Oracle® Identity Manager Connector Guide for PeopleSoft User Management Release 9.0.1 Part Number B31131-01 |
|
|
View PDF |
Deploying the connector involves the following steps:
The following table lists the deployment requirements for the connector.
The connector files to be copied and the directories to which you must copy them are given in the following table.
Note:
The directory paths given in the first column of this table correspond to the location of the connector files in the following ZIP file on the installation media:Enterprise Applications\PeopleSoft Enterprise Applications\ PeopleSoft User Management Rev 1.0.0.zip
Refer to "Files and Directories That Comprise the Connector" for more information about these files.
Configuring the target system involves performing the following procedures:
Perform the following procedures to create and publish the message:
To create the message channel, perform the following steps:
Click Start, Programs, and Application Designer. The PeopleSoft Application Designer window is displayed.
Select New from the File menu. The New Definition dialog box is displayed.
Select Message Channel, and then click OK.
Save the new message channel as USR_MGMT_MSGCH
.
Select Definition Properties from the File menu. The Message Channel Properties dialog box is displayed.
Select the Run option, and then select Archive Messages.
After creating the message channel, create the message as follows:
In the PeopleSoft Application Designer, select New from the File menu. The New Definition dialog box is displayed.
Select Message from the list.
Select Definition Properties from the File menu. The Message Properties dialog box is displayed.
Select the Use tab.
On the Use tab, select the USR_MGMT_MSGCH
message channel and the version of the message that you just created.
Select Active to make the message an active message.
Save the message as USR_MGMT_MSG
.
Right-click VERSION_1 and select the Insert Child Record property. A new window Insert Record will appear, to choose the records to be added to the Message.
Enter PSOPRDEFN in the Name field, and click the Insert button. The PSOPRDEFN record will be added to the message.
Repeat steps 8 to 9 for PSUSEREMAIL
, PSOPRALIAS
, and PSROLEUSER_VW
records.
Clicking on each record will display all the fields pertaining to that record in the adjacent window on the right. Select only those fields which are required in the XML Message. Refer USR_MGMT_MSG.xml
to find out the required fields.
Save the message again.
To publish the message, perform the following steps:
Select Open from the File menu. The Open Definition dialog box is displayed.
Select Component from the Definition list, enter USERMAINT
in the Name Selection Criteria field, and then press Enter. All component names starting with the text USERMAINT
are displayed.
Select USERMAINT from the list, and then click Open. The details of the USERMAINT component are displayed.
Click the Structure tab, right-click USERMAINT, and then select View PeopleCode. The PeopleCode for the USERMAINT component is displayed.
Select the SavePostChange event from the list in the upper-left corner of the window. The PeopleCode for this event is displayed.
Copy the code given from the following file immediately after the import definitions in the PeopleCode for the SavePostChange event:
xellerate_home
\xellerate\Scripts\UserMgmtCBRecon.txt
Add the following function call at the end of the PeopleCode for the SavePostChange event:
If Len(%CompIntfcName) = 0 Then Local string &OPID; &OPID = PSOPRDEFN.OPRID; GENERATEUSR(&OPID); End-If;
Select Save from the File menu to save the changes to the USERMAINT
component.
PeopleSoft Enterprise Portal provides a single gateway to critical information in PeopleSoft User Management Reconciliation and other applications and systems. In order to use the PeopleSoft User Management Reconciliation connector, you must perform the following tasks:
To configure the gateway, you have to set up the gateway, local node, remote node in the PORTAL. To do this, perform the following steps:
Open a Web browser and enter the URL for PeopleSoft Enterprise Portal. The URL for PeopleSoft Enterprise Portal is in the following format:
http://servername/psp/Databasename/?cmd=login
For example:
http://psftserver.acme.com/TestDB/?cmd=login
Expand PeopleTools, Integration Broker, and then Gateways in the list on the portal page. The Gateway component details are displayed.
Enter LOCAL in the Integration Gateway ID, and then click Search. The LOCAL gateway is a default gateway that is created when you install PeopleSoft Enterprise Portal.
Ensure that the IP Address in the URL of the PeopleSoft listening connector is the IP address of the Web server where PeopleSoft is installed. The URL of the PeopleSoft listening connector is in the following format:
http://computer_name/PSIGW/PeopleSoftListeningConnector
For example:
http://172.19.151.53/PSIGW/PeopleSoftListeningConnector
Click Load Gateway Connectors to load all target connectors that are registered with the LOCAL gateway.
Click Save.
Note:
Local gateway will be already defined when we install the People Soft. You need to provide the url and load the Target connectors.To create the UST_MGMT_NODE
remote node, perform the following steps:
Click PeopleTools, Integration Broker, Node Definitions on the left hand menu in PeopleSoft Enterprise Portal.
Click the Add a New Value tab. On the Add a New Value tab, enter the Node Name as USR_MGMT_NODE
and click on Add button. The Node Definition page is displayed.
Enter description in the Description field. Make this node a remote node by deselecting the Local Node check box and selecting the Active Node check box.
Click the Connectors tab, and enter the following information:
Gateway ID: LOCAL
Connector ID: PSFT81TARGET
Perform a lookup.
In the Properties section, and enter the following information:
Property ID: PSFT81TARGET
Property Name: URL
Required value: Enter the URL of the PeopleSoft servlet that will receive the XML message. This URL is in the following format:
http://computer_name:port/peopleSoftUserMgmt/do/peopleSoftAction
For example:
http://172.21.109.75:8080/peopleSoftUserMgmt/do/peopleSoftAction
Click Save.
Click the Transactions tab, and then click Add Transaction. The Add Transaction page is displayed.
Enter the following details to define the new transaction:
Transaction Type: Outbound Asynchronous
Request Message: USR_MGMT_MSG
Request Message Version: VERSION_1
Click Add.
To keep the status as active, select Active.
Click Save to save the changes.
After finishing the node configuration, you must provide security for the USR_MGMT_MSG_CH
message channel. To do this:
Navigate to PeopleTools, Security, Permission & Roles, and Permission Lists.
Select AEAE1000. The AEAE1000 permission list is displayed.
Select the Message Monitor Tab, and then click the '+ ' Button to add a channel name.
Enter the channel name as USR_MGMT_MSG_CH
.
Select Full Access from the list, and Click Save.
Navigate to PeopleTools, Integartion Broker, Monitor, Monitor Message, and then Channel Status to check the status of the message channel.
Check if the status of the USR_MGMT_MSG_CH
message channel is running. If the status is Pause
, then click the Run button to activate it.
To create the APIs for the Component interface:
Open the Application Designer by clicking Start and then selecting Programs, Peoplesoft8.9hcm, and Application Designer. The Application Designer window is displayed.
In the Application Designer window, select Open from the File menu. The Open Definition dialog box is displayed.
In the Open Definition dialog box, select Component Interface from the Definition list.
Enter USER_PROFILE
in the Name field, and then press Enter.
All the Component interfaces with names that start with USER_PROFILE
are displayed in the Open Definition dialog box.
Select the USER_PROFILE entry, and then click Open.
Click Yes in the message that is displayed. The properties of the USER_PROFILE
Component interface are displayed.
In the window for the USER_PROFILE
Component interface, select PeopleSoft APIs from the Build menu. The Build PeopleSoft API Bindings dialog box is displayed.
In the Java Classes area of the Build PeopleSoft API Bindings dialog box, select the Build check box.
In the Target Directory field, specify the path of the directory in which you want the APIs to be created and then click OK.
To create the Java template:
On the right pane of the window for the USER_PROFILE
Component interface, right-click USER_PROFILE.
Select Generate Java Template from the shortcut menu. A message showing the name and path of the Java template is displayed.
Click OK to close the message.
The reconciliation process requires the Application Engine program to be run in 2-Tier mode. You can run the application designer in this mode by selecting Connection Type as the database on the PeopleSoft sign-on screen. In addition, the database client must also be installed on the server used for accessing the application designer.
To create the Application Engine Program, perform the following steps:
Click Start, Programs, Peoplesoft8.9hcm, and then Application Designer. The Application Designer window is displayed.
Select New from the File menu. The New Definition dialog box is displayed.
Select Application Engine from the Definition list. The App Engine Program window is displayed.
Select Action from the Insert menu.
Add a step named currency
.
In the App Engine Program window, select Action from the Insert menu.
From the list, select PeopleCode.
Click Save from the File menu to save the PeopleCode action.
Double-click the PeopleCode action.
Copy the code from the CurrencyCode.txt
file, which is in the xellerate_home
\xellerate\scripts
directory. The code has a default value for the output reconciliation file where the reconciled data is stored.
Change the value to an appropriate location on the PeopleSoft server.
Save the PeopleCode action.
Repeat Steps 5 through 11 to create the steps listed in the following table.
Step Name | File Containing the PeopleCode |
---|---|
currency |
CurrencyCode.txt |
language |
LanguageCode.txt |
emplid |
EmployeeId.txt |
userrole |
UserRoles.txt |
permiss |
PermissionList.txt |
EmailType |
EmailType.txt |
Save the Application Engine Program with the name BLKPRCS_USER
.
Running the Application Engine Program
To run the Application Engine Program, perform the following steps:
Open the application designer in 2-Tier mode.
Provide the correct connection type, user ID, and password.
Click the File menu, and open the application engine program, which you just created.
Click the RUN PROGRAM control that exists on the bar just below the Menu bar, on the extreme right. The code written on the peoplecode action will get executed.
The comma separated files will get created on the specified location mentioned in the code.
This section describes how to configure the listener for the PeopleSoft User Management connector. In the following instructions, xellerate_home
refers to the local Oracle Identity Manager Server installation directory.
To configure the PeopleSoft Listener:
Copy the peopleSoftUserMgmt.war
file from the lib directory into a temporary directory.
Enter the following command to extract the WAR file in the temporary directory:
jar –xvf peopleSoftUserMgmt.war
Edit the attributemap.properties
file in the top-level directory. This file contains the mapping between the PeopleSoft attributes that the XML feed will contain and the corresponding Oracle Identity Manager attribute. You must modify this file on the basis of the local configuration. Apply the following guidelines when you modify this file:
Obtain the XML schema of the PeopleSoft XML feed from the PeopleSoft administrator.
Obtain the xpath
of all the PeopleSoft attributes. This is the complete path of the attribute from the root node in the XML file.
Modify the attributemap.properties
file by entering name-value pairs. Here, name
is the Oracle Identity Manager field name and value
is the PeopleSoft attribute xpath
from the XML feed.
Edit the deployment.properties
file in the top-level directory. This file contains the message
property, which corresponds to the name of the XML message from the PeopleSoft feed. The default value of this attribute is USR_MGMT_MSG.
Obtain the correct value for this attribute from the PeopleSoft administrator.
Edit the xlsession.properties
file in the top-level directory. This file contains the following Oracle Identity Manager connection parameters.
ObjectName: This is the name of the resource object in Oracle Identity Manager against which the reconciliation event is created. The default value is PSFTBase.
However, for nontrusted reconciliation, you can change it to any other resource object.
Username: This is the user name for logging in to Oracle Identity Manager. The default value is xelsysadm.
Password: This is the password for logging in to Oracle Identity Manager. The default value is xelsysadm.
Edit the xlclient.properties
file in the top-level directory. This file contains the following system properties that enable an API client to communicate with Oracle Identity Manager:
xl.homedir: This property identifies the Oracle Identity Manager Client directory. Typically, the Oracle Identity Manager client directory is xellerate_home
\xlclient.
java.security.policy: This property identifies the path of the security policy file. Typically, this file is located in the xellerate_home
\xlclient\config\
directory.
java.security.auth.login.config: This property identifies the path of the authentication configuration file. Typically, this file is located in the xellerate_home
\xlclient\config\
directory.
Each application server uses a different authentication configuration file:
IBM WebSphere Application Server: authws.conf
BEA WebLogic Application Server: authwl.conf
JBoss Application Server: auth.conf
java.naming.provider.url: This property identifies the JNP URL of the application server. This value is in the <Discovery><CoreServer><java.naming.provider.url>
tag of the xellerate_home
\xlclient\config\xlconfig.xml
file.
Edit the following properties in the configureReconciliation.properties
file from the top-level directory:
reconciliationMode:
This property can accept one of two possible values:
If reconciliation is to be performed in a trusted mode, then set the reconciliationMode
property to trusted.
If reconciliation is to be performed in a nontrusted mode, then set the reconciliationMode
property to nontrusted.
