Dataset list and Field Name list
      4. Close the wizard.

    • Set the attributes (such as the data type and length) for the fields of the Reconciliation Staging data sets and the OIM - Account data sets.

      The following screenshot shows the Data Type list and Length field on the Step 1: Provide Field Information page:

      Data Type list and Length field
    • You want to configure the exchange of account status data between the target system and Oracle Identity Manager.

      See "Exchanging Account Status Data with the Target System" for details.

    • You do not want to use the APP_CREATED_ON, APP_UPDATED_BY, and APP_UPDATED_ON fields during reconciliation or provisioning. To remove these fields, click the Delete icon for each field and then confirm that you want to proceed with the deletion of the field. You must remove these fields from all the data sets in which they are displayed.

      The following screenshot shows the Delete icon highlighted for the APP_UPDATED_ON field:

      Delete icon
    • Specify the key field for reconciliation matching.

      The following screenshot shows the default mapping between the APP_USERID fields of the Reconciliation Staging and OIM - Account data sets:

      Key field for reconciliation matching

      You must change this mapping to a matching-only mapping by clicking the Edit icon for the APP_USERID field of the OIM - Account data set, selecting Matching Only on the Step 1: Provide Field Information page, and then continuing to the last page of the wizard. The following screenshot shows the Matching Only check box highlighted:

      Matching Only check box

    Figure A-5 shows a screenshot of the Step 3: Modify Connector Configuration page that is displayed after you perform the actions described in this section.

    Figure A-5 Step 3: Modify Connector Configuration Page Displayed After You Configure the Connector

    Description of Figure A-5 follows
    Description of "Figure A-5 Step 3: Modify Connector Configuration Page Displayed After You Configure the Connector"

    The following are some of the changes seen on the Step 3: Modify Connector Configuration page after you perform the actions described earlier in this section:

    Note:

    The effect of certain actions, such as setting the attributes of fields in the Reconciliation Staging data set, cannot be seen on this page.

    • 1. You removed the APP_CREATED_ON, APP_UPDATED_BY, and APP_UPDATED_ON fields from all the data sets, starting with the Source data set.

    • You configured account status reconciliation by:

      • 2. Using the Translation Transformation provider to create a transformation mapping between the APP_ACCT_STATUS fields of the Source and Reconciliation Staging data sets.

      • 3. Creating a mapping between the APP_ACCT_STATUS field of the Reconciliation Staging data set and the OIM Object Status field of OIM - Account data set.

      • 4. Removing the APP_ACCT_STATUS field from the OIM - Account data set.

    • 5. You ensured that there are no mappings between the ID field of the OIM - Account data set and any field of the Reconciliation Staging data set.

    • 6. You created the reconciliation rule by creating a matching-only mapping between the APP_USERID field of the Reconciliation Staging data set and the User ID field of the OIM - User data set.

    • 7. As part of the procedure to configure account status provisioning, you removed the APP_ACCT_STATUS field from the Provisioning Staging data set.

  6. On the Step 4: Verify Connector Form Names page, click Continue.

    Figure A-6 shows the Step 4: Verify Connector Form Names page.

    Figure A-6 Step 4: Verify Connector Form Names Page

    Description of Figure A-6 follows
    Description of "Figure A-6 Step 4: Verify Connector Form Names Page"

  7. On the Step 5: Verify Connector Information page, click Save.

  8. Modify the default rule actions.

    See "Modifying the Default Action Rules" for details.

  9. Configure reconciliation.

    See "Configuring Reconciliation" section in the following guides:

  10. Configure provisioning.

    See "Configuring Provisioning" section in the following guides:

A.4 Configuring the Target System As a Trusted Source

You want to configure the target system as a trusted source of Oracle Identity Manager. To create the connector for this purpose:

  1. Log in to the Administrative and User Console as the user described in the following guides:

  2. To navigate to the first Administrative and User Console page for creating generic technology connectors, expand Generic Technology Connector, and then click Create.

