Oracle® Identity Manager Connector Guide for SAP Enterprise Portal Release 9.0.1 Part Number B31136-01 |
|
|
View PDF |
Deploying the connector involves the following steps:
The following table lists the deployment requirements for the connector.
Item | Requirement |
---|---|
Oracle Identity Manager | Oracle Identity Manager release 8.5.3 or later |
Target system host platform | SAP 4.7 |
Infrastructure requirements | SAPEP 6.0 with WAS 6.2 on SAP 4.7, UME 4.0 on SAPEP 6.0, and Axis 1.3 |
External code | Apache Axis JAR files. These are listed in Files and Directories That Comprise the Connector. |
This section describes how you can access the connector files, download external code files, and copy these into appropriate locations to deploy the connector. This section contains the following subsections:
To download these JAR files from SAP Enterprise Portal:
Open the WinRar utility.
Browse to the D:\usr\sap\EP6J\j2ee\j2ee_00\cluster\server\services\servlet_jsp\work\jspTemp\irj\root\
directory in WinRar.
Click the Find button in WinRar.
Enter the class name in the File Names field to find and keep Disks and folders to Current folder.
Specify *
as the archive type.
Select all three check boxes that begin with the word Find, and ensure that the remaining check boxes are not selected.
Click OK.
Note the directory path in the results displayed.
Copy the JAR file from the directory whose path that you noted.
Download the Apache Axis JAR files that are required for SOAP communication with the Web service running on the SAPEP 6.0 server. The version of Axis used is axis-1_3. You can download the JAR files from
Copy these JAR files into the JavaTasks
directory of Oracle Identity Manager.
The following table describes the files that you need to copy from the SAP Enterprise Portal_
versionno
directory and the respective destination directories.
File to Be Copied | Destination |
---|---|
xml\SAPEPResourceObject.xml
|
OIM_HOME \Xellerate\SAP_EP1.0.0\xml |
lib\SAP_EP_jar\SAPEPConnector.jar |
OIM_HOME \Xellerate\JavaTasks |
All JAR files in the lib\SAP_EP_jar.zip file |
OIM_HOME \Xellerate\JavaTasks |
par\WSPortlet.par |
See Step 3: Deploying Web Services on the Target System |
JAR files in the lib\SAP_EP_par.zip file |
\lib directory of the SAP Enterprise Portal installation. For example:
|
troubleshoot/troubleshoot.properties
|
Any folder where you intend to run test cases and troubleshoot from.
For example: |
docs\B31136_01.pdf docs\html |
OIM_HOME \Xellerate\SAP_EP1.0.0\docs\ |
To be able to use Web Services with the SAP Enterprise Portal connector, you need to deploy the WSPortlet.par
file as follows:
Log in to SAP Enterprise Portal as the administrator.
Click the Java Development tab, the Development secondary tab, and then Component Manager.
In the Archive Uploader area, browse to the WSPortlet.par
file, and then click Upload. After the file is uploaded, an INFO message is displayed.
From the list in the Archive Deployment Checker area, select WSPortlet, and then click Refresh.
To import the connector XML file into Oracle Identity Manager:
Open the Oracle Identity Manager Administrative and User Console.
Click the Deployment Management link on the left navigation bar.
Click the Import link under Deployment Management. A dialog box for locating files is displayed.
Locate and open the SAPEPResourceObject.xml
file, which is in the OIM_HOME
\Xellerate\xml
directory. Details of this XML file are shown on the File Preview page.
Click Add File. The Substitutions page is displayed.
Click Next. The Confirmation page is displayed.
Click Next. The Provide IT Resource Instance Data page for the SAP EP
IT resource is displayed.
Specify values for the parameters of the SAP EP IT resource. Refer to the table in the Defining IT Resources section for information about the values to be specified.
Click Next. The Provide IT Resource Instance Data page for a new instance of the SAP EP
IT resource type is displayed.
Click Skip to specify that you do not want to define another IT resource. The Confirmation page is displayed.
See Also:
If you want to define another IT resource, then refer to Oracle Identity Manager Tools Reference Guide for instructions.Click View Selections.
The contents of the XML file are displayed on the Import page. You may see a cross-shaped icon along with some nodes. You must remove these nodes. To do this, right-click each such node and then select Remove.
Click Import. The connector file is imported into Oracle Identity Manager.
If you plan to use the connector in trusted source reconciliation mode, then perform the same procedure to import the SAPEPXLResourceObject.xml
file. This file is in the OIM_HOME
\Xellerate\xml
directory.
Caution:
Only one connector can be configured as a trusted source. If you import theSAPEPXLResourceObject.xml
file while you have another trusted source configured, then both connector reconciliations would stop working.You must specify values for the SAP EP IT resource parameters in the following table.
After you specify values for these IT resource parameters, go to Step 9 of the procedure to import connector XML files.
Configuring reconciliation involves creating scheduled tasks for lookup fields and user reconciliations. To create these scheduled tasks:
Expand the Xellerate Administration folder.
Select Task Scheduler.
Click Find. The details of the predefined scheduled tasks are displayed on two different tabs.
Enter a number in the Max Retries field. This number represents the number of times Oracle Identity Manager should attempt to complete the task before assigning the ERROR
status to the task.
Ensure that the Disabled and Stop Execution check boxes are cleared.
In the Start region, double-click the Start Time field. From the date-time editor that is displayed, select the date and time at which you want the task to run.
In the Interval region, set the following schedule parameters:
To set the task to run on a recurring basis, select the Daily, Weekly, Recurring Intervals, Monthly, or Yearly option.
If you select the Recurring Intervals option, then you must also specify the time interval at which you want the task to run on a recurring basis.
To set the task to run only once, select the Once option.
Provide values for the attributes of the scheduled task. Refer to the appropriate table in the Specifying Values for the Scheduled Task Attributessection for information about the values to be specified.
See Also:
Oracle Identity Manager Design Console Guide for information about adding and removing task attributesClick Save. The scheduled task is created. The INACTIVE
status is displayed in the Status field, because the task is not currently running. The task is run at the date and time that you set in Step 7.
Repeat Steps 5 through 10 to create the second scheduled task.
After you create both scheduled tasks, proceed to the Step 6: Compiling Adapters section.
This section provides information about the values to be specified for the following scheduled tasks:
You must specify values for the following attributes of the lookup fields reconciliation scheduled task.
Note:
Attribute values are predefined in the connector XML file that you import. Specify values only for those attributes that you want to change.Parameter Name | Sample Value | Description |
---|---|---|
ITResource |
SAP EP IT Resource | Name of the IT Resource for making connection to SAP Enterprise Portal |
The SAPEP Lookup Recon lookup field is not reconciled.
After you specify values for these task attributes, go to Step 10 of the procedure to create scheduled tasks.
You must specify values for the following attributes of the user reconciliation scheduled task.
Note:
Attribute values are predefined in the connector XML file that you import. Specify values only for those attributes that you want to change.After you specify values for these task attributes, go to Step 10 of the procedure to create scheduled tasks.
See Also:
Reconciliation ModuleThe following adapters are imported into Oracle Identity Manager when the connector XML file is deployed. You must compile these adapters before you can use them to provision accounts on the target system.
SAP EP Remove Role
SAP EP Remove Grou
p
SAP EP Password Change
SAP EP Modify User Date
SAP EP Modify User
SAP EP Delete User
SAP EP Create User
SAP EP Add Role
SAP EP Add Group
SAP EP Lock UnLock User
PrePopulate SAP EP Form
Note:
To compile multiple adapters simultaneously, use the Adapter Manager form. To compile one adapter at a time, use the Adapter Factory form.To compile adapters by using the Adapter Manager form:
Open the Adapter Manager form.
To compile all the adapters that you import into the current database, select the Compile All option.
To compile multiple (but not all) adapters, select the adapters you want to compile. Then, select the Compile Selected option.
Click Start. Oracle Identity Manager compiles the adapters that you specify.
See Also:
Oracle Identity Manager Design Console Guide for information about how to use these forms.To view detailed information about an adapter:
The Configuration
parameter of this connector affects the behavior of the Change Password function. You can configure password behavior in scenarios such as when a user profile gets locked or expires on the target system. In such a case, you can configure the system such that the administrator will not be able to reset the password for such a profile to prevent discrepancies between the Oracle Identity Manager system and the target system.
To configure the Configuration parameter of the Change Password function, do the following:
In the Administrative and User Console, select Process Management and Process Definition.
Select the Password Updated task.
Specify values for the following parameters:
ValidityChange:
This is a flag that can accept the value true
or false.
True:
If the user's validity period has expired, then it is extended to the date specified in the validityDate
parameter.
False:
If the user's validity period has expired, then it does not extend the validity and the user's password cannot be changed.
lockChange:
This is a flag that can accept the value true
or false.
True:
If the user is locked but not by the administrator, then the user is unlocked before the change of password. If the user is locked by the administrator, then the password cannot be changed.
False:
If the user is locked, then the password cannot be changed.
ValidTo:
Date to which the user's validity must be extended. The date format must be as follows:
Apr 1 10 11:18:29 AM
If this field is left empty, then the value is set to 1970-01-01,
which is the default date.