After you deploy the connector, you must configure it to meet your requirements. This chapter discusses the following connector configuration procedures:
Section 4.3, "Configuring the Connector for Multiple Installations of the Target System"
Section 4.4, "Transforming Data Reconciled Into Oracle Identity Manager"
Note:
- In this section, the term "attribute" refers to the identity data fields that store user data.
- You need not perform this procedure if you do not want to add custom attributes for reconciliation
By default, the attributes listed in Section 1.6.1, "User Attributes for Target Resource Reconciliation and Provisioning" are mapped for reconciliation between Oracle Identity Manager and the target system. If required, you can map additional attributes for reconciliation as follows:
See Also:
Oracle Identity Manager Design Console for detailed instructions on performing the following steps
Open the following file in the OIM_HOME/xellerate/XLIntegrations/Telnet/config directory:
For AIX:
userAttribute_AIX_recon.properties
For non-AIX platforms:
userAttribute_NonAIX_recon.properties
At the end of this file, some of the attribute definitions are preceded by comment characters. You can uncomment the definition of an attribute to make it a part of the list of reconciliation attributes. If required, you can also add new attributes in this file. The format that you must use is as follows:
For AIX:
TARGET_SYSTEM_ATTRIBUTE=OIM_SERVER_ATTRIBUTE
For example:
maxage=Users.AccountExpiryDate
In this example, AccountExpiryDate is the reconciliation field and maxage is the equivalent server command parameter. As a standard, the prefix "Users." is added at the start of all reconciliation field names.
For non-AIX platforms:
OIM_SERVER_ATTRIBUTE=TARGET_SYSTEM_ATTRIBUTE_INDEX
For example:
Users.DefaultShell=6
In this example, DefaultShell is the reconciliation field and 6 is the equivalent server Target Server Attributes index. As a standard, the prefix "Users." is added at the start of all reconciliation field names.
In the resource object definition, add a reconciliation field corresponding to the new attribute as follows:
Open the Resource Objects form. This form is in the Resource Management folder.
Click Query for Records.
On the Resource Objects Table tab, double-click the Telnet User resource object to open it for editing.
On the Object Reconciliation tab, click Add Field to open the Add Reconciliation Field dialog box.
Specify a value for the field name.
For AIX:
You must specify the name that is to the right of the equal sign in the line that you uncomment or add while performing Step 2.
For example, if you uncomment the maxage=Users.AccountExpiryDate line in Step 2, then you must specify Users.AccountExpiryDate as the attribute name.
For non-AIX platforms:
You must specify the name that is to the left of the equal sign in the line that you uncomment or add while performing Step 2.
For example, if you uncomment the Users.DefaultShell=6 line in Step 2, then you must specify Users.DefaultShell as the attribute name.
From the Field Type list, select a data type for the field.
For example: String
Save the values that you enter, and then close the dialog box.
If required, repeat Steps d through g to map more fields.
If you are using Oracle Identity Manager release 11.1.1, then click Create Reconciliation Profile. This copies changes made to the resource object into the MDS.
Add a new field in the process form.
Open the UD_TELNET process form. This form is in the Development Tools folder of the Oracle Identity Manager Design Console.
Click Create New Version.
In the Create a New Version dialog box, specify the version name in the Label field, save the changes, and then close the dialog box.
From the Current Version list, select the newly created version.
On the Additional Columns tab, click Add.
Specify the new field name and other values. For the example described in Step 3 in the connector guide, you enter the value UD_TELNET_DEFAULTSHELL.
Click Make Version Active and then save the changes.
Modify the provisioning process to include the mapping between the newly added attribute and the corresponding reconciliation field as follows:
Open the TELNET User provisioning process. The provisioning process form is in the Process Management folder.
On the Reconciliation Field Mappings tab, click Add Field Map to open the Add Reconciliation Field Mapping dialog box.
Enter the required values, save the values that you enter, and then close the dialog box.
For the example described in Step 3 in the connector guide, you enter the values Users.DefaultShell [String] and UD_TELNET_DEFAULTSHELL.
Note:
In this section, the term "attribute" refers to the identity data fields that store user data.
By default, the attributes listed in Section 1.6.1, "User Attributes for Target Resource Reconciliation and Provisioning" are mapped for provisioning between Oracle Identity Manager and the target system. If required, you can map additional attributes for provisioning as follows:
Modify the attribute entries in the following file:
For the AIX platform:
OIM_HOME/xellerate/XLIntegrations/Telnet/config/userAttribute_AIX_prov.properties
For non-AIX platforms:
OIM_HOME/xellerate/XLIntegrations/Telnet/config/userAttribute_NonAIX_prov.properties
If required, you can add new attributes in this file. The format that you must use is as follows:
OIM_ATTRIBUTE_NAME=TARGET_ATTRIBUTE_NAME
For example:
homeDir=-d
Add a new column in the process form.
Note:
If you have already performed Step 4 of Section 4.1, "Adding Custom Attributes for Reconciliation," then directly proceed to Step 3.
Open the process form. This form is in the Development Tools folder of the Oracle Identity Manager Design Console.
Click Create New Version.
In the Create a New Version dialog box, specify the version name in the Label field, save the changes, and then close the dialog box.
From the Current Version list, select the newly created version.
On the Additional Columns tab, click Add.
Specify the new field name and other values.
Click Make Version Active and save the changes.
Add a new variable in the variable list.
Open the Adapter Factory form. This form is in the Development Tools folder of the Oracle Identity Manager Design Console.
Click the Query for Records icon.
On the Adapter Factory Table tab, double-click the adpTELNETCREATEUSER adapter from the list.
On the Variable List tab, click Add.
In the Add a Variable dialog box, specify the required values and then save and close the dialog box.
Define an additional adapter task for the newly added variable in the adpTELNETCREATEUSER adapter.
On the Adapter Tasks tab of the Adapter Factory form, click Add.
In the Adapter Task Selection dialog box, select Functional Task, select Java from the list of functional task types, and then click Continue.
In the Object Instance Selection dialog box, select Persistent Instance and then click Continue.
In the Add an Adapter Factory Task dialog box, specify the task name, select the setProperty method from the Method list, and then click Save.
Map the application method parameters, and then save and close the dialog box. To map the application method parameters:
For the "Output: String Return variable (Adapter Variable)" parameter:
i. From the Map to list, select Literal.
ii. From the Name list, select Return variable.
For the "Input: String input (Adapter Variable)" parameter:
i. From the Map to list, select Adapter Variables.
ii. From the Name list, select Input.
For the "Input: String (Literal)" parameter:
i. From the Map to list, select Literal.
ii. From the Name list, select String.
iii. In the Value field, specify the name that is to the left of the equal sign in the line that you uncomment or add while performing Step 1.For example, if you uncomment the homeDir=-d line in Step 1, then you must specify homeDir as the attribute name.
For the "Input: String (Adapter Variable)" parameter:
i. From the Map to list, select Adapter Variables.
ii. From the Name list, select the newly added adapter variable.
Repeat Steps b through g to create more adapter tasks.
Create an additional adapter task to set the input variable.
Open the Adapter Factory form. This form is in the Development Tools folder in the Oracle Identity Manager Design Console.
On the Adapter Tasks tab, click Add.
In the Adapter Task Selection dialog box, select Logic Task, select SET VARIABLE from the list, and then click Continue.
In the Edit Set Variable Task Parameters dialog box, select input from the Variable Name list, select Adapter Task from the Operand Type list, and the Operand Qualifier as the Adapter Task that you have created in the previous step. Then, click Save.
Map the process form columns and adapter variables for the Create User process task as follows:
Open the Process Definition form. This form is in the Process Management folder of the Design Console.
Click the Query for Records icon.
On the Process Definition Table tab, double-click the TELNET User process.
On the Tasks tab, double-click the Create User task.
In the Closing Form dialog box, click Yes.
On the Integration tab of the Editing Task Columns Create User dialog box, map the unmapped variables, and then save and close the dialog box. To map an unmapped variable:
i. Double-click the row in which N is displayed in the Status column. The value N signifies that the variable is not mapped.
ii. From the Map to list in the Edit Data Mapping for Variables dialog box, select Process Data.
iii. From the Qualifier list, select the name of the variable.
Repeat Steps i through iii for all unmapped variables.
Repeat Steps 1 through 6 if you want to add more attributes.
When you add an attribute on the process form, you also update the XML files containing the request dataset definitions. To update a request dataset:
In a text editor, open the XML file located in the OIM_HOME/DataSet/file directory for editing.
Add the AttributeReference element and specify values for the mandatory attributes of this element.
See Also:
The "Configuring Requests" chapter of the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager guide for more information about creating and updating request datasets
For example, while performing Step 2 of this procedure, if you added Employee ID as an attribute on the process form, then enter the following line:
<AttributeReference name = "Employee ID" attr-ref = "Employee ID" type = "String" widget = "text" length = "50" available-in-bulk = "false"/>
In this AttributeReference element:
For the name attribute, enter the value in the Name column of the process form without the tablename prefix.
For example, if UD_TELNET_EMP_ID is the value in the Name column of the process form, then you must specify Employee ID as the value of the name attribute in the AttributeReference element.
For the attr-ref attribute, enter the value that you entered in the Field Label column of the process form while performing Step 2.
For the type attribute, enter the value that you entered in the Variant Type column of the process form while performing Step 2.
For the widget attribute, enter the value that you entered in the Field Type column of the process form, while performing Step 2.
For the length attribute, enter the value that you entered in the Length column of the process form while performing Step 2.
For the available-in-bulk attribute, specify true if the attribute must be available during bulk request creation or modification. Otherwise, specify false.
If you added more than one attribute on the process form, then repeat this step for each attribute added.
Save and close the XML file.
Run the PurgeCache utility to clear content related to request datasets from the server cache.
See Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager for more information about the PurgeCache utility.
Import into MDS the request dataset definitions in XML format.
See Section 2.5.5.3, "Importing Request Datasets into MDS" for detailed information about the procedure.
Note:
Perform this procedure only if you want to configure the connector for multiple installations of the target system.
You may want to configure the connector for multiple installations of the target system. The following example illustrates this requirement:
The Tokyo, London, and New York offices of Example Multinational Inc. have their own installations of the target system. The company has recently installed Oracle Identity Manager, and they want to configure Oracle Identity Manager to link all the installations of the target system.
To meet the requirement posed by such a scenario, you must configure the connector for multiple installations of the target system.
To configure the connector for multiple installations of the target system:
See Also:
oracle Fusion Middleware Developer's Guide for Oracle Identity Manager for detailed instructions on performing each step of this procedure
Create and configure one IT resource for each target system installation.
The IT Resources form is in the Resource Management folder. An IT resource is created when you import the connector XML file. You can use this IT resource as the template for creating the remaining IT resources, of the same resource type.
Configure reconciliation for each target system installation. See Section 3.4, "Configuring Scheduled Tasks" for instructions. Note that you only need to modify the attributes that are used to specify the IT resource and to specify whether or not the target system installation is to be set up as a trusted source.
If required, modify the fields to be reconciled for the Xellerate User resource object.
When you use the Administrative and User Console to perform provisioning, you can specify the IT resource corresponding to the target system installation to which you want to provision the user.
This section discusses the TransformLookupName and UseTransformMapping attributes of the scheduled tasks for target resource reconciliation (Telnet User Target Resource Reconciliation Task) and trusted source reconciliation (Telnet User Trusted Source Reconciliation Task.).
During reconciliation, you may want to transform the values of some target system fields before they are stored in Oracle Identity Manager. Appending a number at the end of the user ID is an example of a data transformation.
The TransformLookupName and UseTransformMapping attributes provide a method for implementing such transformations. To use these attributes
Identify the fields that you want to transform.
Create the Java file containing the code implementation of the transformation that must be performed during reconciliation. See Appendix B, " Sample Transformation Class" for information about creating a transformation class.
Compile the Java file. While compiling the file, you must reference the xliTelnet.jar file. See Section 2.1, "Files and Directories on the Installation Media" for information about the xliTelnet.jar file.
Create JAR files containing the code to implement the required transformations on the fields.
If you are using Oracle Identity Manager release 9.1.0.x, then copy the JAR files into the following directory:
OIM_HOME/xellerate/ScheduleTask
If you are using Oracle Identity Manager release 11.1.1, then run the Oracle Identity Manager Upload JARs utility to post the JAR file to the Oracle Identity Manager database. This utility is copied into the following location when you install Oracle Identity Manager:
Note:
Verify that the WL_HOME environment variable is set to the directory in which Oracle WebLogic Server is installed.
For Microsoft Windows:
OIM_HOME/server/bin/UploadJars.bat
For UNIX:
OIM_HOME/server/bin/UploadJars.sh
When you run the utility, you are prompted to enter the login credentials of the Oracle Identity Manager administrator, URL of the Oracle Identity Manager host computer, context factory value, type of JAR file being uploaded, and the location from which the JAR file is to be uploaded. Specify 2 as the value of the JAR type.
See Also:
Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager for detailed information about the Upload JARs utility
In the Lookup.Reconciliation.TransformationMap lookup definition, add an entry for the transformation. In the Code Key column, enter the name of the reconciliation field (in the resource object) on which you want the transformation to be performed. In the Decode column, enter the name of the class file. For example:
Note:
You can use this lookup definition for both UNIX SSH and SSH Telnet.
Code Key: User.UserLogin
Decode: com.thortech.xl.schedule.telnetssh.tasks.AppendTransformer
See Also:
oracle Fusion Middleware Developer's Guide for Oracle Identity Manager for information about creating lookup definitions
While configuring the Telnet User Target Resource Reconciliation Task and Telnet User Trusted Source Reconciliation Task scheduled tasks by performing the procedure described in Section 3.4, "Configuring Scheduled Tasks":
Enter the name of the lookup definition as the value of the TransformLookupName attribute.
Enter yes as the value of the UseTransformMapping attribute to specify that you want transformations to be applied. If you enter no as the value, then the transformations are not applied.