  3. On the Step 1: Provide Basic Information page, specify the values listed in Table A-3 and then click Continue.

    Table A-3 Sample Entries for the Step 1: Provide Basic Information Page

    Label on the Step 1: Provide Basic Information Page Value/Action

    Name field

    ACMEHR

    Reconciliation check box

    Select this check box.

    Transport Provider list

    Database Application Tables Reconciliation Transport Provider

    Format Provider list

    Database Application Tables Reconciliation Format Provider

    Trusted Source Reconciliation check box

    Select this check box.

    Provisioning check box

    Do not select this check box.

    Transport Provider list

    Do not select a provider.

    Format Provider list

    Do not select a provider.


    Figure A-7 shows the Step 1: Provide Basic Information page on which sample entries have been made.

    Figure A-7 Step 1: Provide Basic Information Page

    Description of Figure A-7 follows
    Description of "Figure A-7 Step 1: Provide Basic Information Page"

  4. On the Step 2: Specify Parameter Values page, perform the actions described in Table A-4 and then click Continue.

    Table A-4 Sample Entries for the Step 2: Specify Parameter Values Page

    Label on the Step 2: Specify Parameter Values Page Value to Be Entered/Action to Be Performed

    Run-Time Parameters

     

    Database Driver field

    oracle.jdbc.driver.OracleDriver

    Database URL field

    See "Determining Values for the Database URL and Connection Properties Parameters" for information about this parameter.

    jdbc:oracle:thin:@ilao-pc:1521:orcl10u

    Database User ID field

    ACMEHR

    Database Password field

    AcmeHr

    Customized Query field

     

    Use Native Query check box

    Do not select this check box.

    Connection Properties field

    See "Determining Values for the Database URL and Connection Properties Parameters" for information about this parameter.

     

    Design Parameters

     

    Parent Table/View Name field

    ACMEHR

    Child Table/View Names field

     

    Unique Attribute field

     

    Timestamp Attribute field

     

    Database Date Format field

     

    Batch Size field

    All

    Stop Reconciliation Threshold field

    None

    Stop Threshold Minimum Records field

    None

    Source Date Format field

     

    Reconcile Deletion of Multivalued Attribute Data check box

    Select this check box.

    Reconciliation Type list

    Full


    Figure A-8 shows the first section of the Step 2: Specify Parameter Values page on which sample entries have been made.

    Figure A-8 First Section of the Step 2: Specify Parameter Values Page

    Description of Figure A-8 follows
    Description of "Figure A-8 First Section of the Step 2: Specify Parameter Values Page"

    Figure A-9 shows the second section of the Step 2: Specify Parameter Values page on which sample entries have been made.

    Figure A-9 Second Section of the Step 2: Specify Parameter Values Page

    Description of Figure A-9 follows
    Description of "Figure A-9 Second Section of the Step 2: Specify Parameter Values Page"

  5. Figure A-10 shows a screenshot of the Step 3: Modify Connector Configuration page after metadata detection has run on the sample target system. The Telephone field shown in the OIM - User data set represents the UDF that you added by performing Step 6 of the procedure described in "Tasks to Be Performed Before You Create the Connector".

    Figure A-10 Step 3: Modify Connector Configuration Page After Metadata Detection

    Description of Figure A-10 follows
    Description of "Figure A-10 Step 3: Modify Connector Configuration Page After Metadata Detection"

    On the Step 3: Modify Connector Configuration page, perform the following actions:

    • Designate the EMPLOYEE_ID, FIRST_NAME, and LAST_NAME fields of the Reconciliation Staging data set as mandatory fields.

      To designate a field as a mandatory field, click the Edit icon for the field and select Required on the Step 1: Provide Field Information page.

      The following screenshot shows the Required check box highlighted for the EMPLOYEE_ID field:

      Required check box
    • Create the reconciliation rule by creating a matching-only mapping between the EMPLOYEE_ID (primary key) field of the Reconciliation Staging data set and the User ID field of the OIM - User data set.

      To create the matching-only mapping for the reconciliation rule:

      1. Click the Edit icon of the User ID field of the OIM - User data set.

      2. On the Step 1: Provide Field Information page:

        - From the Mapping Action list, select Create Mapping Without Transformation.

