3 Configuring the Target System and Oracle Identity Manager

This chapter discusses the following topics:

• Configuring the Target System

• Configuring Oracle Identity Manager

Note:

These sections provide both conceptual and procedural information about configuring the connector. Oracle recommends that you read the conceptual information before you perform the procedures.

3.1 Configuring the Target System

This section discusses the following topics:

• Configuring the Target System for Full Reconciliation

• Configuring the Target System for Incremental Reconciliation

• Configuring the Target System for Provisioning

3.1.1 Configuring the Target System for Full Reconciliation

As described in Chapter 1, "About the Connector", full reconciliation is used to reconcile all the data in the target system into Oracle Identity Manager. The PeopleCode that is activated extracts the required user account information by using the USERMAINT component.

Configuring the target system for full reconciliation involves preparing the flat file for full reconciliation by performing the following procedures:

• Creating the Application Engine Program

  You have to create the Application Engine program only once when you are perform full reconciliation for the first time.

• Running the Application Engine Program

  You must run the Application Engine program each time you want to perform full reconciliation.

3.1.1.1 Creating the Application Engine Program

The Application Engine program populates the flat file used to perform full reconciliation with user account information that requires reconciliation. To create the Application Engine program:

1. To open Application Designer in 2-tier mode, click Start, Programs, Peoplesoft8.x, and then Application Designer.

2. Select New from the File menu.

3. In the New Definition dialog box, select App Engine Program from the Definition list.

4. On the App Engine Program page, a plus sign (+) is displayed before the MAIN section in the Application Engine program under which there may be multiple steps. In each step, there may be some PeopleCode to be run. Click the plus sign (+). A step titled Step01 is added to MAIN.

5. Rename Step01 to Currency.

6. On the App Engine Program page, select Action from the Insert menu. An action is added to the Currency step.

7. Select PeopleCode from the list for the new action.

8. Click Save from the File menu to save the Application Engine program with the name BLKPRCS_USER.

9. Double-click the PeopleCode action. A new PeopleCode window is displayed.

10. In the PeopleCode window, copy the code from the OIM_HOME/xellerate/Scripts/CurrencyCode.txt file.

11. In the code that you copy, retain the file name (CurrencyCode.txt) but change the path to a directory location on the PeopleSoft server as follows:

    &DataFile = GetFile("path where you want to generate the comma-separated flat file\CurrencyCode.txt", "w", %FilePath_Absolute);
    &LOGFile = GetFile("path where you want to generate the comma-separated flat file\CurrencyCode.txt", "w", "a", %FilePath_Absolute);
    

    For example:

    &DataFile = GetFile("C:\PSFT_849_LOOKUPS\CurrencyCode.txt", "w", %FilePath_Absolute);
    &LOGFile = GetFile("C:\PSFT_849_LOOKUPS\CurrencyCodelook_up.log", "w", "a", %FilePath_Absolute);
    

12. Save the PeopleCode action, and close the window.

13. On the App Engine Program page, select the MAIN section and then select Step/Action from the Insert menu.

14. Repeat Steps 5 through 12 to create the remaining steps, which are listed in the following table:

    Step Name	File Containing the Required PeopleCode
    language	LanguageCode.txt
    emplid	EmployeeId.txt
    userrole (PeopleTools 8.22 only)	UserRoles.txt
    permiss	PermissionList.txt
    EmailType (PeopleTools 8.45 through 8.48 only)	EmailType.txt
    addemp	AddEmp.txt

    
    

15. Save the Application Engine program.

3.1.1.2 Running the Application Engine Program

The procedure to run the Application Engine program depends on the release of PeopleTools that you are using:

• Running the Application Engine Program on PeopleTools 8.22

• Running the Application Engine Program on PeopleTools 8.45 Through 8.48

Running the Application Engine Program on PeopleTools 8.22

To run the Application Engine program on PeopleTools 8.22:

1. Log in to PeopleSoft Internet Architecture.

2. Click People Tools, Process Scheduler Manager, Use, and Process Definitions.

3. On the Process Definitions page, click Add a New value.

4. Select Application Engine from the Process Type list.

5. Enter the name of the Application Engine program as the process name, BLKPRCS_USER.

6. Click Add.

7. Select the Application Engine program from the search results that are displayed when you click Add.

8. On the Process Definition Options tab, specify the following values:

   • Run Location: Server

   • Server Name: PSNT

   • Component: PRCSMULTI

   • Process Groups: ALLPANLS

9. Click Save.

10. Return to the home page.

11. Click PeopleTools, Process Scheduler Manager, Process, and Sample Processes.

12. On the Sample Processes page, click Add a New value.

13. Specify a run control ID, and then click Add.

    Note:

    A run control ID is used as a key for records that contain the parameters required by a process at run time. If the parameters are stored in a table that the process can query using the run control ID and user ID, then the process can run without user intervention.

14. Click Run.

15. On the Process Scheduler Request page, specify the server name.

16. Select the Application Engine program name, and then click OK.

17. Click Process Monitor to verify the status of the process.

    After the process status changes to Success, the comma-separated flat file is created at a location specified in the code that you copy from the AddEmp.txt file.

Running the Application Engine Program on PeopleTools 8.45 Through 8.48

Note:

For the Application Engine program to run in 2-tier mode, the database client must be installed on the server used for accessing the application designer. To switch to the 2-tier mode, you select Connection Type as the database on the PeopleSoft sign-on screen.

To run the Application Engine program on PeopleTools 8.45 through 8.48:

1. To open Application Designer in 2-tier mode, click Start, Programs, Peoplesoft8.x, and then Application Designer.

2. Specify the connection type, user ID, and password.

3. To open the Application Engine program that you created:

   1. From the File menu, select Open and then select Application Engine Program from the Object Type list.

   2. Select BLKPRCS_USER, and then click Open.

4. Click the RUN PROGRAM control on the toolbar below the menu bar. The comma-separated flat file containing user records is created at the location specified in the code that you copy from the AddEmp.txt file.

3.1.2 Configuring the Target System for Incremental Reconciliation

Configuring the target system for incremental reconciliation involves creating messages and message channels, publishing messages by writing PeopleCode that is used to populate and send messages from PeopleSoft Integration Broker to other systems, and configuring Integration Broker.

Note:

In PeopleSoft Application version 9.0, queues replace message channels.

A message is the physical container for the XML data that is sent from PeopleSoft Enterprise Applications. Message definitions provide the physical description of data that is sent from PeopleSoft Enterprise Applications. This data includes fields, field types, and field lengths. A message channel is used to carry messages. It is a mechanism for structuring data into logical groups. Each message can belong to only one message channel.

After messages are created and associated with their respective message channels, you must publish the messages, which involves writing the PeopleCode in the application designer. This is because PeopleSoft Integration Broker and Oracle Identity Manager communicate through the exchange of XML messages and a message can only be started by using specific instructions in the PeopleCode.

Note:

The procedures to create messages, message channels, and publishing messages depend on the version of the target system being used. The procedure to configure PeopleSoft Integration Broker depends on the version of PeopleTools being used.

Setting the PeopleSoft Integration Broker gateway is mandatory when you configure PeopleSoft Integration Broker. To subscribe to XML data, Oracle Identity Manager can accept and process XML messages posted by PeopleSoft by using PeopleSoft connectors located in the PeopleSoft Integration Broker gateway. These connectors are Java programs that are controlled by the Integration Broker gateway and, in turn, control the location of the XML files.

This gateway is a program that runs on the PeopleSoft Web server. It acts as a physical hub between PeopleSoft and other PeopleSoft applications (or third-party systems, such as Oracle Identity Manager). The gateway manages the receipt and delivery of messages passed among systems through PeopleSoft Integration Broker.

To configure the target system for incremental reconciliation, you must perform the following procedures:

Note:

You must use an administrator account to perform the following procedures.

1. Creating the Message Channel

2. Creating the Message

3. Publishing the Message

4. Configuring PeopleSoft Integration Broker

3.1.2.1 Creating the Message Channel

The procedure to create a message channel varies depending on the version of PeopleTools that you are using:

• Creating the Message Channel on PeopleTools 8.22

• Creating the Message Channel on PeopleTools 8.45 Through 8.47

• Creating the Queue on PeopleTools 8.48

3.1.2.1.1 Creating the Message Channel on PeopleTools 8.22

To create the message channel on PeopleTools 8.22:

1. Click Start, Programs, and Application Designer. The Application Designer window is displayed in the 2-tier mode.

2. Select New from the File menu.

3. In the New Definition dialog box, select Message Channel, and then click OK.

4. Save the new message channel as USR_MGMT_CH.

5. Select Object Properties from the File menu.

6. In the Message Channel Properties dialog box, select the Run option, and then select Archive Messages.

7. Click OK, and then save the message.

3.1.2.1.2 Creating the Message Channel on PeopleTools 8.45 Through 8.47

To create the message channel on PeopleTools 8.45 Through 8.47:

1. Click Start, Programs, and Application Designer. The Application Designer window is displayed in the 2-tier mode.

2. Select New from the File menu.

3. In the New Definition dialog box, select Message Channel, and then click OK.

4. Save the new message channel as USR_MGMT_CH.

5. Select Object Properties from the File menu.

6. In the Message Channel Properties dialog box, select the Use tab, select the Run option, and then select the Archive Messages check box.

7. Click OK, and then save the message channel.

3.1.2.1.3 Creating the Queue on PeopleTools 8.48

To create the queue on PeopleTools 8.48:

1. In the PeopleSoft Internet Architecture window, expand People Tools, Integration Broker, and Integration Setup, and then click Queue.

2. On the Add a New Value tab, enter the queue name, for example, PSFT_UM_QUEUE, and then click Add.

3. On the Queue Definition tab, select the archive check box.

4. Select Run from the Queue Status list.

5. Click Save to save the changes.

3.1.2.2 Creating the Message

The procedure to create a message varies depending on the version of the PeopleTools that you are using:

• Creating the Message on PeopleTools 8.22

• Creating the Message on PeopleTools 8.45 Through 8.47

• Creating the Message on PeopleTools 8.48

3.1.2.2.1 Creating the Message on PeopleTools 8.22

To create the message on PeopleTools 8.22:

1. Click Start, Programs, and Application Designer. The Application Designer window is displayed.

2. Select New from the File menu.

3. In the New Definition dialog box, select Message from the list, and then click OK.

4. Select Object Properties from the File menu.

5. In the Message Properties dialog box, click the Use tab.

6. On the Use tab, select the USR_MGMT_CH message channel from the list and then select the version of the message that you create from the Version list. By doing this, you associate the message with the message channel created in the "Creating the Message Channel on PeopleTools 8.22" section.

7. Select Active to make the message an active message, and then click OK.

8. Right-click VERSION_1, and select the Insert Child Record option.

9. In the Insert Record window, enter PSOPRDEFN in the Name field, click Insert, and then click Close.

   Note:

   PSOPRDEFN is a record defined in the OIM_HOME/xellerate/test/cbrecon/USR_MGMT_MSG.xml file. Refer to this file for information about the fields that comprise the PSOPRDEFN record.

10. Click PSOPRDEFN under VERSION_1. All the fields that constitute the PSOPRDEFN records are displayed.

    By default, all the fields are selected. Deselect the check boxes for the fields that are not required for the message XML file to be generated.

    For the USR_MGMT_MSG message, deselect the following fields from the PSOPRDEFN record:

    • VERSION

    • CLASSCOUNT

    • OPERPSWD

    • ENCRYPTED

    • LASTPSWDCHAN

    • ACCTLOCK

    • LASTUPDDTTM

    • LASTUPDOPRID

    • FAILEDLOGINS

    Note:

    Do not delete the fields from the PSOPRDEFN record. You just need to deselect the check boxes for the fields in the message definition.

11. Repeat Steps 8 through 10 for the PSROLEUSER_VW record. Deselect the following fields for this record:

    • OPRID

    • DYNAMIC_SW

    Note:

    PSROLEUSER_VW is the second record defined in the OIM_HOME/xellerate/test/cbrecon/USR_MGMT_MSG.xml file.

12. Save the message as USR_MGMT_MSG.

3.1.2.2.2 Creating the Message on PeopleTools 8.45 Through 8.47

To create the message on PeopleTools 8.45 Through 8.47:

1. Click Start, Programs, and Application Designer. The Application Designer window is displayed.

2. Select New from the File menu.

   Note:

   To run the Application Designer in 2-tier mode, you must have the database client, which is the client of the database that PeopleSoft is using, installed on the server. In addition, you must select the appropriate database type from the Connection Type field (for example, Oracle Database) while providing sign-on information in the PeopleSoft Application Designer Signon window.

3. In the New Definition dialog box, select Message from the list and then click OK.

4. Select Object Properties from the File menu. The Message Properties dialog box is displayed.

5. In the Message Properties dialog box, click the Use tab.

6. On the Use tab, select the USR_MGMT_CH message channel and the version of the message that you create in Step 2 of this procedure. By doing this, you associate the message with the message channel created in the "Creating the Message Channel on PeopleTools 8.45 Through 8.47" section.

7. Select Active to make the message an active message and then click OK to close the dialog box.

8. Save the message as USR_MGMT_MSG.

   You can also save this message with a name of your choice. If you do so, then you must make the same change in the code that you copy from the UserMgmtCBRecon_8.45-8.47.txt file while performing the procedure described in the "Publishing the Message" section.

3.1.2.2.3 Creating the Message on PeopleTools 8.48

To create the message on PeopleTools 8.48:

1. In the PeopleSoft Internet Architecture window, expand People Tools, Integration Broker, and Integration Setup, and then click Message.

2. On the Add a New Value tab, enter the message name, for example, USR_MGMT_MSG. In addition, enter the version in the Version field. The valid values for this field are version_1 or v1.

3. Click Add.

4. On the Message Definition tab, select Nonrowset-based as the message type.

5. Click Save to save the changes.

3.1.2.3 Publishing the Message

To publish the message on PeopleTools 8.22 through 8.48:

1. Click Start, Programs, Peoplesoft8.x, and then Application Designer. The Application Designer window is displayed in 2-tier mode.

   Note:

   To run the Application Designer in 2-tier mode, you must have the database client, which is the client of the database that PeopleSoft is using, installed on the server. In addition, you must select the appropriate database type from the Connection Type field (for example, Oracle Database) while providing sign-on information in the PeopleSoft Application Designer Signon window.

2. Select Open from the File menu. The Open Definition dialog box is displayed.

3. Select Component from the Definition list, enter USERMAINT in the Name Selection Criteria field, and then click Enter. All component names starting with the text USERMAINT are displayed.

4. Select USERMAINT from the list, and then click Open. The details of the USERMAINT component are displayed.

5. Click the Structure tab, right-click USERMAINT, and then select View PeopleCode. The PeopleCode for the USERMAINT component is displayed.

6. Select the SavePostChange event from the list in the upper-right corner of the window. The PeopleCode for this event is displayed.

7. Copy the code given in the following file immediately after the import definitions in the PeopleCode for the SavePostChange event:

   For PeopleTools 8.22:

   OIM_HOME/xellerate/Scripts/UserMgmtCBRecon.txt
   

   For PeopleTools 8.45 through 8.47:

   OIM_HOME/xellerate/Scripts/UserMgmtCBRecon_8.45-8.47.txt
   

   For PeopleTools 8.48:

   OIM_HOME/xellerate/Scripts/UserMgmtCBRecon_8.48.txt
   

   Note:

   While creating the message by following the procedures described in the "Creating the Message" section, if you change the name of the message to something other than USR_MGMT_MSG, then you must use the same name in the code that you copy.

8. If you are using PeopleTools 8.22, then select Save from the File menu to save the changes to the USERMAINT component.

   If you are using PeopleTools 8.45 through 8.48, then:

   1. Add the following function call at the end of the PeopleCode for the SavePostChange event:

      Note:

      Perform this step only after you copy the code from the text file.

      /**********************************************************************/
      /* Calling the GENERATEUSER function to generate the 
      USR_MGMT_MSG message*/
      /**********************************************************************/
      If Len(%CompIntfcName) = 0 Then 
      Local string &OPID;
      &OPID = PSOPRDEFN.OPRID;
      &s_ipadd = %Request.ServerName;
      &n_port = %Request.ServerPort;
      GENERATEUSR(&OPID);
      End-If;
      

   2. Select Save from the File menu to save the changes to the USERMAINT component.

3.1.2.4 Configuring PeopleSoft Integration Broker

The procedure to configure PeopleSoft Integration Broker depends on the release of PeopleTools that you are using.

Note:

While configuring PeopleSoft Integration Broker, you perform some of the procedures in PeopleSoft Internet Architecture and some in the Application Designer. For example, for PeopleTools 8.22 and PeopleTools 8.45 through 8.47, some of the configuration steps must be performed in PeopleSoft Internet Architecture and some in the Application Designer. For PeopleTools 8.48, all of the configuration steps must be performed in PeopleSoft Internet Architecture.

The following section explains the procedure to configure PeopleSoft Integration Broker on PeopleTools 8.22:

• Configuring PeopleSoft Integration Broker on PeopleTools 8.22

The following sections explain the procedures to configure PeopleSoft Integration Broker on PeopleTools 8.45 through 8.47 and PeopleTools 8.48:

• Configuring PeopleSoft Integration Broker Gateway on PeopleTools 8.45 Through 8.48

• Configuring PeopleSoft Integration Broker on PeopleTools 8.45 Through 8.47

• Configuring PeopleSoft Integration Broker on PeopleTools 8.48

3.1.2.4.1 Configuring PeopleSoft Integration Broker on PeopleTools 8.22

To configure PeopleSoft Integration Broker on PeopleTools 8.22:

Note:

Configuring the PeopleSoft Integration Broker gateway is a part of the procedure to configure the PeopleSoft Integration Broker on PeopleTools 8.22.

1. To create the USR_MGMT_NODE remote node:

   1. In the Application Designer, select New from the File menu.

   2. In the New Definition dialog box, select Message Node from the list, and then click OK.

   3. Right-click anywhere in the white space, and then select Insert Location. The Location dialog box is displayed.

   4. Enter the URL for the PeopleSoft Integration Broker gateway in the following format:

      http://hostname:port/servlets/gateway
      

      In this URL, hostname is the application server that hosts PeopleSoft and port is the port number at which the application server is listening.

   5. Select Object Properties from the File menu.

   6. In the Message Node Properties dialog box, select the Use tab. Ensure that Local Node is not selected.

   7. Save the remote node as USR_MGMT_NODE.

2. To configure the USR_MGMT_MSGCH message channel:

   1. From the File menu, select Open and then click Message Channel.

   2. To open the USR_MGMT_MSGCH message channel, select USR_MGMT_MSGCH.

   3. Click the Routing Rules tab.

   4. Right-click anywhere in the white space, and then select Insert Message Node.

   5. In the Insert Message Node dialog box, select the USR_MGMT_NODE message node, and then click Insert.

   6. Close the dialog box.

   7. Right-click the message node displayed on the Routing Rules tab.

   8. Point to Routing Direction, and then select Publish To.

   9. Save the message channel.

3. To configure the PeopleSoft Integration Broker gateway so that messages can be sent through the gateway to Oracle Identity Manager:

   Note:

   The Simple File Handler mentioned in this procedure is a utility in PeopleTools 8.22 that can receive messages published by a PeopleSoft node and write these messages to a file that can be used by third-party systems.

   1. In a Web browser, use a URL with the following format to open the Handler Directory page (configuration window for the PeopleSoft Integration Broker gateway):

      http://hostname:port/servlets/gateway.administration
      

      In this URL, hostname is the application server that hosts PeopleSoft and port is the port number at which the application server is listening.

   2. Click Add Handler.

   3. On the Add Handler page, enter the full name of the Simple File Handler class, psft.pt8.filehandler.SimpleFileHandler.

   4. Click Save.

   5. To load the handler, on the Handler Directory page, click Load.

      After the handler is loaded, the "Loaded successfully" message is displayed in the Status column.

   6. Click Configure.

   7. Click Add a file handler node.

   8. In the Node Name field on the Add File Handler Node page, enter the name of the message node that you create, USR_MGMT_NODE.

   9. Specify the output directory in which the published messages are to be stored.

   10. Select Include Header.

   11. Click Save.

4. XML messages are generated by the PeopleTools 8.22 Simple File Handler. To publish these messages to the connector, create a Microsoft Windows scheduled task as follows. You must create the scheduled task on the computer on which the PeopleSoft Web server is running.

   Note:

   The Microsoft Windows scheduled task calls a Java program that communicates with a servlet deployed on the Oracle Identity Manager server. The servlet parses the message and sends reconciliation events to Oracle Identity Manager.

   The servlet sends a return code based on the status of the reconciliation event. If the reconciliation event is successfully sent, then the message file is deleted or archived. Otherwise, the message file is left unchanged. The next time the scheduled task is run, another attempt is made to send the message.

   1. Copy the xliMsgPublisher.jar and publish.bat files from the OIM_HOME/xellerate/lib/MsgPublisher directory to a directory on the PeopleSoft Enterprise Applications server.

   2. Use a text editor to open the publish.bat file, and then make the following changes in the file:

      i. Change the value of the JAVA_HOME variable so that it points to the JDK installation directory on the computer on which the PeopleSoft Web server is running.

      ii. Specify the following values in the Java command given at the end of the file:

      - PeopleSoft_listener_servlet_URL: This is the URL of the servlet that listens for reconciliation events generated using PeopleSoft Application Messaging.

      - Output_directory_for_XML_messages: This is the PeopleSoft Web server directory in which you want published messages to be stored. You have already specified the output directory while performing Step 3.i of this procedure.

      - XML_message_name: This is the message name created while configuring the target system. Refer to the "Creating the Message" section for more information.

      - console_log_file_path: This is the full path and the name of the directory in which the log file must be generated.

      The command is in the following format:

      java com.thortech.xl.Integration.msgpublisher.PeopleSoftPublisher "PeopleSoft_listener_servlet_URL" "Output_directory_for_XML_messages" XML_message_name >> console_log_file_path
      

      For example:

      java com.thortech.xl.Integration.msgpublisher.PeopleSoftPublisher "http://hostname:port/peopleSoftUserMgmt/do/peopleSoftAction" "C:/test/file" PSFT_XELLERATE_MSG >> c:/test/consolelog.log
      

      In the PeopleSoft listener servlet URL specified in this example, hostname is the IP address or host name of the application server on which Oracle Identity Manager is running and port is the HTTP port at which the application server listens for incoming messages.

   3. Save and close the batch file.

   4. On the computer on which the PeopleSoft Web server is running, click Start, Settings, and Control Open.

   5. Double-click Scheduled Tasks.

   6. Click Add Schedule Task, and then click Next.

   7. Click Browse, and then select the publish.bat file from the directory in which you save it.

   8. Select Daily, click Next, and then click Next again.

   9. Enter the user ID and password for the scheduled task to run.

   10. Select Open Advance properties.

   11. Click Finish.

   12. On the Schedule tab, click Advanced.

   13. Select Repeat Task.

   14. Select the frequency at which you want the task to run.

   15. Click OK, and then click OK again to close the window.

3.1.2.4.2 Configuring PeopleSoft Integration Broker Gateway on PeopleTools 8.45 Through 8.48

To configure the PeopleSoft Integration Broker gateway on PeopleTools 8.45 through 8.48:

1. Open a Web browser and enter the URL for PeopleSoft Internet Architecture.

   The URL for PeopleSoft Internet Architecture is in the following format:

   http://servername/psp/ps/Databasename/?cmd=login
   

   For example:

   http://psftserver.example.com/psp//ps/TestDB/?cmd=login
   

2. To display the Gateway component details, expand PeopleTools, Integration Broker, Configuration, and then Gateways. The Gateway component details are displayed.

3. Enter LOCAL in the Integration Gateway ID field, and then click Search. The LOCAL gateway is a default gateway that is created when you install PeopleSoft Internet Architecture.

4. Ensure that the IP address specified in the URL of the PeopleSoft listening connector is the IP address of the computer on which PeopleSoft Enterprise Applications is installed. The URL of the PeopleSoft listening connector is in the following format:

   http://computer_name_of_the_PeopleSoft_Web_server/IP_address:port/PSIGW/PeopleSoftListeningConnector
   

   For example:

   http://10.121.16.42:80/PSIGW/PeopleSoftListeningConnector
   

5. To load all target connectors that are registered with the LOCAL gateway, click Load Gateway Connectors.

6. Click Save.

7. Click Ping Gateway to check if the gateway component is active.

3.1.2.4.3 Configuring PeopleSoft Integration Broker on PeopleTools 8.45 Through 8.47

To configure PeopleSoft Integration Broker on PeopleTools 8.45 through 8.47:

To create the USR_MGMT_NODE node to serve as the remote node:

1. In PeopleSoft Internet Architecture, expand PeopleTools, Integration Broker, Integration Setup, and Node Definitions.

2. Click the Add a New Value tab.

3. On the Add a New Value tab, enter USR_MGMT_NODE as the node name and then click Add.

4. On the Node Definition tab, enter a description for the node in the Description field.

5. Make this node a remote node by deselecting the Local Node check box and selecting the Active Node check box.

6. On the Connectors tab, enter the following information and then perform a lookup:

   Gateway ID: LOCAL

   Connector ID: HTTPTARGET

7. On the Properties subpage in the Connectors tab, enter the following information:

   Property ID: HTTPTARGET

   Property Name: URL

   Required value: Enter the URL of the PeopleSoft servlet that is supposed to receive the XML message. This URL must be in the following format:

   http:/computer_name_of_the_Oracle_Identity_Manager_server/IP_address:port/peopleSoftUserMgmt/do/peopleSoftAction
   

   For example:

   http://10.121.16.42:8080/peopleSoftUserMgmt/do/peopleSoftAction
   

8. Click Ping Node to check if a connection is established with the specified IP address.

9. On the Transactions tab, click Add Transaction. The Add Transaction dialog box is displayed.

10. Enter the following details to define a new transaction:

    Transaction Type: Outbound Asynchronous

    Request Message: USR_MGMT_MSG

    Request Message Version: VERSION_1

11. Click Add.

12. To keep the status as active, select Active.

13. Click Save to save the changes.

To secure the USR_MGMT_MSGCH message channel:

1. In PeopleSoft Internet Architecture, expand PeopleTools, Security, Permission & Roles, and Permission Lists.

2. Select AEAE1000. The AEAE1000 permission list is displayed.

3. Select the Message Monitor tab, and then click the plus sign (+) to add a channel name.

4. Specify USR_MGMT_MSGCH as the channel name, and select FULL as the access level.

5. Click Save.

To verify that the USR_MGMT_MSGCH message channel is in running mode:

1. Expand PeopleTools, Integration Broker, Monitor Integration, and Monitor Message.

2. Click the Channel Status tab.

3. Verify that the USR_MGMT_MSGCH message channel is running. If it is paused, then click Run.

3.1.2.4.4 Configuring PeopleSoft Integration Broker on PeopleTools 8.48

To configure PeopleSoft Integration Broker on PeopleTools 8.48:

1. Create a remote node by performing the following steps:

   1. In PeopleSoft Internet Architecture, expand PeopleTools, Integration Broker, Integration Setup, and then click Nodes.

   2. On the Add a New Value tab, enter the node name, for example, USR_MGMT_NODE, and then click Add.

   3. On the Node Definition tab, enter a description for the node in the Description field. In addition, enter PS in the Default User ID field.

   4. Make this node a remote node by deselecting the Local Node check box and selecting the Active Node check box.

   5. On the Connectors tab, enter the following information:

      Gateway ID: LOCAL

      Connector ID: HTTPTARGET

   6. Click Ping Node to check if a connection is established with the specified IP address.

   7. On the Properties subpage in the Connectors tab, enter the following information:

      Property ID: PRIMARYURL

      Property Name: URL

      Required value: Enter the URL of the PeopleSoft servlet that is supposed to receive the XML message. This URL must be in the following format:

      http://computer_name_of_OIM_server/IP address:port/peopleSoftUserMgmt/do/peopleSoftAction
      

      For example:

      http://10.121.16.42:8080/peopleSoftUserMgmt/do/peopleSoftAction
      

   8. Click Save to save the changes.

2. Create a service by performing the following steps:

   1. In PeopleSoft Internet Architecture, expand PeopleTools, Integration Broker, Integration Setup, and then click Service.

   2. On the Add a New Value tab, enter the service name, for example, PSFT_UM_SERVICE, and then click Add.

   3. On the Service Definition tab, enter a description for the service in the Description field.

   4. Click Save to save the changes.

3. Create a service operation by performing the following steps:

   1. In PeopleSoft Internet Architecture, expand PeopleTools, Integration Broker, Integration Setup, and then click Service Operation.

   2. On the Add a New Value tab, enter the service name for which you are creating the service operation. In addition, enter the service operation name. The name of the service operation must be the same as that of the message you created in Step 2 of the "Creating the Message on PeopleTools 8.48" section, for example, USR_MGMT_MSG.

   3. From the Operation type list, select Asynchronous-Oneway, and then click Add.

   4. On the General tab of the Service Operation Definition page, enter a description for the Operation type in the Operation Description field. In addition, enter USR_MGMT_MSG.V1 in the Message.Version field and PSFT_UM_QUEUE in the Queue Name field.

   5. Click Save to save the changes.

   6. On the Routing tab, enter PSFT_UM_ROUTING as the routing name and then click Add.

   7. On the Routing Definition tab, enter PSFT_HR in the Sender Node field and PSFT_UM_NODE in the Receiver Node field.

      Note:

      PSFT_HR is the default local node for PeopleSoft HCM applications. If you are using other PeopleSoft applications, verify the default local node by using the procedure described in Step 1a. For example, if you are using PeopleSoft CRM applications, then the default local node is PSFT_CR.

   8. Click Save to save the changes.

   Before the XML messages are sent from the target system to Oracle Identity Manager, you must verify if the PeopleSoft node is running. You can do so by clicking the Ping Node button in the Connectors tab. To access the Connectors tab, click PeopleTools, Integration Broker, and then Nodes.

   If the Oracle Identity Manager server is not running when a message is published, then the message is added to a queue. You can check the status of the message in the queue in the Message Instance tab. This tab lists all the published messages in queue. When you check the details of the particular message, you will find the status listed as Timeout or Error.

   To publish a message in the queue to Oracle Identity Manager, resubmit the message when Oracle Identity Manager is running. See "Publishing the Message" for more information.

   If the status of the message is New or Started and it does not change to Timeout or Done, then you must restart the PeopleSoft application server after you restart the Oracle Identity Manager server.

3.1.3 Configuring the Target System for Provisioning

To configure the target system for provisioning, create the APIs for the component interface as follows:

1. To open the Application Designer, click Start and then select Programs, Peoplesoft8.x, and Application Designer.

2. On the Application Designer page, select Open from the File menu.

3. In the Open Definition dialog box, select Component Interface from the Definition list.

4. Enter USER_PROFILE in the Name field, and then press Enter.

   All the component interfaces with names that start with USER_PROFILE are displayed in the Open Definition dialog box.

5. Select the USER_PROFILE entry, and then click Open.

6. Click Yes in the message that is displayed. The properties of the USER_PROFILE component interface are displayed.

7. In the window for the USER_PROFILE component interface, select PeopleSoft APIs from the Build menu. The Build PeopleSoft API Bindings dialog box is displayed.

8. In the Java Classes region, select Build.

9. From the Select APIs to Build list, select CompIntfc.CompIntfcPropertyInfo, CompIntfc.CompIntfcPropertyInfoCollection, and the APIs with names that start with CompIntfc.USER_PROFILE.

10. In the Target Directory field, specify the path of the directory in which you want the Java API classes to be created, and then click OK.

11. Ensure that the psjoa.jar file is set in the CLASSPATH environment variable. This file is in the PEOPLESOFT_HOME/PT8xx/web/PSJOA directory.

12. Compile the APIs from the target directory specified in the preceding step.

13. Bundle the compiled class files in a JAR named peoplesoft.jar as follows:

    jar -cvf peoplesoft.jar PeopleSoft/Generated/CompIntfc/*.class
    

    Note:

    The Unable to access pstools.properties message might be recorded in the server log during the provisioning operation. You can ignore this message.

3.2 Configuring Oracle Identity Manager

This section discusses the following topics:

• Configuring Reconciliation

• Configuring Provisioning

3.2.1 Configuring Reconciliation

As mentioned earlier in this guide, reconciliation involves duplicating in Oracle Identity Manager new and modified user account information from PeopleSoft Enterprise Applications.

You can perform reconciliation in two modes: target resource and trusted source. Regardless of whether you configure target resource or trusted source reconciliation, you can configure full or incremental reconciliation for this connector by performing the procedures described in the following topics:

• Configuring Full Reconciliation

• Configuring Incremental Reconciliation

Perform the procedure described in the following section only if you want to configure trusted source reconciliation:

• Configuring Trusted Source Reconciliation

3.2.1.1 Configuring Full Reconciliation

This section discusses the following topics:

• Configuring the Reconciliation Scheduled Tasks

• Configuring the IndexOfLastReconciledRecord Parameter

• Adding Custom Attributes for Full Reconciliation

• Limited Reconciliation

3.2.1.1.1 Configuring the Reconciliation Scheduled Tasks

When you perform the procedure described in the "Step 4: Importing the Connector XML File" section, the scheduled tasks for lookup fields, trusted source, and target resource reconciliations are automatically created in Oracle Identity Manager. To perform a full reconciliation run, you must configure the scheduled task to reconcile the users in Oracle Identity Manager depending on the values that the user has specified in the scheduled task attributes.

Note:

You can perform a full reconciliation run at any future date or time for the following specified intervals:

• Daily

• Weekly

• Monthly

• Yearly

• Recurring intervals

Alternatively, you can configure a scheduled task attribute to run once on the specified date and time.

To specify values for the attributes of the scheduled task, perform the following:

1. Open the Oracle Identity Manager Design Console.

2. Expand the Xellerate Administration folder.

3. Select Task Scheduler.

4. Click Find. The details of the predefined scheduled tasks are displayed on two different tabs. Select:

   • PSFT Base Non Trusted User Reconciliation for target resource reconciliation

   • PSFT Base Trusted User Reconciliation for trusted source reconciliation

5. Enter a number in the Max Retries field. This number represents the number of times Oracle Identity Manager must attempt to complete the task before assigning the FAILED status to the task.

6. Ensure that the Disabled and Stop Execution check boxes are not selected.

7. In the Start region, double-click the Start Time field. From the date-time editor that is displayed, select the date and time at which you want the task to run.

8. To set the task to run only once, select the Once option in the Interval region.

9. Provide values for the attributes of the scheduled task. Refer to the "Specifying Values for the Scheduled Task Attributes" section for information about the values to be specified.

10. Click Save. The scheduled task is configured. The INACTIVE status is displayed in the Status field, because the task is not currently running. The task is run at the date and time that you specify in Step 7.

Specifying Values for the Scheduled Task Attributes

This section provides information about the values to be specified for the following scheduled tasks:

Lookup Fields Reconciliation Scheduled Task

You must specify values for the following attributes of the PSFT Base LookUp Reconciliation scheduled task:

Note:

• Default attribute values are predefined in the connector XML file that you import. Specify values only for those attributes that you want to change.

• Values (either default or user-defined) must be assigned to all the attributes. If even a single attribute value were left empty, then reconciliation would not be performed.

Attribute	Description
ServerName	Name of the IT resource Default value: PSFT Base Server
LookupType	The type of data that is being looked up in the target system. The value can be any one of the following: EmployeeId LanguageCode EmailTypes CurrencyCode PermissionList Roles
FilePath	Directory path on the Oracle Identity Manager server where the reconciliation lookup .txt file is stored Sample value: C:/PSFTBase/LookupRecon/EmployeeIds.txt
LookupName	Name of the lookup definition configured in Oracle Identity Manager The value can be any one of the following: Lookup.PSFTBase.EmployeeId Lookup.PSFTBase.LanguageCode Lookup.PSFTBase.EmailType Lookup.PSFTBase.CurrencyCode Lookup.PSFTBase.PermissionList Lookup.PSFTBase.Roles
TargetSystem	Name of the resource object Default value: PSFTBase

After you specify values for these task attributes, go to Step 10 of the procedure to create scheduled tasks.

User Reconciliation Scheduled Task

Depending on whether you want to implement target resource or trusted source reconciliation, you must specify values for the attributes of the user reconciliation scheduled tasks. The following table describes the attributes of the scheduled tasks.

Note:

• You must specify values for either the target resource reconciliation scheduled task (PSFT Base Non Trusted User Reconciliation) or the trusted source reconciliation scheduled task (PSFT Base Trusted User Reconciliation). Do not specify values for the attributes of both scheduled tasks.

• Attribute values are predefined in the connector XML file that you import. Specify values only for those attributes that you want to change.

• Values (either default or user-defined) must be assigned to all the attributes. If even a single attribute value were left empty, then reconciliation would not be performed.

Attribute	Description
MultiValueSeperator	## is the multivalue separator in the flat file that is used for full reconciliation
ServerName	Name of the IT resource Default value: PSFT Base Server
IsTrusted	Specifies whether or not reconciliation is to be carried out in trusted mode Specify Yes for trusted source reconciliation. Specify No for target resource reconciliation.
XellerateOrganization	Default name of the Oracle Identity Manager organization is Xellerate Users This value is used to create OIM User in trusted mode. Note: This attribute is specific to the scheduled task for trusted source reconciliation.
FolderPath	Directory path on the Oracle Identity Manager server where the comma-separated flat file is stored Note: The folder path must contain only the flat file that is generated when you run the application engine, because the Task Scheduler searches for text files.
TargetSystem	Name of the resource object Default value: PSFTBase
NoOfRecordsToBeReconciled	Specifies the number of records to be reconciled You must enter any integer value greater than zero. Refer to the "Specifying the Number of Records to Be Reconciled" section for more information about this attribute. Default value: All
Operator	Specifies the operator that you want to apply to the target system attributes for which you specify a value other than nodata This operator value can be AND or OR based on which the data is joined accordingly for any combination of the following fields: Lastname, Postal, DeptId. During reconciliation, only those target system records that contain the specified combination of the Lastname, Postal, and DeptId fields are reconciled. Note: This attribute is specific to the scheduled task for trusted source reconciliation Default value: NODATA
UserID	This is a filter attribute. Use this attribute to specify the login ID of the user whose records you want to reconcile. Default value: NODATA
UserType	This is a filter attribute. Use this attribute to specify the user type for which you want to reconcile records. If you do not want to use this attribute, then specify NODATA. Sample values: Customer, Person, Supplier Note: This attribute is specific to the scheduled task for trusted source reconciliation Default value: NODATA

After you specify values for these task attributes, go to Step 10 of the procedure to create scheduled tasks.

Specifying the Number of Records to Be Reconciled

During a reconciliation run, all changes in the target system records are reconciled into Oracle Identity Manager. Depending on the number of records to be reconciled, this process may require a large amount of time. In addition, if the connection breaks during reconciliation, then the process would take longer to complete.

You can specify the number of records to be reconciled. To do this, you use the NoOfRecordsToBeReconciled scheduled task attribute.

You specify a value for the NoOfRecordsToBeReconciled attribute by following the instructions described in the "Specifying Values for the Scheduled Task Attributes" section.

3.2.1.1.2 Configuring the IndexOfLastReconciledRecord Parameter

You specify a value for the IndexOfLastReconciledRecord IT resource parameter when you want to perform full reconciliation. At the start of the first full reconciliation run, the value of this parameter is -1. At the end of each subsequent full reconciliation run, this parameter stores the index number of the last record reconciled during the previous reconciliation run.

Whenever you want to perform a full reconciliation run, change the value of the IndexOfLastReconciledRecord parameter to -1. To change the value of this parameter:

1. Log in to the Oracle Identity Manager Design Console.

2. Expand Resource Management.

3. Double-click IT Resources.

4. Locate the PSFT Base Server IT resource.

5. Change the value of the IndexOfLastReconciledRecord parameter to -1.

3.2.1.1.3 Adding Custom Attributes for Full Reconciliation

To add custom attributes for full reconciliation:

Note:

The procedure described in this section is the same for all certified versions of PeopleTools. If you do not want to add custom attributes for full reconciliation, then you can skip this section.

1. In PeopleSoft Application Designer:

   Note:

   Step 1 is mandatory if you are using PeopleTools 8.22.

   1. Select Open from the File menu. The Open Definition dialog box is displayed.

   2. Select Message from the Definition list, enter USR_MGMT_MSG in the Name Selection Criteria field, and then click Enter. The details of the USR_MGMT_MSG message are displayed.

   3. Click the record to which you want to add custom attributes.

      For example, if you want to add the Account lock attribute, ACCTLOCK in the PSOPRDEFN record, then click PSOPRDEFN under VERSION_1.

   4. Select the check box for the required attribute, and then save the message.

      For example, select the ACCTLOCK check box.

2. Modify the header and the queries written in the application engine code (BLKPRCS_UM). For example, if you want to reconcile a new column with the name ACCTLOCK, then make the following changes in the application engine code:

   Local String &acctlock
   

   &hdr = "OPRID,OPRDEFNDESC,ALIAS,EMPLID,PRIEMAILID,LANGUAGE_CD,MULTILANG,CURRENCY_CD,OPRCLASS,ROWSECCLASS,PRCSPRFLCLS,DEFAULTNAVHP,ROLES,EMAILIDS,USERTYPE, ACCTLOCK";
   

   If the ACCTLOCK column exists in the PSOPRDEFN table, the SQL statement will be:

   SQLExec("select ACCTLOCK from PSOPRDEFN where oprid =:1 ", &oprid, &acctlock);
      &data_row = &oprid | "," | &desc | "," | &alias | "," | &empid | "," | &email | "," | &lng_cd | "," | &multilang | "," | &currency | "," | &oprclass | "," | &rowsec | "," | &prcsprf | "," | &navhp | "," | &roles | "," | &othmail | "," | &type|" , "|&acctlock;
   

3. Open the process form located in the Development Tools folder of the Oracle Identity Manage Design Console.

   See Also:

   Oracle Identity Manager Design Console for more information about this step and the remaining steps of this procedure

4. Click Create New Version.

5. In the Create a New Version dialog box, specify the version name in the Label field. Save the changes, and then close the dialog box.

6. From the Current Version list, select the newly created version.

7. On the Additional Columns tab, click Add. Add a column corresponding to the new attribute in the User Defined process form, UD_PSFT_BAS. For the example described earlier, you can add the UD_PSFT_ACCTLOCK column.

8. Add a reconciliation field corresponding to the new attribute in the resource object, PSFTBase. For the example described earlier, you can add the Users.ACCTLOCK reconciliation field.

9. Modify the UD_PSFT_BAS process definition to include the mapping between the newly added attribute and the corresponding reconciliation field. For the example described earlier, the mapping is as follows:

   Users.ACCTLOCK=UD_PSFT_ACCTLOCK
   

   In this example, ACCTLOCK is the reconciliation field and also the equivalent target system attribute. As a standard, the prefix "Users." is added at the start of all reconciliation field names.

3.2.1.1.4 Limited Reconciliation

By default, all target system records that are added or modified after the previous reconciliation run are reconciled during the current reconciliation run. You can customize the reconciliation process by specifying the subset of newly added or modified records that must be reconciled. You implement this form of limited reconciliation by creating customized queries for reconciliation. You do this by creating filters for the reconciliation module.

For Target Resource Reconciliation:

Creating a filter involves specifying a value for the UserID scheduled task attribute, which will be used in the SELECT query criteria to retrieve the records to be reconciled.

For instructions to specify values for the UserID scheduled task attribute, refer to the "Specifying Values for the Scheduled Task Attributes" section.

For Trusted Source Reconciliation:

Creating a filter involves specifying values for the UserID, UserType, and the Operator scheduled task attributes, which will be used in the SELECT query criteria to retrieve the records to be reconciled.

For instructions to specify values for the UserID, UserType, and Operator scheduled task attributes, refer to the "Specifying Values for the Scheduled Task Attributes" section.

3.2.1.2 Configuring Incremental Reconciliation

Note:

In this section, the term "attribute" refers to the identity data fields that store user data.

This section discusses the following topics:

• Configuring the PeopleSoft Listener

• Encrypting a New Oracle Identity Manager Password

• Adding Custom Attributes for Incremental Reconciliation

• Limited Reconciliation

3.2.1.2.1 Configuring the PeopleSoft Listener

This section describes how to configure the PeopleSoft listener. In the following procedure, OIM_HOME refers to the local Oracle Identity Manager installation directory.

To configure the PeopleSoft Listener:

1. Copy the OIM_HOME/cbrecon_webapp/lib/peopleSoftUserMgmt.war file into a temporary directory. Enter the following command in the command window to extract the contents of the peopleSoftUserMgmt.war file.

   jar –xvf  peopleSoftUserMgmt.war
   

   Note:

   All the files mentioned in the remaining steps of this procedure are extracted from the peopleSoftUserMgmt.war file.

2. Edit the deployment.properties file. This file contains the message property that corresponds to the name of the XML message sent by PeopleSoft. The default value of this attribute is USR_MGMT_MSG. Obtain the actual value for this attribute from the PeopleSoft administrator, and replace the value in this file with the actual value.

3. If you are using PeopleTools 8.22, then you must modify the PSFTBase.Roles property in the attributemap.properties file as follows:

   Note:

   In the attributemap.properties file, the key part of each line is the text to the left of the equal (=) sign. You must ensure that the key part of the lines does not contain spaces. For example, PSFT Base.Roles, PSFTBase .Roles, PSFTBase. Roles are all invalid key values because they contain spaces.

   1. Search for the following line:

      PSFTBase.Roles=//Transaction/PSROLEUSER_VW/ROLES
      

   2. Replace it with the following line:

      PSFTBase.Roles=//Transaction/PSROLEUSER_VW/ROLENAME
      

4. Edit the xlsession.properties file. This file contains the following Oracle Identity Manager connection parameters:

   • ObjectName: This is the name of the resource object in Oracle Identity Manager against which the reconciliation event is created. The default value is PSFTBase. For target resource reconciliation, you can change it to the name of any other resource object that you might have created.

   • Username: This is the user name for logging in to Oracle Identity Manager. The default value is xelsysadm.

   • Password: This is the password for logging in to Oracle Identity Manager. You must enter the encrypted value of the password.

     See Also:

     The "Encrypting a New Oracle Identity Manager Password" section for information about encrypting a plaintext password

5. Edit the xlclient.properties file. This file contains the following system properties that enable an API client to communicate with Oracle Identity Manager:

   • xl.homedir: This property specifies the Oracle Identity Manager client directory. Typically, the Oracle Identity Manager client directory is OIM_HOME/xlclient.

   • java.security.policy: This property specifies the path of the security policy file. Typically, this file is located in the OIM_HOME/xlclient/config directory.

   • java.security.auth.login.config: This property specifies the path of the authentication configuration file. Typically, this file is located in the OIM_HOME/xlclient/config directory.

     Each application server uses a different authentication configuration file:

     IBM WebSphere: authws.conf

     BEA WebLogic: authwl.conf

     JBoss Application Server: auth.conf

     Oracle Application Server: auth.conf

   • java.naming.provider.url: This property specifies the JNP URL of the application server. This URL is given in the <Discovery><CoreServer><java.naming.provider.url> tag of the OIM_HOME/xlclient/config/xlconfig.xml file. Each application server uses a different java.naming.provider.url:

     • WebLogic: t3://host:7001

     • JBoss: jnp://host:1099

     • WebSphere: corbaloc:iiop:host:2809

     • Oracle Application Server: ormi://localhost:12401/Xellerate

6. Edit the following properties in the configureReconciliation.properties file:

   • reconciliationMode: This property can accept one of two possible values:

     • If you want to perform trusted source reconciliation, then set this property to trusted.

     • If you want to perform target resource reconciliation, then set this property to ntrusted (default).

   • Serverdateformat: This property specifies the date format that is used by the PeopleSoft server. You can select one of the following date formats:

     • dd-mmm-yy

     • ddmmyy

     • yyddmm

     • yymmdd

   • xellerateOrganization: This property specifies the name of the Oracle Identity Manager organization. The default value of this parameter is Xellerate Users. The value that you assign to this property must exist in Oracle Identity Manager.

   • nullDate: This property specifies the default value for a date field. The value is 2200/01/01 00:00:00 PST. This value is used if the date field is left empty.

   • PeoplesoftstartingYEAR: This property specifies the year in two digits. If the number represented by these two digits (xx):

     • Is greater than or equal to 50, then it is assumed that the year is 19xx.

     • Is less than 50, then it is assumed that the year is 20xx.

     This specifies a range of 1950 to 2049 for the property.

   • XelServerDate: This property contains the date format that is used for the Oracle Identity Manager server.

     Sample value: yyyy/mm/dd hh:MM:ss z

     Note:

     You must not change this date format.

   • Filter: This property edits the value for filters, for example, OPRIDLIKE and UserType as required. The default value of this property is NO DATA. These values are used to configure incremental reconciliation.

7. Copy the following files from the OIM_HOME/xellerate/lib directory to the WEB-INF/lib directory:

   Note:

   Before you copy these files from the OIM_HOME/xellerate/lib directory, check if these files exist in the WEB-INF/lib directory. If these files exist, then delete them from the WEB-INF/lib directory before copying from the OIM_HOME/xellerate/lib directory.

   • xlAPI.jar

   • xlAuthentication.jar

   • xlBackOfficeBeans.jar

   • xlBackofficeClient.jar

   • xlCache.jar

   • xlCrypto.jar

   • xlDataObjectBeans.jar (for IBM WebSphere Application Server, copy this file from the OIM_CLIENT/xlclient/lib directory)

   • xlDataObjects.jar

   • xlLogger.jar

   • xlUtils.jar

   • xlVO.jar

   • xlAdapterUtilities.jar

   Copy the following files from the OIM_HOME/xellerate/ext directory to the WEB-INF/lib directory:

   • oscache.jar

   • javagroups-all.jar

   • commons-collections.jar

   • commons-digester.jar

   • commons-logging.jar

   • commons-validator.jar

   • jdbcpool-0.99.jar

   • log4j-1.2.8.jar

   • struts.jar

   • xalan.jar

   • xerces.jar

   • xercesImpl.jar

   • xlRemoteManager.jar

   • xlScheduler.jar

   Copy the following files from the OIM_HOME/xellerate/ThirdParty directory to the WEB-INF/lib directory:

   • peoplesoft.jar

   • psjoa.jar

   See Also:

   The "Step 2: Copying the Connector Files and External Code Files" section for information about the peoplesoft.jar and psjoa.jar files

8. Delete the peopleSoftUserMgmt.war file from the temporary directory into which you extract it, and then use the following command to re-create the file:

   jar –cvf  peopleSoftUserMgmt.war
   

9. Ensure that the old version of the peopleSoftUserMgmt.war file is removed from the application server (BEA WebLogic, IBM WebSphere, JBoss Application Server, or Oracle Application Server) deployment directory.

10. Deploy the newly created peopleSoftUserMgmt.war file in the deployment directory of the application server as follows:

    BEA WebLogic:

    1. Copy the war file to BEA_HOME/user_projects/OIM_DOMAIN/applications

       in which:

       BEA_HOME is the BEA WebLogic installed directory.

       OIM_DOMAIN is the domain on which Oracle Identity Manager is installed.

    2. Restart the WebLogic server.

    IBM WebSphere:

    1. Log in to the WebSphere Admin console using a valid username and password.

    2. Expand the Applications node.

    3. Click Install New Application.

    4. Locate the WAR file by using the Browse button.

    5. Specify the Context root as peopleSoftUserMgmt.

    6. Click Next.

    7. Accept the default setting in the next page and click Next.

    8. On the Application Security Warnings page, click Continue.

    9. Click Next.

    10. On the Install New Application page, specify the application name as peopleSoftUserMgmt.

    11. Click Next.

    12. On the subsequent pages, click Next until the Finish button is displayed.

    13. Click Finish.

    14. Select the Save to Master Configuration link for saving the configurations in Websphere.

    15. Click Save.

    16. Click Enterprise Applications. On the Enterprise Applications page, the peopleSoftUserMgmt check box is displayed.

    17. Select the peopleSoftUserMgmt check box and click Start to start the application.

    JBoss Application Server:

    1. Copy the modified war file to the JBOSS_HOME\server\default\deploy directory.

    2. Restart the JBoss application server.

    Oracle Application Server:

    1. Log in to the Oracle Application Server using a valid username and password.

    2. Select the name of the instance on which the Oracle Identity Manager server is running.

    3. Select the Applications tab.

    4. Click Deploy.

    5. Select the WAR file by clicking Browse.

    6. Click Next.

    7. Specify the application name as peopleSoftUserMgmt.

    8. Click Next.

    9. To accept the default deployment settings, click Deploy.

    10. When the WAR file is successfully deployed, restart Oracle Application Server.

11. Restart Oracle Identity Manager and the Design Console.

Note:

You can add custom attributes to be reconciled during incremental reconciliation. However, you must complete the deployment procedure before you can add custom attributes.

Refer to the "Adding Custom Attributes for Incremental Reconciliation" section for information about the procedure to add custom attributes for reconciliation.

3.2.1.2.2 Encrypting a New Oracle Identity Manager Password

If the password of the Oracle Identity Manager administrator is different from the default password, then you must encrypt the Oracle Identity Manager password as follows:

Note:

The default administrator user ID is xelsysadm.

1. On the Oracle Identity Manager server, open a command window.

2. In the command window, change to the OIM_HOME/xellerate/ScheduleTask directory.

3. Enter the following command:

   java -classpath PSFTBaseReconciliation .jar  \
   Com.thortech.xl.Integration.peoplesoft.util.tcUtilEncryption -e \
   OIM_plaintext_password
   

   In this command, OIM_plaintext_password is the new Oracle Identity Manager administrator password that you want to encrypt.

   The encrypted password is displayed in the command window.

4. Copy the encrypted password into the xlsession.properties file. This file is compressed in the OIM_HOME/xlclient/lib/peopleSoftUserMgmt.war file.

5. Delete the peopleSoftUserMgmt.war file from the temporary directory where you extracted its contents, and then use the following command to re-create the file:

   jar –cvf  peopleSoftUserMgmt.war
   

6. Ensure that the old version of the peopleSoftUserMgmt.war file is removed from the application server (BEA WebLogic, IBM WebSphere, JBoss Application Server, or Oracle Application Server) deployment directory.

7. Copy the newly created peopleSoftUserMgmt.war file into the application server (BEA WebLogic, IBM WebSphere, JBoss Application Server, or Oracle Application Server) deployment directory.

8. Restart Oracle Identity Manager and the Design Console.

3.2.1.2.3 Adding Custom Attributes for Incremental Reconciliation

Note:

In this section, the term "attribute" refers to the identity data fields that store user data. If you do not want to add custom attributes for incremental reconciliation, then you can skip this section.

Standard incremental reconciliation involves the reconciliation of predefined attributes. If required, you can add custom attributes to the list of fields that are reconciled.

The procedure to add a custom attribute for reconciliation depends on the release of PeopleTools that you are using:

• Adding a Custom Attribute for Incremental Reconciliation on PeopleTools 8.22

• Adding a Custom Attribute for Incremental Reconciliation on PeopleTools 8.45 Through 8.48

Adding a Custom Attribute for Incremental Reconciliation on PeopleTools 8.22

To add a custom attribute for incremental reconciliation on PeopleTools 8.22:

1. In PeopleSoft Application Designer:

   1. Select Open from the File menu. The Open Definition dialog box is displayed.

   2. Select Message from the Definition list, enter USR_MGMT_MSG in the Name Selection Criteria field, and then click Enter. The details of the USR_MGMT_MSG message are displayed.

   3. Click the record to which you want to add custom attributes.

      For example, if you want to add the ALTERNATE USER ID attribute, ROLEUSER_ALT, then add PSROLEXLATOPRVW under VERSION_1.

   4. Select the check box for the required attribute, and then save the message.

      For example, select the ALTERNATE USER ID check box.

2. Make the required changes in the PeopleCode given in the UserMgmtCBRecon.txt file. This file is in the OIM_HOME/xellerate/scripts directory. The required changes are as follows:

   1. At the end of the SQL statements section, edit the SQL statement to retrieve the column values for the new attribute and store the values in local variables.

      For example, suppose you want to add the alternate user id attribute, ALTERNATE USER ID, to the list of attributes that are reconciled. Then, performing this step involves editing the SQL statement as follows, so that it retrieves the values of the ALTERNATE USER ID column from the table:

      SQLExec("select ROLEUSER_ALT from PSROLEXLATOPRVW a where userid =:1 ", &userid,  &roleuser_alt);
      

   2. Add the required lines at the end of the block of code for adding data to the XML message. For example, to add the ROLEUSER_ALT column to the PSROLEXLATOPRVW tag, add the lines highlighted in bold in the following code sample:

      /* FOR PSROLEXLATOPRVW RECORD */
      &MSG_RWST.GetRow(1).PSROLEUSER_VW.ROLENAME.Value = &roles;
      &MSG_RWST.GetRow(1).PSOPRALIAS.OPRALIASTYPE.Value = &type;
      &MSG_RWST.GetRow(1).PSROLEXLATOPRVW.ROLEUSER_ALT.Value = &roleuser_alt
      

3. To extract the contents of the peopleSoftUserMgmt.war file into a temporary directory, enter the following command:

   jar –xvf peopleSoftUserMgmt.war
   

4. In the attributemap.properties file, add the XPath (key-value entry) of the custom attribute. (The attributemap.properties file is one of the files extracted from the WAR file.) For example, you can add the following XPath for the ALTERNATE USER ID attribute:

   Users.ROLEUSER_ALT =//Transaction/PSROLEXLATOPRVW/ROLEUSER_ALT
   

   Note:

   In the attributemap.properties file, the key part of each line is the text to the left of the equal (=) sign. You must ensure that the key part of the lines does not contain spaces. For example, Users. ROLEUSER_ALT, Users. ROLEUSER_ALT, Users.ROLEUSER_ALT are all invalid key values because they contain spaces.

5. Delete the existing peopleSoftUserMgmt.war file from the temporary directory into which you extract it, and then enter the following command to re-create the file:

   jar –cvf peopleSoftUserMgmt.war .
   

6. Delete the old version of the peopleSoftUserMgmt.war file from the application server deployment directory.

7. Copy the newly created peopleSoftUserMgmt.war file into the application server deployment directory.

8. In the Oracle Identity Manager Design Console, make the required changes as follows:

   See Also:

   Oracle Identity Manager Design Console for detailed instructions on performing the following steps

   1. Open the process form located in the Development Tools folder of the Oracle Identity Manage Design Console.

   2. Click Create New Version.

   3. In the Create a New Version dialog box, specify the version name in the Label field. Save the changes, and then close the dialog box.

   4. From the Current Version list, select the newly created version.

   5. On the Additional Columns tab, click Add. Add a column corresponding to the new attribute in the User Defined process form, UD_PSFT_BAS. For the example described earlier, you can add the UD_PSFT_ALT_USER column.

   6. Add a reconciliation field corresponding to the new attribute in the resource object, PSFTBase. For the example described earlier, you can add the Users.ROLEUSER_ALT reconciliation field.

   7. Modify the PSFTBase process definition to include the mapping between the newly added attribute and the corresponding reconciliation field. For the example described earlier, the mapping is as follows:

      Users.ROLEUSER_ALT= UD_PSFT_ALT_USER
      

      In this example, ROLEUSER_ALT is the reconciliation field and also the equivalent target system attribute. As a standard, the prefix "Users." is added at the start of all reconciliation field names.

9. Restart Oracle Identity Manager and the Design Console.

Adding a Custom Attribute for Incremental Reconciliation on PeopleTools 8.45 Through 8.48

To add a custom attribute for incremental reconciliation on PeopleTools 8.45 through 8.48:

1. Make the required changes in the PeopleCode given in the UserMgmtCBRecon_8.45-8.47.txt or the UserMgmtCBRecon_8.48.txt file. These files are in the OIM_HOME/xellerate/scripts directory. The required changes are as follows:

   1. At the end of the SQL statements section, add a SQL statement to retrieve the column values for the new attribute and store the values in local variables.

      For example, suppose you want to add the alternate user ID attribute, ROLEUSER_ALT, to the list of attributes that are reconciled. Then, performing this step involves adding the following SQL statement to retrieve the values of the ROLEUSER_ALT column from the PSROLEXLATOPRVW table:

      SQLExec("select ROLEUSER_ALT from PSROLEXLATOPRVW a where userid =:1 ", &userid,  &roleuser_alt);
      

   2. Add the required lines at the end of the block of code for adding data to the XML message. For example, to add the Alternate User ID column to the PSROLEXLATOPRVW tag, add the lines highlighted in bold in the following code sample:

      &recnode = &fieldtypenode.AddElement("PSROLEXLATOPRVW");
      &recnode.AddAttribute("class", "R");
      &fields = &recnode.AddElement("ALTERNATE USER ID");
      &fields.AddAttribute("type", "CHAR");
      

   3. Add the required lines at the end of the block of code for adding data to the XML message. For example, to add the ROLEUSER_ALT column to the PSROLEXLATOPRVW tag, add the lines highlighted in bold in the following code sample:

      &datarecnode = &transnode.AddElement("PSROLEXLATOPRVW");
      &datarecnode.AddAttribute("class", "R");
      &datafldnode = &datarecnode.AddElement("ALTERNATE USER ID");
      &textnode = &datafldnode.AddText(&roleuser_alt);
      

2. In PeopleSoft Application Designer, copy the contents of the UserMgmtCBRecon_8.45-8.47.txt or UserMgmtCBRecon_8.48.txt file into the savePostChange event for the USERMAINT component.

3. To extract the contents of the peopleSoftUserMgmt.war file into a temporary directory, enter the following command:

   jar –xvf peopleSoftUserMgmt.war
   

4. In the attributemap.properties file, add the XPath (key-value entry) of the custom attribute. For example, you can add the following XPath for the ROLEUSER_ALT attribute:

   Users.ROLEUSER_ALT =//Transaction/PSROLEXLATOPRVW/ROLEUSER_ALT
   

   Note:

   In the attributemap.properties file, the key part of each line is the text to the left of the equal (=) sign. You must ensure that the key part of the lines does not contain spaces. For example, Users. ROLEUSER_ALT, Users. ROLEUSER_ALT, Users.ROLEUSER_ALT are all invalid key values because they contain spaces.

5. Delete the existing peopleSoftUserMgmt.war file from the temporary directory into which you extract it, and then enter the following command to re-create the file:

   jar –cvf peopleSoftUserMgmt.war .
   

6. Delete the old version of the peopleSoftUserMgmt.war file from the application server deployment directory.

7. Copy the newly created peopleSoftUserMgmt.war file into the application server deployment directory.

8. In the Oracle Identity Manager Design Console, make the required changes as follows:

   See:

   Oracle Identity Manager Design Console for detailed instructions on performing the following steps

   1. Open the process form located in the Development Tools folder of the Oracle Identity Manage Design Console.

   2. Click Create New Version.

   3. In the Create a New Version dialog box, specify the version name in the Label field. Save the changes, and then close the dialog box.

   4. From the Current Version list, select the newly created version.

   5. On the Additional Columns tab, click Add. Add a column corresponding to the new attribute in the User Defined process form, UD_PSFT_BAS. For the example described earlier, you can add the UD_PSFT_ALT_USER column.

   6. Add a reconciliation field corresponding to the new attribute in the resource object, PSFTBase. For the example described earlier, you can add the Users.ROLEUSER_ALT reconciliation field.

   7. Modify the PSFTBase process definition to include the mapping between the newly added attribute and the corresponding reconciliation field. For the example described earlier, the mapping is as follows:

      Users.ROLEUSER_ALT=UD_PSFT_ALT_USER
      

      In this example, ROLEUSER_ALT is the reconciliation field and also the equivalent target system attribute. As a standard, the prefix "Users." is added at the start of all reconciliation field names.

9. Restart Oracle Identity Manager and the Design Console.

3.2.1.2.4 Limited Reconciliation

By default, all target system records that are added or modified after the previous reconciliation run are reconciled during the current reconciliation run. You can customize the reconciliation process by specifying the subset of newly added or modified records that must be reconciled. You implement this form of limited reconciliation by creating customized queries for reconciliation. You do this by creating filters for the reconciliation module.

Creating a filter involves specifying a value for the UserID scheduled task attribute, which will be used in the SELECT query criteria to retrieve the target system records to be reconciled. This can be done by editing the configureReconciliation.properties file, which contains the OPRIDLIKE and UserType parameters.

For instructions to specify values for the UserID scheduled task attribute, refer to the "Specifying Values for the Scheduled Task Attributes" section.

3.2.1.3 Configuring Trusted Source Reconciliation

Note:

The following procedure can be implemented regardless of whether you select full or incremental reconciliation. You can skip this section if you do not want to designate the target system as a trusted source for reconciliation.

While configuring the connector, the target system can be designated as a trusted source or a target resource. If you designate the target system as a trusted source, then both newly created and modified user accounts are reconciled in Oracle Identity Manager. If you designate the target system as a target resource, then only modified user accounts are reconciled in Oracle Identity Manager.

1. Import the XML file for trusted source reconciliation, PSFTBaseXellerateUser.xml, by using the Deployment Manager. This section describes the procedure to import the XML file.

   Caution:

   Only one target system can be designated as a trusted source. If you import the PSFTBaseXellerateUser.xml file while you have another trusted source configured, then both connector reconciliations would stop working.

2. Specify values for the attributes of the PSFT Base Trusted User Reconciliation scheduled task. This procedure is described later in this guide.

To configure trusted source reconciliation:

1. Open the Oracle Identity Manager Administrative and User Console.

2. Click the Deployment Management link on the left navigation bar.

3. Click the Import link under Deployment Management. A dialog box for opening files is displayed.

4. Locate and open the PSFTBaseXellerateUser.xml file, which is in the OIM_HOME/xlclient directory. Details of this XML file are shown on the File Preview page.

5. Click Add File. The Substitutions page is displayed.

6. Click Next. The Confirmation page is displayed.

7. Click Import.

8. In the message that is displayed, click Import to confirm that you want to import the XML file and then click OK.

3.2.2 Configuring Provisioning

As mentioned earlier in this guide, provisioning involves creating or modifying a user's account information on the target system through Oracle Identity Manager.

This section discusses the following topics related to configuring provisioning:

• Compiling Adapters

• Adding Custom Attributes for Provisioning

3.2.2.1 Compiling Adapters

Note:

You must perform this procedure if you want to use the provisioning features of Oracle Identity Manager for this target system.

Adapters are used to implement provisioning functions. The following adapters are imported into Oracle Identity Manager when you import the connector XML file:

See Also:

The "Supported Functionality" section for a listing of the provisioning functions that are available with this connector

• adpPSFTCREATEUSER

• adpPSFTUPDATEUSER

• adpPSFTRESETPASSWORD

• adpPSFTUNLOCKUSER

• adpPSFTLOCKUSER

• adpPSFTUPDATEUSEREMPID

• adpPSFTADDORDELETEROLE

• adpPSFTADDORDELETEEMAIL (PeopleTools 8.45 through 8.48 only)

You must compile these adapters before they can be used in provisioning operations.

To compile adapters by using the Adapter Manager form:

1. Open the Adapter Manager form.

2. To compile all the adapters that you import into the current database, select Compile All.

   To compile multiple (but not all) adapters, select the adapters you want to compile. Then, select Compile Selected.

   Note:

   Click Compile Previously Failed to recompile only those adapters that were not compiled successfully. Such adapters do not have an OK compilation status.

3. Click Start. Oracle Identity Manager compiles the selected adapters.

4. If Oracle Identity Manager is installed in a clustered environment, then copy the compiled adapters from the OIM_HOME/xellerate/Adapter directory to the same directory on each of the other nodes of the cluster. If required, overwrite the adapter files on the other nodes.

If you want to compile one adapter at a time, then use the Adapter Factory form.

See Also:

Oracle Identity Manager Tools Reference Guide for information about using the Adapter Factory and Adapter Manager forms

To view detailed information about an adapter:

1. Highlight the adapter in the Adapter Manager form.

2. Double-click the row header of the adapter, or right-click the adapter.

3. Select Launch Adapter from the shortcut menu that is displayed. Details of the adapter are displayed.

3.2.2.2 Adding Custom Attributes for Provisioning

Note:

In this section, the term "attribute" refers to the identity data fields that store user data. If you do not want to add custom attributes for provisioning, then you can skip this section.

To add a custom attribute for provisioning:

See Also:

Oracle Identity Manager Design Console Guide

1. Modify the attributemapping_prov.properties file, which is in the OIM_HOME/xellerate/XLIntegrations/PSFTBase/config directory. At the end of this file, some of the attribute definitions are preceded by comment characters. You can uncomment the definitions of attributes that you want to use any one of them to make it a part of the provisioning attributes.

   You can also add new attributes in this file. The format that you must use is as follows:

   OimAttributeName=TargetAttributeName
   

   Note:

   You must ensure that the OimAttributeName value that you specify does not contain spaces.

   For example:

   If you want to add the AlternateUserID field, then add the following line in the attributemapping_prov.properties file:

   AlternateUserID=AlternateUserID
   

2. See Also:

   Oracle Identity Manager Design Console for more information about this step and the remaining steps of this procedure

   Add a new column in the process form.

   1. Open the process form. This form is in the Development Tools folder of the Oracle Identity Manager Design Console.

   2. Click Create New Version.

   3. In the Create a New Version dialog box, specify the version name in the Label field, save the changes, and then close the dialog box.

   4. From the Current Version list, select the newly created version.

   5. On the Additional Columns tab, click Add.

   6. Specify the new field name and other values.

3. Add a new variable in the variable list.

   1. Open the Adapter Factory form. This form is in the Development Tools folder of the Oracle Identity Manager Design Console.

   2. Click the Query for Records icon.

   3. On the Adapter Factory Table tab, double-click the adpPSFTCREATEUSER adapter from the list.

   4. On the Variable List tab, click Add.

   5. In the Add a Variable dialog box, specify the required values and then save and close the dialog box.

4. Define an additional adapter task for the newly added variable in the adpPSFTCREATEUSER adapter.

   1. On the Adapter Tasks tab of the Adapter Factory form, click Add.

   2. In the Adapter Task Selection dialog box, select Functional Task, select Java from the list of functional task types, and then click Continue.

   3. In the Object Instance Selection dialog box, select the Persistent instance and then click Continue.

   4. In the Add an Adapter Factory Task dialog box, specify the task name, select the setProperty method from the Method list, and then click Save.

   5. Map the application method parameters, and then save and close the dialog box. To map the application method parameters:

      For the "Output: String Return variable (Adapter Variable)" parameter:

      i. From the Map to list, select Literal.

      ii. From the Name list, select Return variable.

      For the "Input: String input (Adapter Variable)" parameter:

      i. From the Map to list, select Adapter Variables.

      ii. From the Name list, select Input.

      For the "Input: String Status (Literal)" parameter:

      i. From the Map to list, select Literal.

      ii. From the Name list, select String.

      iii. In the Value field, enter Status.

      For the "Input: String Status (Adapter Variable)" parameter:

      i. From the Map to list, select Adapter Variables.

      ii. From the Name list, select Status.

   6. Repeat Steps b through e to create more adapter tasks.

5. Create an additional adapter task to set the input variable.

   1. Open the Adapter Factory form. This form is in the Development Tools folder in the Oracle Identity Manager Design Console.

   2. On the Adapter Tasks tab, click Add.

   3. In the Adapter Task Selection dialog box, select Logic Task, select SET VARIABLE from the list, and then click Continue.

   4. In the Edit Set Variable Task Parameters dialog box, select input from the Variable Name list, select Adapter Task from the Operand Type list, and the Operand Qualifier as the Adapter Task that you have created in the previous step. Then, click Save.

6. Map the process form columns and adapter variables for the Create User process task as follows:

   1. Open the Process Definition form. This form is in the Process Management folder of the Design Console.

   2. Click the Query for Records icon.

   3. On the Process Definition Table tab, double-click the PSFTBase process.

   4. On the Tasks tab, double-click the Create User task.

   5. In the Closing Form dialog box, click Yes.

   6. On the Integration tab of the Editing Task Columns Create User dialog box, map the unmapped variables, and then save and close the dialog box. To map an unmapped variable:

      i. Double-click the row in which N is displayed in the Status column. The value N signifies that the variable is not mapped.

      ii. From the Map to list in the Edit Data Mapping for Variables dialog box, select Process Data.

      iii. From the Qualifier list, select the name of the variable.

      Repeat Steps i through iii for all unmapped variables.

Repeat Steps 1 through 5 if you want to add more attributes.