| Oracle® Identity Manager Connector Guide for PeopleSoft User Management Release 9.0.4 Part Number E10438-03 |
|
|
View PDF |
| Oracle® Identity Manager Connector Guide for PeopleSoft User Management Release 9.0.4 Part Number E10438-03 |
|
|
View PDF |
Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with third-party applications. This guide discusses the procedure to deploy the PeopleSoft User Management connector that is used to integrate Oracle Identity Manager with PeopleSoft Enterprise Applications.
Note:
In this guide, the term Oracle Identity Manager server refers to the computer on which Oracle Identity Manager is installed.At some places in this guide, PeopleSoft Enterprise Applications has been referred to as the target system.
The PeopleSoft User Management connector helps you to manage the PSOPRDEFN PeopleTools-based PeopleSoft applications account records including Role and Permission List assignments through target resource reconciliation, trusted source reconciliation, and provisioning. The connector supports user data reconciliation in two ways:
Full reconciliation involves reconciling records of existing users by using a flat file. A PeopleCode event is activated when user information is updated in PeopleSoft Enterprise Applications. The PeopleCode then extracts the required user account information. A PeopleSoft Application Engine program then populates the flat file with this information. The flat file is read by an Oracle Identity Manager scheduled task that generates reconciliation events.
The PeopleSoft Application Engine program is run using PeopleSoft Application Designer or PeopleSoft Internet Architecture (PIA).
To reconcile all existing target system records into Oracle Identity Manager, you must run full reconciliation the first time you perform a reconciliation run after deploying the connector. This is to ensure that the target system and Oracle Identity Manager contain the same data. In subsequent reconciliation runs, only data that is modified since the last reconciliation is reconciled. Oracle recommends that you run full reconciliations periodically to ensure that all the user records are reconciled into Oracle Identity Manager. See "Configuring the Target System for Full Reconciliation" for more information.
Incremental reconciliation involves real-time reconciliation of newly created or modified user account information. Usually, this type of reconciliation is used for reconciling individual data changes after an initial reconciliation is performed using full reconciliation. The PeopleCode captures changes to the same PeopleSoft components as applicable for full reconciliation and forwards these changes in real time to a Java Servlet listener running on the Oracle Identity Manager server through an HTTP POST request. Incremental reconciliation is performed using PeopleSoft application messaging. See "Configuring the Target System for Incremental Reconciliation" for more information.
The synchronization process from the target system to Oracle Identity Manager involves the following steps:
When user account information is added or updated in the target system, a PeopleCode event is activated.
The PeopleCode event generates an XML message containing the added or updated user account information and sends it to the connector by using HTTP.
The connector parses the XML message and sends a reconciliation event to Oracle Identity Manager.
This chapter contains the following sections:
See Also:
The "Deployment Configurations of Oracle Identity Manager" section in Oracle Identity Manager Connector Concepts Guide for conceptual information about reconciliation configurationsBased on the type of data reconciled from the target system, reconciliation can be divided into the following types:
During the creation or modification of user accounts, a lookup field is used to specify one value from a set of values. The value that you select populates one of the attributes of the user account. Lookup field reconciliation is used to reconcile the following lookup field values from the target system into Oracle Identity Manager:
LanguageCode
EmployeeId
CurrencyCode
PermissionList
EmailTypes
The EmailTypes lookup field is reconciled only in PeopleTools 8.45 through 8.48, because PeopleTools 8.22 does not support multiple e-mail types.
Roles
User reconciliation involves reconciling user account information from the target system into Oracle Identity Manager. The information that is reconciled is different for target resource and trusted source reconciliation.
The following single-valued target system fields are reconciled during target resource reconciliation:
UserId
UserDescription
EmployeeId
MultiLanguageCode
LanguageCD
CurrencyCode
UserIdAlias (PeopleTools 8.45 through 8.48 only)
RowSecurity
ProcessProfile
NavigatorHomePage
Primary
Role
The following multivalued target system fields are reconciled during target resource reconciliation:
PrimaryEmailAddress (PeopleTools 8.45 through 8.48 only)
PrimaryEmailType (PeopleTools 8.45 through 8.48 only)
Email Address (PeopleTools 8.22 only)
Secondary EmailAddresses (PeopleTools 8.45 through 8.48 only)
Secondary EmailTypes (PeopleTools 8.45 through 8.48 only)
Provisioning involves creating or modifying a user's account information on the target system through Oracle Identity Manager. You use the Oracle Identity Manager Administrative and User Console to perform provisioning operations.
See Also:
The "Deployment Configurations of Oracle Identity Manager" section in Oracle Identity Manager Connector Concepts Guide for conceptual information about provisioningYou can specify values for the following target system fields during a provisioning operation:
UserId
UserDescription
Primary
RowSecurity
ProcessProfile
NavigatorHomePage
SymbolicID
LanguageCode
CurrencyCode
PrimaryEmailAddress
PrimaryEmailType (for PeopleTools 8.45 and 8.48 only)
EmpId
RecName
Password
UserIdAlias (for PeopleTools 8.45 and 8.48 only)
MultiLanguageCode
The following table lists the functions that are available with this connector:
Note:
The "PeopleTools Release" column of this table indicates the release of PeopleTools for which the corresponding function is available.Table 1-1 Supported Functionality
| Function | PeopleTools Release | Type | Description |
|---|---|---|---|
|
Add User |
8.22 and 8.45 through 8.48 |
Provisioning |
Creates a user account |
|
Password Updated |
8.22 and 8.45 through 8.48 |
Provisioning |
Updates the password of a user |
|
User Description Updated |
8.22 and 8.45 through 8.48 |
Provisioning |
Updates the description of a user |
|
Multilanguage Code Updated |
8.22 and 8.45 through 8.48 |
Provisioning |
Updates the multilanguage code of a user |
|
Primary Email Address Updated |
8.22 only |
Provisioning |
Updates the primary e-mail address of a user |
|
Email Address Updated |
8.22 only |
Provisioning |
Updates the e-mail address of a user |
|
Primary Email Type Updated |
8.45 through 8.48 only |
Provisioning |
Updates the primary e-mail address type of a user |
|
Language Code Updated |
8.22 and 8.45 through 8.48 |
Provisioning |
Updates the language code of a user |
|
Currency Code Updated |
8.22 and 8.45 through 8.48 |
Provisioning |
Updates the currency code of a user |
|
Employee Id Updated |
8.22 and 8.45 through 8.48 |
Provisioning |
Updates the employee ID of a user |
|
Primary Permission List Updated |
8.22 and 8.45 through 8.48 |
Provisioning |
Updates the Primary Permission list of a user |
|
Process Profile Permission List Updated |
8.22 and 8.45 through 8.48 |
Provisioning |
Updates the Process Profile Permission list of a user |
|
Navigator Home Permission List Updated |
8.22 and 8.45 through 8.48 |
Provisioning |
Updates the Navigator Home Permission list of a user |
|
Row Security Permission List Updated |
8.22 and 8.45 through 8.48 |
Provisioning |
Updates the Row Security Permission list of a user |
|
User Id Alias Updated |
8.45 through 8.48 only |
Provisioning |
Updates the user ID alias of a user |
|
Add RoleName |
8.22 and 8.45 through 8.48 |
Provisioning |
Adds a role to a user |
|
Delete RoleName |
8.22 and 8.45 through 8.48 |
Provisioning |
Deletes a role from a user |
|
Add EmailAddress |
8.45 through 8.48 only |
Provisioning |
Adds an e-mail address to a user |
|
Delete EmailAddress |
8.45 through 8.48 only |
Provisioning |
Deletes the e-mail address of a user |
|
Enables a User |
8.22 and 8.45 through 8.48 |
Provisioning |
Enables a user |
|
Disables a User |
8.22 and 8.45 through 8.48 |
Provisioning |
Disables a user |
|
Reconcile Lookup Field |
8.22 and 8.45 through 8.48 |
Reconciliation |
Reconciles lookup fields |
|
Reconcile User Data |
8.22 and 8.45 through 8.48 |
Reconciliation |
Target resource reconciliation: This is the primary mode of reconciliation for this connector. In this mode, updates made to target system users who already exist in Oracle Identity Manager are reconciled. This connector can also be configured in trusted source mode. |
See Also:
Appendix A for information about attribute mappings between Oracle Identity Manager and PeopleSoft Enterprise Applications.The connector supports the following languages:
Arabic
Chinese Simplified
Chinese Traditional
Danish
English
French
German
Italian
Japanese
Korean
Portuguese (Brazilian)
Spanish
See Also:
Oracle Identity Manager Globalization Guide for information about supported special charactersThe files and directories that comprise this connector are compressed in the following directory on the installation media:
Enterprise Applications/PeopleSoft Enterprise Applications/PeopleSoft User Management
These files and directories are listed in the following table:
| File in the Installation Media Directory | Description |
|---|---|
config/attributemapping_prov.properties |
This file lists the target system attributes and their mappings to corresponding fields in Oracle Identity Manager during provisioning. |
config/attributemapping_recon.properties |
This file lists the target system attributes and their mappings to corresponding fields in Oracle Identity Manager during reconciliation. |
ext/csv.jar |
This file is a third-party library that is used to read comma-separated files. |
lib/PSFTBaseProvisioning.jar |
This JAR file contains the class files that are required for provisioning. |
lib/PSFTBaseReconciliation.jar |
This JAR file contains the class files that are used to implement full reconciliation. |
lib/peopleSoftUserMgmt.war |
This Web Archive (WAR) file contains the classes and configuration files required to implement incremental reconciliation. |
For PeopleTools 8.22, the following files in the PeopleCode/PT822 directory:
AddEmp.txt CurrencyCode.txt EmployeeId.txt LanguageCode.txt PermissionList.txt UserRoles.txt For PeopleTools 8.45 through 8.48, the following files in the AddEmp.txt CurrencyCode.txt EmployeeId.txt EmailType.txt LanguageCode.txt PermissionList.txt |
These files contain the PeopleCode for the steps that you define for the Application Engine program. Refer to the "Creating the Application Engine Program" section for details. |
For PeopleTools 8.22:
PeopleCode/PT822/UserMgmtCBRecon.txt For PeopleTools 8.45 through 8.47: PeopleCode/UserMgmtCBRecon_8.45-8.47.txt For PeopleTools 8.48: PeopleCode/UserMgmtCBRecon_8.48.txt |
This file contains the code that you must add to the PeopleCode for the SavePostChange event while performing the procedure described in the "Publishing the Message" section. |
For PeopleTools 8.22, the following file in the lib/ directory:
xliMsgPublisher.jar |
This JAR file contains the class file that transfers the XML messages generated by the PeopleTools 8.22 file handler to the connector. |
For PeopleTools 8.22, the following file in the scripts directory:
publish.bat |
This BAT file is a Microsoft Windows batch file that triggers the XML message transfer on a periodic basis. Refer to the "Configuring PeopleSoft Integration Broker" section for more information. |
For PeopleTools 8.22:
test/cbrecon/PT822/psft-xel-test.vbs For PeopleTools 8.45 through 8.48: test/cbrecon/psft-xel-test.vbs |
This VBScript file can be used to test the incremental reconciliation functionality of the connector by creating a dummy XML message similar to the ones created by PeopleSoft Enterprise Applications. |
For PeopleTools 8.22, the following files in the test/cbrecon/PT822 directory:
pingRequest.xml pingResponse.xml publishRequest.xml publishResponse.xml For PeopleTools 8.45 through 8.48, the following files in the pingRequest.xml pingResponse.xml publishRequest.xml publishResponse.xml |
These XML files are required by the psft-xel-test.vbs file for communicating with the connector by using XML over HTTP. |
For PeopleTools 8.22:
test/cbrecon/PT822/USR_MGMT_MSG.xml For PeopleTools 8.45 through 8.48: test/cbrecon/USR_MGMT_MSG.xml |
This XML file is used by the psft-xel-test.vbs file to define the template of the XML message that is received from the target system. |
test/config/config.properties |
This file is used to specify the parameters and settings required to connect to the target system by using the testing utility. |
test/config/log.properties |
This file is used to specify the log level and the directory in which the log file is to be created when you run the testing utility. |
test/scripts/psftBase.bat test/scripts/psftBase.sh |
The BAT file or UNIX shell script calls the testing utility when the Oracle Identity Manager server is running Microsoft Windows or UNIX, respectively. |
For PeopleTools 8.22, the files in the resources/PT822 directory
For PeopleTools 8.45 through 8.48, the files in the |
Each of these files contains locale-specific information that is used by the connector. |
For PeopleTools 8.22:
xml/PT822/PSFTBaseConnector.xml For PeopleTools 8.45 through 8.48: xml/PSFTBaseConnector.xml |
This XML file contains definitions for the following components of the connector:
|
For PeopleTools 8.22:
xml/PT822/PSFTBaseXellerateUser.xml For PeopleTools 8.45 through 8.48: xml/PSFTBaseXellerateUser.xml |
This XML file contains the configuration information for the Xellerate User resource object. You must import this file only if you plan to use the connector for trusted source reconciliation. |
The "Step 2: Copying the Connector Files and External Code Files" section provides instructions to copy these files into the required directories.
You can use the following method to determine the release number of a PeopleSoft User Management connector:
Extract the contents of the PSFTBaseReconciliation.jar file. This file is in the following directory on the installation media:
Enterprise Applications/PeopleSoft Enterprise Applications/PeopleSoft User Management/lib/ScheduleTask
Open the manifest.mf file in a text editor. The manifest.mf file is one of the files bundled inside the PSFTBaseReconciliation.jar file.
In the manifest.mf file, the release number of the connector is displayed as the value of the Version property.
|
 Copyright © 2009, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|
