Skip Headers
Oracle® Identity Manager Connector Guide for RSA ClearTrust
Release 9.0.4
Part Number E10440-03
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Feedback page
Contact Us
Go to previous page
Previous		 Go to next page
Next
View PDF

3 Configuring the Connector

After you deploy the connector, you must configure it to meet your requirements. This chapter discusses the following connector configuration procedures:

Note:

These sections provide both conceptual and procedural information about configuring the connector. It is recommended that you read the conceptual information before you perform the procedures.

3.1 Configuring Reconciliation

As mentioned earlier in this guide, reconciliation involves duplicating in Oracle Identity Manager the creation of and modifications to user accounts on the target system. This section discusses the following topics related to configuring reconciliation:

3.1.1 Configuring Trusted Source Reconciliation

While configuring the connector, the target system can be designated as a trusted source or a target resource. If you designate the target system as a trusted source, then both newly created and modified user accounts are reconciled in Oracle Identity Manager. If you designate the target system as a target resource, then only modified user accounts are reconciled in Oracle Identity Manager.

Note:

You can skip this section if you do not want to designate the target system as a trusted source for reconciliation.

Configuring trusted source reconciliation involves the following steps:

  1. Import the XML file for trusted source reconciliation, RSAClearTrustXLResourceObject.xml, by using the Deployment Manager. This section describes the procedure to import the XML file.

    Note:

    Only one target system can be designated as a trusted source. If you import the RSAClearTrustXLResourceObject.xml file while you have another trusted source configured, then both connector reconciliations would stop working.

  2. Set the TrustedSource scheduled task attribute to True. You specify a value for this attribute while configuring the user reconciliation scheduled task, which is described later in this guide.

To import the XML file for trusted source reconciliation:

  1. Open the Oracle Identity Manager Administrative and User Console.

  2. Click the Deployment Management link on the left navigation bar.

  3. Click the Import link under Deployment Management. A dialog box for opening files is displayed.

  4. Locate and open the XLICTXLResourceObject.xml file, which is in the OIM_HOME/xellerate/XLIntegrations/ClearTrust/xml directory. Details of this XML file are shown on the File Preview page.

  5. Click Add File. The Substitutions page is displayed.

  6. Click Next. The Confirmation page is displayed.

  7. Click Import.

  8. In the message that is displayed, click Import to confirm that you want to import the XML file and then click OK.

After you import the XML file for trusted source reconciliation, you must set the value of the Trusted Source Recon - Resource Object name reconciliation scheduled task attribute to Xellerate User. This procedure is described in the "Configuring the Reconciliation Scheduled Tasks" section.

3.1.2 Configuring System Properties

To configure system properties:

  1. Open the Oracle Identity Manager Design Console.

  2. Navigate to the System Configuration page.

  3. Check if there is an entry for "Default date format." If this entry is not there, then perform Step 4.

  4. Add a new entry in the Server category:

    • Name: Default date format

    • Keyword: XL.DefaultDateFormat

    • Value: yyyy/MM/dd hh:mm:ss z

  5. Click Save.

3.1.3 Configuring the Reconciliation Scheduled Tasks

When you perform the procedure described in "Step 4: Importing the Connector XML Files", the scheduled tasks for lookup fields and user reconciliations are automatically created in Oracle Identity Manager. To configure these scheduled tasks:

  1. Open the Oracle Identity Manager Design Console.

  2. Expand the Xellerate Administration folder.

  3. Select Task Scheduler.

  4. Click Find. The details of the predefined scheduled task are displayed.

  5. Enter a number in the Max Retries field. Oracle Identity Manager must attempt to complete the task before assigning the FAILED status to the task.

  6. Ensure that the Disabled and Stop Execution check boxes are not selected.

  7. In the Start region, double-click the Start Time field. From the date-time editor that is displayed, set the date and time at which you want the task to run.

  8. In the Interval region, set the following schedule parameters:

    • To set the task to run on a recurring basis, select the Daily, Weekly, Recurring Intervals, Monthly, or Yearly option.

      If you select the Recurring Intervals option, then you must also specify the time interval at which you want the task to run on a recurring basis.

    • To set the task to run only once, select the Once option.

  9. Provide values for the attributes of the ClearTrust Reconciliation Task scheduled task. Refer to the following table for information about the values to be specified.

    Attribute Description Sample Value
    Server Name of the IT Resource ClearTrust
    Target System CT Recon - Resource Object name Name of the target system parent resource object ClearTrust
    Trusted Source Recon - Resource Object name Name of the trusted source resource object Default value: false

    Specify trusted source resource object if you want to configure trusted source reconciliation.
    Paging Range Paging range to extract user accounts from the target system 10
    TrialRecNum Use this parameter if you only want to check connectivity with the target and reconcile a few records to ensure that reconciliation with the relevant target is working.

    Specify the number of records that you want to reconcile as the value of this parameter.

    		 3
    UseReconFieldMap If this attribute is set to true, the Client Customize reconciliation is activated and only the fields in the Attribute Name: CTReconciliationFields lookup are reconciled. Otherwise, all the available fields are reconciled. True
    CTReconciliationFields Name of the lookup definition that stores the reconciliation field data used in customized reconciliation Lookup.CTReconciliation.FieldMap
    Trusted Source Recon - Resource Object name Name of the trusted source resource object Default value: Xellerate User

    Specify false (in lowercase) if you do not want to configure trusted source reconciliation
    Date Format Format in which date values sent from the target system are to be saved during reconciliation

    The value that you specify must be the same as the value specified in the "Configuring System Properties" section.

    		 yyyy/MM/dd hh:mm:ss z

    See Also:

    Oracle Identity Manager Design Console Guide for information about adding and removing task attributes

  10. Click Save. The scheduled task is created. The INACTIVE status is displayed in the Status field, because the task is not currently running. The task is run at the date and time that you set in Step 7.

3.1.4 Enabling Reconciliation in Oracle Identity Manager Release 9.0.4

If you are using Oracle Identity Manager release 9.0.4, then you must perform the following procedure to enable reconciliation:

See Also:

Oracle Identity Manager Design Console Guide

  1. Open the Process Definition form for the ClearTrust User. This form is in the Process Management folder.

  2. Click the Reconciliation Field Mappings tab.

  3. For each field that is of the IT resource type:

    1. Double-click the field to open the Edit Reconciliation Field Mapping window for that field.

    2. Deselect Key Field for Reconciliation Matching.

3.2 Configuring Provisioning

As mentioned earlier in this guide, provisioning involves creating or modifying a user's account information on the target system through Oracle Identity Manager.

Note:

You must perform this procedure if you want to use the provisioning features of Oracle Identity Manager for this target system.

Adapters are used to implement provisioning functions. The following adapters are imported into Oracle Identity Manager when you import the connector XML file:

See Also:

The "Supported Functionality" section for a listing of the provisioning functions that are available with this connector

You must compile these adapters before they can be used in provisioning operations.

To compile adapters by using the Adapter Manager form:

  1. Open the Adapter Manager form.

  2. To compile all the adapters that you import into the current database, select Compile All.

    To compile multiple (but not all) adapters, select the adapters you want to compile. Then, select Compile Selected.

    Note:

    Click Compile Previously Failed to recompile only those adapters that were not compiled successfully. Such adapters do not have an OK compilation status.

  3. Click Start. Oracle Identity Manager compiles the selected adapters.

  4. If Oracle Identity Manager is installed in a clustered environment, then copy the compiled adapters from the OIM_HOME/xellerate/Adapter directory to the same directory on each of the other nodes of the cluster. If required, overwrite the adapter files on the other nodes.

If you want to compile one adapter at a time, then use the Adapter Factory form.

See Also:

Oracle Identity Manager Tools Reference Guide for information about using the Adapter Factory and Adapter Manager forms

To view detailed information about an adapter:

  1. Highlight the adapter in the Adapter Manager form.

  2. Double-click the row header of the adapter, or right-click the adapter.

  3. Select Launch Adapter from the shortcut menu that is displayed. Details of the adapter are displayed.

3.3 Configuring the Connector for Multiple Installations of the Target System

Note:

Perform this procedure only if you want to configure the connector for multiple installations of RSA ClearTrust.

You may want to configure the connector for multiple installations of RSA ClearTrust. The following example illustrates this requirement:

The Tokyo, London, and New York offices of Example Multinational Inc. have their own installations of RSA ClearTrust. The company has recently installed Oracle Identity Manager, and they want to configure Oracle Identity Manager to link all the installations of RSA ClearTrust.

To meet the requirement posed by such a scenario, you must configure the connector for multiple installations of RSA ClearTrust.

To configure the connector for multiple installations of the target system:

See Also:

Oracle Identity Manager Design Console Guide for detailed instructions on performing each step of this procedure

  1. Create and configure one IT resource for each target system installation.

    The IT Resources form is in the Resource Management folder. An IT resource is created when you import the connector XML file. You can use this IT resource as the template for creating the remaining IT resources, of the same resource type.

  2. Configure reconciliation for each target system installation. Refer to the "Configuring Reconciliation" section for instructions. Note that you need to modify only the attributes that are used to specify the IT resource and to specify whether or not the target system installation is to be set up as a trusted source.

    You can designate either a single or multiple installations of RSA ClearTrust as the trusted source.

  3. If required, modify the fields to be reconciled for the Xellerate User resource object.

When you use the Administrative and User Console to perform provisioning, you can specify the IT resource corresponding to the RSA ClearTrust installation to which you want to provision the user.

Go to previous page
Previous		 Go to next page
Next
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Feedback page
Contact Us