3 Creating the Connector

This chapter contains the following sections:

3.1 Limited Reconciliation

This section discusses the Customized Query and Use Native Query parameters. You apply the information in this section while performing the procedure described in "Step 2: Specify Parameter Values Page".

By default, all target system records that are added or modified after the previous reconciliation run are reconciled during the current reconciliation run. You can filter records for reconciliation by specifying the subset of newly added or modified records that must be reconciled. You implement this form of limited reconciliation by using a customized query for reconciliation.

You create a customized query by specifying a value for the Customized Query parameter. The value of this parameter becomes a component of the WHERE clause in the SQL query that is used to fetch records from the target system.

Note:

While performing the procedure described in "Step 2: Specify Parameter Values Page", if you specify a value for the Timestamp Attribute parameter, then you need not include the time-stamp column in the Customized Query parameter.

The following are examples of the WHERE clause that you can specify as the value of the Customized Query parameter. In these examples, jdoe is the database user ID and employees is the name of the table that holds user data.

  • The following WHERE clause component returns records of employees whose last names begin with Roe and who belong to the Finance department.

    jdoe.employees.last_name LIKE 'Roe%' & jdoe.employees.dept_id = 'Finance'

  • The following WHERE clause component returns records of employees who report to the manager with the ID 856 or employees who belong to the Finance department.

    jdoe.employees.mgr_id = 856 | jdoe.employees.dept_id = 'Finance'

Note:

  • The value that you specify must not contain the keyword WHERE.

  • The value that you specify must not contain a SQL join between parent and child tables.

Instead of using the & and | operators, you can use any of the logical operators supported by the target system database. To specify the operators that you want to use, use the Use Native Query check box as follows:

  • Select the Use Native Query check box if you want to use logical operators that are native to the target system database.

  • Do not select the Use Native Query check box if you want to use the & and | operators.

If you do not want to use a customized query, then do not specify a value for this parameter. If you do not specify a value, then regular (that is, not limited) reconciliation is performed.

3.2 Determining Values for the Database URL and Connection Properties Parameters

This section discusses the Database URL and Connection Properties parameters. You apply the information in this section while performing the procedure described in "Step 2: Specify Parameter Values Page".

The values that you specify for the Database URL and Connection Properties parameters depend on the target system:

3.2.1 Database URL and Connection Properties for IBM DB2/UDB

The following are guidelines on specifying the Database URL and Connection Properties parameters:

  • Database URL parameter

    Enter the following component of the connection URL as the value of the Database URL provider:

    jdbc:db2://[SERVER_NAME[\INSTANCE_NAME][:PORT_NUMBER]]

    In this format:

    • SERVER_NAME is the IP address (not the host name) of the target system host computer.

    • INSTANCE_NAME is the name of the target system database.

    • PORT_NUMBER is the port at which the target system database is listening.

    The following is a sample value for the Database URL parameter:

    jdbc:db2://192.168.16.76:50000

  • Connection Properties parameter

    Enter the following component of the connection URL as the value of the Connection Properties parameter:

    [,PROPERTY=VALUE[,PROPERTY=VALUE]] . . .

    In this format:

    • PROPERTY is the name of one or more database connection properties, such as applicationName and disableStatementPooling.

    • VALUE is the value of each database connection property whose name you specify by using the PROPERTY placeholder.

    Note:

    Semicolons must be changed to commas in the value that you specify.

    The following is a sample value for the Connection Properties parameter:

    databaseName=sales,port=50000

    If you enable SSL communication between IBM DB2/UDB and Oracle Identity Manager, then you must include the sslConnection, javax.net.ssl.trustStore, and javax.net.ssl.trustStorePassword properties in the value that you specify for the Connection Properties parameter. In other words, the following must be part of the string that you enter as the value of the parameter:

    sslConnection=true,javax.net.ssl.trustStore=STORE_LOCATION,javax.net.ssl.trustStorePassword=STORE_PASSWORD

    When you specify this value, replace STORE_LOCATION with the full path and name of the truststore, and replace STORE_PASSWORD with the password of the truststore.

    For example:

    sslConnection=true,Djavax.net.ssl.trustStore=C:/j2sdk1.4.2_12/jre/lib/security/cacerts,javax.net.ssl.trustStorePassword=changeit

3.2.2 Database URL and Connection Properties for Microsoft SQL Server

Note:

In Microsoft SQL Server documentation, the term "connection URL" is used instead of "database URL."

In Oracle Identity Manager release 9.1.0, the semicolon (;) is one of the special characters that cannot be entered in any of the fields of the Administrative and User Console. This restriction has been introduced for security reasons. However, a typical Microsoft SQL Server connection URL contains a semicolon-separated property-value pair in the following format:

jdbc:sqlserver://[SERVER_NAME[\INSTANCE_NAME][:PORT_NUMBER]][;PROPERTY=VALUE[;PROPERTY=VALUE]]

See Also:

The "Setting the Connection Properties" section on the Microsoft Web site for detailed information about the properties that you can specify by using this format

To work around the restriction on entering semicolons, you can specify the connection URL as the value of the following provider parameters:

  • Database URL parameter

    Enter the following component of the connection URL as the value of the Database URL provider:

    jdbc:sqlserver://[SERVER_NAME[\INSTANCE_NAME][:PORT_NUMBER]]

    In this format:

    • SERVER_NAME is the IP address (not the host name) of the target system host computer.

    • INSTANCE_NAME is the name of the target system database.

    • PORT_NUMBER is the port at which the target system database is listening.

    The following is a sample value for the Database URL parameter:

    jdbc:sqlserver://192.168.16.76:1433

  • Connection Properties parameter

    Enter the following component of the connection URL as the value of the Connection Properties parameter:

    [,PROPERTY=VALUE[,PROPERTY=VALUE]] . . .

    In this format:

    • PROPERTY is the name of one or more database connection properties, such as applicationName and disableStatementPooling.

    • VALUE is the value of each database connection property whose name you specify by using the PROPERTY placeholder.

    Note:

    Semicolons must be changed to commas in the value that you specify.

    The following is a sample value for the Connection Properties parameter:

    databaseName=sales,port=1433

    If you enable SSL communication between Microsoft SQL Server and Oracle Identity Manager, then you must include the encrypt and hostNameInCertificate properties in the value that you specify for the Connection Properties parameter. In other words, the following must be part of the string that you enter as the value of the parameter:

    encrypt=true,hostNameInCertificate=HOST_NAME

    Replace HOST_NAME with the host name given in the certificate that you use.

    In addition, you must specify the location of the truststore if you import the certificate into a truststore other than the JVM truststore of Oracle Identity Manager. To specify the location of the truststore, include the following properties in the value that you specify for the Connection Properties parameter:

    encrypt=true,hostNameInCertificate=HOST_NAME,trustStore=STORE_LOCATION,trustStorePassword=STORE_PASSWORD

    When you specify this value, replace STORE_LOCATION with the full path and name of the truststore, and replace STORE_PASSWORD with the password of the truststore.

3.2.3 Database URL and Connection Properties for MySQL

The following are guidelines on specifying the Database URL and Connection Properties parameters:

  • Database URL parameter

    Enter the following component of the connection URL as the value of the Database URL provider:

    jdbc:mysql://[SERVER_NAME]/[DATABASE_NAME]

    In this format:

    • SERVER_NAME is the IP address (not the host name) of the target system host computer.

    • DATABASE_NAME is the name of the target system database.

    The following is a sample value for the Database URL parameter:

    jdbc:mysql://192.168.1.251/mysql

  • Connection Properties parameter

    Enter the following component of the connection URL as the value of the Connection Properties parameter:

    [;PROPERTY=VALUE[;PROPERTY=VALUE]] . . .

    In this format:

    • PROPERTY is the name of one or more database connection properties, such as applicationName and disableStatementPooling.

    • VALUE is the value of each database connection property whose name you specify by using the PROPERTY placeholder.

    Note:

    Semicolons must be changed to commas in the value that you specify.

    The following is a sample value for the Connection Properties parameter:

    databaseName=sales,port=3306

    If you enable SSL communication between MySQL and Oracle Identity Manager, then you must include the encrypt and hostNameInCertificate properties in the value that you specify for the Connection Properties parameter. In other words, the following must be part of the string that you enter as the value of the parameter:

    encrypt=true,hostNameInCertificate=HOST_NAME

    Replace HOST_NAME with the host name given in the certificate that you use.

    In addition, you must specify the location of the truststore if you import the certificate into a truststore other than the JVM truststore of Oracle Identity Manager. To specify the location of the truststore, include the following properties in the value that you specify for the Connection Properties parameter:

    encrypt=true,hostNameInCertificate=HOST_NAME,trustStore=STORE_LOCATION,trustStorePassword=STORE_PASSWORD

    When you specify this value, replace STORE_LOCATION with the full path and name of the truststore and replace STORE_PASSWORD with the password of the truststore.

3.2.4 Database URL and Connection Properties for Oracle Database

The values that you specify for the Database URL and Connection Properties parameters depend on the security measures that you have implemented:

If you are using Oracle Database with Oracle RAC implementation as the target system, then enter a value for the Database URL property in the format specified in the following section:

Database URL and Connection Properties for Oracle RAC

3.2.4.1 Only Data Encryption and Integrity Is Configured

If you have configured only data encryption and integrity, then enter the following values:

  • Database URL parameter

    While creating the connector, the value that you specify for the Database URL parameter must be in the following format:

    jdbc:oracle:thin:@TARGET_HOST_NAME_or_IP_ADDRESS:PORT_NUM:sid

    The following is a sample value for the Database URL parameter:

    jdbc:oracle:thin:@ten.mydomain.com:1521:cust_db

  • Connection Properties parameter

    After you configure data encryption and integrity, the connection properties are recorded in the sqlnet.ora file. The value that you must specify for the Connection Properties parameter is explained by the following sample scenario:

    See Also:

    Oracle Database Advanced Security Administrator's Guide for information about the sqlnet.ora file

    Suppose the following entries are recorded in the sqlnet.ora file:

    SQLNET.ENCRYPTION_SERVER=REQUIRED
SQLNET.ENCRYPTION_TYPES_SERVER=(3DES168, DES40, DES, 3DES112)
SQLNET.CRYPTO_CHECKSUM_SERVER=REQUESTED
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER=(SHA1,MD5)

    While creating the connector, you must specify the following as the value of the Connection Properties parameter:

    Note:

    • The property-value pairs must be separated by commas.

    • As shown in the following example, for the encryption_types and crypto_checksum_types properties, you can select any of the values recorded in the sqlnet.ora file.

    oracle.net.encryption_client=REQUIRED,oracle.net.encryption_types_client=(3DES168),oracle.net.crypto_checksum_client=REQUESTED,oracle.net.crypto_checksum_types_client=(MD5)

3.2.4.2 Only SSL Communication Is Configured

After you configure SSL communication, the database URL is recorded in the tnsnames.ora file. See Oracle Database Net Services Reference for detailed information about the tnsnames.ora file.

The following are sample formats of the contents of the tnsnames.ora file. In these formats, DESCRIPTION contains the connection descriptor, ADDRESS contains the protocol address, and CONNECT_DATA contains the database service identification information.

Sample Format 1:

NET_SERVICE_NAME=
 (DESCRIPTION=
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
   (CONNECT_DATA= 
     (SERVICE_NAME=SERVICE_NAME)))

Sample Format 2:

NET_SERVICE_NAME= 
 (DESCRIPTION_LIST=
  (DESCRIPTION= 
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
   (CONNECT_DATA= 
     (SERVICE_NAME=SERVICE_NAME)))
  (DESCRIPTION= 
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
   (CONNECT_DATA= 
     (SERVICE_NAME=SERVICE_NAME))))

Sample Format 3:

NET_SERVICE_NAME= 
 (DESCRIPTION= 
  (ADDRESS_LIST= 
   (LOAD_BALANCE=on)
   (FAILOVER=off)
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)))
  (ADDRESS_LIST= 
   (LOAD_BALANCE=off)
   (FAILOVER=on)
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)))
  (CONNECT_DATA=
   (SERVICE_NAME=SERVICE_NAME)))

If you have configured only SSL communication and imported the certificate that you create on the target system host computer into the JVM truststore of Oracle Identity Manager, then enter the following values:

Database URL parameter

While creating the connector, the value that you specify for the Database URL parameter must be derived from the value of NET_SERVICE_NAME in the tnsnames.ora file. For example:

Note:

As shown in this example, you must include only the (ADDRESS=(PROTOCOL=TCPS)(HOST=HOST_NAME)(PORT=2484)) element because you are configuring SSL. You need not include other (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) elements.
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCPS)(HOST=myhost)(PORT=2484)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=mysid)))

Connection Properties parameter

Whether or not you need to specify a value for the Connection Properties parameter depends on the truststore into which you import the certificate:

  • If you import the certificate into the truststore of the JVM that Oracle Identity Manager is using, then you need not specify a value for the Connection Properties parameter.

  • If you import the certificate into any other truststore, then while creating the connector, specify a value for the Connection Properties parameter in the following format:

    javax.net.ssl.trustStore=STORE_LOCATION,javax.net.ssl.trustStoreType=JKS,javax.net.ssl.trustStorePassword=STORE_PASSWORD

    When you specify this value, replace STORE_LOCATION with the full path and name of the truststore, and replace STORE_PASSWORD with the password of the truststore.

3.2.4.3 Both Data Encryption and Integrity and SSL Communication Are Configured

If both data encryption and integrity and SSL communication are configured, then:

  • Database URL parameter

    While creating the connector, to specify a value for the Database URL parameter, enter a comma-separated combination of the values for the Database URL parameter described in the "Only Data Encryption and Integrity Is Configured" and "Only SSL Communication Is Configured" sections. For example:

    jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCPS)(HOST=myhost)(PORT=2484)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=mysid)))

  • Connection Properties parameter

    While creating the connector, to specify a value for the Connection Properties parameter, enter a comma-separated combination of the values for the Connection Properties parameter described in the "Only Data Encryption and Integrity Is Configured" and "Only SSL Communication Is Configured" sections. For example:

    oracle.net.encryption_client=REQUIRED,oracle.net.encryption_types_client=(3DES168),oracle.net.crypto_checksum_client=REQUESTED,oracle.net.crypto_checksum_types_client=(MD5),javax.net.ssl.trustStore=STORE_LOCATION,javax.net.ssl.trustStoreType=JKS,javax.net.ssl.trustStorePassword=STORE_PASSWORD

    As shown in the following example, for the encryption_types and crypto_checksum_types properties, you can select any of the values recorded in the sqlnet.ora file. When you specify this value, replace STORE_LOCATION with the full path and name of the truststore, and replace STORE_PASSWORD with the password of the truststore.

3.2.4.4 Database URL and Connection Properties for Oracle RAC

The following are guidelines on specifying the Database URL and Connection Properties parameters:

  • Database URL parameter

    While creating the connector, the value that you specify for the Database URL parameter must be in the following format:

    Note:

    The JDBC URL connection string must not exceed 200 characters.

    jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=HOST1_NAME.DOMAIN)(PORT=PORT1_NUMBER))(ADDRESS=(PROTOCOL=TCP)(HOST=HOST2_NAME.DOMAIN)(PORT=PORT2_NUMBER))(ADDRESS=(PROTOCOL=TCP)(HOST=HOST3_NAME.DOMAIN)(PORT=PORT3_NUMBER)) . . . (ADDRESS=(PROTOCOL=TCP)(HOST=HOSTn_NAME.DOMAIN)(PORT=PORTn_NUMBER))(CONNECT_DATA=(SERVICE_NAME=ORACLE_DATABASE_SERVICE_NAME)))

    Sample value:

    jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST= host1.example.com)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST= host2.example.com)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST= host3.example.com)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST= host4.example.com)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME= srvce1)))

  • Connection Properties parameter

    While creating the connector, do not specify any value for the Connection Properties parameter.

3.2.5 Database URL and Connection Properties for Sybase Adaptive Server Enterprise

The following are guidelines on specifying the Database URL and Connection Properties parameters:

  • Database URL parameter

    Enter the following component of the connection URL as the value of the Database URL provider:

    jdbc:sybase:Tds:SERVER_NAME:PORT_NUMBER/DATABSE_NAME

    In this format:

    • SERVER_NAME is the IP address (not the host name) of the target system host computer.

    • PORT_NUMBER is the port at which the target system database is listening.

    • DATABSE_NAME is the name of the target system database.

    The following is a sample value for the Database URL parameter:

    jdbc:sybase:Tds:172.21.109.62:9050/master

  • Connection Properties parameter

    Enter the following component of the connection URL as the value of the Connection Properties parameter:

    [,PROPERTY=VALUE[,PROPERTY=VALUE]] . . .

    In this format:

    • PROPERTY is the name of one or more database connection properties, such as applicationName and disableStatementPooling.

    • VALUE is the value of each database connection property whose name you specify by using the PROPERTY placeholder.

    The following is a sample value for the Connection Properties parameter:

    databaseName=sales,port=9000

    If you enable SSL communication between Sybase Adaptive Server Enterprise and Oracle Identity Manager, then you must include the SYBSOCKET_FACTORY property in the value that you specify for the Connection Properties parameter. In other words, the following must be part of the string that you enter as the value of the parameter:

    SYBSOCKET_FACTORY=VALUE

    Replace VALUE with the of the class that implements com.sybase.jdbcx.SybSocketFactory; or "DEFAULT", which instantiates a new java.net.Socket( ).

3.3 Modifying Field Lengths of the Provider Parameters

Note:

This section describes an optional procedure.

Perform the procedure described in this section only if both the following conditions are true:

  • You are using Oracle Identity Manager release 9.1.0.x.

  • You want to modify the field lengths of the provider parameters.

By default, the maximum number of characters that you can enter in a provider parameter field is 200. If the value that you enter in the provider parameters field will be greater than 200 characters, then you must increase the length of that parameter field.

See Also:

Table 3-1 for information about provider parameter fields and their description

To modify the length of a provider parameter:

  1. In a text editor, open the SharedDriveReconTransport.xml file located in the OIM_HOME\xellerate\GTC\ProviderDefinitions directory.

  2. Search for the name of the provider parameter field whose length has to be modified.

  3. Edit the Parameter element (corresponding the provider parameter field that you searched) to specify the length of the provider parameter field as follows:

    • Add the dataLength attribute.

    • Enter the field length as a value of the dataLength attribute.

    The following XML code block from the OIM_HOME\xellerate\GTC\ProviderDefinitions\SharedDriveReconTransport.xml file shows sample values entered for the dataLength attribute of the Parameter element:

    <Parameter datatype="String" name="customizedQueries" type="Runtime" encrypted="NO" required="NO" dataLength="400" />

  4. Repeat Steps 2 and 3 for modifying the length of every provider parameter field.

  5. Save and close the file.

  6. Repeat Steps 1 through 5 for the DBProvisioningTransport.xml and DBReconTransport.xml files located in the OIM_HOME\xellerate\GTC\ProviderDefinitions directory.

3.4 Creating the Connector

The initial steps to create a connector depend on the release of Oracle Identity Manager that you are using:

  • For Oracle Identity Manager release 9.1.0.x:

    To navigate to the first Administrative and User Console page for creating generic technology connectors, log in to the Administrative and User Console, expand Generic Technology Connector, and then click Create.

    Note:

    While performing the rest of the procedure, read the instructions given in the corresponding sections of Oracle Identity Manager Administrative and User Console Guide.

  • For Oracle Identity Manager release 11.1.1:

    To navigate to the first Administrative page for creating generic technology connectors, log in to the Administrative User console and then click Advanced. Then, in the Configuration region of the Welcome to Identity Manager Advanced Administration page, click Create Generic Connector.

    Note:

    While performing the rest of the procedure, read the instructions given in the corresponding sections of Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.

  • For Oracle Identity Manager release 11.1.2.x:

    To navigate to the first Administrative page for creating generic technology connectors, log in to Oracle Identity System Administration and then in the Configuration region, click Generic Connector.

    Note:

    While performing the rest of the procedure, read the instructions given in the corresponding sections of Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.

From this point onward, page-wise instructions are provided in the following sections:

The following sections describe additional configuration procedures that can be performed after you create the connector:

3.4.1 Step 1: Provide Basic Information Page

On the Step 1: Provide Basic Information page, perform the following steps:

  1. In the Name field, specify a name for the connector.

    See the guidelines on specifying a name for a generic technology connector given in the "Step 1: Provide Basic Information Page" section of one of the following guides:

  2. If you want to use the connector for reconciliation, select Reconciliation and then perform the following steps:

    • From the Transport Provider list, select Database Application Tables Reconciliation Transport Provider.

    • From the Format Provider list, select Database Application Tables Reconciliation Format Provider.

    • If you want to use the connector to perform trusted source reconciliation with the target system, then select Trusted Source Reconciliation.

      Note:

      If you select the Trusted Source Reconciliation check box, then the Provisioning region of the page is disabled. This is because you cannot use the connector for both trusted source reconciliation and provisioning.

  3. If you want to use the connector for provisioning, select Provisioning and then perform the following steps:

    Note:

    You can select only Reconciliation, only Provisioning, or both Reconciliation and Provisioning.

    • From the Transport Provider list, select Database Application Tables Provisioning Transport Provider.

    • From the Format Provider list, select Database Application Tables Provisioning Format Provider.

  4. Click Continue.

Figure 3-1 shows the Step 1: Provide Basic Information page on which sample entries have been made.

Figure 3-1 Step 1: Provide Basic Information Page

Description of Figure 3-1 follows
Description of ''Figure 3-1 Step 1: Provide Basic Information Page''

3.4.2 Step 2: Specify Parameter Values Page

On the Step 2: Specify Parameter Values page, specify values for the provider parameters and then click Continue.

Table 3-1 lists the parameters that are displayed on the Step 2: Specify Parameter Values page. The display of parameters on this page depends on the options that you select on the Step 1: Provide Basic Information page. For example, the Target Date Format parameter is a provisioning-specific parameter and it is displayed only if you select Provisioning on the Step 1: Provide Basic Information page.

As mentioned in "Connector Architecture", some of the parameters are common to both provisioning and reconciliation providers. If you select both Reconciliation and Provisioning on the Step 1: Provide Basic Information page, then the common parameters are displayed twice on this page. Unless specified otherwise, the parameters listed in this table are common to both reconciliation and provisioning providers.

Note:

For parameters that are common (displayed twice), you must enter the same value in both fields. For example, suppose you enter dbapps as the value of the Database User ID parameter for provisioning. You must enter the same value for the Database User ID parameter for reconciliation.

Only the value entered for the first occurrence of the parameter is validated when you submit the data entered on the Step 2: Specify Parameter Values page. In the preceding example, if you enter an incorrect value in the Database User ID parameter for reconciliation, then this error is caught only when you try to use the connector for reconciliation.

Table 3-1 Parameters Displayed on the Step 2: Specify Parameter Values Page

Parameter Description

Run-Time Parameters

  

Database Driver

Specify the JDBC driver class.

For IBM DB2/UDB database: com.ibm.db2.jcc.DB2Driver

For Microsoft SQL Server: com.microsoft.sqlserver.jdbc.SQLServerDriver

For MySQL Database: com.mysql.jdbc.Driver

For Oracle Database: oracle.jdbc.driver.OracleDriver

For Oracle RAC Database: oracle.jdbc.driver.OracleDriver

For Sybase Adaptive Server Enterprise: com.sybase.jdbc3.jdbc.SybDriver

Database URL

Enter the database URL of the target database.

The value that you specify depends on the database product that you are using. See "Determining Values for the Database URL and Connection Properties Parameters" for more information.

Database User ID

Enter the user ID of the database user account that Oracle Identity Manager will use to connect to the target system.

For example: dbapps

Database Password

Enter the password of the database user account that Oracle Identity Manager will use to connect to the target system.

Customized Query

Enter the WHERE clause specifying the subset of newly added or modified records that you want to reconcile. See "Limited Reconciliation" for more information about this parameter.

Use Native Query

Select Use Native Query if you want to use logical operators native to the target system database in the value that you specify for the Customized Query parameter.

Do not select Use Native Query if you want to use the & and | operators in the value that you specify for the Customized Query parameter.

See "Limited Reconciliation" for more information about this parameter.

Connection Properties

Specify the connection properties of the target database.

The value that you specify depends on the database product that you are using. See "Determining Values for the Database URL and Connection Properties Parameters" for more information.

Design Parameters

  

Parent Table/View Name

Enter the name of the parent table or view.

Note: You must enter the name of the parent table or view in the same case as it appears in the target system database. For example, if the name of the parent table in the target system database is ACMEDBAPP, then you must enter ACMEDBAPP in the Parent Table/View Name parameter.

The value that you must enter in the Parent Table/View Name parameter depends on the target system database:

  • If the target system database is Microsoft SQL Server, then the table name must be provided in the [Schema].[Table] format (for example, hr.employees).

  • If the target system database is Oracle Database, then only the table name would suffice (for example, employees).

Child Table/View Names

If you want to use the connector for trusted source reconciliation, then do not enter a value. If you want to use the connector for target resource reconciliation and if user data is spread across parent and child tables, then enter a comma-separated list of child table names.

Note: You must enter the name of the child table or view in the same case as it appears in the target system database. For example, if the name of the child table in the target system database is acmedbroles, then you must enter acmedbroles in the Child Table/View Names parameter.

The guidelines for specifying the table names are the same as those described for the Parent Table/View Name parameter.

Unique Attribute

If the primary key constraint cannot be set in the parent table, then enter the name of the column that uniquely identifies each row in the parent table.

Similarly, if referential integrity constraints have not been set between parent and child tables, then use the Unique Attribute parameter to specify the name of the column that you want to use as the foreign key. The only requirement is that the name of the column must be the same in the parent and child tables.

Note:

If primary key and referential integrity constraints already exist, then do not specify a value for the Unique Attribute parameter.

If a referential integrity constraint can be set, then ensure that the name of the primary key column in the parent table is the same as the name of the foreign key column in the child table. If this requirement is not met, then the connector cannot detect the referential integrity constraint.

Timestamp Attribute

Enter the name of the column (in the parent table or view) that holds time-stamp information.

Note:

If the target system is Oracle Database, then you must ensure that the data type of the column is either Date or Timestamp.

This parameter is used only during reconciliation. See the description of the Reconciliation Type parameter later in this table.

Status Attribute

If you want to include account status data in provisioning operations, then enter the name of the target system column that stores account status values.

Note: This parameter is used only during provisioning.

See "Configuring Account Status Provisioning" for details.

Status Lookup Code

If you want to include account status data in provisioning operations, then enter the name of the lookup definition described in "Configuring Account Status Provisioning".

Note: This parameter is used only during provisioning.

Database Date Format

  • Database Date Format parameter for reconciliation:

    Enter the same value that you enter for the Source Date Format parameter. This parameter is described later in this table. Do not enter a value for this parameter if you do not enter a value for the Source Date Format parameter.

  • Database Date Format parameter for provisioning:

    Enter the same value that you enter for the Target Date Format parameter. This parameter is described later in this table. Do not enter a value for this parameter if you do not enter a value for the Target Date Format parameter.

Is Primary Key Auto Incremented

Select this option only if the primary key column of the target system is defined with the autoincrement option.

Target Date Format

If you enter a value for the Target Date Format parameter, then you must specify the same value for the Database Date Format parameter for provisioning.

Note: This parameter is used only during provisioning. It is recommended that you do not enter a value for this parameter.

See "Step 2: Specify Parameter Values Page" in one of the following guides for detailed information about this parameter:

Batch Size

Enter a batch size (an integer value) for the reconciliation run. By using this parameter, you can break into batches the total number of records that the reconciliation engine fetches from the target system during each reconciliation run.

You should specify a batch size that optimizes the performance of the reconciliation run.

Default value: All

Stop Reconciliation Threshold

Enter a value for this parameter only if you want reconciliation to stop automatically if the percentage of records that fail the validation checks to the total number of reconciliation records processed exceeds the specified value.

See Also: One of the following guides for detailed information about this parameter:

Stop Threshold Minimum Records

Enter a value for this parameter only if you specify a value for the Stop Reconciliation Threshold parameter.

See Also: One of the following guides for detailed information about this parameter:

Source Date Format

If you want to validate the format of date values that are fetched from the target system during reconciliation, then enter a value for this parameter. Otherwise, do not enter a value for this parameter.

If you enter a value for the Source Date Format parameter, then you must specify the same value for the Database Date Format parameter for reconciliation.

Note: It is recommended that you do not enter a value for this parameter.

See "Step 2: Specify Parameter Values Page" in one of the following guides for detailed information about this parameter:

Reconcile Deletion of Multivalued Attribute Data

If you are configuring the connector for trusted source reconciliation, then do not select this check box.

If you are configuring the connector for target resource reconciliation and if you want to reconcile into Oracle Identity Manager the deletion of child data on the target system, then select this check box.

Reconciliation Type

Use this check box to specify whether you want to use the connector to perform incremental or full reconciliation.

In incremental reconciliation, only target system records that are newly added or modified after the last reconciliation run are brought to Oracle Identity Manager. Reconciliation events are created for each of these records.

In full reconciliation, all target system records are brought to Oracle Identity Manager. The optimized reconciliation feature identifies and ignores records that have already been reconciled in Oracle Identity Manager. Reconciliation events are created for the remaining records.

If you select Incremental, then you must also specify a value for the Timestamp Attribute parameter.

Figure 3-2 shows the first section of the Step 2: Specify Parameter Values page on which sample entries have been made.

Figure 3-2 First Section of the Step 2: Specify Parameter Values Page

Description of Figure 3-2 follows
Description of ''Figure 3-2 First Section of the Step 2: Specify Parameter Values Page''

Figure 3-3 shows the second section of the Step 2: Specify Parameter Values page on which sample entries have been made.

Figure 3-3 Second Section of the Step 2: Specify Parameter Values Page

Description of Figure 3-3 follows
Description of ''Figure 3-3 Second Section of the Step 2: Specify Parameter Values Page''

3.4.3 Step 3: Modify Connector Configuration Page

Note:

See "Step 3: Modify Connector Configuration Page" in one of the following guides for detailed information about the terms and procedures given in this section:

When you click Continue on the Step 2: Specify Parameter Values page, the generic technology connector framework tries to read metadata from the target system. If this operation is successful, then metadata is displayed on the Step 3: Modify Connector Configuration page in the form of data sets.

If metadata detection fails, then an error message is displayed and details of the cause of the error are recorded in the log file. If you encounter a metadata detection error, then you must fix it before resuming the procedure from the Step 2: Specify Parameter Values page.

Figure 3-4 shows a screenshot of the Step 3: Modify Connector Configuration page after metadata detection has run on the sample target system described in the "Step 2: Specify Parameter Values Page" section.

Figure 3-4 Step 3: Modify Connector Configuration Page After Metadata Detection

Description of Figure 3-4 follows
Description of ''Figure 3-4 Step 3: Modify Connector Configuration Page After Metadata Detection''

The elements displayed on the Step 3: Modify Connector Configuration page depend on the input that you provide on the Step 1: Provide Basic Information page and Step 2: Specify Parameter Values page. For example, if you select the Trusted Source Reconciliation check box on the Step 1: Provide Basic Information page, then the OIM - Account data sets and Provisioning Staging data sets are not displayed. See the "Display of Data Sets and Fields Under Various Input Conditions" table in one of the following guides for more information:

You must perform the actions described in Table 3-2 by using the features provided by the Step 3: Modify Connector Configuration page.

Note:

  • You can perform these actions in any sequence. For example, you can create the reconciliation rule before you specify the data type for fields in the Reconciliation Staging and OIM data sets.

  • Some of the actions can be performed as parts of the same procedure. For example, while setting the data type and length of a field, you can also create a mapping between the field and a field in a different data set.

  • See Appendix A, "An Example of the Procedure to Create Connectors" for sample steps.

Table 3-2 Actions to Be Performed on the Step 3: Modify Connector Configuration Page

Action Description

Actions common to both target resource and trusted source configurations of the target system

  

In the Reconciliation Staging and OIM data sets, you must designate fields as mandatory fields to duplicate NOT NULL constraints (including primary key constraints) of the target system tables.

While adding or editing a field, you can select the Required check box to specify that the field is a mandatory field. In the Reconciliation Staging and OIM data sets, you must select the Required check box for fields that represent columns for which the NOT NULL constraint has been set. See Figure B-1.

Create the reconciliation rule by creating a matching-only mapping between the primary key field of the Reconciliation Staging data set and the corresponding field of the OIM - User data set.

During reconciliation, the reconciliation rule forms the basis of entity matching in which target system records are compared with existing OIM Users. See Oracle Identity Manager Connector Concepts for more information about the reconciliation rule.

To create the reconciliation rule, you must create a matching-only mapping between the unique field (primary key) of the Reconciliation Staging data set and the corresponding field of the OIM - User data set. For example, you can create a matching-only mapping between the APP_USERID field of the Reconciliation Staging data set and the User ID field of the OIM - User data set. See Point 4 in Figure B-6.

If the primary key is composed of more than one target system field (column), then create matching-only mappings between each primary key field and the corresponding field of the OIM - User data set.

Note: The outcome of the entity-matching operation is determined by the reconciliation action rules that you configure. See "Modifying the Default Action Rules" for details.

Set the attributes (such as the data type and length) for the fields of the Reconciliation Staging data sets and the OIM - Account data sets.

At the end of the metadata detection process, default values for field attributes (such as the data type and length) are assigned to the fields displayed in the Reconciliation Staging and OIM - Account data sets. The data type and field size of the attribute are automatically detected for the supported data types by the connector itself. If you want to change the data type or size, you may have to edit the fields and set the required attributes for them.

For example, suppose the target system contains the HIRE_DATE and LAST_UPDATE columns. On the Step 3: Modify Connector Configuration page, you may have to edit the fields for these columns and set their data type to Date. Figure B-1 shows the Data Type list, which you can use to set the data type of a field.

Note: If you select the Provisioning option on the Step 1: page, then after you create the connector, you must not modify the data type of the OIM - Account data sets fields. This is because a data type change does not result in the creation of a new version of the process form.

Remove fields that are not required.

You might not want to read data from (reconcile with) or send data to (provision to) some fields of the target system. You must remove such fields from all the data sets on the Step 3: Modify Connector Configuration page.

Note: If you do not want to reconcile from or provision to the field that stores time-stamp values, then you can remove it from all the data sets. You can perform this action even if you have specified the name of the field as the value of the Timestamp Attribute parameter on the Step 2: Specify Parameter Values page.

If required, create or edit mappings to establish new flow lines, transform data, and validate data.

Note: This is not a mandatory action.

In addition to the mappings created through metadata detection, you can create mappings to establish new data flow lines between fields of adjacent data sets.

While adding or editing a mapping, you can add Transformation Providers to transform data that is in transit between fields of the following data sets:

  • Source and Reconciliation Staging

  • OIM and Provisioning Staging

While adding or editing a mapping, you can add Validation Providers to validate data before it is sent to the Reconciliation Staging data sets.

If required, configure the exchange of account status data between the target system and Oracle Identity Manager.

Note: This is not a mandatory action.

See "Exchanging Account Status Data with the Target System" for more information. In addition, see Figure B-4, Figure B-5, and Figure B-6.

Specify that you want to encrypt the storage, display, or both storage and display of fields that store confidential data in Oracle Identity Manager.

The target system may store confidential data, such as salaries and passwords of employees. For fields of the OIM data sets that hold confidential data, you can specify that you want to encrypt the field values in the Oracle Identity Manager database (storage of the field) and on the Administrative and User Console (display of the field). See Figure B-3.

Do not add the foreign key field.

If a foreign key is defined in the target system, then the foreign key column is automatically identified during metadata detection. If the foreign key is not defined, then you must use the Unique Attribute parameter to specify the name of the column that links rows of the parent and child tables.

In either case, the foreign key column (field) is not displayed on the Step 3: Modify Connector Configuration page. You must not add it on this page.

Actions specific to configuring the target system as a target resource

  

If required, convert fields to lookup fields.

Note: This is not a mandatory action.

If you are configuring the connector for provisioning, then you may want to create lookup fields on the process form. For example, during provisioning operations, you may want to select the Country Code value from a lookup field. The generic technology connector framework enables you to specify input sources for the lookup field.

You can create a lookup field that uses columns from Oracle Identity Manager database tables as its input source. For example, if country code values are stored in any Oracle Identity Manager database table, then you can use the columns of that table as the input source for the Country Code lookup field.

Alternatively, you can specify a lookup definition that you have created as the input source. This is discussed in "Using Lookup Definitions".

Specify the key field for reconciliation matching.

During target resource reconciliation, the key field for reconciliation matching is used to match target system accounts with accounts provisioned to existing OIM Users. This key field forms the basis of process matching that is performed during reconciliation.

To specify the key field for reconciliation matching, create a matching-only mapping between the unique field of the Reconciliation Staging data set and the corresponding field of the OIM - Account data set. See Figure B-6.

Note: You must not use the ID field to create the key field for reconciliation matching. Ensure that there are no mappings (of any kind) between the ID field and fields of any other data set.

Multiple fields of the OIM - Account data set can be (matching-only) mapped to corresponding fields of the Reconciliation Staging data set to create a composite key field for reconciliation matching.

Note: The outcome of the process-matching operation is determined by the reconciliation action rules that you configure. See "Modifying the Default Action Rules" for details.

Actions specific to configuring the target system as a trusted source

  

Remove password fields from all data sets.

Reconciliation of password information is not supported in Oracle Identity Manager. You must remove password fields from all data sets.

Ensure that the mandatory fields required for creation of an OIM User are present.

If you are creating the connector for trusted source reconciliation and if the target system does not have columns for some of the mandatory fields of the OIM User form, then add these mandatory fields to the Reconciliation Staging data set and specify literal values as the input sources for these fields.

The following are the mandatory fields of the OIM User form:

  • User ID

  • First Name

  • Last Name

  • Employee Type

  • User Type

  • Organization

During trusted source reconciliation, you must ensure that there are target system fields that provide data for each of these mandatory OIM User fields.

To ensure successful reconciliation, you must add fields corresponding to these target system fields in the Reconciliation Staging data set and specify literal values for the fields.

To add a field:

  1. Click the Add icon of the Reconciliation Staging data set.

  2. On the Step 1: Provide Field Information page:

    - In the Field Name field, enter a name for the field.

    - From the Mapping Action list, select Create Mapping Without Transformation.

    - From the Data Type list, select String.

  3. Click Continue.

  4. On the Step 3: Provide Mapping Information page, select Literal and enter a value. The value depends on the field for which you are specifying a literal value. For example:

    - If are creating a field to be mapped to the Organization field, then enter the name of an existing Oracle Identity Manager organization.

    - If are creating a field to be mapped to the Employee Type field, then enter Full-Time, Part-Time, Temp, Intern, or Consultant. These are Code Key values of the Employee Type field.

    - If are creating a field to be mapped to the User Type field, then enter End-User or End-User Administrator. These are Code Key values of the User Type field.

    See Figure B-2.

  5. Click Continue and then continue with the rest of the tasks that you want to perform on the Step 3: Modify Connector Configuration page.

See Figure B-7.

If the target system has more columns than there are fields on the OIM User form, then create mappings between the UDFs that you created earlier and the corresponding fields of the Reconciliation Staging data sets.

The target system may have more columns than there are fields on the OIM User form. For example, the target system may have the Designation column, which has no corresponding field on the OIM User form. To enable the creation of OIM Users during trusted source reconciliation, you must create a UDF for the Designation field on the OIM User form before you start creating the connector. See "Adding New User-Defined Fields for the OIM User" for more information.

On the Step 3: Modify Connector Configuration page, you must create mappings between the UDFs in the OIM - User data set and corresponding fields of the Reconciliation Staging data sets.

See one of the following guides for information on creating UDFs:

After you create the required UDFs, you must create mappings between them and the corresponding fields of the Reconciliation Staging data sets.

See Figure B-7.

If you are creating a connector for a target system that has a primary key column defined with the autoincrement option, then perform the following steps:

Note:

If you are creating a provisioning-only connector, then perform only Steps 1 through 4. If you are creating a connector for both provisioning and reconciliation, then perform all the steps.

  1. From the OIM data sets, to remove the primary key field defined with the auto-increment option, click the Delete icon corresponding to this field.

  2. In the Delete Field Confirmation dialog box, confirm that you want to proceed with the deletion of the primary key field by clicking Confirm.

  3. In the Delete Field Success dialog box, click Close.

  4. Repeat Steps 1 through 3 to remove the primary key field from the Provisioning Staging data sets.

  5. Create a mapping between the primary key field in the Reconciliation Staging data sets and the ID field in the OIM - Account data set by performing the following steps:

    Note:

    Perform Step 5 only if you are creating a connector that can be used for both provisioning and reconciliation.

    1. Click the Edit icon for the ID field in the OIM - Account data set.

    2. On the Step 1: Provide Field Information page, select the Matching Only check box, and then click Continue.

    3. On the Step 3: Provide Mapping Information page, from the Field Name list, select the primary key field, and then click Continue.

    4. In the Modify Generic Technology Connector dialog box, click Close.

3.4.4 Step 4: Verify Connector Form Names Page

Note:

This page is not displayed if you select the Trusted Source Reconciliation option on the Step 1: Provide Basic Information page.

On the Step 4: Verify Connector Form Names page, click Continue.

Figure 3-5 shows the Step 4: Verify Connector Form Names page.

Figure 3-5 Step 4: Verify Connector Form Names Page

Description of Figure 3-5 follows
Description of ''Figure 3-5 Step 4: Verify Connector Form Names Page''

3.4.5 Step 5: Verify Connector Information Page

On the Step 5: Verify Connector Information page, click Save.

Note:

If you encounter any errors at this stage, then see one of the following sections for troubleshooting information:

Creation of the connector involves creation of all the objects that constitute the connector. For information about the connector objects that are created, see the following:

Except for the form names, the names of generic technology connector objects are in the GTC_NAME_GTC format, where GTC_NAME is the name that you assign to the connector.

For example, if you specify DBTables_conn as the name of the connector that you create, then all the connector objects (except the forms) are named DBTables_conn_GTC.

3.4.6 Modifying the Default Action Rules

Table 3-3 lists the default action rules that are created when you create a connector for target resource reconciliation.

Table 3-3 Action Rules for Target Resource Reconciliation

Rule Condition Action

One Entity Match Found

Establish Link

One Process Match Found

Establish Link

Table 3-4 lists the default action rules that are created when you create a connector for trusted source reconciliation.

Table 3-4 Action Rules for Trusted Source Reconciliation

Rule Condition Action

No matches found

Create User

One Entity Match Found

Establish Link

One Process Match Found

Establish Link

You can modify these rule conditions and rule actions according to your requirements. See the "Resource Objects Form" section in one of the following guides for information about this procedure:

Note:

If you use the Design Console to modify the objects (for example, the action rules), then do not use the Manage Generic Technology Connector feature to modify the generic technology connector. If you modify the connector, then all the modifications made by using the Design Console would be overwritten.

This limitation is mentioned in the following guides:

3.4.7 Configuring Reconciliation

See "Configuring Reconciliation" section in the following guides:

3.4.8 Configuring Provisioning

See "Configuring Provisioning" section in the following guides:

3.5 Configuring Oracle Identity Manager 11.1.2 or Later

If you are using Oracle Identity Manager release 11.1.2 or later, you must create additional metadata such as UI form and an application instance. In addition, you must tag certain form fields, and run entitlement and catalog synchronization jobs. These procedures are described in the following sections:

3.5.1 Tagging Parent Form Fields

After creating the connector, you must tag the properties of parent form fields such as AccountName, AccountID, ITResource and Type.

The "AccountName" property of a process form field that represents the login ID of an account in the target system must be set to true. Otherwise, the Account Name column on the Accounts tab of the My Access page in the Self Service console for a user displays the database numeric key, instead of the correct account name.

The "AccountID" property of a process form field that represents the immutable GUID of the account (if one exists) must be set to true. Otherwise, you cannot integrate Oracle Identity Manager with Oracle Identity Analytics (OIA).

The "ITResource" property must be set to true to identify the IT Resource field of the process form.

The "Type" property of the IT Resource process form field must be set on the ITResource form field. Otherwise, Design Console automatically makes the form active.

To tag all the properties (discussed in the preceding paragraphs) of the parent form fields:

  1. Log in to Oracle Identity Manager Design Console.

  2. Expand Development Tools, and then double-click Form Designer.

  3. Search for and open the parent form. For example, ACMEDBAPP.

  4. Click Create New Version.

  5. On the Properties tab, as per your requirements, add properties for all the required fields. See the following table for details:

    Configuration Form Field Example Property Name Property Value
    To display Account Name in the Accounts Tab of the user Login ID Field APP_USERID AccountName True
    To represent the immutable GUID of the specific account. Used for OIA Integration Unique ID Field APP_USERID AccountId True
    To identify the ITResource field ITResource Lookup Field IT Resource2 ITResource True
    To set the IT Resource Type ITResource Lookup Field IT Resource2 Type For example, ACMEDBAPP_GTC

    Note:

    IT Resource Type is a mandatory property that must be set on the ITResource form field. If this property is not set, then the Design Console will make the form active.

  6. Click Save, and then click Make Version Active.

3.5.2 Tagging Child Form Fields

You must tag the "Entitlement" property of child form fields. In other words, you must set the "Entitlement" property of child form attributes to true.

If the "Entitlement" property is not set to true, then the child form attributes are not displayed in the catalog during a provisioning operation. This prevents users from adding such entitlements provided by the connector to the shopping cart.

To tag the "Entitlement" property of child form fields:

  1. Log in to Oracle Identity Manager Design Console.

  2. Expand Development Tools, and then double-click Form Designer.

  3. Search for and open the parent form. For example, ACMEROLE.

  4. Click Create New Version.

  5. On the Additional Columns tab, search for the entry corresponding to the child form field (for example, role_id), change the value in the Field Type column to LookupField.

  6. On the Properties tab, add the following properties to the child form field (for example, role_id):

    Property Name Value
    Entitlement True
    Lookup Code Name of the lookup definition that holds child form field values.

    Sample value: Lookup.ACMEDBAPP.roles

    Note:

    The lookup definition containing values for the child form field (for example, Lookup.ACMEDBAPP.roles) must be manually created and populated with values.

  7. Click Save, and then click Make Version Active.

  8. Assign the new child form version to the parent form as follows:

    1. Search for and open the parent form. For example, ACMEDBAPP.

    2. On the Child Table(s) tab, click Create New Version.

    3. Ensure the child table version is the active version.

    4. Click Save, and then click Make Version Active.

  9. Run the Entitlement List and Catalog Synchronization Job scheduled jobs. See "Harvesting Entitlements and Sync Catalog" for more information.

3.5.3 Creating and Activating a Sandbox

Create and activate a sandbox as follows. For detailed instructions, see the "Managing Sandboxes" section in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager.

  1. Log in to Oracle Identity System Administration.

  2. In the upper right corner of the page, click the Sandboxes link.

    The Manage Sandboxes page is displayed.

  3. On the toolbar, click Create Sandbox.

  4. In the Create Sandbox dialog box, enter values for the following fields:

    • Sandbox Name: Enter a name for the sandbox.

    • Sandbox Description: Enter a description of the sandbox.

  5. Click Save and Close.

  6. Click OK on the confirmation message that is displayed.

    The sandbox is created and displayed in the Available Sandboxes section of the Manage Sandboxes page. Note that the newly created sandbox is in the active state by default.

  7. Select the newly created sandbox.

3.5.4 Creating a New UI Form

Create a new UI form as follows. For detailed instructions, see the "Managing Forms" chapter in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager.

  1. In the left pane, under Configuration, click Form Designer. The Form Designer page is displayed.

  2. From the Actions menu, select Create. Alternatively, click Create on the toolbar. The Create Form page is displayed.

  3. On the Create Form page, enter values for the following UI fields:

    • Resource Type: Select the resource object that you want to associate the form with.

    • Form Name: Enter a name for the form.

  4. Click Create.

    A message is displayed stating that the form is created.

3.5.5 Attaching the UI Form to an Application Instance

For a generic technology connector, and application instance by the name PARENTFORM_GTC is created by default. For example, if the name of the parent form is ACMEDBAPP, then the name of the application instance that is created is ACMEDBAPP_GTC.

You must associate the newly created UI form with the application instance of your target system (PARENTFORM_GTC). To do so, open the existing application instance for your resource, from the Form field, select the form (created in "Creating a New UI Form"), and then save the application instance.

Publish the application instance to an organization to make the application instance available for requesting and subsequent provisioning to users. See the "Managing Organizations Associated With Application Instances" section in Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager for detailed instructions.

3.5.6 Publishing a Sandbox

To publish the sandbox that you created in "Creating and Activating a Sandbox":

  1. Close all the open tabs and pages.

  2. In the upper right corner of the page, click the Sandboxes link.

    The Manage Sandboxes page is displayed.

  3. From the table showing the available sandboxes in the Manage Sandboxes page, select the sandbox that you created in "Creating and Activating a Sandbox".

  4. On the toolbar, click Publish Sandbox. A message is displayed asking for confirmation.

  5. Click Yes to confirm. The sandbox is published and the customizations it contained are merged with the main line.

3.5.7 Harvesting Entitlements and Sync Catalog

To harvest entitlements and sync catalog:

  1. Run the Entitlement List scheduled job to populate Entitlement Assignment schema from child process form table. See the "Predefined Scheduled Tasks" section in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager for more information about this scheduled job.

  2. Run the Catalog Synchronization Job scheduled job. See the "Predefined Scheduled Tasks" section in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager for more information about this scheduled job.

3.6 Localizing Field Lables in UI Forms

Note:

Perform the procedure described in this section only if you are using Oracle Identity Manager release 11.1.2.x and you want to localize UI form field labels.

To localize field label that is added in the UI forms:

  1. Log in to Oracle Enterprise Manager.

  2. In the left pane, expand Application Deployments and then select oracle.iam.console.identity.sysadmin.ear.

  3. In the right pane, from the Application Deployment list, select MDS Configuration.

  4. On the MDS Configuration page, click Export and save the archive to the local computer.

  5. Extract the contents of the archive, and open the following file in a text editor:

    SAVED_LOCATION\xliffBundles\oracle\iam\ui\runtime\BizEditorBundle.xlf

  6. Edit the BizEditorBundle.xlf file in the following manner:

    1. Search for the following text:

      <file source-language="en"  
original="/xliffBundles/oracle/iam/ui/runtime/BizEditorBundle.xlf"
datatype="x-oracle-adf">

    2. Replace with the following text:

      <file source-language="en" target-language="LANG_CODE"
original="/xliffBundles/oracle/iam/ui/runtime/BizEditorBundle.xlf"
datatype="x-oracle-adf">

      In this text, replace LANG_CODE with the code of the language that you want to localize the form field labels. The following is a sample value for localizing the form field labels in Japanese:

      <file source-language="en" target-language="ja"
original="/xliffBundles/oracle/iam/ui/runtime/BizEditorBundle.xlf"
datatype="x-oracle-adf">

    3. Search for the application instance code. This procedure shows a sample edit for Database Application Tables application instance. The original code is:

      <trans-unit id="${adfBundle['oracle.adf.businesseditor.model.util.BaseRuntimeResourceBundle']['persdef.sessiondef.oracle.iam.ui.runtime.form.model.user.entity.userEO.UD_ACMEDBAP_APP_DFLT_HOME__c_description']}">
<source>APP_DFLT_HOME</source>
<target/>
</trans-unit>
<trans-unit id="sessiondef.oracle.iam.ui.runtime.form.model.ACMEFORM.entity.ACMEFORMEO.UD_ACMEDBAP_APP_DFLT_HOME__c_LABEL">
<source>APP_DFLT_HOME</source>
<target/>
</trans-unit>

    4. Open the resource file from the connector package, for example DatabaseApplicationTables_ja.properties, and get the value of the attribute from the file.

    5. Replace the original code shown in Step 6.c with the following:

      <trans-unit id="${adfBundle['oracle.adf.businesseditor.model.util.BaseRuntimeResourceBundle']['persdef.sessiondef.oracle.iam.ui.runtime.form.model.user.entity.userEO.UD_ACMEDBAP_APP_DFLT_HOME__c_description']}">
<source>APP_DFLT_HOME</source>
<target>\u4567d</target>
</trans-unit>
<trans-unit id="sessiondef.oracle.iam.ui.runtime.form.model.ACMEFORM.entity.ACMEFORMEO.UD_ACMEDBAP_APP_DFLT_HOME__c_LABEL">
<source>APP_DFLT_HOME</source>
<target>\u4567d</target>
</trans-unit>

    6. Repeat Steps 6.a through 6.d for all attributes of the process form.

    7. Save the file as BizEditorBundle_LANG_CODE.xlf. In this file name, replace LANG_CODE with the code of the language to which you are localizing.

      Sample file name: BizEditorBundle_ja.xlf.

  7. Repackage the ZIP file and import it into MDS.

    See Also:

    The "Deploying and Undeploying Customizations" chapter in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager, for more information about exporting and importing metadata files

  8. Log out of and log in to Oracle Identity Manager.

3.7 Performing Connector Operations

See "Performing Connector Operations" in Oracle Identity Manager Connector Concepts for information about guidelines that you must apply when you start using the connector.

Updating Child Records

Database Application Tables connectors do not support Update Child Record provisioning operations in this release. To work around this problem, you must first delete the record and then add the record with the required data modified.

See Also:

The entry for Bug 6614311 in the "Known Issues, Workarounds, and Troubleshooting" chapter

3.8 Performing Provisioning Operations in Oracle Identity Manager Release 11.1.2 or Later

To perform provisioning operations in Oracle Identity Manager release 11.1.2 or later:

  1. Log in to Oracle Identity Self Service.

  2. Create a user. See the "Managing Users" chapter in Oracle Fusion Middleware User's Guide for Oracle Identity Manager for more information about creating a user.

  3. On the Account tab, click Request Accounts.

  4. In the Catalog page, search for and add to cart the application instance for your target system (PARENTFORM_GTC) and then click Checkout.

  5. Specify value for fields in the application form and then click Ready to Submit.

  6. Click Submit.

  7. If the generic technology connector has child tables and you want to provision entitlements (child table values), then:

    1. On the Entitlements tab, click Request Entitlements.

    2. In the Catalog page, search for and add to cart the entitlement, and then click Checkout.

    3. Click Submit.

    Alternatively, you can insert or delete child table values to or from a user account in Oracle Identity Manager as follows:

    1. In the left pane, under Administration, click Users.

    2. On the Users page, search for and select the user.

    3. On the User Details page, click the Accounts tab.

    4. Search for and select the user account to or from which child tables values must be inserted or deleted, and then click Modify Accounts.

    5. Depending on whether you want to insert of delete child table values, perform one of the following steps:

      • To insert child table values, add the child table data in the child table displayed below the parent table data.

      • To delete child table values, select the child table row, and then click Delete.

    6. Click Ready to Submit.

    7. Click Submit.