Skip Headers
Oracle® Identity Manager Connector Guide for SAP Enterprise Portal
Release 9.0.4
Part Number E11211-03
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Feedback page
Contact Us
Go to previous page
Previous		 Go to next page
Next
View PDF

2 Deploying the Connector

Deploying the connector involves the following steps:

2.1 Verifying Deployment Requirements

The following table lists the deployment requirements for the connector.

Item Requirement
Oracle Identity Manager Oracle Identity Manager release 8.5.3.1 or later
Target systems SAP Enterprise Portal 7.0
Infrastructure requirements
  • SAP Enterprise Portal 7.0 running on SAP Web Application Server (WAS) 7.0

  • SAP User Management Engine (UME) 7.0 APIs must be available on the SAP Enterprise Portal 7.0

  • Apache Axis Web Services Framework 1.3
External code Apache Axis JAR files

These are listed in the "Files and Directories That Comprise the Connector" section.
Target system user account Create a user account, and assign the following roles to it:

  • super_admin_role

  • com.sap.pdk.JavaDeveloper

The second role gives the rights to deploy the agent on the target system. For this connector, the agent is the ConnectorService.par file.

The SAPUMLocation parameter of the IT resource holds information about this user account. See "Defining IT Resources" for information about this parameter.

If the specified roles are not assigned to this user account, then Oracle Identity Manager cannot connect to the target system.

2.2 Copying the Connector Files and External Code Files

The connector files to be copied and the directories to which you must copy them are given in the following table.

Note:

The connector files listed in the first column of this table are in the following directory on the installation media: 
Enterprise Applications/SAP Enterprise Portal

Refer to the "Files and Directories That Comprise the Connector" section for more information about these files.

Connector File Destination Directory
Files in the lib directory 
OIM_HOME/Xellerate/SAP_EP/lib
OIM_HOME/Xellerate/SAP_EP/JavaTasks

lib/SAPEPRecon.jar

OIM_HOME/Xellerate/ScheduleTask

par/ConnectorService.par
Refer to the "Deploying Web Services on the Target System" section.
Files in the resources directory 
OIM_HOME/xellerate/connectorResources
Files in the test directory 
OIM_HOME/Xellerate/SAP_EP/test
Files in the xml directory 
OIM_HOME/Xellerate/SAP_EP/xml
The axis.jar file from the Apache Web site at

http://ws.apache.org/axis

 
OIM_HOME/Xellerate/ThirdParty

Note:

While installing Oracle Identity Manager in a clustered environment, you copy the contents of the installation directory to each node of the cluster. Similarly, you must copy the contents of the connectorResources directory and the JAR files to the corresponding directories on each node of the cluster.

2.2.1 Downloading the Apache Axis JAR Files

Download the Apache Axis JAR files that are required for SOAP communication with the Web service running on the SAP Enterprise Portal 6.0 server. The version of Axis used is axis-1_3. You can download the JAR files from

http://ws.apache.org/axis/

You must copy these JAR files into the JavaTasks directory of Oracle Identity Manager. In a clustered environment, you must copy these JAR files into the JavaTasks directory of each node of the cluster.

2.3 Deploying Web Services on the Target System

To be able to use Web services with the SAP Enterprise Portal connector, you must deploy the ConnectorService.par file as follows:

  1. Log in to SAP Enterprise Portal as the administrator.

  2. Click the System Administration tab, the Support secondary tab, select Portal Runtime and then select Administration Console.

  3. In the Archive Uploader region, browse to the ConnectorService.par file, and then click Upload. After the file is uploaded, an INFO message is displayed.

  4. From the list in the Archive Deployment Checker region, select ConnectorService, and then click Refresh.

2.4 Configuring the Oracle Identity Manager Server

Configuring the Oracle Identity Manager server involves performing the following procedures:

Note:

In a clustered environment, you must perform this step on each node of the cluster.

