Skip Headers
Oracle® Identity Manager Connector Guide for Oracle E-Business User Management
Release 9.1.0

E11203-16
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

What's New in Oracle Identity Manager Connector for Oracle E-Business User Management?

This chapter provides an overview of the updates made to the software and documentation for the Oracle E-Business User Management connector in release 9.1.0.7.

The updates discussed in this chapter are divided into the following categories:

Software Updates

The following sections discuss software updates:

Software Updates in Release 9.1.0.7.14

The following are software updates in release 9.1.0.7.14:

Resolved Issues in Release 9.1.0.7.14

The following table lists issues resolved in release 9.1.0.7.14:

Bug Number Issue Resolution

12715982

When an attempt to reconcile one record in the SSO-enabled mode was made, the SSO GUID of the user was reconciled successfully.

However, when an attempt to reconcile more than one user was made, only the first record reconciled the SSO User ID. The subsequent records logged the following warning:

"Could not find SSO User ID corresponding to user."

This issue has been resolved. During a reconciliation run, the SSO GUIDs of all user records being reconciled are fetched.

12956783

Enabling a disabled user record did not work as expected.

This issue has been resolved. Enabling a disabled user records works as expected.

12980532

Consider an Oracle Identity Manager environment with a large number of target system user accounts. Revoking a target system resource from an Oracle Identity Manager User account worked as expected. However, provisioning the target system resource to the same Oracle Identity Manager User account resulted in a timeout.

This issue has been resolved. The connector does not timeout while trying to provision a revoked resource in an Oracle Identity Manager environment with a large number of user accounts.

In addition, the searching criteria is optimized to get a revoked status before a new user is provisioned.

13070641

Child form fields such as Application Name, Responsiblity Name, and Security Group displayed encoded values that were difficult to decipher.

This issue has been resolved. The Lookup Column Name property has been modified from "lkv_encoded" to "lkv_decoded". Therefore, the connector displays decoded values in the child form fields.

13593940

The scripts/script1/OIM.sh and scripts/script2/OIM.sh scripts did not function as expected due to shell syntax errors.

This issue has been resolved. The OIM.sh scripts work as expected as all syntax errors in the scripts have been corrected.

13997216

When you specified a value for the Context User ID parameter of the IT resource, the CREATED_BY and LAST_UPDATE_BY columns of the FND_USR table were not set to contain the right value.

This issue has been resolved. CREATED_BY and LAST_UPDATE_BY columns of the FND_USER table are updated correctly.

14126858

The value of the SSO identifier was not updated after an EBS resource was reprovisioned to an Oracle Identity Manager User. In addition, the Oracle Identity Manager User could not use the SSO password through OID, although SSO was enabled. As a result, the user was unable to log in to the EBS target system.

This issue has been resolved. The value of the SSO identifier is updated after reprovisioning an EBS resource. OIM Users can now successfully log in to the EBS target system.

14176597

The OIM.sh scripts had misleading headers that prompted the use of an incorrect OIM.sh script version.

This issue has been resolved. The headers in the OIM.sh scripts have been corrected. Inaddition, these scripts do not mention the target system.

14826572

The HRMS Revoke and TCA Revoke provisioning operations and cross-provisioning features were missing.

This issue has been resolved. The HRMS Revoke and TCA Revoke provisioning functions have been added. This addition provides a configuration option to delete employee records or party records.

14827165

Create User provisioning operation was rejected with the "USER_EXISTS" status if you provisioned a TCA resource to the OIM User after revoking an HR resource.

This issue was encountered because the CUSTOMER_ID column of the FND_USER table was not checked while provisioning a TCA resource.

This issue has been resolved. The connector has been enhanced to check the CUSTOMER_ID column value and update the same while provisioning or deprovisioning TCA resource.

15996977

While provisioning an EBS account, if the Hire Date was in the past, the connector created two records in the PER_ALL_PEOPLE_F table.

While updating an employee record, the date track mode was set to "UPDATE" if the hire date was not the same as the start date, which created two employee records.

This issue has been resolved. Connector does not create two employee records if the employee hire date has a past value.

The date track update mode is set to "CORRECTION" to ensure that only one record is created for each employee.

16015896

The value of the START_DATE column in the target system was incorrectly updated when a Remove Role provisioning operation was performed.

This issue has been resolved. The role start date is not modified when a role is revoked from a user.

16458228

Updating any OIM User process form field (for example Email), updated the Person ID field also.

This was because the already existing Person ID values were overwritten in the target system and the same person ID field was not modified in the process form.

This issue has been resolved. The Person ID field is updated only when it is modified in the OIM User process form.

16692869

The connector was able to perform cross-provisioning operations to both the TCA and HRMS resource. This allowed a single user account to be provisioned with both the TCA and HRMS resources at the same time.