        - Select Matching Only.

        - Click Continue.

        The following screenshot shows the Step 1: Provide Field Information page for the User ID field:

        Mapping Action list and Matching Only check box
      3. On the Step 3: Provide Mapping Information page, select Reconciliation Staging from the Dataset list, select EMPLOYEE_ID from the Field Name list, and then click Continue.

        Dataset list and Field Name list
      4. Close the wizard.

    • Create mappings between the remaining fields of the Reconciliation Staging data set and corresponding fields of the OIM - User data set.

    • Set the attributes (such as the data type and length) for the fields displayed in the Reconciliation Staging data set.

      The following screenshot shows the Data Type list and Length field on the Step 1: Provide Field Information page:

      Data Type list and Length field
    • You want to configure the reconciliation of account status data between the target system and Oracle Identity Manager.

      See "Configuring Account Status Reconciliation" for details.

    • Ensure that the mandatory fields required for creation of an OIM User are present.

      The Organization, Employee Type, and User Type fields are mandatory OIM User fields. If an OIM User is to be created through trusted source reconciliation, then values must be specified for these fields. However, these fields do not exist in the target system. To add these fields to the Reconciliation Staging data set and set up literal values as the input for these fields, perform the following procedure for each field:

      1. Click the Add icon for the Reconciliation Staging data set.

        The following screenshot shows the Add icon of the ACMEHR data set highlighted:

        Add icon
      2. On the Step 1: Provide Field Information page:

        In the Field Name field, enter a name for the field:

        - For the Organization field, enter Organization.

        - For the Employee Type field, enter Employee Type.

        - For the User Type field, enter User Type.

        From the Mapping Action list, select Create Mapping Without Transformation.

        From the Data Type list, select String.

      3. Click Continue.

      4. On the Step 3: Provide Mapping Information page, select Literal and enter one of the following values:

        For the Organization field, enter the name of an existing organization in Oracle Identity Manager.

        For the Employee Type field, enter Full-Time, Part-Time, Temp, Intern, or Consultant. These are Code Key values of the Employee Type field.

        For the User Type field, enter End-User or End-User Administrator. These are Code Key values of the User Type field.

      5. Complete the procedure and then close the wizard.

    Figure A-11 shows a screenshot of the Step 3: Modify Connector Configuration page that is displayed after you perform the actions described in this section.

    Figure A-11 Step 3: Modify Connector Configuration Page Displayed After You Configure the Connector

    Description of Figure A-11 follows
    Description of "Figure A-11 Step 3: Modify Connector Configuration Page Displayed After You Configure the Connector"

    The following are some of the changes seen on the Step 3: Modify Connector Configuration page after you perform the actions described earlier in this section:

    Note:

    The effect of certain actions, such as setting the attributes of fields in the Reconciliation Staging data set, cannot be seen on this page.

    • 1. You added the Organization, Employee Type, and User Type fields to the Reconciliation Staging data sets, and then set up literal values as the input sources for these fields.

    • You configured account status reconciliation by:

      • 2. Using the Translation Transformation provider to create a transformation mapping between the STATUS fields of the Source and Reconciliation Staging data sets.

      • 3. Creating a mapping between the STATUS field of the Reconciliation Staging data set and the Status field of the OIM - User data set. This change is represented by the arrow between the STATUS and Status fields.

    • 4. You created the reconciliation rule by creating a matching-only mapping between the EMPLOYEE_ID field of the Reconciliation Staging data set and the User ID field of the OIM - User data set.

    • 5. You mapped fields of the Reconciliation Staging data set with corresponding fields of the OIM - User data set.

    • 6. You created the Telephone UDF to map the PHONE_NUMBER field of the target system.

  6. On the Step 5: Verify Connector Information page, click Save.

  7. Modify the default rule actions.

    See "Modifying the Default Action Rules" for details.

  8. Configure reconciliation.

    See "Configuring Reconciliation" section in the following guides: