1 About the Connector

Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with third-party applications. This guide discusses the procedure to deploy the connector that is used to integrate Oracle Identity Manager with RSA ClearTrust.

This chapter contains the following sections:

• Reconciliation Module

• Provisioning Module

• Supported Functionality

• Multilanguage Support

• Files and Directories That Comprise the Connector

• Determining the Release Number of the Connector

Note:

In this guide, the term Oracle Identity Manager server refers to the computer on which Oracle Identity Manager is installed.

At some places in this guide, RSA ClearTrust has been referred to as the target system.

1.1 Reconciliation Module

Reconciliation involves duplicating in Oracle Identity Manager the creation of and modifications to user accounts on the target system. It is an automated process initiated by a scheduled task that you configure.

See Also:

The "Deployment Configurations of Oracle Identity Manager" section in Oracle Identity Manager Connector Concepts Guide for conceptual information about reconciliation configurations

1.1.1 Reconciled Resource Object Fields

The following target system fields are reconciled:

• UserID

• FirstName

• LastName

• EmailID

• StartDate

• EndDate

• PasswordExpDate

• IsPublic

• IsUserlocked

• PropertyName

• PropertyValue

• GroupName

You can customize the following reconciliation fields by setting the UseReconFieldMap attribute to true and adding their values in the Lookup.CTReconciliation.FieldMap lookup:

Note:

The userId and lastName fields are mandatory fields and, therefore, they must exist in the lookup.

• userId

• lastName

• islock

• firstName

• email

• startDate

• endDate

• pwdExpDate

• isPublic

• properties

• groups

1.1.2 Reconciled Xellerate User Fields

The following target system fields are reconciled only if trusted source reconciliation is implemented:

• UserID

• FirstName

• LastName

• Email

• Organization

• User Type

• Employee Type

1.2 Provisioning Module

Provisioning involves creating or modifying a user's account information on the target system through Oracle Identity Manager. You use the Oracle Identity Manager Administrative and User Console to perform provisioning operations.

See Also:

The "Deployment Configurations of Oracle Identity Manager" section in Oracle Identity Manager Connector Concepts Guide for conceptual information about provisioning

For this target system, the following fields are provisioned:

• User ID

• Password

• Password Expiration Date

• First Name

• Last Name

• Email Address

• Start Date

• End Date

• Lock User

• Is Public

• User Group Name

• Property Value

• Property Name

• Property Value (Date)

• Property Value (Boolean)

1.3 Supported Functionality

The following table lists the functions that are available with this connector.

Process Task	Type	Description
Create User	Provisioning	Creates a user
Delete User	Provisioning	Deletes a provisioned user
Disable User	Provisioning	Disables an existing user
Enable User	Provisioning	Enables a disabled user
Update User	Provisioning	Updates an existing user
Set Password	Provisioning	Sets a password when a user is first created in RSA ClearTrust
Change Password	Provisioning	Updates a user's password
Assign User to a Group	Provisioning	Assigns a user to a group in RSA ClearTrust To map an RSA ClearTrust group to Oracle Identity Manager: Open the Oracle Identity Manager Design Console. Expand the Xellerate Administration folder, and double-click Lookup Definition. The Lookup Definition page is displayed. On the Lookup Definition page, query for the CTGroups record. Click Add. A blank row is displayed on the Lookup Code Information tab. In the Code Key and Decode fields, enter the name of the RSA ClearTrust group. Then, enter en in the Language field and us in the Country field. Click Save on the Oracle Identity Manager toolbar. Repeat Steps 4 through 6 to map additional RSA ClearTrust groups to Oracle Identity Manager.
Remove User from a Group	Provisioning	Removes a user from a group
Assign a Default Group to the User	Provisioning	Assigns a default group to a user
Update User Property	Provisioning	Assigns or removes a property value If the RSA ClearTrust property type is Date, then the corresponding value for the property can be set only by using the Property Value (Date) field in the RSA ClearTrust User Properties form. If the RSA ClearTrust property type is Boolean, then the corresponding value for the property can be set only by using the Property Value (Boolean) check box in the ClearTrust User Properties form. To set the value of any other type of property, use the Property Value field.
Trusted Reconciliation for Login	Reconciliation	Creates Xellerate Login accounts with respect to reconciled logins from RSA ClearTrust
Create User	Reconciliation	Reconciles user accounts from RSA ClearTrust
Update User Property	Reconciliation	Reconciles user properties from RSA ClearTrust
Assign User to a Group	Reconciliation	Reconciles user-group association from RSA ClearTrust

