The OES Adapter is a plug-in to the Sun Identity Manager that enables the bi-directional propagation of users and user attributes between Sun Identity Manager and OES.
This document contains detailed, step-by-step instructions on how to configure the adapter in Sun Identity Manager, and how to set up active sync from the adapter.
After completing these tasks, the user operations in Sun Identity Manager will take effect in OES, and the user operations in the Administration Console will be synced into Sun Identity Manager. The sync interval from OES to Sun Identity Manager is configurable.
Set Up OES Resource in Sun Identity Manager
Perform the following steps to set up the adapter as a resource in Sun Identity Manager:
Stop the Sun Identity Manager container.
Copy the following files from ales32-admin to idm/WEB-INF/lib:
You need to supply your OES credentials in order for the scripts to make the necessary changes.
Start the Sun Identity Manager container.
Log in to the Sun Identity Manager console with the Configurator id. The default password is configurator.
Configure the resource type:
Click Configure at the top of the menu.
Click Managed Resource in the sub-menu.
Click the Add Custom Resource button. Enter com.bea.adapter.ALESResourceAdapter as the Resource Class Path under Custom Resource, and click Save.
Configure the OES resource:
Click Resource at the top of the menu.
Select New Resource in Resource Type Action from the dropdown list.
Select ALES from the dropdown list of Resource Type, and click New.
In Welcome Create ALES Resource Wizard, click Next.
Enter the resource parameters as follows, and then click Test Configuration. Make sure that the OES Administration servers are currently running.
Host: The host name or IP address of Administration Server
TCP port: The port number for BLM server (default=7011)
Username: The user who has privilege to manager users in OES, e.g. “admin”
Password: The password of user manager of OES admin
Directory of Keystore: The full path to the ssl dir in the OES admin. If the IDM is not located on the same machine as OES admin then the ssl dir should be copied to the IDM machine
If the test configuration is successful, status is displayed as Test connection succeeded for resource(s): ALES. Click Next.
If the test configuration is not successful, an error message is displayed. You need to check the Resource parameters and make sure that the OES Administration servers started. After you have done this, test again.
Configure user attributes, and click Next.
Accept Identity Template settings, and click Next.
Enter your Resource Name in Identity System Parameters, accept the other default settings, and then click Save.
Enable Active Sync for OES Resource
An OES Audit provider is used to record user-related operations in the OES system. This is done so that the adapter for Sun Identity Manager can sync these changes automatically.
The procedure you follow to enable active sync for the OES resource depends on whether you are using the WebLogic 9.x/10.x or WebLogic 8.1 SSM. When you use the WLS 9.x/10.x SSM, configure security providers using the WebLogic Administration Console, rather than the Administration Console.
Using the WebLogic 9.x SSM
Start the Administration Servers.
Log in to the WebLogic Server Administration Console on the system on which the WebLogic 9.x SSM is installed, https://hostname:port/console.
Click Lock and Edit on the left top of the page.
Create an instance of UserChangeDBAuditor. There should be no more than one User Change DB Auditor in one OES domain.
Click on Security Realms in the left panel.
Click on your configured security realm in the middle of the right main panel.
Click Providers on the top menu of realm.
Click Auditing in the sub menu.
Click New to configure a new Audit provider.
Enter a name and select UserChangeDBAuditor as type, and click OK.
Click the name you entered and go to the provider setting page.
Click the Provider Specific top menu, and enter the JDBC parameters. The values should equal those of the OES configuration.
Click Release Configuration on left top of page.
Restart the Administration servers to make the UserChangeDBAuditor take effect.
Using the Weblogic 8.1 SSM
Start the Administration Server.
Log in to the OES Administration Console by entering the following in a browser:
where <host> is the server host and <port> is port (default = 7010)
Create a UserChangeDBAuditor as follows:
In the left pane, select the asiadmin SSM under the adminconfig SCM.
Click Providers in the right pane and then select the Auditors tab.
On the Auditors tab, click on Configure a new User Change DBAuditor. Then accept the default name and click Create. Finally, open the Details tab, enter the JDBC parameters, and click Apply.
The JDBC parameter values should equal those of the OES database configuration.
Return to the left pane and select the Deployment node at the bottom of the tree. Then select the Configuration tab in the right pane.
On the Configuration tab, select the Security Configuration checkbox and then click Distribute Configuration Changes.
Click Refresh until the distribution is 100% complete.
Restart the Administration Server.
Set Up Active Sync in Identity Manager
Log in to the Identity Manager console with the Configurator id. The default password is configurator.
Configure Active Sync for the OES Resource:
Click Resource at the top of the menu.
Select the OES Resource in Resource List by clicking on the checkbox. Then, select Active Sync Wizard in the -- Resource Actions -- dropdown list.
Select the Use Wizard Generated Input Form ratio button for Input Form Usage. Then, select Advanced for Configuration Mode and click Next.
Configure Active Sync Running Settings on demand.
Configure General Active Sync Settings. Enter JDBC values to match those of the OES database configuration. Click Next.
On the Event Types page, accept the default values and click Next.
On the Process Selection page, accept the default values and click Next.
On the Target Resources page, add the Identity Manager resources that need to sync with OES resource to Target Resources.
On the Target Attribute Mappings page, you can use add and remove to set up the mapping between OES attributes and Identity Manager attributes. After you have finished the attribute-mapping settings, click Save to finish.