1 About the Connector

Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with third-party applications. The connector for SAP Enterprise Portal is used to integrate Oracle Identity Manager with SAP Enterprise Portal.

Note:

Oracle Identity Manager connectors were referred to as resource adapters prior to the acquisition of Thor Technologies by Oracle.

This chapter contains the following sections:

Supported Functionality
Reconciliation Module
Provisioning Module
Files and Directories That Comprise the Connector

Supported Functionality

The following table lists the functions that are available with this connector.

Function	Type	Description
Create User	Provisioning	Creates a user in the SAP system
Update User	Provisioning	Updates a user in the SAP system
Delete User	Provisioning	Deletes a user from the SAP system
Reset Password	Provisioning	Updates the user password in the SAP system
Lock User	Provisioning	Locks a user in the SAP system
UnLock User	Provisioning	Unlocks a locked user in the SAP system
Add Role	Provisioning	Adds a role to a user in the SAP system
Add Group	Provisioning	Adds a group to a user in the SAP system
Remove Role	Provisioning	Removes the role of a user in the SAP system
Remove Group	Provisioning	Removes a group from a user in the SAP system
List Roles of User	Provisioning	Lists the roles of a user in the SAP system
List Groups of User	Provisioning	Lists the groups of a user in the SAP system
List All Roles	Provisioning	Lists all the roles present in the SAP system
List All Groups	Provisioning	Lists all the groups present in the SAP system
Reconciliation Insert Received	Reconciliation	Inserts a user into Oracle Identity Manager if a user is created in the SAP system
Reconciliation Update Received	Reconciliation	Updates a user in Oracle Identity Manager if a user is updated in the SAP system
Reconciliation Delete Received	Reconciliation	Deletes a user in Oracle Identity Manager if a user is deleted in the SAP system

Note:

This release of the SAP Enterprise Portal connector does not support Secure Network Communication (SNC) or Secure Sockets Layer (SSL).

Reconciliation Module

This section describes the elements that the reconciliation module extracts from the target system to construct a reconciliation event record. The following are features of these elements:

The default data elements of each reconciliation event record are Organization, Xellerate type, and Role.
The default labels for the data elements in each reconciliation event record are:
- Event Linked (for successful reconciliation)
- No Matched Found (for failed reconciliation)
The TimeStamp parameter present in the IT Resource is used for the reconciliation. Its value is the date and time from which records for reconciliation must be fetched.
The IsTrustedSource parameter of the Task Scheduler specifies whether user reconciliation is in trusted or nontrusted mode.

Reconciled SAP Enterprise Portal Resource Object Fields

When Oracle Identity Manager and the SAP Enterprise Portal system are reconciled, the following fields are mapped:

Street
City
State
Zip
Country
TimeZone
Department
ValidFrom
ValidTo
Locked
UserID (Required Field)
Password
ITResourceType
FirstName
LastName
EmailID
Language
Telephone
Fax
Mobile
Groups
- Group
Roles
- Role

For user reconciliation to work, the following lookup definitions must be available and the lookup values must be reconciled before the user reconciliation scheduled task is triggered.

Lookup.SAP.EP.Country
Lookup.SAP.EP.Groups
Lookup.SAP.EP.Language
Lookup.SAP.EP.Roles
Lookup.SAP.EP.TimeZone

Reconciled Oracle Identity Manager User Fields

The following fields are reconciled:

UserID
Password
FirstName
LastName
EmailID
Organization
Xellerate Type
Role
Valid From
Valid To

Provisioning Module

The following fields must be specified for a provisioning task to work for SAP Enterprise Portal resource objects:

User ID
Password
First Name
Last Name
Email ID
ValidFrom
ValidTo

Note:

For the Create User task to work without portal roles, users might not be able to view the portal content in SAP Enterprise Portal.

Files and Directories That Comprise the Connector

The files and directories that comprise this connector are compressed in the SAP Enterprise Portal Rev 1.0.0.zip file, which is in the following directory on the installation media:

Enterprise Applications\SAP Enterprise Portal\

These files and directories are listed in the following table.

File Name with Path	Description
xml\SAPEPResourceObject.xml	These files contain all the component definitions required for the SAP Enterprise Portal connector. These components include the following objects for SAP Enterprise Portal: IT Resource definition SAP User form Lookup definitions Adapters Resource object Process definition Reconciliation scheduled tasks Task Scheduler
xml\SAPEPXLResourceObject.xml	This file is used only if the connector is configured as a trusted source. The `SAPEPXLResourceObject.xml` file contains only the Oracle Identity Manager resource objects and dependent values.
lib\SAPEPConnector.jar	This is the connector code JAR file.
The `lib\SAP_EP_jar.zip` includes the following files: BaseComps.jar com.mphasis.portal.jar com.sap.portal.pcd.basicrolefactoryapi.jar com.sap.portal.pcd.glserviceapi.jar com.sap.portal.pcd.umwrapperserviceapi.jar com.sap.portal.pcmbuilderserviceapi.jar com.sap.portal.usermanagementcore.jar com.sap.security.api.jar com.sap.security.api.perm.jar com.sap.security.core.jar connector.jar exception.jar jARM.jar jta.jar log4j-1.2.8.jar logging.jar P9base.jar P9oracle.jar P9util.jar pcdglstandalone.jar prtapi.jar prtjndisupport.jar prtregistry.jar resolver.jar sapj2eeclient.jar umeuseradminbase.jar util.jar xercesImpl.jar xercesSamples.jar xml-apis.jar j2ee.jar	These JAR files contain the `class` files required for forward provisioning, reconciliation, master maintenance, and troubleshooting between Oracle Identity Manager, SAP Enterprise Portal, and UME.
The `SAP_EP_jar.zip` file in the lib directory also contains these Apache Axis Jar files: axis.jar commons-attributes-api.jar commons-attributes-compiler.jar commons-beanutils.jar commons-codec.jar commons-collections.jar commons-dbcp.jar commons-digester.jar commons-discovery.jar commons-fileupload.jar commons-httpclient.jar commons-lang.jar commons-logging.jar commons-pool.jar commons-validator.jar j2ee.jar jaxrpc.jar saaj.jar wsdl4j.jar	These Apache Axis JAR files are required for SOAP communication with the Web service running in SAPEP 6.0. You can also download these JAR files from `http://ws.apache.org/axis/` The version of Axis used is `axis-1_3.`
Other files in the `lib` directory: com.ora.portal.jar prtapi.jar prtconnection.jar prtcoreservice.jar prtdeploymentapi.jar prtjsp_api.jar prttest.jar	Contains all the JAR files to be placed in the lib folder of the SAP Enterprise Portal connector deployment: `D:\usr\sap\EP6J\j2ee\j2ee_00\cluster\server\services\servlet_jsp\work\jspTemp\irj\root\WEB-INF\portal\lib`
`lib\properties.zip\sapum.properties`	This file is required in the local system to connect to the target SAP Enterprise Portal system. This file contains the Connection parameters required to connect to the SAP Enterprise Portal. The location of this file is given in the IT Resources for the `SAPUMLocation` parameter.
The `lib\properties.zip` file also contains dataSourceConfiguration_database_only.xml dataSourceConfiguration_PCDRoles.xml dataSourceConfiguration_UMERoles.xml dataSourceConfiguration.dtd	These files are supportive files for the `sapum.properties` file. All these files are to be placed in the same folder along with the `sapum.properties` file.
par\WSPortlet.par	This file is deployed on the SAP Enterprise Portal system. This file is used for calling Web Services on the SAP Enterprise Portal system.
troubleshoot\log.properties troubleshoot\troubleshoot.properties	These are configuration files that contain logging, connection, and troubleshooting parameters for various connector tasks.
troubleshoot\TroubleShootingUtility.class	This utility is used to test the connector and to troubleshoot any problems that arise during the use of the connector.
docs\B31136_01.pdf docs\html	Oracle Identity Manager Connector Guide for SAP Enterprise Portal

Instructions to copy these files into the required directories are given in Chapter 2, "Deploying the Connector".