1.4 Multilanguage Support

This release of the connector supports the following languages:

• Arabic

• Chinese Simplified

• Chinese Traditional

• Danish

• English

• French

• German

• Italian

• Japanese

• Korean

• Portuguese (Brazilian)

• Spanish

See Also:

Oracle Identity Manager Globalization Guide for information about supported special characters

1.5 Files and Directories That Comprise the Connector

The files and directories that comprise this connector are in the following directory on the installation media:

Web Access Control/RSA ClearTrust

These files and directories are listed in the Table 1-1.

Table 1-1 Files and Directories On the Installation Media

File in the Installation Media Directory	Description
lib/xliClearTrust.jar	This JAR file contains the Java classes that are required for provisioning.
lib/xliClearTrustRecon.jar	This JAR file contains the Java classes that are required to reconcile users from RSA ClearTrust.
Files in the resources directory	Each of these resource bundles contains language-specific information that is used by the connector. Note: A resource bundle is a file containing localized versions of the text strings that are displayed on the user interface of Oracle Identity Manager. These text strings include GUI element labels and messages displayed on the Administrative and User Console.
tests/config/config.properties	This file contains the properties that are used to connect to the RSA ClearTrust server.
tests/lib/xliClearTrustTest.jar	This JAR file contains the test classes that can be used to test the functionality of the connector.
xml/RSAClearTrustResourceObject.xml	These XML files contain definitions for the following components of the RSA ClearTrust connector: IT resource type Process form Process task and adapters (along with their mappings) Login resource object Provisioning process Pre-populate rules Reconciliation scheduled task and its attributes The adapter that is required to enable the AutoSave feature in the RSA ClearTrust provisioning process form
xml/RSAClearTrustXLResourceObject.xml	This file contains the configuration for the Xellerate User. You must import this file only if you plan to use the connector in trusted source reconciliation mode.

File in the Installation Media Directory	Description
lib/xliClearTrust.jar	This JAR file contains the Java classes that are required for provisioning.
lib/xliClearTrustRecon.jar	This JAR file contains the Java classes that are required to reconcile users from RSA ClearTrust.
Files in the resources directory	Each of these resource bundles contains language-specific information that is used by the connector. Note: A resource bundle is a file containing localized versions of the text strings that are displayed on the user interface of Oracle Identity Manager. These text strings include GUI element labels and messages displayed on the Administrative and User Console.
tests/config/config.properties	This file contains the properties that are used to connect to the RSA ClearTrust server.
tests/lib/xliClearTrustTest.jar	This JAR file contains the test classes that can be used to test the functionality of the connector.
xml/RSAClearTrustResourceObject.xml	These XML files contain definitions for the following components of the RSA ClearTrust connector: IT resource type Process form Process task and adapters (along with their mappings) Login resource object Provisioning process Pre-populate rules Reconciliation scheduled task and its attributes The adapter that is required to enable the AutoSave feature in the RSA ClearTrust provisioning process form
xml/RSAClearTrustXLResourceObject.xml	This file contains the configuration for the Xellerate User. You must import this file only if you plan to use the connector in trusted source reconciliation mode.

Note:

The files in the tests directory are used only to run tests on the connector.

The "Step 2: Copying the Connector Files and External Code Files" section provides instructions to copy these files into the required directories.

1.6 Determining the Release Number of the Connector

You can use the following method to determine the release number of the connector:

1. Extract the contents of the xliClearTrust.jar file. This file is in the following directory on the installation media:

   Web Access Control/RSA ClearTrust
   

2. Open the manifest.mf file in a text editor. The manifest.mf file is one of the files bundled inside the xliClearTrust.jar file.

   In the manifest.mf file, the release number of the connector is displayed as the value of the Version property.