| Oracle® Identity Manager Connector Guide for SAP Enterprise Portal Release 9.0.4 Part Number E10172-01 |
|
|
View PDF |
| Oracle® Identity Manager Connector Guide for SAP Enterprise Portal Release 9.0.4 Part Number E10172-01 |
|
|
View PDF |
Deploying the connector involves the following steps:
The following table lists the deployment requirements for the connector.
| Item | Requirement |
|---|---|
| Oracle Identity Manager | Oracle Identity Manager release 8.5.3 or later |
| Target systems | SAP Enterprise Portal 6.0 |
| Infrastructure requirements |
|
| External code | Apache Axis JAR files
These are listed in the "Files and Directories That Comprise the Connector" section. |
| Target system user account | Create a user account, and assign the following roles to it:
The second role gives the rights to deploy the agent on the target system. For this connector, the agent is the Refer to "Configuring the sapum.properties File" section for information about how this user account is used. If the specified roles are not assigned to this user account, then Oracle Identity Manager cannot connect to the target system. |
The connector files and external code files to be copied and the directories to which you must copy them are given in the following table.
Note:
The connector files listed in the first column of this table are in the following directory on the installation media:Enterprise Applications/SAP Enterprise Portal
Refer to the "Files and Directories That Comprise the Connector" section for more information about these files.
| Connector File/External Code File | Destination Directory |
|---|---|
Files in the lib directory |
OIM_home/Xellerate/SAP_EP/lib
|
lib/SAP_EP_jar/servicelistener.jar |
OIM_home/Xellerate/JavaTasks
In addition, copy this file into the lib directory inside the SAP Enterprise Portal connector deployment directory as shown in the following sample directory path:
D:/usr/sap/EP6J/j2ee/j2ee_00/cluster/server/services/servlet_jsp/work/jspTemp/irj/root/WEB-INF/portal/lib |
par/ConnectorService.par |
Refer to the "Step 3: Deploying Web Services on the Target System" section. |
Files in the resources directory |
OIM_home/xellerate/connectorResources
|
Files in the test directory |
OIM_home/Xellerate/SAP_EP/test
|
Files in the xml directory |
OIM_home/Xellerate/SAP_EP/xml
|
The following files from the OIM_home/xellerate directory:
prtapi.jar prtconnection.jar prtcoreservice.jar prtdeploymentapi.jar prtjsp_api.jar prttest.jar |
Copy these files into the lib directory inside the SAP Enterprise Portal connector deployment directory as shown in the following sample directory path:
D:/usr/sap/EP6J/j2ee/j2ee_00/cluster/server/services/servlet_jsp/work/jspTemp/irj/root/WEB-INF/portal/.lib |
The following files from the SAP EP installation directory:
BaseComps.jar com.sap.portal.pcd.basicrolefactoryapi.jar com.sap.portal.pcd.glserviceapi.jar com.sap.portal.pcd.umwrapperserviceapi.jar com.sap.portal.pcmbuilderserviceapi.jar com.sap.portal.usermanagementcore.jar com.sap.security.api.jar com.sap.security.api.perm.jar com.sap.security.core.jar connector.jar exception.jar j2ee.jar jARM.jar Jta.jar Logging.jar P9base.jar P9oracle.jar P9util.jar pcdglstandalone.jar prtapi.jar prtjndisupport.jar prtregistry.jar sapj2eeclient.jar umeuseradminbase.jar util.jar |
OIM_home/Xellerate/JavaTasks
|
The following files from the Apache Web site at
axis.jar jaxrpc.jar commons-logging.jar commons-discovery.jar See Also: The "Downloading the Apache Axis JAR Files" section for more information. |
OIM_home/Xellerate/JavaTasks
|
Note:
While installing Oracle Identity Manager in a clustered environment, you copy the contents of the installation directory to each node of the cluster. Similarly, you must copy the
connectorResources directory and the JAR files to the corresponding directories on each node of the cluster.Download the Apache Axis JAR files that are required for SOAP communication with the Web service running on the SAP Enterprise Portal 6.0 server. The version of Axis used is axis-1_3. You can download the JAR files from
You must copy these JAR files into the JavaTasks directory of Oracle Identity Manager. In a clustered environment, you must copy these JAR files into the JavaTasks directory of each node of the cluster.
To be able to use Web services with the SAP Enterprise Portal connector, you must deploy the ConnectorService.par file as follows:
Log in to SAP Enterprise Portal as the administrator.
Click the Java Development tab, the Development secondary tab, and then Component Manager.
In the Archive Uploader region, browse to the ConnectorService.par file, and then click Upload. After the file is uploaded, an INFO message is displayed.
From the list in the Archive Deployment Checker region, select WSPortlet, and then click Refresh.
Note:
In this guide, the term Oracle Identity Manager server refers to the computer on which Oracle Identity Manager is installed.Configuring the Oracle Identity Manager server involves performing the following procedures:
Note:
In a clustered environment, you must perform this step on each node of the cluster.Changing to the required input locale (language and country setting) involves installing the required fonts and setting the required input locale.
You may require the assistance of the system administrator to change to the required input locale.
While performing the instructions described in the "Step 2: Copying the Connector Files and External Code Files" section, you copy files from the resources directory on the installation media into the OIM_home/xellerate/connectorResources directory. Whenever you add a new resource bundle in the connectorResources directory or make a change in an existing resource bundle, you must clear content related to connector resource bundles from the server cache.
To clear content related to connector resource bundles from the server cache:
In a command window, change to the OIM_home/xellerate/bin directory.
Note:
You must perform Step 1 before you perform Step 2. If you run the command described in Step 2 as follows, then an exception is thrown:OIM_home/xellerate/bin/batch_file_name
Enter one of the following commands:
On Microsoft Windows:
PurgeCache.bat ConnectorResourceBundle
On UNIX:
PurgeCache.sh ConnectorResourceBundle
Note:
You can ignore the exception that is thrown when you perform Step 2.In this command, ConnectorResourceBundle is one of the content categories that you can remove from the server cache. Refer to the following file for information about the other content categories:
OIM_home/xellerate/config/xlConfig.xml
The sapum.properties file is in the OIM_home/Xellerate/SAP_EP/lib directory. To configure this file, first open it in a text editor and then specify values for the parameters in the Database Settings section of the file.
If the data source used by SAP EP is SAP R3 or LDAP, then you must specify values for the parameters listed in the corresponding section of the sapum.properties file.
When you enable logging, Oracle Identity Manager automatically stores in a log file information about events that occur during the course of provisioning and reconciliation operations. To specify the type of event for which you want logging to take place, you can set the log level to one of the following:
ALL
This level enables logging for all events.
DEBUG
This level enables logging of information about fine-grained events that are useful for debugging.
INFO
This level enables logging of informational messages that highlight the progress of the application at coarse-grained level.
WARN
This level enables logging of information about potentially harmful situations.
ERROR
This level enables logging of information about error events that may still allow the application to continue running.
FATAL
This level enables logging of information about very severe error events that could cause the application to stop functioning.
OFF
This level disables logging for all events.
The file in which you set the log level and the log file path depend on the application server that you use:
BEA WebLogic
To enable logging:
Add the following lines in the OIM_home/xellerate/config/log.properties file:
log4j.logger.XELLERATE=log_level log4j.logger.XL_INTG.SAPEPCONNECTOR=log_level
In these lines, replace log_level with the log level that you want to set.
For example:
log4j.logger.XELLERATE=INFO log4j.logger.XL_INTG.SAPEPCONNECTOR=INFO
After you enable logging, the log information is written to the following file:
WebLogic_home/user_projects/domains/domain_name/server_name/server_name.log
IBM WebSphere
To enable logging:
Add the following lines in the OIM_home/xellerate/config/log.properties file:
log4j.logger.XELLERATE=log_level log4j.logger.XL_INTG.SAPEPCONNECTOR=log_level
In these lines, replace log_level with the log level that you want to set.
For example:
log4j.logger.XELLERATE=INFO log4j.logger.XL_INTG.SAPEPCONNECTOR=INFO
After you enable logging, the log information is written to the following file:
WebSphere_home/AppServer/logs/server_name/startServer.log
JBoss Application Server
To enable logging:
In the JBoss_home/server/default/conf/log4j.xml file, locate or add the following lines:
<category name="XELLERATE">
<priority value="log_level"/>
</category>
<category name="XL_INTG.SAPEPCONNECTOR">
<priority value="log_level"/>
</category>
In the second XML code line of each set, replace log_level with the log level that you want to set. For example:
<category name="XELLERATE"> <priority value="INFO"/> </category>
<category name="XL_INTG.SAPEPCONNECTOR"> <priority value="INFO"/> </category>
After you enable logging, the log information is written to the following file:
JBoss_home/server/default/log/server.log
OC4J
To enable logging:
Add the following lines in the OIM_home/xellerate/config/log.properties file:
log4j.logger.XELLERATE=log_level log4j.logger.XL_INTG.SAPEPCONNECTOR=log_level
In these lines, replace log_level with the log level that you want to set.
For example:
log4j.logger.XELLERATE=INFO log4j.logger.XL_INTG.SAPEPCONNECTOR=INFO
After you enable logging, the log information is written to the following file:
OC4J_home/opmn/logs/default_group~home~default_group~1.log
As mentioned in the "Files and Directories That Comprise the Connector" section, the connector XML file contains definitions of the components of the connector. By importing the connector XML file, you create these components in Oracle Identity Manager.
To import the connector XML file into Oracle Identity Manager:
Open the Oracle Identity Manager Administrative and User Console.
Click the Deployment Management link on the left navigation bar.
Click the Import link under Deployment Management. A dialog box for locating files is displayed.
Locate and open the SAPEPResourceObject.xml file, which is in the OIM_home/Xellerate/xml directory. Details of this XML file are shown on the File Preview page.
Note:
The connector version is also displayed on this page.Click Add File. The Substitutions page is displayed.
Click Next. The Confirmation page is displayed.
Click Next. The Provide IT Resource Instance Data page for the SAP EP IT Resource IT resource is displayed.
Specify values for the parameters of the SAP EP IT Resource IT resource. Refer to the "Defining IT Resources" section for information about the values to be specified.
If you want to configure the connector for another instance of the target system, then:
Click Next. The Provide IT Resource Instance Data page for a new instance of the SAP EP IT Resource IT resource type is displayed.
To define an IT resource for the next instance of the target system, first assign a name to the new IT resource on this page. Then, refer to the "Defining IT Resources" section for information about the values to be specified for the parameters of the new IT resource.
Repeat Steps a and b for the remaining instances of the target system.
See Also:
Oracle Identity Manager Tools Reference GuideClick Skip after you define IT resources for all the instances of the target system. The Confirmation page is displayed.
Click View Selections.
The contents of the XML file are displayed on the Import page. You may see a cross-shaped icon along with some nodes. These nodes represent Oracle Identity Manager entities that are redundant. Before you import the connector XML file, you must remove these entities by right-clicking each node and then selecting Remove.
Click Import. The connector XML file is imported into Oracle Identity Manager.
After you import the connector XML file, proceed to the "Step 6: Configuring the SAP Change Password Function" section.
You must specify values for the SAP EP IT resource parameters listed in the following table.
| Parameter | Description |
|---|---|
SAPUMLocation |
This parameter holds the location of the sapum.properties file. This file contains information to connect to the target SAP EP system.
Sample value: |
TimeStamp |
For the first reconciliation run, the time-stamp value is not set. For subsequent rounds of reconciliation, the time at which the previous round of reconciliation was completed is stored in this parameter.
The following are sample timestamp values:
|
WSDLLocation |
This parameter holds the location of the WSDL URL, where the Web service is running in SAP Enterprise Portal 6.0.
For example: To determine the WSDL URL:
|
CustomizedReconQuery |
Query condition on which reconciliation must be based
If you specify a query condition for this parameter, then the target system records are searched based on the query condition. If you want to reconcile all the target system records, then do not specify a value for this parameter. The query can be composed with the AND (&) and OR (|) logical operators. Sample value: For more information about this parameter, refer to the "Partial Reconciliation" section. |
After you specify values for these IT resource parameters, proceed to Step 9 of the procedure to import connector XML files.
You can configure the Change Password function to modify password behavior in scenarios such as when a user profile on the target system gets locked or expires. For such scenarios, you can configure the system so that the administrator is not able to reset the password for a locked or expired user profile. This helps prevent discrepancies between data in Oracle Identity Manager and the target system.
To configure the Change Password function:
See Also:
Oracle Identity Manager Design Console GuideOpen the Oracle Identity Manager Design Console.
Expand the Process Management folder.
Open the Process Definition form.
Select the SAP EP Process process definition.
Double-click the Password Updated task.
On the Integration tab, specify values for the following parameters:
ValidityChange: You can specify either true or false.
True: If the user's validity period has expired, then it is extended to the date specified in the ValidTo parameter.
False: If the user's validity period has expired, then it does not extend the validity and the user's password cannot be changed.
lockChange: You can specify either true or false.
True: If the user is locked but not by the administrator, then the user is unlocked before the change of password. If the user is locked by the administrator, then the password cannot be changed.
False: If the user is locked, then the password cannot be changed.
ValidTo: Date to which the user's validity must be extended. The date format must be as follows:
Apr 1 10 11:18:29 AM
If this field is left empty, then the value is set to 1970-01-01, which is the default date.
Note:
The values specified are case-sensitive and must match the case in the SAP system.