2.4.1 Changing to the Required Input Locale

Changing to the required input locale (language and country setting) involves installing the required fonts and setting the required input locale.

You may require the assistance of the system administrator to change to the required input locale.

2.4.2 Clearing Content Related to Connector Resource Bundles from the Server Cache

While performing the instructions described in the "Copying the Connector Files and External Code Files" section, you copy files from the resources directory on the installation media into the OIM_HOME/xellerate/connectorResources directory. Whenever you add a new resource bundle in the connectorResources directory or make a change in an existing resource bundle, you must clear content related to connector resource bundles from the server cache.

To clear content related to connector resource bundles from the server cache:

  1. In a command window, change to the OIM_HOME/xellerate/bin directory.

    Note:

    You must perform Step 1 before you perform Step 2. An exception is thrown if you run the command described in Step 2 as follows: 
    OIM_HOME/xellerate/bin/batch_file_name

  2. Enter one of the following commands:

    • On Microsoft Windows:

      PurgeCache.bat ConnectorResourceBundle

    • On UNIX:

      PurgeCache.sh ConnectorResourceBundle

    Note:

    You can ignore the exception that is thrown when you perform Step 2.

    In this command, ConnectorResourceBundle is one of the content categories that you can remove from the server cache. Refer to the following file for information about the other content categories:

    OIM_HOME/xellerate/config/xlConfig.xml

2.4.3 Enabling Logging

When you enable logging, Oracle Identity Manager automatically stores in a log file information about events that occur during the course of provisioning and reconciliation operations. To specify the type of event for which you want logging to take place, you can set the log level to one of the following:

  • ALL

    This level enables logging for all events.

  • DEBUG

    This level enables logging of information about fine-grained events that are useful for debugging.

  • INFO

    This level enables logging of messages that highlight the progress of the application at a coarse-grained level.

  • WARN

    This level enables logging of information about potentially harmful situations.

  • ERROR

    This level enables logging of information about error events that may allow the application to continue running.

  • FATAL

    This level enables logging of information about very severe error events that could cause the application to stop functioning.

  • OFF

    This level disables logging for all events.

The file in which you set the log level and the log file path depend on the application server that you use:

  • Oracle WebLogic Server

    To enable logging:

    1. Add the following lines in the OIM_HOME/xellerate/config/log.properties file:

      log4j.logger.XELLERATE=log_level
log4j.logger.XL_INTG.SAPEPCONNECTOR=log_level

    2. In these lines, replace log_level with the log level that you want to set.

      For example:

      log4j.logger.XELLERATE=INFO
log4j.logger.XL_INTG.SAPEPCONNECTOR=INFO

    After you enable logging, the log information is written to the following file:

    WEBLOGIC_HOME/user_projects/domains/domain_name/server_name/server_name.log

  • IBM WebSphere Application Server

    To enable logging:

    1. Add the following lines in the OIM_HOME/xellerate/config/log.properties file:

      log4j.logger.XELLERATE=log_level
log4j.logger.XL_INTG.SAPEPCONNECTOR=log_level

    2. In these lines, replace log_level with the log level that you want to set.

      For example:

      log4j.logger.XELLERATE=INFO
log4j.logger.XL_INTG.SAPEPCONNECTOR=INFO

    After you enable logging, the log information is written to the following file:

    WEBSPHERE_HOME/AppServer/logs/server_name/startServer.log

  • JBoss Application Server

    To enable logging:

    1. In the JBOSS_HOME/server/default/conf/log4j.xml file, locate or add the following lines:

      <category name="XELLERATE">
   <priority value="log_level"/>
</category>

      <category name="XL_INTG.SAPEPCONNECTOR">
   <priority value="log_level"/>
</category>

    2. In the second XML code line of each set, replace log_level with the log level that you want to set. For example:

      <category name="XELLERATE">
   <priority value="INFO"/>
</category>

      <category name="XL_INTG.SAPEPCONNECTOR">
   <priority value="INFO"/>
</category>

    After you enable logging, the log information is written to the following file:

    JBOSS_HOME/server/default/log/server.log

  • Oracle Application Server

    To enable logging:

    1. Add the following lines in the OIM_HOME/xellerate/config/log.properties file:

      log4j.logger.XELLERATE=log_level
log4j.logger.XL_INTG.SAPEPCONNECTOR=log_level

    2. In these lines, replace log_level with the log level that you want to set.

      For example:

      log4j.logger.XELLERATE=INFO
log4j.logger.XL_INTG.SAPEPCONNECTOR=INFO

    After you enable logging, the log information is written to the following file:

    OAS_HOME/opmn/logs/default_group~home~default_group~1.log

2.5 Importing the Connector XML File

As mentioned in the "Files and Directories That Comprise the Connector" section, the connector XML file contains definitions of the components of the connector. By importing the connector XML file, you create these components in Oracle Identity Manager.

To import the connector XML file into Oracle Identity Manager:

  1. Open the Oracle Identity Manager Administrative and User Console.

  2. Click the Deployment Management link on the left navigation bar.

  3. Click the Import link under Deployment Management. A dialog box for opening files is displayed.

  4. Locate and open the SAPEPResourceObject.xml file, which is in the OIM_HOME/Xellerate/xml directory. Details of this XML file are shown on the File Preview page.

    Note:

    The connector version is also displayed on this page.

  5. Click Add File. The Substitutions page is displayed.

  6. Click Next. The Confirmation page is displayed.

  7. Click Next. The Provide IT Resource Instance Data page for the SAP EP IT Resource IT resource is displayed.

  8. Specify values for the parameters of the SAP EP IT Resource IT resource. Refer to the "Defining IT Resources" section for information about the values to be specified.

  9. If you want to configure the connector for another instance of the target system, then:

    1. Click Next. The Provide IT Resource Instance Data page for a new instance of the SAP EP IT Resource IT resource type is displayed.

    2. To define an IT resource for the next instance of the target system, first assign a name to the new IT resource on this page. Then, refer to the "Defining IT Resources" section for information about the values to be specified for the parameters of the new IT resource.

    Repeat Steps a and b for the remaining instances of the target system.

    See Also:

    Oracle Identity Manager Tools Reference Guide

  10. Click Skip after you define IT resources for all the instances of the target system. The Confirmation page is displayed.

    See Also:

    If you want to define another IT resource, then refer to Oracle Identity Manager Administrative and User Console Guide for instructions.

  11. Click View Selections.

    The contents of the XML file are displayed on the Import page. You may see a cross-shaped icon along with some nodes. These nodes represent Oracle Identity Manager entities that are redundant. Before you import the connector XML file, you must remove these entities by right-clicking each node and then selecting Remove.

  12. Click Import. The connector XML file is imported into Oracle Identity Manager.

After you import the connector XML file, proceed to the "Configuring the SAP Change Password Function" section.

2.5.1 Defining IT Resources

You must specify values for the SAP EP IT resource parameters listed in the following table.

Parameter Description
TimeStamp For the first reconciliation run, the time-stamp value is not set. For subsequent rounds of reconciliation, the time at which the previous round of reconciliation was completed is stored in this parameter.

The following are sample timestamp values:

  • English: Jun 01, 2006 at 10:00:00 GMT+05:30

  • French: juil. 01, 2006 at 10:00:00 GMT+05:30

  • Japanese: 6 01, 2006 at 10:00:00 GMT+05:30
WSDLLocation This parameter holds the location of the WSDL URL, where the Web service is running in SAP Enterprise Portal 6.0.

For example:

To determine the WSDL URL:

  1. Log in to SAP EP as an administrator.

  2. Click the System Administration tab.

  3. Click the Support tab.

  4. Select Portal Runtime in the Top Level Areas region.

    The Portal Support Desk: Portal Runtime page is displayed.

  5. On this page, click SOAP Admin in the Test and Configuration Tools region.

    The SOAP Administration page is displayed.

  6. On this page, select Web Services.

    All the Web Services are displayed.

  7. Click com.sap.portal.prt.soap.ConnectorService.

    All the WSDL files are displayed.

  8. Click the Present link next to RPC Literal.

    An XML file is opened.

  9. In the XML file, search for the tag that starts with the following text:

    <soap:address location=

    This tag holds the WSDL URL of the Web service. For example:

    <soap:address location="http://mlbpsap02:50000/irj/servlet/prt/soap/com.sap.portal.prt.soap.ConnectorService?style=rpc_lit" />

  10. Enter the WSDL URL as the value of the WSDLLocation parameter.
SOAPAdminUserID User ID of the admin user account that the connector uses to login to the target system.

Sample value: admin
SOAPAdminPassword Password of the admin user account that the connector uses to login to the target system.

After you specify values for these IT resource parameters, proceed to Step 9 of the procedure to import connector XML files.

2.6 Configuring the SAP Change Password Function

You can configure the Change Password function to modify password behavior in scenarios such as when a user profile on the target system gets locked or expires. For such scenarios, you can configure the system so that the administrator is not able to reset the password for a locked or expired user profile. This helps prevent discrepancies between data in Oracle Identity Manager and the target system.

To configure the Change Password function:

See Also:

Oracle Identity Manager Design Console Guide

  1. Open the Oracle Identity Manager Design Console.

  2. Expand the Process Management folder.

  3. Open the Process Definition form.

  4. Select the SAP EP Process process definition.

  5. Double-click the Password Updated task.

  6. On the Integration tab, specify values for the following parameters:

    • ValidityChange: You can specify either true or false.

      • True: If the user's validity period has expired, then it is extended to the date specified in the ValidTo parameter.

      • False: If the user's validity period has expired, then it does not extend the validity and the user's password cannot be changed.

    • lockChange: You can specify either true or false.

      • True: If the user is locked but not by the administrator, then the user is unlocked before the change of password. If the user is locked by the administrator, then the password cannot be changed.

      • False: If the user is locked, then the password cannot be changed.

    • ValidTo: Date to which the user's validity must be extended. The date format must be as follows:

      Apr 1 10 11:18:29 AM

      If this field is left empty, then the value is set to 1970-01-01, which is the default date.

      Note:

      The values specified are case-sensitive and must match the case in the SAP system.

2.7 Configuring SSL to Secure Communication Between Oracle Identity Manager and the Target System

This section discusses the following topics:

2.7.1 Configuring the Target System for SSL

For instructions on configuring the target system for SSL, visit the SAP Web site at

http://help.sap.com/erp2005_ehp_04/helpdata/DE/a6/98f73dbc570302e10000000a114084/frameset.htm

2.7.2 Configuring Oracle Identity Manager for SSL

Configuring Oracle Identity Manager for SSL involves importing the certificate that was created on the target system. To import the certificate:

  1. Copy the certificate of the target system into the JAVA_HOME/lib/security directory of the Oracle Identity Manager host computer.

  2. In a terminal window, change to the JAVA_HOME/bin directory, and then run the following command:

    keytool -import -alias ALIAS -file CERT_FILE_NAME -trustcacerts -keystore MY_CACERTS -storepass PASSWORD

    In this command:

    • ALIAS is the alias for the certificate.

    • CERT_FILE_NAME is the complete name and path of the certificate.

    • MY_CACERTS is the full path and name of the certificate store.

    • PASSWORD is the keystore password.

    The following is a sample command:

    keytool -import -alias sapep_trusted_cert -file JAVA_HOME/lib/security/globalsv.crt -trustcacerts -keystore JAVA_HOME/lib/security/cacerts -storepass changeit
Go to previous page
Previous		 Go to next page
Next
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Feedback page
Contact Us