1 About the Connector

Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with third-party applications. The connector for SAP Enterprise Portal is used to integrate Oracle Identity Manager with SAP Enterprise Portal.

Note:

Oracle Identity Manager connectors were referred to as resource adapters prior to the acquisition of Thor Technologies by Oracle.

This chapter contains the following sections:

Supported Functionality
Multilanguage Support
Reconciliation Module
Provisioning Module
Files and Directories That Comprise the Connector
Determining the Release Number of the Connector

Supported Functionality

The following table lists the functions that are available with this connector.

Function	Type	Description
Create User	Provisioning	Creates a user in the SAP Enterprise Portal system
Update User	Provisioning	Updates a user in the SAP Enterprise Portal system
Delete User	Provisioning	Deletes a user from the SAP Enterprise Portal system
Reset Password	Provisioning	Updates the user password in the SAP Enterprise Portal system
Lock User	Provisioning	Locks a user in the SAP Enterprise Portal system
UnLock User	Provisioning	Unlocks a locked user in the SAP Enterprise Portal system
Add Role	Provisioning	Adds a role to a user in the SAP Enterprise Portal system
Add Group	Provisioning	Adds a group to a user in the SAP Enterprise Portal system
Remove Role	Provisioning	Removes the role of a user in the SAP Enterprise Portal system
Remove Group	Provisioning	Removes a group from a user in the SAP Enterprise Portal system
List Roles of User	Provisioning	Lists the roles of a user in the SAP Enterprise Portal system
List Groups of User	Provisioning	Lists the groups of a user in the SAP Enterprise Portal system
List All Roles	Provisioning	Lists all the roles defined in the SAP Enterprise Portal system
List All Groups	Provisioning	Lists all the groups defined in the SAP Enterprise Portal system
Reconciliation Insert Received	Reconciliation	Inserts into Oracle Identity Manager the user that is created in the SAP Enterprise Portal system
Reconciliation Update Received	Reconciliation	Updates in Oracle Identity Manager the user that is updated in the SAP Enterprise Portal system
Reconciliation Delete Received	Reconciliation	Deletes from Oracle Identity Manager the user that is deleted from the SAP Enterprise Portal system

Multilanguage Support

This release of the connector supports the following languages:

English
Brazilian Portuguese
French
German
Italian
Japanese
Korean
Simplified Chinese
Spanish
Traditional Chinese

Reconciliation Module

This section discusses the elements that the reconciliation module extracts from the target system to construct reconciliation event records. The following are features of these records:

The default data elements of each reconciliation event record are Organization, Xellerate type, and Role.
The default labels for the data elements in each reconciliation event record are:
- Event Linked (for successful reconciliation)
- No Match Found (for failed reconciliation)

The reconciliation module reconciles the fields listed in the following sections:

Lookup Fields Reconciliation
User Reconciliation

Lookup Fields Reconciliation

For user reconciliation to work, the following lookup definitions must be available and the lookup values must be reconciled:

Lookup.SAP.EP.Country
Lookup.SAP.EP.Groups
Lookup.SAP.EP.Language
Lookup.SAP.EP.Roles
Lookup.SAP.EP.TimeZone

User Reconciliation

User reconciliation can be divided into the following:

Reconciled SAP Enterprise Portal Resource Object Fields
Reconciled Xellerate User Fields

Reconciled SAP Enterprise Portal Resource Object Fields

The following fields are reconciled:

Street
City
State
Zip
Country
TimeZone
Department
ValidFrom
ValidTo
Locked
UserID
Password
ITResourceType
FirstName
LastName
EmailID
Language
Telephone
Fax
Mobile
Groups
Roles

Reconciled Xellerate User Fields

If trusted source reconciliation is implemented, then the following additional fields are reconciled:

UserID
Password
FirstName
LastName
EmailID
Organization
Xellerate Type
Role
Valid From
Valid To

Provisioning Module

The following fields must be specified for a provisioning task to work for SAP Enterprise Portal resource objects:

User ID
Password
First Name
Last Name
Email ID
ValidFrom
ValidTo

Note:

If you create a user in Oracle Identity Manager and do not assign a role to the user, then the user would not be able to view any Portal content after logging in to SAP Enterprise Portal.

Files and Directories That Comprise the Connector

The files and directories that comprise this connector are compressed in the following directory on the installation media:

Enterprise Applications\SAP Enterprise Portal

These files and directories are listed in the following table.

File in the Installation Media Directory	Description
The `sapum.properties` file inside the `lib\properties` directory	This file contains the connection parameters required to connect to the SAP Enterprise Portal server. The location of this file is given in the `SAPUMLocation` parameter of the IT resource defined for SAP Enterprise Portal.
The `lib\properties` directory also contains the following files: dataSourceConfiguration.dtd dataSourceConfiguration_database_only.xml dataSourceConfiguration_PCDRoles.xml dataSourceConfiguration_UMERoles.xml	These files are supportive files for the `sapum.properties` file. They must be copied into the directory in which the `sapum.properties` file is copied.
lib\SAP_EP_jar\servicelistener.jar	During provisioning, this JAR file is used to ensure that changes to the role attribute of the user are correctly passed on to SAP EP. During reconciliation, this JAR file is used to ensure that changes to the group attribute are correctly passed on to Oracle Identity Manager.
lib\SAPEPConnector.jar	This is the connector code JAR file.
par\ConnectorService.par	This file is used for calling Web Services on the SAP Enterprise Portal system.
Files in the `resources` directory	Each of these resource bundle files contains language-specific information that is used by the connector. Note: A resource bundle is a file containing localized versions of the text strings that are displayed on the user interface of Oracle Identity Manager. These text strings include GUI element labels and messages displayed on the Administrative and User Console.
Troubleshoot\TroubleShootingUtility.class	This utility is used to test connector functionality.
Troubleshoot\global.properties	This file is used to specify the parameters and settings required to connect to the target system by using the troubleshooting utility.
Troubleshoot\log.properties	This file is used to specify the log level and the directory in which the log file is to be created when you run the troubleshooting utility.
xml\SAPEPResourceObject.xml	This XML file contains definitions for the following components of the connector: IT resource definition SAP User form Lookup definitions Adapters Resource object Process definition Reconciliation scheduled tasks
xml\SAPEPXLResourceObject.xml	This XML file contains the configuration for the Xellerate User. You must import this file only if you plan to use the connector in trusted source reconciliation mode.

Note:

The files in the Troubleshoot directory are used only to run tests on the connector.

The "Step 2: Copying the Connector Files and External Code" section provides instructions to copy these files into the required directories.

Determining the Release Number of the Connector

To determine the release number of a connector that you have deployed:

Extract the contents of the SAPEPConnector.jar file. For a connector that has been deployed, this file is in the following directory:
```
OIM_home\xellerate\JavaTasks
```
Open the manifest.mf file in a text editor. The manifest.mf file is one of the files bundled inside the SAPEPConnector.jar file.

In the manifest.mf file, the release number of the connector is displayed as the value of the Version property.