Serverdateformat:
This property contains the date format that is used for the PeopleSoft server. You can select one of the following date formats:
dd-mmm-yy
ddmmyy
yyddmm
yymmdd
xellerateOrganization:
This property contains the name of the organization. The default value of this parameter is Xellerate Users.
The value that you assign to this property must exist in Oracle Identity Manager.
nullDate:
This property contains the default value for a date field. The value is 2200/01/01 00:00:00 PST.
This value is used if the date field is left empty.
PeoplesoftstartingYEAR:
The year is specified in two digits. If the number represented by these two digits (xx):
Is greater than or equal to 50, then it is assumed that the year is 19xx.
Is less than 50, then it is assumed that the year is 20xx.
This specifies a range of 1950 to 2049 for the year.
Copy the following files from the xellerate_home
\xellerate\lib
directory to the WEB-INF\lib
directory:
Copy the following files from the xellerate_home
\xellerate\ext
directory to the WEB-INF\lib
directory:
oscache.jar
javagroups-all.jar
Delete the peopleSoftUserMgmt.war
file from the temporary directory where you extracted it, and then use the following command to re-create the file:
jar –cvf peopleSoftUserMgmt.war
You must restart the Oracle Identity Manager server and client before deploying the re-created WAR file. In addition, before you start the Oracle Identity Manager server and client, ensure that the peopleSoftApp.war
file does not exist in the application server (JBoss, WebSphere, or WebLogic) deployment directory and in the xellerate_home
\xellerate\webapp
directory. If it does, then it must be deleted.
If you use JBoss and log4j, then logs are produced and archived on a daily basis in the jboss_server_home_dir
/log/server.log
directory, where jboss_server_home_dir
is the parent directory in which JBoss is installed. For the other application servers, the log file is created and saved in the corresponding log
directories.
To import the connector files into Oracle Identity Manager:
Open the Oracle Identity Manager Administrative and User Console.
Click the Deployment Management link on the left navigation bar.
Click the Import link under Deployment Management. The Deployment Manager - Import page is displayed, along with a dialog box for locating files.
Locate and open the PSFTBaseConnector.xml
file, which is in the xellerate_home
\xlclient
directory. The Deployment Manager page is displayed.
In the Deployment Manager page, click Add File. The File Preview window showing the details of the selected file is displayed.
Click Next. The Substitution page is displayed.
Click Next. The Confirmation page is displayed.
Click Next. The Provide IT Resource Instance Data page for the PSFT Base Server
IT resource is displayed.
Specify values for the parameters of the PSFT Base Server
. Refer to the table in the "Defining IT Resources" section for information about the values to be specified.
Click Next. The Provide IT Resource Instance Data page for a new instance of the PSFT Base Server
is displayed.
Click Skip to specify that you do not want to define another IT resource. The Confirmation page is displayed.
Click View Selections.
The contents of the XML file are displayed in the Deployment Manager - Import page. You may see a cross-shaped icon along with some nodes. You must remove these nodes. To do this, right-click each such node and then select Remove.
Click Import. The connector file is imported into Oracle Identity Manager.
If you plan to use the connector in trusted source reconciliation mode, then perform the same procedure to import the PSFTBaseXellerateUser.xml
file. This file is in the xellerate_home
\xlclient\
directory.
Caution:
Only one connector can be configured as a trusted source. If you import thePSFTBaseXellerateUser.xml
file while you have another trusted source configured, then both connector reconciliations would stop working.After you import the connector XML file, proceed to the "Step 6: Configuring Reconciliation" section.
You must specify values for the PSFT Base Server
IT resource parameters listed in the following table.
IT resource type : PSFTBase
IT resource : PSFT Base Server
Parameter Name | Description |
---|---|
Admin | User Id of PeopleSoft User Management Server Administrator
Default value: PS |
AdminCredentials | Password of Administrator |
ComponentInterfaceName | Component interface used to load user data in PeopleSoft User Management
Default value: USER_PROFILE |
ServerName | IP address or computer name of the PeopleSoft User Management server
Sample Value:172.21.100.197 |
ServerPort | Port number at which the PeopleSoft User Management Server is listening
Default values:9000 |
IsDebug | Debug feature
The value can be |
IsSecure | Specify whether or not SSL feature is enabled
The value can be |
SymbolicId | SymbolicId is used to find out the AccessId assosiated with the user profile. This AccessId tells whether ther user has sufficient privileges on the PeopleSoft database or not.
PS89 |
After you specify values for these IT resource parameters, go to Step 9 of the procedure to import connector XML files.
Configuring reconciliation involves creating scheduled tasks for Lookup Fields and User reconciliations. To create the schedule tasks:
Open the Oracle Identity Manager Design Console.
Expand the Xellerate Administration folder.
Select Task Scheduler.
Click Find. The details of the predefined scheduled tasks are displayed on two different tabs.
Enter a number in the Max Retries field. This number represents the number of times Oracle Identity Manager should attempt to complete the task before assigning the ERROR status to the task.
Ensure that the Disabled and Stop Execution check boxes are cleared.
In the Start region, double-click the Start Time field. From the date-time editor that is displayed, select the date and time at which you want the task to run.
In the Interval region, set the following schedule parameters:
To set the task to run on a recurring basis, select the Daily, Weekly, Recurring Intervals, Monthly, or Yearly option.
If you select the Recurring Intervals option, then you must also specify the time interval at which you want the task to run on a recurring basis.
To set the task to run only once, select the Once option.
Provide values for the attributes of the scheduled task. Refer to the appropriate table in the "Specifying Values for the Scheduled Task Attributes" section for information about the values to be specified.
Click Save. The scheduled task is created. The INACTIVE status is displayed in the Status field, because the task is not currently running. The task is run at the date and time that you set in Step 7.
Repeat Step 5 through 10 to create the second scheduled task.
This section provides information about the values to be specified for the following Scheduled Task.
You must specify values for the following attributes of the user reconciliation scheduled task.
Note:
Attribute values are predefined in the connector XML file that you import. Specify values only for those attributes that you want to change.Attribute Name | Attribute Value |
---|---|
MultiValueSeperator |
## is the multivalue seperator in the flat file(Reconciliation file) |
ServerName |
Name of the IT resource instance
Default Value: |
IsTrusted |
Specifies the mode of reconciliation, trusted or nontrusted
The value can be |
XellerateOrganization |
Default value for the Oracle Identity Manager Organization name
This value is used to create the Xellerate User in trusted mode. |
FolderPath |
Folder path of the flat file(.txt file) from where reconciliation will take place. The Scheduled task will reconcile all the files present in this folder. |
TargetSystem | Name of the resource object.
Default Value: PSFTBase |
After you specify values for these task attributes, go to Step 10 of the procedure to create scheduled tasks.
You must specify values for the following attributes of the Lookup Fields reconciliation scheduled task.
Attribute Name | Attribute Value |
---|---|
ServerName |
Name of the IT resource instance
Default Value: |
LookupType |
The type of data that is being looked up in the target system.
The value can be one of the following:
|
FilePath |
File Path is the Path where the Reconcilation lookup txt file will reside.
It will reside on the OIM Server. The Administrator can give any path here. Sample Value: |
LookupName |
The name of the lookup definition configured in OIM.
The value can be one of the following:
|
TargetSystem |
Name of the resource object
Default Value: |
The following adapters are imported into Oracle Identity Manager when you import the connector XML file. You must compile these adapters before you can use them to provision accounts on the target system.
adpPSFTCREATEUSER
adpPSFTUPDATEUSER
adpPSFTRESETPASSWORD
adpPSFTUNLOCKUSER
adpPSFTLOCKUSER
adpPSFTUPDATEUSEREMPID
adpPSFTADDORDELETEROLE
adpPSFTADDORDELETEEMAIL
To compile adapters by using the Adapter Manager form:
Open the Adapter Manager form.
To compile all the adapters that you import into the current database, select the Compile All option.
To compile multiple (but not all) adapters, select the adapters you want to compile. Then, select the Compile Selected option.
Click Start. Oracle Identity Manager compiles the adapters that you specify.
To view detailed information about an adapter:
Highlight the adapter in the Adapter Manager form.
Double-click the row header of the adapter, or right-click the adapter.
Select Launch Adapter from the shortcut menu that is displayed. Details of the adapter are displayed.
Note:
To compile multiple adapters simultaneously, use the Adapter Manager form. To compile one adapter at a time, use the Adapter Factory form. Refer to Oracle Identity Manager Tools Reference Guide for information about how to use these forms.