Sun Identity Manager 8.1 Resources Reference

Adapter Details

Resource Configuration Notes

The PeopleSoft Component Interface adapter is configured by default to support the USER_PROFILE and DELETE_USER_PROFILE component interfaces. The adapter can also use custom component interfaces to create, read, and update account data if the component interface supports the following methods:

To delete accounts, the custom component interface must support the following methods:

In addition, the user specified on the Resource Parameters page must have permission to execute the methods of the invoked component interfaces.

Identity Manager Installation Notes

The PeopleSoft Component Interface adapter is a custom adapter. You must perform the following steps to complete the installation process:

ProcedureInstalling the PeopleSoft Component Adapter

  1. Copy the following file from the PeopleSoft installation media to the $WSHOME/WEBINF/lib directory:


    Note –

    The version of the psjoa.jar must match the version of your installed PeopleSoft system.

  2. To add this resource to the Identity Manager resources list, you must add the following value in the Custom Resources section of the Configure Managed Resources page:


Usage Notes

The PeopleSoft Component Interface adapter accomplishes user provisioning by invoking methods and setting properties on PeopleSoft component interfaces. Component interface definitions are assigned in the PeopleSoft Component Interface configuration object. This object can be modified through the debug pages or with the [Please define the IDMIDE text entity]. You can also edit a copy of the $WSHOME/sample/PeopleSoftComponentInterfaces.xml file and load that file into Identity Manager.

For more information about configuring and implementing component interfaces with this adapter, see the following sections:

Component Interface Map Definitions

The component interface map contains the list of component interfaces available to the adapter.

Each available component interface has its own definition. Key elements of a component interface definition include:

Default Component Interfaces Supported

The default Component Interface configuration object defines the following interfaces:

USER_PROFILE Component Interface

The default USER_PROFLE component interface definition is used to perform create, read, and update actions. The key and findKey attributes are set to UserID, because the USER_PROFILE component interface assigns the UserID field for the GETKEYS and FINDKEYS keys.

The default definition for the USER_PROFILE component interface does not define all of the possible properties. It has been simplified to include those used in the sample user form. If you need to add more resource user attributes to the Account Attributes page, then the component interface definition must be updated first. A resource user attribute cannot be added to that page unless it is listed in the component interface definition.

Most properties are defined in USER_PROFILE are simple objects. However, the IDTypes and Roles objects are collections and can have multiple values. IDTypes contains a collection of its own, Attributes. These objects must include the isCollection attribute, the key name for the collection, and at least one property.

DELETE_USER_PROFILE Component Interface

The DELETE_USER_PROFILE component interface definition is used to delete user profile definitions. The OPRID key determines which user profile is to be deleted. Since the component interface does not have properties, none are listed in the definition.

ROLE_MAINT Component Interface

The ROLE_MAINT component interface definition is part of a sample implementation that illustrates how Identity Manager can be configured to list role resource objects. Other resource objects can be listed by following the general guidelines listed below and modifying the ROLE_MAINT example to match your requirements.

Note –

The PeopleSoft Component Interface adapter supports listing resource objects only. It does not support other object features, such as update, create, or delete.

The ROLE_MAINT component interface definition has the following characteristics of note:

Adding FIND Method Support to the USER_PROFILE Component Interface

The default USER_PROFILE component interface does not support the FIND method. However, the PeopleSoft Component Interface adapter requires the FIND method in order to support account iteration and list.

Use the following steps to add FIND method support to an existing USER_PROFILE component interface.

ProcedureAdding FIND Method Support

  1. Load the USER_PROFILE component interface in the PeopleSoft Application Designer.

  2. On the left window (which shows the USERMAINT Component), select the OPRID field under the PSOPRDEFN_SRCH object.

    Drag this field over to the right window (which shows the USER_PROFILE CI).

    When you drop the field, a new key called FINDKEYS will be created in the USER_PROFILE CI. Under that key, there will be a sub-key called OPRID.

  3. Right-click on the OPRID name under FINDKEYS, and select Edit Name. Change the name to UserID.

  4. Right click on USER_PROFILE CI and select Component Interface Properties. Select the Standard Methods tab, then select the Find checkbox. Click OK to close the Component Interface Properties dialog.

  5. Save your changes to the USER_PROFILE component interface.

    The Find method is now visible under the METHODS field for the component interface. To verify the functionality of the new FIND method, right-click on the component interface and select Test Component Interface.

    Note –

    A PeopleSoft administrator should grant Full Access to the Find method for the component interface (in addition to the Create, Get, Save, and SetPassword methods).

PeopleSoft Component Interface Resource Objects

The XML of a PeopleSoft Component Interface resource can be edited so that resource objects can be managed. Use the debug pages or [Please define the IDMIDE text entity] to add an ObjectType element.

For example, to add support for the Role resource object, add an ObjectType element similar to the following.

<ObjectType name=’Role’ icon=’role’>
      <ObjectFeature name=’find’/>
   <ObjectAttributes idAttr=’ROLENAME’ displayNameAttr=’ROLENAME’ descriptionAttr=’DESCR’>
      <ObjectAttribute name=’ROLENAME’ type=’string’/>
      <ObjectAttribute name=’DESCR’ type=’string’/>
      <ObjectAttribute name=’ROLESTATUS’ type=’string’/>

The ObjectType name (for example, Role) must match the name of one of the objects in the supportedObjectTypes list of exactly one component interface definition. Each ObjectFeature (for example, find) must have a corresponding feature in the features list in that same supportedObjectTypes. The matched component interface will be the one used to perform the resource feature. (If there are multiple matches, the first one found will be used.)

The following example is part of the component interface definition for the ROLE_MAINT component interface in the component interface map. Note that the Object name Role is found and that an item in the features list is named find.

<Attribute name=’supportedObjectTypes’ >
      <Object name=’Role’>
         <Attribute name=’features’ >
               <Object name=’find’ />
               <Object name=’get’ />

User Form

The following user form fragment can be used to retrieve a list of PeopleSoft roles. Note that ROLENAME and DESCR attributes are being fetched.

<invoke name=’getResourceObjects’ class=’com.waveset.ui.FormUtil’>
   <s>PeopleSoft Component Interface</s>

Security Notes

This section provides information about supported connections and privilege requirements.

Supported Connections

Identity Manager uses the Client Connection Toolkit (Read/Write) to communicate with this adapter.

Required Administrative Privileges

The user that connects to PeopleSoft must be assigned to a PeopleSoft role that can access the methods of the managed component interface(s).

Provisioning Notes

The following table summarizes the provisioning capabilities of this adapter.



Create account 


Update account 


Delete account 


Enable/disable account 

Yes, if Component Interface Map defines enable/disable logic 

Password update 


Rename account 


Pass-through authentication 


Before/after actions 


Data loading methods 

  • Import directly from resource

  • Reconciliation

Account Attributes

The account attributes for the PeopleSoft Component Interface resource depend on the component interface being managed.

Each entry of the schema map should have a Resource User Attribute name that matches one of the entries in the “properties” list defined for the component interface in the Component Interface Map. When editing the schema map, you can click the Test Configuration button to verify an appropriate match can be found.

If the Resource User Attribute name matches a collection property in the component interface map, the value for the account attribute will be an XML string representation of the collection. For examples of manipulating collection properties, see the sample user form field accounts[PeopleSoft Component Interface].ps_roles.

Note –

The default schema map entries that are defined for a new resource instance are appropriate only when used with the default USER_PROFILE and DELETE_USER_PROFILE component interface maps. If you change these maps, or create your own, then you must change your schema map accordingly.

All account attributes are of type String.

Identity Manager User Attribute  

Resource User Attribute  




A description of the user. 



Required. The user’s symbolic ID. 



A list of user types assigned to the user. 



A list of rules assigned to the user. 



The user’s e-mail address. This attribute is available only on older PeopleTools releases. It is not on the schema map by default. 



A list of user email addresses. This attribute is available only on 8.4x PeopleTools releases. It is not on the schema map by default. 

Resource Object Management


Identity Template


Sample Forms

The following forms are provided in the $WSHOME/sample/forms directory:


Use the debug pages to set trace options on the following class: