| Oracle® Identity Manager Connector Guide for Oracle E-Business User Management Release 9.1.0 Part Number E11203-10 |
|
|
PDF · Mobi · ePub |
| Oracle® Identity Manager Connector Guide for Oracle E-Business User Management Release 9.1.0 Part Number E11203-10 |
|
|
PDF · Mobi · ePub |
This chapter provides an overview of the updates made to the software and documentation for the Oracle E-Business User Management connector in release 9.1.0.7.
The updates discussed in this chapter are divided into the following categories:
This section describes updates made to the connector software.
Documentation-Specific Updates
This section describes major changes made to this guide. These changes are not related to software updates.
The following sections discuss software updates:
The following are software updates in release 9.1.0:
Support for SSO-Enabled Oracle E-Business Suite Installations
Support for Oracle E-Business Suite Role and Responsibility Navigation Catalog
Support for Target System Account with Minimum Permissions for Connector Operations
Support for the Multiple Trusted Source Reconciliation Feature of Oracle Identity Manager
From this release onward, the connector supports the following new target system versions and configurations:
Oracle E-Business Suite 11.5.10, 12.0.1 through 12.0.6 running on Oracle Real Application Clusters 10g and 11g
Oracle E-Business Suite 12.1.1 running on Oracle Database 10g or Oracle Database 11g, as either single database or Oracle RAC implementation
These target systems are listed in the Section 1.1, "Certified Components" section.
The connector provides all the features required for setting up Oracle E-Business Suite as a managed (target) resource of Oracle Identity Manager. If you want to use Oracle E-Business Suite as a trusted source of identity data for Oracle Identity Manager, then use the Oracle E-Business Employee Reconciliation connector.
Along with creation of a user record in Oracle E-Business Suite, the connector can be used to create a basic person record in Oracle E-Business HRMS. This feature enables access to Oracle E-Business Suite applications that require a user to have an account in Oracle E-Business HRMS.
In addition, the connector can be used to create a basic person-type party record in Oracle E-Business TCA. This feature enables access to Oracle E-Business Suite applications that require a user to have an account in Oracle E-Business TCA.
See Section 1.4.1, "Oracle E-Business User Management Connectors" for more information.
UMX role assignments can now be managed during reconciliation and provisioning.
From this release onward, the connector supports the Segregation of Duties (SoD) feature introduced in Oracle Identity Manager release 9.1.0.2. Requests for Oracle E-Business Suite role and responsibility entitlements can be validated with Oracle Application Access Controls Governor. Entitlements are provisioned into Oracle E-Business Suite only if the request passes the SoD validation process. This preventive simulation approach helps identify and correct potentially conflicting assignment of entitlements to a user, before the requested entitlements are granted to users.
See Section 1.4.3, "SoD Validation of Entitlement Provisioning" for more information.
The connector can be used to integrate Oracle Identity Manager with an SSO-enabled Oracle E-Business Suite installation.
See Section 1.4.4, "Support for an SSO-Enabled Target System Installation" for more information.
You can use the connector to fetch data about responsibilities and roles definitions from each target system application and store this data in lookup definitions on Oracle Identity Manager. During a provisioning operation, these lookup definitions are populated with responsibilities and roles that are specific to the Oracle E-Business Suite application you select for the operation. This feature leverages the dependent lookup capability of Oracle Identity Manager.
See Section 1.7, "Lookup Definitions Used During Connector Operations" for more information.
Oracle E-Business Suite allows future-dating (effective-dating) of account disable and account enable operations. The connector can detect and respond to these effective-dated lifecycle events.
Similarly, the connector can also respond to effective-dated operations in which roles and responsibilities are granted or revoked.
See Section 1.4.5, "Reconciliation of Effective-Dated Events" for an overview of the process.
The connector can now be used for reconciliation and provisioning account status data. During reconciliation, changes to the Effective Date From and Effective Date To fields on the target system are duplicated in Oracle Identity Manager. The same effect can be achieved through provisioning operations performed on Oracle Identity Manager.
See Section 1.4.6, "Account Status Reconciliation and Provisioning" for more information.
Reconciliation involves running a SQL query on the target system database to fetch the required user account records to Oracle Identity Manager. From this release onward, predefined SQL queries are stored in a file in the connector deployment package. You can modify these SQL queries or add your own SQL queries for reconciliation.
See Section 1.5.1, "Reconciliation Queries" for information about the reconciliation queries.
To meet the requirements of specific use cases, you might need to create multiple copies of the Oracle Identity Manager objects that constitute the connector. The connector can work with multiple instances of these objects.
See Section 4.9, "Configuring the Connector for Multiple Installations of the Target System" for more information.
In earlier releases, you had to use the APPS user for connector operations. From this release onward, you can create and use an Oracle E-Business Suite user with the minimum permissions required for connector operations.
See Section 2.1.2.1, "Creating a Target System User Account for Connector Operations" for more information.
The connector supports the connection pooling feature introduced in Oracle Identity Manager release 9.1.0.2. In earlier releases, a connection with the target system was established at the start of a reconciliation run and closed at the end of the reconciliation run. With the introduction of connection pooling, multiple connections are established by Oracle Identity Manager and held in reserve for use by the connector.
See Section 1.4.12, "Connection Pooling" for more information.
From this release onward, you can configure SSL to secure communication between Oracle Identity Manager and the target system.
See Section 2.3.2, "Configuring Secure Communication Between the Target System and Oracle Identity Manager" for more information.
The connector now supports the multiple trusted source reconciliation feature of Oracle Identity Manager. See Oracle Identity Manager Design Console Guide for detailed information about multiple trusted source reconciliation.
To facilitate reuse and customization of some parts of the connector code, Javadocs are included in the connector deployment package.
The following table lists issues resolved in release 9.1.0.1:
| Bug Number | Issue | Resolution |
|---|---|---|
| 8509529 | In earlier releases, lookup field synchronization could be run in one of two modes: Refresh or Update. The Mode attribute of the eBusiness UM Lookup Definition Reconciliation scheduled task was used to store your choice. | From this release onward, lookup field synchronization is always run in the Update mode. The Mode attribute has been removed. |
| 8969251 | The connector created reconciliation events even for records that had not changed since the last reconciliation run. | This issue has been resolved. The connector now creates reconciliation events only for records that are added or modified after the last reconciliation run. |
| 8798992 | The Create User provisioning operation failed if you entered a value in the Person ID field. | This issue has been resolved. During the Create User provisioning operation, you can now enter a value in the Person ID field. |
| 8783010 | The Javadocs did not provide documentation on the public methods for the connector. | The Javadocs have been updated. |
| 9004591 | In an SSO-enabled environment, the default password set through a Create User operation was not configurable. | This issue has been resolved. The FND_WEB_SEC.EXTERNAL_PWD entry has been added in the configuration lookup definition. In an SSO-enabled environment, you can use this entry to specify the default password for new users.
Note: The "s" at the end of the name of the configuration lookup definitions has been removed in this release. |
| 9000721 | For Create User operations, the minimum password length for new users was set at 5 characters. | This issue has been resolved. You can now use the Minimum Password Length parameter of the IT resource to set the minimum password length. |
| 8999921 | During a Create User operation, you had to specify a password even when SSO communication was enabled. | This issue has been resolved. If SSO is enabled, then you need not specify a password during Create User operations. |
| 8916172 | In earlier releases, the connector required the ojdbc14.jar during reconciliation and provisioning. You had to copy this file from an external source. | This issue has been resolved. The connector can now work with the ojdbc6.jar file. This file is present in the application server installation directory.
As part of the fix implemented for this bug, the RECON_DATE_FORMAT and TO_CHAR_DATE_FORMAT entries have been introduced in the Lookup.EBS.ER.Configurations lookup definition. See Section 3.1, "Setting Up Lookup Definitions in Oracle Identity Manager" for more information about the these entries. |
| 9003839 | The target system user account for connector operations was unable to perform the required connector operations. The following error message was displayed on the server console:
|
This issue has been resolved. The target system user account is now able to perform all connector operations successfully. However, a target system user account created on Oracle E-Business Suite 11.5.10 is unable to perform connector operations. This point has also been mentioned in the "Known Issues" chapter. |
The following table lists issues resolved in release 9.1.0.3:
| Bug Number | Issue | Resolution |
|---|---|---|
| 6086572 | On Oracle E-Business Suite 11.5.10, the target system user account for performing connector operations did not work as expected. | This issue has been resolved. See Section 2.1.2.1, "Creating a Target System User Account for Connector Operations" for information about the procedure to create the target system user account. |
| 8502490 | To update an entitlement, the connector revoked and then added the entitlement. | This issue has been resolved. From this release onward, the connector can update the start date and end date values of an entitlement. The entitlement need not be revoked and then added. |
| 9389768 | The scheduled task for lookup field synchronization did not use the updateLookupValue method to update existing values in lookup definitions. | This issue has been resolved. The scheduled task now uses the updateLookupValue method to update existing values in lookup definitions. |
The following are the software updates in release 9.1.0.4:
From this release onward, the connector can be installed and used on Oracle Identity Manager 11g release 1 (11.1.1). Where applicable, instructions specific to this Oracle Identity Manager release have been added in the guide.
See Section 1.1, "Certified Components" for the full list of certified Oracle Identity Manager releases.
From this release onward, the connector provides support for request-based provisioning on Oracle Identity Manager 11g release 1 (11.1.1).
See Section 3.6.3, "Request-Based Provisioning in an SoD-Enabled Environment" for more information.
The following are the software updates in release 9.1.0.5:
The following table lists issues resolved in release 9.1.0.5:
| Bug Number | Issue | Resolution |
|---|---|---|
| 9779250 | The scripts to create a target system user account for connector operations were not divided according to connector type. | This issue has been resolved. The scripts to create a target system user account for connector operations are now divided according to connector type. |
| 9938336 | During reconciliation, if a date field in a child table contained a NULL value, then that date field was not included in the reconciliation data. | This issue has been resolved. The connector correctly processes date fields into which NULL values are brought during reconciliation. |
| 9467030 | During provisioning operations, roles and responsibilities displayed in lookup fields on the Administrative and User Console were not filtered according to the selected IT resource. | This issue has been resolved. The list of roles or responsibilities is now filtered according to the selected IT resource. |
| 9925468 | An incorrect error message was displayed when an invalid configuration lookup definition name was specified in the IT resource. | This issue has been resolved. The message displayed when an invalid configuration lookup definition name is specified accurately describes the issue. |
The following are the major enhancements in this release:
From this release onward, the security groups are added for provisioning and reconciliation in User Management connector, User Management with HR Foundation connector, and User Management with TCA Foundation connectors. During provisioning, the user can select a security group for any responsibility. If the user does not select any security group, then by default Standard security group is selected.
From this release onward, support for validation and transformation are added for provisioning and reconciliation.
The following table lists issues resolved in release 9.1.0.7:
| Bug Number | Issue | Resolution |
|---|---|---|
| 10353797 | Target User Reconciliation run stopped in between due to IllegalInputException | This issue has been resolved. Target User Reconciliation now will not be stopped even if user fields contain special characters. It will log the warning message with exception stack trace details of that user record and continue the reconciliation run for the next user records. |
| 11890859 | Java command is incorrect in the test utility script oracleebiz.sh | This issue has been resolved. The java command typo is now corrected in the test utility script, oracleebiz.sh |
| 11829671 | Logs do not display proper error for password expiration type | This issue has been resolved. The logs now display proper error message when password expiration type is selected, but password expiration interval value is not provided while updating the user task. |
The following sections discuss documentation-specific updates:
The following are documentation-specific updates in release 9.1.0:
Major changes have been made in the structure of the guide. The objective of these changes is to synchronize the guide with the changes made to the connector and to improve the usability of information provided by the guide.
See Section 1.8, "Roadmap for Deploying and Using the Connector" for detailed information about the organization of content in this guide.
In the "Certified Components" section, changes have been made in the "Target system" row.
The following are documentation-specific updates in release 9.1.0.1:
In the "Certified Components" section, changes have been made in the "External code" row.
The "Using External Code Files" section has been removed from the "Deploying the Connector" chapter.
All occurrences of "Lookup.EBS.UM.Configurations" have been replaced with "Lookup.EBS.UM.Configuration".
In the "Known Issues" chapter:
The following issue tracked by bug 8535215 has been removed as it was fixed in an earlier release:
The "ORA-00904 OBJ_UDF_KEYFIELD is invalid" error is thrown during reconciliation. To resolve this problem, deselect the Sequence Recon check box on the Resource Objects form of the Design Console. See Oracle Identity Manager Design Console Guide for more information about this flag.
A known issue tracked by bug 6086572 has been added.
In the "Files and Directories on the Installation Media" section, information about the script/OimUserAppstablesSynonyms.sql file and documentation/javadocs directory has been added.
In the "Configuring the IT Resource" section, the Minimum Password Length IT resource parameter has been added.
In the "Creating a Target System User Account for Connector Operations" section, the information that you must enter while running the script to create a target system user account for connector operations has been updated.
In the "Scheduled Task for Lookup Field Synchronization" section, the Mode attribute has been removed.
From this release onward:
The minimum certified release of Oracle Identity Manager is release 9.1.0.2 or later.
The minimum certified release of JDK is release 1.5.
See "Certified Components" section for the complete listing of certified components.
There are no documentation-specific updates in this release.
The following are documentation-specific updates in release 9.1.0.4:
Section 2.1.1.3, "Creating a Backup of the Existing Common.jar File" has been added.
Section 3.6.2.1, "Prerequisites" has been added.
Some of the text in Section 3.6, "Provisioning Operations Performed in an SoD-Enabled Environment" has been moved to Section 3.6.2.1, "Prerequisites."
The following is a documentation-specific update in this release:
Section 2.3.3.6, "Disabling the Auto Save Form Feature on Oracle Identity Manager Release 11.1.1" has been added.
There are no documentation-specific updates in this release.
|
 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|