This issue was encountered because the connector did not check whether the resource being provisioned (HRMS or TCA) was revoked.

This issue has been resolved. Before performing a cross-provisioning an operation, the connector check whether the resource being provisioned (HRMS or TCA) has been revoked.

16808397

Creation of a target system user account for connector operations failed if your target system was running on an Oracle RAC implementation.

This issue was encountered because the scripts used for creating the user account were creating a tablespace.

This issue has been resolved. Creation of a target system user account for connector operations works as expected.

Tablespace related commands have been removed to ensure that the user account gets created successfully.

16892131

During a reconciliation run, the connector created a new user account in Oracle Identity Manager even if the status of the corresponding user in the target system was "disabled".

This issue has been resolved. The connector does not create OIM User accounts for target system accounts that are in the "disabled" state.

17055095

After a reconciliation run from the target system to Oracle Identity Manager, the connector set an incorrect value for the Effective Date To field.

This issue was encountered because fields storing date values did not use the correct date format.

This issue has been resolved. Fields containing date values are now reconciled correctly. The connector now uses the dd-Mon-yyyy format instead of the dd-Mon-yy format.

17252551

Inconsistencies in expected behavior were observed while handling entitlements through access policy-based provisioning. For example, if an application name was not provided in an access policy, then issues were encountered after reconciliation.

This issue has been resolved. Application Name is no longer a key field in reconciliation mappings.


Software Updates in Release 9.1.0.7

The following are the major enhancements in this release:

Added Security Groups Support to Oracle e-Business User Management Connectors

From this release onward, the security groups are added for provisioning and reconciliation in User Management connector, User Management with HR Foundation connector, and User Management with TCA Foundation connectors. During provisioning, the user can select a security group for any responsibility. If the user does not select any security group, then by default Standard security group is selected.

Added Support for Validation and Transformation

From this release onward, support for validation and transformation are added for provisioning and reconciliation.

Resolved Issues in Release 9.1.0.7

The following table lists issues resolved in release 9.1.0.7:

Bug Number Issue Resolution

10353797

Target User Reconciliation run stopped in between due to IllegalInputException

This issue has been resolved. Target User Reconciliation now will not be stopped even if user fields contain special characters. It will log the warning message with exception stack trace details of that user record and continue the reconciliation run for the next user records.

11890859

Java command is incorrect in the test utility script oracleebiz.sh

This issue has been resolved. The java command typo is now corrected in the test utility script, oracleebiz.sh

11829671

Logs do not display proper error for password expiration type

This issue has been resolved. The logs now display proper error message when password expiration type is selected, but password expiration interval value is not provided while updating the user task.


Software Updates in Release 9.1.0.5

The following are the software updates in release 9.1.0.5:

Resolved Issues in Release 9.1.0.5

The following table lists issues resolved in release 9.1.0.5:

Bug Number Issue Resolution

9779250

The scripts to create a target system user account for connector operations were not divided according to connector type.

This issue has been resolved. The scripts to create a target system user account for connector operations are now divided according to connector type.

9938336

During reconciliation, if a date field in a child table contained a NULL value, then that date field was not included in the reconciliation data.

This issue has been resolved. The connector correctly processes date fields into which NULL values are brought during reconciliation.

9467030

During provisioning operations, roles and responsibilities displayed in lookup fields on the Administrative and User Console were not filtered according to the selected IT resource.

This issue has been resolved. The list of roles or responsibilities is now filtered according to the selected IT resource.

9925468

An incorrect error message was displayed when an invalid configuration lookup definition name was specified in the IT resource.

This issue has been resolved. The message displayed when an invalid configuration lookup definition name is specified accurately describes the issue.


Software Updates in Release 9.1.0.4

The following are the software updates in release 9.1.0.4:

Support for New Oracle Identity Manager Release

From this release onward, the connector can be installed and used on Oracle Identity Manager 11g release 1 (11.1.1). Where applicable, instructions specific to this Oracle Identity Manager release have been added in the guide.

See Section 1.1, "Certified Components" for the full list of certified Oracle Identity Manager releases.

Support for Request-Based Provisioning

From this release onward, the connector provides support for request-based provisioning on Oracle Identity Manager 11g release 1 (11.1.1).

See Section 3.6.3, "Request-Based Provisioning in an SoD-Enabled Environment" for more information.

Software Updates in Release 9.1.0.3

The following table lists issues resolved in release 9.1.0.3:

Bug Number Issue Resolution

6086572

On Oracle E-Business Suite 11.5.10, the target system user account for performing connector operations did not work as expected.

This issue has been resolved. See Section 2.1.2.1, "Creating a Target System User Account for Connector Operations" for information about the procedure to create the target system user account.

8502490

To update an entitlement, the connector revoked and then added the entitlement.

This issue has been resolved. From this release onward, the connector can update the start date and end date values of an entitlement. The entitlement need not be revoked and then added.

9389768

The scheduled task for lookup field synchronization did not use the updateLookupValue method to update existing values in lookup definitions.

This issue has been resolved. The scheduled task now uses the updateLookupValue method to update existing values in lookup definitions.


Software Updates in Release 9.1.0.1

The following table lists issues resolved in release 9.1.0.1:

Bug Number Issue Resolution

8509529

In earlier releases, lookup field synchronization could be run in one of two modes: Refresh or Update. The Mode attribute of the eBusiness UM Lookup Definition Reconciliation scheduled task was used to store your choice.

From this release onward, lookup field synchronization is always run in the Update mode. The Mode attribute has been removed.

8969251

The connector created reconciliation events even for records that had not changed since the last reconciliation run.

This issue has been resolved. The connector now creates reconciliation events only for records that are added or modified after the last reconciliation run.

8798992

The Create User provisioning operation failed if you entered a value in the Person ID field.

This issue has been resolved. During the Create User provisioning operation, you can now enter a value in the Person ID field.

8783010

The Javadocs did not provide documentation on the public methods for the connector.

The Javadocs have been updated.

9004591

In an SSO-enabled environment, the default password set through a Create User operation was not configurable.

This issue has been resolved. The FND_WEB_SEC.EXTERNAL_PWD entry has been added in the configuration lookup definition. In an SSO-enabled environment, you can use this entry to specify the default password for new users.

Note: The "s" at the end of the name of the configuration lookup definitions has been removed in this release.

9000721

For Create User operations, the minimum password length for new users was set at 5 characters.

This issue has been resolved. You can now use the Minimum Password Length parameter of the IT resource to set the minimum password length.

8999921

During a Create User operation, you had to specify a password even when SSO communication was enabled.

This issue has been resolved. If SSO is enabled, then you need not specify a password during Create User operations.

8916172

In earlier releases, the connector required the ojdbc14.jar during reconciliation and provisioning. You had to copy this file from an external source.

This issue has been resolved. The connector can now work with the ojdbc6.jar file. This file is present in the application server installation directory.

As part of the fix implemented for this bug, the RECON_DATE_FORMAT and TO_CHAR_DATE_FORMAT entries have been introduced in the Lookup.EBS.ER.Configurations lookup definition. See Section 3.1, "Setting Up Lookup Definitions in Oracle Identity Manager" for more information about the these entries.

9003839

The target system user account for connector operations was unable to perform the required connector operations. The following error message was displayed on the server console:

ORA-04030: out of process memory

This issue has been resolved. The target system user account is now able to perform all connector operations successfully. However, a target system user account created on Oracle E-Business Suite 11.5.10 is unable to perform connector operations. This point has also been mentioned in the "Known Issues" chapter.


Software updates in Release 9.1.0

The following are software updates in release 9.1.0:

Support for New Target System Versions and Configurations

From this release onward, the connector supports the following new target system versions and configurations:

These target systems are listed in the Section 1.1, "Certified Components" section.

Dedicated Support for Target Resource Reconciliation

The connector provides all the features required for setting up Oracle E-Business Suite as a managed (target) resource of Oracle Identity Manager. If you want to use Oracle E-Business Suite as a trusted source of identity data for Oracle Identity Manager, then use the Oracle E-Business Employee Reconciliation connector.

Support for Provisioning Basic Person Records in Oracle E-Business HRMS and Basic Party Records in Oracle E-Business TCA

Along with creation of a user record in Oracle E-Business Suite, the connector can be used to create a basic person record in Oracle E-Business HRMS. This feature enables access to Oracle E-Business Suite applications that require a user to have an account in Oracle E-Business HRMS.

In addition, the connector can be used to create a basic person-type party record in Oracle E-Business TCA. This feature enables access to Oracle E-Business Suite applications that require a user to have an account in Oracle E-Business TCA.

See Section 1.5.1, "Oracle E-Business User Management Connectors" for more information.

Support for Managing Oracle E-Business Suite UMX Roles

UMX role assignments can now be managed during reconciliation and provisioning.

Support for SoD Validation of Entitlement Provisioning

From this release onward, the connector supports the Segregation of Duties (SoD) feature introduced in Oracle Identity Manager release 9.1.0.2. Requests for Oracle E-Business Suite role and responsibility entitlements can be validated with Oracle Application Access Controls Governor. Entitlements are provisioned into Oracle E-Business Suite only if the request passes the SoD validation process. This preventive simulation approach helps identify and correct potentially conflicting assignment of entitlements to a user, before the requested entitlements are granted to users.

See Section 1.5.3, "SoD Validation of Entitlement Provisioning" for more information.

Support for SSO-Enabled Oracle E-Business Suite Installations

The connector can be used to integrate Oracle Identity Manager with an SSO-enabled Oracle E-Business Suite installation.

See Section 1.5.4, "Support for an SSO-Enabled Target System Installation" for more information.

Support for Oracle E-Business Suite Role and Responsibility Navigation Catalog

You can use the connector to fetch data about responsibilities and roles definitions from each target system application and store this data in lookup definitions on Oracle Identity Manager. During a provisioning operation, these lookup definitions are populated with responsibilities and roles that are specific to the Oracle E-Business Suite application you select for the operation. This feature leverages the dependent lookup capability of Oracle Identity Manager.

See Section 1.8, "Lookup Definitions Used During Connector Operations" for more information.

Support for Effective-Dated Target System Events

Oracle E-Business Suite allows future-dating (effective-dating) of account disable and account enable operations. The connector can detect and respond to these effective-dated lifecycle events.

Similarly, the connector can also respond to effective-dated operations in which roles and responsibilities are granted or revoked.

See Section 1.5.5, "Reconciliation of Effective-Dated Events" for an overview of the process.

Support for Account Status Reconciliation and Provisioning

The connector can now be used for reconciliation and provisioning account status data. During reconciliation, changes to the Effective Date From and Effective Date To fields on the target system are duplicated in Oracle Identity Manager. The same effect can be achieved through provisioning operations performed on Oracle Identity Manager.

See Section 1.5.6, "Account Status Reconciliation and Provisioning" for more information.

Support for Configurable Reconciliation Queries

Reconciliation involves running a SQL query on the target system database to fetch the required user account records to Oracle Identity Manager. From this release onward, predefined SQL queries are stored in a file in the connector deployment package. You can modify these SQL queries or add your own SQL queries for reconciliation.

See Section 1.6.1, "Reconciliation Queries" for information about the reconciliation queries.

Support for Creating Copies of Connector Objects

To meet the requirements of specific use cases, you might need to create multiple copies of the Oracle Identity Manager objects that constitute the connector. The connector can work with multiple instances of these objects.

See Section 4.9, "Configuring the Connector for Multiple Installations of the Target System" for more information.

Support for Target System Account with Minimum Permissions for Connector Operations

In earlier releases, you had to use the APPS user for connector operations. From this release onward, you can create and use an Oracle E-Business Suite user with the minimum permissions required for connector operations.

See Section 2.1.2.1, "Creating a Target System User Account for Connector Operations" for more information.

Support for Connection Pooling

The connector supports the connection pooling feature introduced in Oracle Identity Manager release 9.1.0.2. In earlier releases, a connection with the target system was established at the start of a reconciliation run and closed at the end of the reconciliation run. With the introduction of connection pooling, multiple connections are established by Oracle Identity Manager and held in reserve for use by the connector.

See Section 1.5.12, "Connection Pooling" for more information.

Support for SSL Communication

From this release onward, you can configure SSL to secure communication between Oracle Identity Manager and the target system.

See Section 2.3.2, "Configuring Secure Communication Between the Target System and Oracle Identity Manager" for more information.

Support for the Multiple Trusted Source Reconciliation Feature of Oracle Identity Manager

The connector now supports the multiple trusted source reconciliation feature of Oracle Identity Manager. See Oracle Identity Manager Design Console Guide for detailed information about multiple trusted source reconciliation.

Inclusion of Javadocs in the Connector Deployment Package

To facilitate reuse and customization of some parts of the connector code, Javadocs are included in the connector deployment package.

Documentation-Specific Updates

The following sections discuss documentation-specific updates:

Documentation-Specific Updates in Release 9.1.0.7.14

The following documentation-specific update has been made in revision "16" of release 9.1.0.7.14:

The "Target System" row of Table 1-1, "Certified Components" has been updated.

The following documentation-specific update has been made in revision "15" of release 9.1.0.7.14:

Section 3.9, "Uninstalling the Connector" has been added.

The following documentation-specific updates have been made in revision "14" of release 9.1.0.7.14:

The following documentation-specific updates have been made in the revision "13" of release 9.1.0.7.14:

Documentation-Specific Updates in Release 9.1.0.7

The following are the documentation-specific updates in this release:

Documentation-Specific Updates in Release 9.1.0.5

The following is a documentation-specific update in this release:

Documentation-Specific Updates in Release 9.1.0.4

The following are documentation-specific updates in release 9.1.0.4:

Documentation-Specific Updates in Release 9.1.0.3

There are no documentation-specific updates in this release.

Documentation-Specific Updates in Release 9.1.0.1

The following are documentation-specific updates in release 9.1.0.1:

Documentation-Specific Updates in Release 9.1.0

The following are documentation-specific updates in release 9.1.0: