2 Deploying the Connector

The procedure to deploy the connector can be divided into the following stages:

• Section 2.1, "Preinstallation"

• Section 2.2, "Installation"

• Section 2.3, "Postinstallation"

2.1 Preinstallation

Preinstallation information is divided across the following sections:

• Section 2.1.1, "Preinstallation on Oracle Identity Manager"

• Section 2.1.2, "Preinstallation on the Target System"

2.1.1 Preinstallation on Oracle Identity Manager

This section contains the following topics:

• Section 2.1.1.1, "Files and Directories on the Installation Media"

• Section 2.1.1.2, "Determining the Release Number of the Connector"

• Section 2.1.1.3, "Using External Code Files"

2.1.1.1 Files and Directories on the Installation Media

Table 2-1 lists the files and directories on the installation media.

Table 2-1 Files and Directories on the Installation Media

File in the Installation Media Directory	Description
config/ebsUMQuery.properties	This file contains SQL queries that are used for target resource reconciliation.
config/ebsUMLookupQuery.properties	This file contains SQL queries that are used for lookup field synchronization.
Files in the configuration directory Oracle_EBS_User-Management-CI.xml Oracle_EBS_User-HRMS-Management-CI.xml Oracle_EBS_User-TCA-Management-CI.xml	This directory contains the configuration files that are used by the Connector Installer during installation of each connector.
lib/EBSUM.jar	This JAR file contains the class files that are used during reconciliation and provisioning operations.
lib/EBSCommon.jar	This JAR file contains utility classes that support provisioning and reconciliation operations.
lib/Common.jar	This JAR file contains classes that are used by all release 9.1.0 connectors.
Files in the resources directory	Each of these resource bundles contains language-specific information that is used by the connector. During connector deployment, this file is copied into the following directories: OIM_HOME/xellerate/connectorResources Note: A resource bundle is a file containing localized versions of the text strings that are displayed on the user interface of Oracle Identity Manager. These text strings include GUI element labels and messages displayed on the Administrative and User Console.
scripts/OIM.bat scripts/OIM.sh	This file contains commands to run the SQL scripts for creating a target system user and granting the required rights to the user. See Section 2.1.2.1, "Creating a Target System User Account for Connector Operations" for more information about this user.
scripts/OIM_FND_GLOBAL.pck	This is the customized apps.fnd_global package.
scripts/OIM_FND_USER_PKG.pck	This is the customized apps.fnd_user package.
scripts/OIM_EMPLOYEE_WRAPPER.pck	This is a customized wrapper package for creating and updating employee records.
scripts/OIM_TCA_WRAPPER.pck	This is a customized wrapper package for creating and updating party records.
scripts/OimUser.sql scripts/OimUserGrants.sql scripts/OimUserSynonyms.sql	These file contains the SQL scripts to create a target system user account in a new tablespace, grant the required rights to the user, and create synonyms of various database objects to be used by the connector. See Section 2.1.2.1, "Creating a Target System User Account for Connector Operations" for more information about this user.
scripts/WL_LOCAL_SYNCH_PKG.pck	This is the customized version of the apps.wf_local_synch package. It is used for role management.
test/config/config_um_prov.properties	This properties file contains data that is used by the testing utility. See Section 5.1, "Running Test Cases" for more information.
test/config/config_um_prov_fileOption.properties	This properties file contains data that is used by the testing utility. See Section 5.1, "Running Test Cases" for more information.
test/config/log.properties	This file contains properties that you use to enable log4j logging.
test/scripts/OracleEbiz.bat test/scripts/OracleEbiz.sh	This file is used to run the testing utility.
xml/Oracle-eBusinessSuite-Main-ConnectorConfig.xml	This XML file contains configuration information about the User Management connector. The Connector Installer uses this XML file to create connector components that are used for both direct and request-based user account creation.
xml/Oracle-eBusinessSuite-HRMS-Main-ConnectorConfig.xml	This XML file contains configuration information about the User Management with HR Foundation connector. The Connector Installer uses this XML file to create connector components that are used for both direct and request-based creation of user records and person records.
xml/Oracle-eBusinessSuite-TCA-Main-ConnectorConfig.xml	This XML file contains configuration information about the User Management with TCA Foundation connector. The Connector Installer uses this XML file to create connector components that are used for both request-based creation of user records and TCA party records.
xml/Oracle-eBusinessSuite-HRMS-RequestApproval-ConnectorConfig.xml	This XML file is used for request-based entitlement provisioning in the User Management with HR Foundation connector.
xml/Oracle-eBusinessSuite-RequestApproval-ConnectorConfig.xml	This XML file is used for request-based entitlement provisioning in the User Management connector.
xml/Oracle-eBusinessSuite-TCA-RequestApproval-ConnectorConfig.xml	This XML file is used for request-based entitlement provisioning in the User Management with TCA Foundation connector.

2.1.1.2 Determining the Release Number of the Connector

You might have a deployment of an earlier release of the connector. While deploying the latest release, you might want to know the release number of the earlier release. To determine the release number of the connector that has already been deployed:

1. In a temporary directory, extract the contents of the connector JAR file that is in the OIM_HOME/xellerate/JavaTasks directory.

2. Open the Manifest.mf file in a text editor. The Manifest.mf file is one of the files bundled inside the connector JAR file.

   In the Manifest.mf file, the release number of the connector is displayed as the value of the Version property.

2.1.1.3 Using External Code Files

If Oracle Identity Manager is using Microsoft SQL Server, then:

1. Copy the JDBC class library (classes12.jar or ojdbc14.jar) file from the Oracle home directory on the target system host computer. For example, if the target system is using Oracle9i Database, then you can copy the file from the ORACLE_HOME/ora92/jdbc/lib directory.

2. Paste the file into the OIM_HOME/xellerate/ThirdParty directory.

3. Add OIM_HOME/xellerate/ext/ojdbc14.jar in the classpath of the application server.

   If your Oracle Identity Manager installation is running on Oracle WebLogic Server, then:

   1. Open the following file in a text editor:

      ORACLE_HOME/user_projects/domains/DOMAIN_NAME/bin/startWebLogic.sh (or startWebLogic.cmd) file

   2. Search for the following line in the file:

      On Microsoft Windows:

      set SAVE_JAVA_OPTIONS=%JAVA_OPTIONS%
      

      On UNIX:

      SAVE_JAVA_OPTIONS="${JAVA_OPTIONS}"
      

   3. Add the following line immediately after the line given in the preceding step:

      Note:

      Replace FULL_PATH_TO_ojdbc14.jar with the full path to the ojdbc14.jar file.

      On Microsoft Windows:

      set CLASSPATH=FULL_PATH_TO_ojdbc14.jar;%CLASSPATH%
      

      On UNIX:

      CLASSPATH=FULL_PATH_TO_ojdbc14.jar:$CLASSPATH
      export CLASSPATH
      

   4. Save and close the file.

2.1.2 Preinstallation on the Target System

Preinstallation on the target system involves performing the procedure described in the following sections:

• Section 2.1.2.1, "Creating a Target System User Account for Connector Operations"

• Section 2.1.2.2, "Compiling Custom Wrapper Packages"

• Section 2.1.2.3, "Setting the Employee Number Creation Mode"

2.1.2.1 Creating a Target System User Account for Connector Operations

Note:

You must have DBA privileges to grant the required permissions to the target system user account.

You must have Oracle Client installed on the computer on which you perform the procedure described in this section. The Oracle Client release must be the same as the database release. In addition, if Oracle Client is not installed on the database host computer, then the tnsnames.ora file on the Oracle Client host must contain an entry for the SID of the database.

Oracle Identity Manager requires a target system user account to access the target system during connector operations. You provide the credentials of this user account while performing the procedure described in Section 2.3.3.6, "Configuring the IT Resource".

To create a target system user account for connector operations:

1. Copy the scripts directory from the installation media to a temporary directory on either the target system server or to a computer on which the Oracle Database client has been installed.

2. On the computer where you copy the scripts directory, verify that there is a TNS entry in the tnsnames.ora file for the target system database.

3. Depending on the host platform, run either the OIM.sh or OIM.bat file.

4. When you run the script, you are prompted for the following information:

   • ORACLE_HOME path

     This prompt is displayed only if the ORACLE_HOME environment variable has not been set on the computer on which you are running the script.

   • Enter the system user name

     Enter the login (user name) of a DBA account with the privileges to create and configure a new target system user.

   • Enter the name of the database

     Enter the connection string or service name given in the tnsnames.ora file to connect to the target system database.

   • Enter the name of the tablespace to be created

     Enter a name for the tablespace to be created for the user.

   • Enter the name of the datafile to be created

     Enter a name for the datafile to be created for the user.

   • Enter the path for the datafile to be created

     Enter the path where the datafile must be created. The path is relative to the repository of the directory in which the target system is installed. If you do not enter a value at this prompt, then the default directory is created.

   • Enter New database Username to be created

     Enter a user name for the target system account that you want to create.

   • Enter the New user password

     Enter a password for the target system account that you want to create.

   • Connecting with APPS User

     Enter the password of the APPS User that can grant the required privileges to the target system account that you want to create.

   • Connecting with newly created database user

     Enter the connection string or service name that you provided earlier.

At the end of the operation, a log file (OIM_APPS_USER.log) is created in the scripts directory. If the user is successfully created, then a message to this effect is recorded in the log file.

During the account creation process, the following privileges are granted to the account:

Note:

The OimUserGrants.sql file contains commands to grant these permissions.

SELECT, UPDATE ON APPS.FND_USER

SELECT, UPDATE ON APPS.HZ_PARTIES

SELECT, UPDATE ON APPS.HZ_PERSON_PROFILES

SELECT ON APPS.FND_APPLICATION

SELECT ON APPS.FND_RESPONSIBILITY

SELECT ON APPS.FND_RESPONSIBILITY_TL

SELECT ON APPS.FND_RESPONSIBILITY_VL

SELECT ON APPS.FND_USER_RESP_GROUPS_DIRECT

SELECT ON APPS. PER_ALL_PEOPLE_F

SELECT ON APPS.FND_APPLICATION_TL

SELECT ON APPS.WF_LOCAL_USER_ROLES

SELECT ON APPS.WF_USER_ROLES

EXECUTE ON APPS.FND_USER_PKG

EXECUTE ON APPS.OIM_FND_USER_PKG

EXECUTE ON APPS.FND_GLOBAL

EXECUTE ON APPS.OIM_FND_GLOBAL

EXECUTE ON APPS.HR_EMPLOYEE_API

EXECUTE ON APPS.HR_PERSON_API

EXECUTE ON APPS.WF_LOCAL_SYNCH.PROPAGATEUSERROLE

EXECUTE ON APPS.OIM_EMPLOYEE_WRAPPER

EXECUTE ON APPS.OIM_EMPLOYEE_WRAPPER_PKG

EXECUTE ON APPS.OIM_TCA_WRAPPER

EXECUTE ON APPS.OIM_TCA_WRAPPER_PKG

EXECUTE ON APPS.FND_OID_USERS

CREATE SESSION

CREATE SYNONYM

2.1.2.2 Compiling Custom Wrapper Packages

The following custom wrapper packages are used during the Person Create and Update operations:

• OIM_EMPLOYEE_WRAPPER

• OIM_TCA_WRAPPER

If you plan to use the APPS account for reconciliation and provisioning operations, then:

Note:

Do not perform these steps if you plan to use the account described in Section 2.1.2.1, "Creating a Target System User Account for Connector Operations".

1. Copy the packages from the scripts directory on the installation media into a directory on the target system host computer.

2. Log in to the database by using the account that you create as described in Section 2.1.2.1, "Creating a Target System User Account for Connector Operations".

3. Run the following commands at the SQL prompt:

   Note:

   See Section 2.1.1.1, "Files and Directories on the Installation Media" for information about the location of the packages containing these SQL scripts.

   @<DIRECTORY_PATH_WHERE_THE_PACKAGES_ARE_SAVED>/OIM_EMPLOYEE_WRAPPER.pck
   @<DIRECTORY_PATH_WHERE_THE_PACKAGES_ARE_SAVED>/OIM_TCA_WRAPPER.pck
   @<DIRECTORY_PATH_WHERE_THE_PACKAGES_ARE_SAVED>/OimUserSynonyms.sql
   

2.1.2.3 Setting the Employee Number Creation Mode

Note:

Perform the procedure described in this section only if you plan to use the User Management with HR Foundation connector.

If you plan to use the User Management with HR Foundation connector, then the target system must be configured to manual mode for generating employee numbers. By default, employee numbers are automatically generated. To set the employee number generation mode to manual:

1. Log in to the target system.

2. Select the Oracle E-Business HRMS responsibility. For example: Human Resource Vision Enterprise.

3. Navigate to Workstructures > Organization > Description.

4. Search for and select the business group,

5. Click Others.

6. Select Business Group Info from the list of values.

7. Open the flexfield to view the setting for employee number generation

8. Set the value of Employee Number Generation to Manual.

9. Click OK.

2.2 Installation

Installing the connector on Oracle Identity Manager release 9.1.0 or later involves the following procedures:

Note:

You can perform these procedures to install each connector, in any order.

• Section 2.2.1, "Running the Connector Installer"

• Section 2.2.2, "Copying Files to the Oracle Identity Manager Host Computer"

2.2.1 Running the Connector Installer

Note:

In this guide, the term Connector Installer has been used to refer to the Connector Installer feature of the Oracle Identity Manager Administrative and User Console.

Direct provisioning is automatically enabled after you run the Connector Installer. If required, you can enable request-based provisioning in the connector. Direct provisioning is automatically disabled when you enable request-based provisioning. See Section 2.3.3.1, "Enabling Request-Based Provisioning of Entitlements" if you want to use the request-based provisioning feature for this target system.

To run the Connector Installer:

1. Copy the contents of the connector installation media into the following directory:

   OIM_HOME/xellerate/ConnectorDefaultDirectory

2. Log in to the Administrative and User Console by using the user account described in the "Creating the User Account for Installing Connectors" section of Oracle Identity Manager Administrative and User Console Guide.

3. Click Deployment Management, and then click Install Connector.

4. The Connector List list displays the names and release numbers of connectors whose installation files you copy into the default connector installation directory.

   OIM_HOME/xellerate/ConnectorDefaultDirectory

   You can select one of the following options:

   • For the User Management connector:

     Oracle EBS User Management 9.1.0.0

   • For the User Management with HR Foundation connector:

     Oracle EBS HR Foundation User Management 9.1.0.0

   • For the User Management with TCA Foundation connector:

     Oracle EBS TCA Foundation User Management 9.1.0.0

   If you have copied the installation files into a different directory, then:

   1. In the Alternative Directory field, enter the full path and name of that directory.

   2. To repopulate the list of connectors in the Connector List list, click Refresh.

   3. From the Connector List list, select the connector that you want to install.

5. Click Load. The following screenshot shows this page:

   
   

6. To start the installation process, click Continue.

   The following tasks are performed in sequence:

   1. Configuration of connector libraries

   2. Import of the connector Target Resource user configuration XML file (by using the Deployment Manager).

   3. Compilation of adapters

   On successful completion of a task, a check mark is displayed for the task. If a task fails, then an X mark and a message stating the reason for failure are displayed. Depending on the reason for the failure, make the required correction and then perform one of the following steps:

   • Retry the installation by clicking Retry.

   • Cancel the installation and begin again from Step 1.

7. If all three tasks of the connector installation process are successful, then a message indicating successful installation is displayed. The following screenshot shows this page:

   
   

   In addition, a list of steps that you must perform after the installation is displayed. These steps are as follows:

   1. Ensuring that the prerequisites for using the connector are addressed

      Note:

      At this stage, run the PurgeCache utility to load the server cache with content from the connector resource bundle in order to view the list of prerequisites. See Section 2.3.3.3, "Clearing Content Related to Connector Resource Bundles from the Server Cache" for information about running the PurgeCache utility.

      The prerequisites for this connector are also described later in this guide.

   2. Configuring the IT resource for the connector

      Record the name of the IT resource displayed on this page. The procedure to configure the IT resource is described later in this guide.

   3. Configuring the scheduled tasks that are created when you installed the connector

      Record the names of the scheduled tasks displayed on this page. The procedure to configure these scheduled tasks is described later in this guide.

When you run the Connector Installer, it copies the connector files and external code files to destination directories on the Oracle Identity Manager host computer. These files are listed in Table 2-1.

Installing the Connector in an Oracle Identity Manager Cluster

While installing Oracle Identity Manager in a clustered environment, you must copy all the JAR files and the contents of the connectorResources directory into the corresponding directories on each node of the cluster. See Section 2.1.1.1, "Files and Directories on the Installation Media" for information about the files that you must copy and their destination locations on the Oracle Identity Manager server.

2.2.2 Copying Files to the Oracle Identity Manager Host Computer

After you run the Connector Installer, you must manually copy the files listed in Table 2-2.

Table 2-2 Files to Be Copied to the Oracle Identity Manager Host Computer

Files on the Installation Media	Destination Directory on the Oracle Identity Manager Host Computer
Files in the config directory	OIM_HOME/xellerate/XLintegrations/EBSUM/config Note: You must create the EBSUM/config directory.
Files in the test/config directory	OIM_HOME/xellerate/XLintegrations/EBSUM/config
Files in the test/scripts directory	OIM_HOME/xellerate/XLintegrations/EBSUM/scripts Note: You must create the EBSUM/scripts directory.

2.3 Postinstallation

Postinstallation steps are divided across the following sections:

• Section 2.3.1, "Configuring SoD"

• Section 2.3.2, "Configuring Secure Communication Between the Target System and Oracle Identity Manager"

• Section 2.3.3, "Postinstallation on Oracle Identity Manager"

2.3.1 Configuring SoD

This section discusses the following procedures:

• Section 2.3.1.1, "Configuring the Oracle Applications Access Controls Governor to Act As the SoD Engine"

• Section 2.3.1.2, "Specify a Value for the TopologyName IT Resource Parameter"

• Section 2.3.1.3, "Disabling and Enabling SoD"

Note:

The ALL USERS group has INSERT, UPDATE, and DELETE permissions on the UD_EBS_USER, UD_EBS_RESP, UD_EBS_RLS, UD_EBSH_USR, UD_EBSH_RSP, UD_EBST_RLS, UD_EBST_USR, UD_EBST_RSP, and UD_EBST_RLS process forms. This is required to enable the following process:

During SoD validation of an entitlement request, data first moves from a dummy object form to a dummy process form. From there, data is sent to the SoD engine for validation. If the request clears the SoD validation, then data is moved from the dummy process form to the actual process form. Because the data is moved to the actual process forms through APIs, the ALL USERS group must have INSERT, UPDATE, and DELETE permissions on the three process forms.

2.3.1.1 Configuring the Oracle Applications Access Controls Governor to Act As the SoD Engine

See the "Configuring Oracle Application Access Controls Governor" section in the "Segregation of Duties (SoD) in Oracle Identity Manager" chapter in Oracle Identity Manager Tools Reference for Release 9.1.0.2 for information about this procedure.

2.3.1.2 Specify a Value for the TopologyName IT Resource Parameter

The TopologyName IT resource parameter holds the name of the combination of the following elements that you want to use for SoD validation of entitlement provisioning operations:

• Oracle Identity Manager installation

• Oracle Applications Access Controls Governor installation

• Oracle E-Business Suite installation

The value that you specify for the TopologyName parameter must be the same as the value of the topologyName element in the SILConfig.xml file. See the "Segregation of Duties (SoD) in Oracle Identity Manager" chapter in Oracle Identity Manager Tools Reference for Release 9.1.0.2 for information about this element.

See Section 2.3.3.6, "Configuring the IT Resource" section for information about specifying values for parameters of the IT resource.

2.3.1.3 Disabling and Enabling SoD

This section describes the procedures to disable and enable SoD.

To disable SoD:

Note:

The SoD feature is disabled by default. Perform the following procedure only if the SoD feature is currently enabled and you want to disable it.

1. Log in to the Design Console.

2. Set the XL.SoDCheckRequired system property to FALSE as follows:

   1. Expand Administration, and double-click System Configuration.

   2. Search for and open the XL.SoDCheckRequired system property.

   3. Set the value of the system property to FALSE. The following screenshot shows this page:

      
      

      Note:

      You need not change the values of the XL.SIL.Home.Dir and Triggers Synchronous SoD checks offline system properties.

   4. Click the Save icon.

   5. If you are going to perform the procedure described in Section 2.3.3.1, "Enabling Request-Based Provisioning of Entitlements", then for all approval process definitions, the human approval tasks must be made unconditional as follows:

      • On the Design Console.

      • Expand Process Management, and then double-click Process Definition.

      • Search for and open the approval-type process definition for the connector that you are using. See Section 4.6, "Configuring the Connector for Multiple Installations of the Target System" for information about the connector objects.

      • On the Task tab, search for the Manager Approval task.

      • Make this task unconditional by deselecting the Conditional check box. See the following screenshot:

        
        

      • Save the changes to the process definition.

3. Restart Oracle Identity Manager.

To enable SoD:

Note:

If you are enabling SoD for the first time, then see Oracle Identity Manager Readme for Release 9.1.0.2 for detailed information.

1. Log in to the Design Console.

2. Expand Administration, and double-click System Configuration.

3. Set the XL.SoDCheckRequired system property to TRUE as follows:

   1. Search for and open the XL.SoDCheckRequired system property.

   2. Set the value of the system property to TRUE. The following screenshot shows this page:

      
      

   3. Click the Save icon.

4. Search for and open the XL.SIL.Home.Dir system property. Verify that the value of this system property is set to the full path and name of the SIL_HOME directory.

5. If you are going to perform the procedure described in Section 2.3.3.1, "Enabling Request-Based Provisioning of Entitlements", then for all approval process definitions, the human approval tasks must be made conditional as follows:

   • On the Design Console.

   • Expand Process Management, and then double-click Process Definition.

   • Search for and open the approval-type process definition for the connector that you are using. See Section 4.6, "Configuring the Connector for Multiple Installations of the Target System" for information about the connector objects.

   • On the Task tab, search for the Manager Approval task.

   • Make this task conditional by selecting the Conditional check box. See the following screenshot:

     
     

   • Save the changes to the process definition.

6. Restart Oracle Identity Manager.

2.3.2 Configuring Secure Communication Between the Target System and Oracle Identity Manager

To secure communication between Oracle Database and Oracle Identity Manager, you can perform either one or both of the following procedures:

Note:

To perform the procedures described in this section, you must have the permissions required to modify the TNS listener configuration file.

• Section 2.3.2.1, "Configuring Data Encryption and Integrity in Oracle Database"

• Section 2.3.2.2, "Configuring SSL Communication in Oracle Database"

2.3.2.1 Configuring Data Encryption and Integrity in Oracle Database

See Oracle Database Advanced Security Administrator's Guide for information about configuring data encryption and integrity.

2.3.2.2 Configuring SSL Communication in Oracle Database

To enable SSL communication between Oracle Database and Oracle Identity Manager:

1. See Oracle Database Advanced Security Administrator's Guide for information about enabling SSL communication between Oracle Database and Oracle Identity Manager.

2. Export the certificate on the Oracle Database host computer.

3. Copy the certificate to Oracle Identity Manager.

4. Import the certificate into the JVM certificate store of the application server on which Oracle Identity Manager is running.

   To import the certificate into the certificate store, run the following command:

   keytool -import -file FILE_LOCATION -keystore TRUSTSTORE_LOCATION -storepass TRUSTSTORE_PASSWORD -trustcacerts -alias ALIAS
   

   In this command:

   • Replace FILE_LOCATION with the full path and name of the certificate file.

   • Replace ALIAS with an alias for the certificate.

   • Replace TRUSTSTORE_PASSWORD with a password for the certificate store.

   • Replace TRUSTSTORE_LOCATION with one of the certificate store paths given in Table 2-3. This table shows the location of the certificate store for each of the supported application servers.

   Note:

   For a clustered configuration, you must import the file into the certificate store on each node of the cluster.

   Table 2-3 Certificate Store Locations

   Application Server	Certificate Store Location
   Oracle WebLogic Server	If you are using Oracle jrockit_R27.3.1-jdk, then copy the certificate into the following directory: JROCKIT_HOME/jre/lib/security If you are using the default Oracle WebLogic Server JDK, then copy the certificate into the following directory: WEBLOGIC_HOME/java/jre/lib/security/cacerts
   IBM WebSphere Application Server	For a nonclustered configuration of any supported IBM WebSphere Application Server release, import the certificate into the following certificate store: WEBSPHERE_HOME/java/jre/lib/security/cacerts For IBM WebSphere Application Server 6.1.x, in addition to the cacerts certificate store, you must import the certificate into the following certificate store: WEBSPHERE_HOME/Web_Sphere/profiles/SERVER_NAME/config/cells/CELL_NAME/nodes/NODE_NAME/trust.p12 For example: C:/Web_Sphere/profiles/AppSrv01/config/cells/tcs055071Node01Cell/nodes/tcs055071Node0/trust.p12 For IBM WebSphere Application Server 5.1.x, in addition to the cacerts certificate store, you must import the certificate into the following certificate store: WEBSPHERE_HOME/etc/DummyServerTrustFile.jks
   JBoss Application Server	JAVA_HOME/jre/lib/security/cacerts
   Oracle Application Server	ORACLE_HOME/jdk/jre/lib/security/cacerts

   
   

2.3.3 Postinstallation on Oracle Identity Manager

Configuring Oracle Identity Manager involves performing the following procedures:

• Section 2.3.3.1, "Enabling Request-Based Provisioning of Entitlements"

• Section 2.3.3.2, "Modifying Dependent Lookup Query Properties for Lookup Fields on Microsoft SQL Server"

• Section 2.3.3.3, "Clearing Content Related to Connector Resource Bundles from the Server Cache"

• Section 2.3.3.4, "Enabling Logging"

• Section 2.3.3.5, "Determining Values for the JDBC URL and Connection Properties Parameters"

• Section 2.3.3.6, "Configuring the IT Resource"

2.3.3.1 Enabling Request-Based Provisioning of Entitlements

In request-based provisioning, an end user creates a request for a resource or entitlement by using the Administrative and User Console. Administrators or other users can also create requests for a particular user. Requests for a particular resource or entitlement on the resource can be viewed and approved by approvers designated in Oracle Identity Manager.

The following are features of request-based provisioning:

• A user can be provisioned only one resource (account) on the target system.

  Note:

  Direct provisioning allows the provisioning of multiple Oracle E-Business Suite accounts on the target system.

• Direct provisioning cannot be used if you enable request-based provisioning.

When you run the Connector Installer, the request-based provisioning of accounts is automatically enabled. If you also want to enable request-based provisioning of entitlements, then perform the procedure described in this section.

Prerequisites

You must run Oracle Identity Manager in INFO mode when you import the XML file for request-based provisioning. If Oracle Identity Manager is running in DEBUG mode when you import the XML file, then the import operation does not work correctly.

Before you perform this procedure, set your browser to use JRE version 1.6.0_07. If you try to import the XML file with your browser set to any other JRE version, then the browser stops responding.

To enable request-based provisioning of entitlements:

Note:

Before you perform this procedure, set your browser to use JRE version 1.6.0_07. If you try to import the XML file with your browser set to any other JRE version, then the browser stops responding.

1. Open the Oracle Identity Manager Administrative and User Console.

2. Click the Deployment Management link on the left navigation bar.

3. Click the Import link under Deployment Management. A dialog box for opening files is displayed.

4. Locate and open one of the following XML files:

   • For the User Management connector: Oracle-eBusinessSuite-RequestApproval-ConnectorConfig.xml

   • For the User Management with HR Foundation connector: Oracle-eBusinessSuite-HRMS-RequestApproval-ConnectorConfig.xml

   • For the User Management with TCA Foundation connector: Oracle-eBusinessSuite-TCA-RequestApproval-ConnectorConfig.xml

   Details of the XML file that you select are shown on the File Preview page. The following screenshot shows this page:

   
   

5. Click Add File. The Substitutions page is displayed.

6. Click Next. The Confirmation page is displayed.

7. Click View Selections.

   At this stage, the Deployment Manager Import page should not show an error. See the following screenshot:

   
   

8. Click Import.

   In the message that is displayed, click Import to confirm that you want to import the XML file and then click OK.

To suppress the Standard Approval process definition:

Note:

The Standard Approval process is common to all resource objects. If you enable request-based provisioning, then you must suppress this process definition.

1. On the Design Console, expand Process Management and double-click Process Definition.

2. Search for and open the Standard Approval process definition.

3. On the Tasks tab, double-click the Approve task.

4. On the Integration tab of the Editing Task dialog box, click Add. The following screenshot shows this page:

   
   

5. In the Handler Selection dialog box:

   Select System.

   Select the tcCompleteTask handler.

   Click the Save icon, and then close the dialog box.

6. In the Editing Task dialog box, click the Save icon and close the dialog box.

7. Click the Save icon to save changes made to the process definition.

2.3.3.2 Modifying Dependent Lookup Query Properties for Lookup Fields on Microsoft SQL Server

Note:

Perform the procedure described in this section only if your Oracle Identity Manager installation is running on Microsoft SQL Server.

In this connector, the child forms of a resource implement the dependent lookup feature of Oracle Identity Manager. By default, the queries for synchronization of lookup field values from the target system are based on Oracle Database SQL. If your Oracle Identity Manager installation is running on Microsoft SQL Server, then you must modify the lookup queries for synchronization of lookup definitions as follows:

1. On the Design Console, expand Development Tools and double-click Form Designer.

2. Search for and open the process form for the connector that you are using.

3. Click Create New Version to create a version of the process form. Then, enter a version name and click the Save icon.

4. Go to the Properties tab.

5. Select the properties of the attribute according to your requirement.

6. Modify the Lookup Query property for the field. Existing and new values are listed in Table 2-4. The following screenshot shows this page:

   
   

7. Click the Save icon.

8. Click Make Version Active to activate the new version of the process form.

9. Create a new version of the parent form for the child form you modified and make that version active.

   See Section 4.6, "Configuring the Connector for Multiple Installations of the Target System" for information about the process forms.

Table 2-4 Queries for Lookup Field Synchronization

Field Name	Oracle Database Version of the Query	Microsoft SQL Server Version of the Query
User Management connector
UD_EBS_RLO_APP_NAME	select lkv_encoded,lkv_decoded from lkv lkv, lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and instr(lkv_encoded,concat('$Form data.UD_EBS_UO_EBS_ITRES$', '~'))>0	select lkv_encoded,lkv_decoded from lkv lkv, lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and CHARINDEX('$Form data.UD_EBS_UO_EBS_ITRES$' + '~' , lkv_encoded)>0
UD_EBS_RLO_ROLE_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.UMX.Roles' and instr(lkv_encoded,concat('$Form data.UD_EBS_RLO_APP_NAME$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.UMX.Roles' and CHARINDEX('$Form data.UD_EBS_RLO_APP_NAME$' + '~' , lkv_encoded)>0
UD_EBS_RLS_APP_NAME	select lkv_encoded,lkv_decoded from lkv lkv, lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and instr(lkv_encoded,concat('$Form data.UD_EBS_USER_EBS_ITRES$', '~'))>0	select lkv_encoded,lkv_decoded from lkv lkv, lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and CHARINDEX('$Form data.UD_EBS_USER_EBS_ITRES$' + '~' , lkv_encoded)>0
UD_EBS_RLS_ROLE_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.UMX.Roles' and instr(lkv_encoded,concat('$Form data.UD_EBS_RLS_APP_NAME$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.UMX.Roles' and CHARINDEX('$Form data.UD_EBS_RLS_APP_NAME$' + '~' , lkv_encoded)>0
UD_EBS_RSO_APP_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and instr(lkv_encoded,concat('$Form data.UD_EBS_UO_EBS_ITRES$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and CHARINDEX('$Form data.UD_EBS_UO_EBS_ITRES$' + '~' , lkv_encoded)>0
UD_EBS_RSO_RESP_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Responsibility' and instr(lkv_encoded,concat('$Form data.UD_EBS_RSO_APP_NAME$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Responsibility' and CHARINDEX('$Form data.UD_EBS_RSO_APP_NAME$' + '~' , lkv_encoded)>0
UD_EBS_RESP_APP_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and instr(lkv_encoded,concat('$Form data.UD_EBS_USER_EBS_ITRES$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and CHARINDEX('$Form data.UD_EBS_USER_EBS_ITRES$' + '~' , lkv_encoded)>0
UD_EBS_RESP_RESP_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Responsibility' and instr(lkv_encoded,concat('$Form data.UD_EBS_RESP_APP_NAME$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Responsibility' and CHARINDEX('$Form data.UD_EBS_RESP_APP_NAME$' + '~' , lkv_encoded)>0
UD_EBS_RLCO_APP_NAME	select lkv_encoded,lkv_decoded from lkv lkv, lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and instr(lkv_encoded,concat('$Form data.UD_EBS_RLPO_EBS_INST$', '~'))>0	select lkv_encoded,lkv_decoded from lkv lkv, lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and CHARINDEX('$Form data.UD_EBS_RLPO_EBS_INST$' + '~' ,lkv_encoded)>0
UD_EBS_RLCO_ROLE_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.UMX.Roles' and instr(lkv_encoded,concat('$Form data.UD_EBS_RLCO_APP_NAME$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.UMX.Roles' and CHARINDEX('$Form data.UD_EBS_RLCO_APP_NAME$' + '~',lkv_encoded)>0
UD_EBS_RLCP_APP_NAME	select lkv_encoded,lkv_decoded from lkv lkv, lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and instr(lkv_encoded,concat('$Form data.UD_EBS_RLPP_EBS_INST$', '~'))>0	select lkv_encoded,lkv_decoded from lkv lkv, lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and CHARINDEX('$Form data.UD_EBS_RLPP_EBS_INST$' + '~',lkv_encoded)>0
UD_EBS_RLCP_ROLE_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.UMX.Roles' and instr(lkv_encoded,concat('$Form data.UD_EBS_RLCP_APP_NAME$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Responsibility' and CHARINDEX('$Form data.UD_EBS_RLCP_APP_NAME$' + '~' ,lkv_encoded)>0
UD_EBS_RSCO_APP_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and instr(lkv_encoded,concat('$Form data.UD_EBS_RSPO_EBS_INST$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and CHARINDEX('$Form data.UD_EBS_RSPO_EBS_INST$' + '~' , lkv_encoded)>0
UD_EBS_RSCO_RESP_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Responsibility' and instr(lkv_encoded,concat('$Form data.UD_EBS_RSCO_APP_NAME$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Responsibility' and CHARINDEX('$Form data.UD_EBS_RSCO_APP_NAME$' + '~' , lkv_encoded )>0
UD_EBS_RSCP_APP_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and instr(lkv_encoded,concat('$Form data.UD_EBS_RSPP_EBS_INST$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and CHARINDEX('$Form data.UD_EBS_RSPP_EBS_INST$' + '~' , lkv_encoded)>0
UD_EBS_RSCP_RESP_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Responsibility' and instr(lkv_encoded,concat('$Form data.UD_EBS_RSCP_APP_NAME$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Responsibility' and CHARINDEX('$Form data.UD_EBS_RSCP_APP_NAME$' + '~' , lkv_encoded)>0
User Management with HR Foundation connector
UD_EBSH_RLO_APP_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and instr(lkv_encoded,concat('$Form data.UD_EBSH_UO_EBS_ITRES$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and CHARINDEX('$Form data.UD_EBSH_UO_EBS_ITRES$' + '~', lkv_encoded)>0
UD_EBSH_RLO_ROLE_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.UMX.Roles' and instr(lkv_encoded,concat('$Form data.UD_EBSH_RLO_APP_NAME$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.UMX.Roles' and CHARINDEX('$Form data.UD_EBSH_RLO_APP_NAME$' + '~',lkv_encoded)
UD_EBSH_RLS_APP_NAME	select lkv_encoded,lkv_decoded from lkv lkv, lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and instr(lkv_encoded,concat('$Form data.UD_EBSH_USR_EBS_ITRES$', '~'))>0	select lkv_encoded,lkv_decoded from lkv lkv, lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and CHARINDEX('$Form data.UD_EBSH_USR_EBS_ITRES$' + '~', lkv_encoded)>0
UD_EBSH_RLS_ROLE_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.UMX.Roles' and instr(lkv_encoded,concat('$Form data.UD_EBSH_RLS_APP_NAME$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.UMX.Roles' and CHARINDEX('$Form data.UD_EBSH_RLS_APP_NAME$' + '~', lkv_encoded)>0
UD_EBSH_RSO_APP_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and instr(lkv_encoded,concat('$Form data.UD_EBSH_UO_EBS_ITRES$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and CHARINDEX('$Form data.UD_EBSH_UO_EBS_ITRES$' + '~' ,lkv_encoded)>0
UD_EBSH_RSO_RESP_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Responsibility' and instr(lkv_encoded,concat('$Form data.UD_EBSH_RSO_APP_NAME$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Responsibility' and CHARINDEX('$Form data.UD_EBSH_RSO_APP_NAME$' + '~', lkv_encoded)>0
UD_EBSH_RSP_APP_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and instr(lkv_encoded,concat('$Form data.UD_EBSH_USR_EBS_ITRES$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and CHARINDEX('$Form data.UD_EBSH_USR_EBS_ITRES$' + '~' ,lkv_encoded)
UD_EBSH_RSP_RESP_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Responsibility' and instr(lkv_encoded,concat('$Form data.UD_EBSH_RESP_APP_NAME$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Responsibility' and CHARINDEX('$Form data.UD_EBSH_RESP_APP_NAME$' + '~' ,lkv_encoded)
UD_EBH_RLCO_APP_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and instr(lkv_encoded,concat('$Form data.UD_EBH_RLPO_EBS_INST$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and CHARINDEX('$Form data.UD_EBH_RLPO_EBS_INST$' + '~' , lkv_encoded)>0
UD_EBH_RLCO_ROLE_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.UMX.Roles' and instr(lkv_encoded,concat('$Form data.UD_EBH_RLCO_APP_NAME$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.UMX.Roles' and CHARINDEX('$Form data.UD_EBH_RLCO_APP_NAME$' + '~' , lkv_encoded)>0
UD_EBH_RLCP_APP_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and instr(lkv_encoded,concat('$Form data.UD_EBH_RLPP_EBS_INST$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and CHARINDEX('$Form data.UD_EBH_RLPP_EBS_INST$' + '~' , lkv_encoded)>0
UD_EBH_RLCP_ROLE_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.UMX.Roles' and instr(lkv_encoded,concat('$Form data.UD_EBH_RLCP_APP_NAME$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.UMX.Roles' and CHARINDEX('$Form data.UD_EBH_RLCP_APP_NAME$' + '~', lkv_encoded)>0
UD_EBH_RSCO_APP_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and instr(lkv_encoded,concat('$Form data.UD_EBH_RSPO_EBS_INST $','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and CHARINDEX('$Form data. UD_EBH_RSPO_EBS_INST $' + '~' , lkv_encoded)>0
UD_EBH_RSCO _RESP_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Responsibility' and instr(lkv_encoded,concat('$Form data. UD_EBH_RSPO_APP_NAME$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Responsibility' and CHARINDEX('$Form data. UD_EBH_RSPO_APP_NAME$' + '~' , lkv_encoded)>0
UD_EBH_RSCP_APP_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and instr(lkv_encoded,concat('$Form data.UD_EBH_RSPP_EBS_INST$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and CHARINDEX('$Form data.UD_EBH_RSPP_EBS_INST$' + '~' , lkv_encoded)>0
UD_EBH_RSCP_RESP_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Responsibility' and instr(lkv_encoded,concat('$Form data.UD_EBH_RSCP_APP_NAME$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Responsibility' and CHARINDEX('$Form data.UD_EBH_RSCP_APP_NAME$' + '~' , lkv_encoded)>0
User Management with TCA Foundation connector
UD_EBST_RLO_APP_NAME	select lkv_encoded,lkv_decoded from lkv lkv, lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and instr(lkv_encoded,concat('$Form data.UD_EBST_UO_EBS_ITRES$', '~'))>0	select lkv_encoded,lkv_decoded from lkv lkv, lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and CHARINDEX('$Form data.UD_EBST_UO_EBS_ITRES$' + '~', lkv_encoded)>0
UD_EBST_RLO_ROLE_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.UMX.Roles' and instr(lkv_encoded,concat('$Form data.UD_EBST_RLO_APP_NAME$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.UMX.Roles' and CHARINDEX('$Form data.UD_EBST_RLO_APP_NAME$' + '~' ,lkv_encoded)
UD_EBST_RLS_APP_NAME	select lkv_encoded,lkv_decoded from lkv lkv, lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and instr(lkv_encoded,concat('$Form data.UD_EBST_USR_EBS_ITRES$', '~'))>0	select lkv_encoded,lkv_decoded from lkv lkv, lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and CHARINDEX('$Form data.UD_EBST_USR_EBS_ITRES$' + '~' , lkv_encoded )>0
UD_EBST_RLS_ROLE_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.UMX.Roles' and instr(lkv_encoded,concat('$Form data.UD_EBST_RLS_APP_NAME$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.UMX.Roles' and CHARINDEX('$Form data.UD_EBST_RLS_APP_NAME$' + '~' , lkv_encoded)>0
UD_EBST_RSO_APP_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and instr(lkv_encoded,concat('$Form data.UD_EBST_UO_EBS_ITRES$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and CHARINDEX('$Form data.UD_EBST_UO_EBS_ITRES$' + '~', lkv_encoded )>0
UD_EBST_RSO_RESP_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Responsibility' and instr(lkv_encoded,concat('$Form data.UD_EBST_RSO_APP_NAME$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Responsibility' and CHARINDEX('$Form data.UD_EBST_RSO_APP_NAME$' + '~' , lkv_encoded)>0
UD_EBST_RSP_APP_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and instr(lkv_encoded,concat('$Form data.UD_EBST_USR_EBS_ITRES$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and CHARINDEX('$Form data.UD_EBST_USR_EBS_ITRES$' + '~' , lkv_encoded)>0
UD_EBST_RSP_RESP_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Responsibility' and instr(lkv_encoded,concat('$Form data.UD_EBST_RSP_APP_NAME$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Responsibility' and CHARINDEX('$Form data.UD_EBST_RSP_APP_NAME$' + '~' , lkv_encoded)>0
UD_EBT_RLCO_APP_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and instr(lkv_encoded,concat('$Form data.UD_EBT_RLPO_EBS_INST$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and CHARINDEX('$Form data.UD_EBT_RLPO_EBS_INST$' + '~' , lkv_encoded)>0
UD_EBT_RLCO_ROLE_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.UMX.Roles' and instr(lkv_encoded,concat('$Form data.UD_EBT_RLCO_APP_NAME$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.UMX.Roles' and CHARINDEX('$Form data.UD_EBT_RLCO_APP_NAME$' + '~' , lkv_encoded)>0
UD_EBT_RLCP_APP_NAME	select lkv_encoded,lkv_decoded from lkv lkv, lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and instr(lkv_encoded,concat('$Form data.UD_EBT_RLPP_EBS_INST$', '~'))>0	select lkv_encoded,lkv_decoded from lkv lkv, lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and CHARINDEX('$Form data.UD_EBT_RLPP_EBS_INST$' + '~' , lkv_encoded)>0
UD_EBT_RLCP_ROLE_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.UMX.Roles' and instr(lkv_encoded,concat('$Form data.UD_EBT_RLCP_APP_NAME$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.UMX.Roles' and CHARINDEX('$Form data.UD_EBT_RLCP_APP_NAME$' + '~' , lkv_encoded)>0
UD_EBT_RSCO_APP_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and instr(lkv_encoded,concat('$Form data.UD_EBT_RSPO_EBS_INST$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and CHARINDEX('$Form data.UD_EBT_RSPO_EBS_INST$' + '~' , lkv_encoded)>0
UD_EBT_RSCO_RESP_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Responsibility' and instr(lkv_encoded,concat('$Form data.UD_EBT_RSCO_APP_NAME$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Responsibility' and CHARINDEX('$Form data.UD_EBT_RSCO_APP_NAME$' + '~' , lkv_encoded)>0
UD_EBT_RSCP_APP_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and instr(lkv_encoded,concat('$Form data.UD_EBT_RSPP_EBS_INST$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Application' and CHARINDEX('$Form data.UD_EBT_RSPP_EBS_INST$' + '~' , lkv_encoded)>0
UD_EBT_RSCP_RESP_NAME	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Responsibility' and instr(lkv_encoded,concat('$Form data.UD_EBT_RSCP_APP_NAME$','~'))>0	select lkv_encoded,lkv_decoded from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.EBS.Responsibility' and CHARINDEX('$Form data.UD_EBT_RSCP_APP_NAME$' + '~' , lkv_encoded)>0

2.3.3.3 Clearing Content Related to Connector Resource Bundles from the Server Cache

Note:

In a clustered environment, you must perform this procedure on each node of the cluster.

While you deploy the connector, the resource bundles are copied from the resources directory on the installation media into the OIM_HOME/xellerate/connectorResources directory. Whenever you add a new resource bundle in the connectorResources directory or make a change in an existing resource bundle, you must clear content related to connector resource bundles from the server cache.

To clear content related to connector resource bundles from the server cache:

1. In a command window, change to the OIM_HOME/xellerate/bin directory.

   Note:

   You must perform Step 1 before you perform Step 2. An exception is thrown if you run the command described in Step 2 as follows:

   OIM_HOME/xellerate/bin/BATCH_FILE_NAME

2. Enter one of the following commands:

   • On Microsoft Windows:

     PurgeCache.bat ConnectorResourceBundle
     

   • On UNIX:

     PurgeCache.sh ConnectorResourceBundle
     

   Note:

   You can ignore the exception that is thrown when you perform Step 2. This exception is different from the one mentioned in Step 1.

In this command, ConnectorResourceBundle is the content category that you must delete from the server cache.

See Also:

The following file for information about content categories:

OIM_HOME/xellerate/config/xlconfig.xml

2.3.3.4 Enabling Logging

Note:

In a clustered environment, you must perform this procedure on each node of the cluster.

When you enable logging, Oracle Identity Manager automatically stores in a log file information about events that occur during the course of provisioning and reconciliation operations. To specify the type of event for which you want logging to take place, you can set the log level to one of the following:

• ALL

  This level enables logging for all events.

• DEBUG

  This level enables logging of information about fine-grained events that are useful for debugging.

• INFO

  This level enables logging of messages that highlight the progress of the application at a coarse-grained level.

• WARN

  This level enables logging of information about potentially harmful situations.

• ERROR

  This level enables logging of information about error events that may allow the application to continue running.

• FATAL

  This level enables logging of information about very severe error events that could cause the application to stop functioning.

• OFF

  This level disables logging for all events.

The file in which you set the log level and the log file path depend on the application server that you use. Perform the procedure given in one of the following sections:

• Section 2.3.3.4.1, "Enabling Logging on IBM WebSphere Application Server"

• Section 2.3.3.4.2, "Enabling Logging on JBoss Application Server"

• Section 2.3.3.4.3, "Enabling Logging on Oracle Application Server"

• Section 2.3.3.4.4, "Enabling Logging on Oracle WebLogic Server"

2.3.3.4.1 Enabling Logging on IBM WebSphere Application Server

To enable logging:

1. Add the following line in the OIM_HOME/xellerate/config/log.properties file:

   log4j.logger.ADAPTER.OIMCP.EBSUM=log_level
   

2. In this line, replace log_level with the log level that you want to set.

   For example:

   log4j.logger.ADAPTER.OIMCP.EBSUM=INFO
   

After you enable logging, log information is written to the following file:

WEBSPHERE_HOME/AppServer/logs/SERVER_NAME/SystemOut.log

2.3.3.4.2 Enabling Logging on JBoss Application Server

To enable logging:

1. In the JBOSS_HOME/server/default/conf/jboss-log4j.xml file, add the following lines if they are not already present in the file:

   <category name="ADAPTER.OIMCP.EBSUM">
      <priority value="log_level"/>
   </category>
   

2. In the second XML code line, replace log_level with the log level that you want to set. For example:

   <category name="ADAPTER.OIMCP.EBSUM">
      <priority value="INFO"/>
   </category>
   

After you enable logging, log information is written to the following file:

JBOSS_HOME/server/default/log/server.log

2.3.3.4.3 Enabling Logging on Oracle Application Server

To enable logging:

1. Add the following line in the OIM_HOME/xellerate/config/log.properties file:

   log4j.logger.ADAPTER.OIMCP.EBSUM=log_level
   

2. In this line, replace log_level with the log level that you want to set.

   For example:

   log4j.logger.ADAPTER.OIMCP.EBSUM=INFO
   

After you enable logging, log information is written to the following file:

OC4J_HOME/opmn/logs/default_group~home~default_group~1.log

2.3.3.4.4 Enabling Logging on Oracle WebLogic Server

To enable logging:

1. Add the following line in the OIM_HOME/xellerate/config/log.properties file:

   log4j.logger.ADAPTER.OIMCP.EBSUM=log_level
   

2. In this line, replace log_level with the log level that you want to set.

   For example:

   log4j.logger.ADAPTER.OIMCP.EBSUM=INFO
   

After you enable logging, log information is displayed on the server console.

2.3.3.5 Determining Values for the JDBC URL and Connection Properties Parameters

This section discusses the JDBC URL and Connection Properties parameters. You apply the information in this section while performing the procedure described in Section 2.3.3.6, "Configuring the IT Resource".

The values that you specify for the JDBC URL and Connection Properties parameters depend on the security measures that you have implemented:

• Section 2.3.3.5.1, "Supported JDBC URL Formats"

• Section 2.3.3.5.2, "Only Data Encryption and Integrity Is Configured"

• Section 2.3.3.5.3, "Only SSL Communication Is Configured"

• Section 2.3.3.5.4, "Both Data Encryption and Integrity and SSL Communication Are Configured"

2.3.3.5.1 Supported JDBC URL Formats

The following are the supported JDBC URL formats:

• Multiple database instances support one service (Oracle RAC)

  JDBC URL format:

  jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=HOST1_NAME.DOMAIN)(PORT=PORT1_NUMBER))(ADDRESS=(PROTOCOL=TCP)(HOST=HOST2_NAME.DOMAIN)(PORT=PORT2_NUMBER))(ADDRESS=(PROTOCOL=TCP)(HOST=HOST3_NAME.DOMAIN)(PORT=PORT3_NUMBER)) . . . (ADDRESS=(PROTOCOL=TCP)(HOST=HOSTn_NAME.DOMAIN)(PORT=PORTn_NUMBER))(CONNECT_DATA=(SERVICE_NAME=ORACLE_DATABASE_SERVICE_NAME)))

  Sample value:

  jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST= host1.example.com)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST= host2.example.com)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST= host3.example.com)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST= host4.example.com)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME= srvce1)))

• One database instance supports one service

  JDBC URL format:

  jdbc:oracle:thin:@HOST_NAME.DOMAIN:PORT_NUMBER:ORACLE_DATABASE_SERVICE_NAME

  Sample value:

  jdbc:oracle:thin:@host1.example:1521:srvce1

• One database instance supports multiple services (for Oracle Database 10g and later)

  JDBC URL format:

  jdbc:oracle:thin:@//HOST_NAME.DOMAIN:PORT_NUMBER/ORACLE_DATABASE_SERVICE_NAME

  Sample value:

  jdbc:oracle:thin:@host1.example.com:1521/srvce1

2.3.3.5.2 Only Data Encryption and Integrity Is Configured

If you have configured only data encryption and integrity, then enter the following values:

• JDBC URL parameter

  While creating the connector, the value that you specify for the JDBC URL parameter must be in the following format:

  jdbc:oracle:thin:@TARGET_HOST_NAME_or_IP_ADDRESS:PORT_NUM:sid
  

  The following is a sample value for the JDBC URL parameter:

  jdbc:oracle:thin:@ten.mydomain.com:1521:cust_db
  

• Connection Properties parameter

  After you configure data encryption and integrity, the connection properties are recorded in the sqlnet.ora file. The value that you must specify for the Connection Properties parameter is explained by the following sample scenario:

  See Also:

  Oracle Database Advanced Security Administrator's Guide for information about the sqlnet.ora file

  Suppose the following entries are recorded in the sqlnet.ora file:

  SQLNET.ENCRYPTION_SERVER=REQUIRED
  SQLNET.ENCRYPTION_TYPES_SERVER=(3DES168, DES40, DES, 3DES112)
  SQLNET.CRYPTO_CHECKSUM_SERVER=REQUESTED
  SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER=(SHA1,MD5)
  

  While creating the connector, you must specify the following as the value of the Connection Properties parameter:

  Note:

  • The property-value pairs must be separated by commas.

  • As shown in the following example, for the encryption_types and crypto_checksum_types properties, you can select any of the values recorded in the sqlnet.ora file.

  oracle.net.encryption_client=REQUIRED,oracle.net.encryption_types_client=(3DES168),oracle.net.crypto_checksum_client=REQUESTED,oracle.net.crypto_checksum_types_client=(MD5)
  

2.3.3.5.3 Only SSL Communication Is Configured

After you configure SSL communication, the database URL is recorded in the tnsnames.ora file. See Oracle Database Net Services Reference for detailed information about the tnsnames.ora file.

The following are sample formats of the contents of the tnsnames.ora file. In these formats, DESCRIPTION contains the connection descriptor, ADDRESS contains the protocol address, and CONNECT_DATA contains the database service identification information.

Sample Format 1:

NET_SERVICE_NAME=
 (DESCRIPTION=
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
   (CONNECT_DATA= 
     (SERVICE_NAME=SERVICE_NAME)))

Sample Format 2:

NET_SERVICE_NAME= 
 (DESCRIPTION_LIST=
  (DESCRIPTION= 
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
   (CONNECT_DATA= 
     (SERVICE_NAME=SERVICE_NAME)))
  (DESCRIPTION= 
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
   (CONNECT_DATA= 
     (SERVICE_NAME=SERVICE_NAME))))

Sample Format 3:

NET_SERVICE_NAME= 
 (DESCRIPTION= 
  (ADDRESS_LIST= 
   (LOAD_BALANCE=on)
   (FAILOVER=off)
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)))
  (ADDRESS_LIST= 
   (LOAD_BALANCE=off)
   (FAILOVER=on)
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)))
  (CONNECT_DATA=
   (SERVICE_NAME=SERVICE_NAME)))

If you have configured only SSL communication and imported the certificate that you create on the target system host computer into the JVM certificate store of Oracle Identity Manager, then enter the following values:

JDBC URL parameter

While creating the connector, the value that you specify for the JDBC URL parameter must be derived from the value of NET_SERVICE_NAME in the tnsnames.ora file. For example:

Note:

As shown in this example, you must include only the (ADDRESS=(PROTOCOL=TCPS)(HOST=HOST_NAME)(PORT=2484)) element because you are configuring SSL. You need not include other (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) elements.

jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCPS)(HOST=myhost)(PORT=2484)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=mysid)))

Connection Properties parameter

Whether or not you need to specify a value for the Connection Properties parameter depends on the certificate store into which you import the certificate:

• If you import the certificate into the certificate store of the JVM that Oracle Identity Manager is using, then you need not specify a value for the Connection Properties parameter.

• If you import the certificate into any other certificate store, then while creating the connector, specify a value for the Connection Properties parameter in the following format:

  javax.net.ssl.trustStore=STORE_LOCATION,javax.net.ssl.trustStoreType=JKS,javax.net.ssl.trustStorePassword=STORE_PASSWORD
  

  When you specify this value, replace STORE_LOCATION with the full path and name of the certificate store, and replace STORE_PASSWORD with the password of the certificate store.

2.3.3.5.4 Both Data Encryption and Integrity and SSL Communication Are Configured

If both data encryption and integrity and SSL communication are configured, then:

• JDBC URL parameter

  While creating the connector, to specify a value for the JDBC URL parameter, enter a comma-separated combination of the values for the JDBC URL parameter described in Section 2.3.3.5.2, "Only Data Encryption and Integrity Is Configured" and Section 2.3.3.5.3, "Only SSL Communication Is Configured". For example:

  jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCPS)(HOST=myhost)(PORT=2484)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=mysid)))
  

• Connection Properties parameter

  While creating the connector, to specify a value for the Connection Properties parameter, enter a comma-separated combination of the values for the Connection Properties parameter described in Section 2.3.3.5.2, "Only Data Encryption and Integrity Is Configured" and Section 2.3.3.5.3, "Only SSL Communication Is Configured". For example:

  oracle.net.encryption_client=REQUIRED,oracle.net.encryption_types_client=(3DES168),oracle.net.crypto_checksum_client=REQUESTED,oracle.net.crypto_checksum_types_client=(MD5),javax.net.ssl.trustStore=STORE_LOCATION,javax.net.ssl.trustStoreType=JKS,javax.net.ssl.trustStorePassword=STORE_PASSWORD
  

  As shown in the following example, for the encryption_types and crypto_checksum_types properties, you can select any of the values recorded in the sqlnet.ora file. When you specify this value, replace STORE_LOCATION with the full path and name of the certificate store, and replace STORE_PASSWORD with the password of the certificate store.

2.3.3.6 Configuring the IT Resource

The IT resource is automatically created when you run the Connector Installer. You must specify values for the parameters of the IT resource as follows:

Note:

A predefined IT resource is created when you run the Connector Installer:

For the User Management connector: EBS-APPS12

For the User Management with HR Foundation connector: EBSHF-APPS12

For the User Management with TCA Foundation with connector: EBSTCAF-APPS12

If you do not want to use this IT resource, then you must create a different IT resource of the eBusiness Suite UM IT resource type.

You must use the Administrative and User Console to configure the IT resource. Values set for the connection pooling parameters will not take effect if you use the Design Console to configure the IT resource.

1. Log in to the Administrative and User Console.

2. Expand Resource Management.

3. Click Manage IT Resource.

4. In the IT Resource Name field on the Manage IT Resource page, enter EBS-APPS12 and then click Search.

5. Click the edit icon for the IT resource. The following screenshot shows this page:

   
   

6. From the list at the top of the page, select Parameters. The following screenshot shows this page:

   
   

7. Specify values for the parameters of the IT resource. Table 2-5 describes each parameter.

   Note:

   The ALL USERS group has READ permission on the default IT resource. This is to ensure that end users can select the IT resource during request-based provisioning. If you create another IT resource, then you must assign the READ permission for the ALL USERS group on the IT resource.

   Table 2-5 IT Resource Parameters

   Parameter	Description
   Admin ID	Enter the user name of the target system account to be used for provisioning operations. You create this account by performing the procedure described in Section 2.1.2.1, "Creating a Target System User Account for Connector Operations". Default value: apps
   Admin Password	Enter the password of the target system account specified by the Admin ID parameter.
   Connection Properties	Specify the connection properties for the target system database. See Section 2.3.3.5, "Determining Values for the JDBC URL and Connection Properties Parameters" for detailed information.
   Connection Retries	Enter the number of consecutive attempts to be made at establishing a connection with the target system. Default value: 3
   Connection Timeout	Enter the time in milliseconds within which the target system is expected to respond to a connection attempt. For a particular connection attempt, if the target system does not respond within the time interval specified by the Connection Timeout parameter, then it is assumed that the connection attempt has failed. Default value: 1200
   Context Application Name	An application context is a set of elements associated with an artifact in Oracle E-Business Suite. The context implements user preferences and access control on the artifact. The Context Application Name, Context Responsibility Name, and Context User ID parameters define the context that is used for connector operations. For the Context Application Name parameter, enter the name of the application to which this user belongs. Default value: 0
   Context Responsibility Name	Enter the responsibility assigned to the user in whose context connector operations are performed on the target system. Default value: 0
   Context User ID	Enter the user ID of the user in whose context connector operations are performed on the target system. Default value: 0
   Enable Revoked User	Enter yes if you want revoked resources to be enabled when the user name of the revoked resources are used to provision resources. Otherwise, enter no. When you perform a Revoke Account provisioning operation on an OIM User, the account of that user on the target system is disabled. If the Enable Revoked User parameter is set to yes and if you perform a Create Account provisioning operation for the same OIM User, then the account that was previously disabled on the target system is enabled. While performing the provisioning operation, you must specify the same User Name value as the one assigned to the account the first time. Field values that you provide during the Create Account operation are used to overwrite existing field values of the Oracle E-Business Suite account. Default value: yes
   JDBC URL	Specify the JDBC URL for the target system database. See Section 2.3.3.5, "Determining Values for the JDBC URL and Connection Properties Parameters" for detailed information.
   Manage HR Record	If you have installed the connector in the User Management with HR Foundation connector, then set this parameter to yes. Otherwise, set the value to no. Note: If you are using the User Management with TCA Foundation connector, then do not set a value for this parameter.
   Retry Interval	Enter the interval in milliseconds between consecutive attempts at establishing a connection with the target system. Default value: 10000
   SSL Enabled	Enter yes if you plan to configure SSL to secure communication between Oracle Identity Manager and the target system. Otherwise, enter no. Default value: no
   SSO Enabled	Enter yes if the target system is SSO enabled. Otherwise, enter no. Default value: no
   SSO IT Resource	This is the name of the IT resource created for the LDAP-based system.
   SSO Identifier	Enter the name of the attribute that uniquely identifies a user throughout all the systems on the organization. This attribute need not be the same as the attribute specified in the SSO Login Attribute parameter. For Oracle Internet Directory: orclGUID For Microsoft Active Directory: objectGUID For Sun Java System Directory: nsUniqueID During a Create User provisioning operation, the connector takes the SSO Identifier value of the user from the LDAP-based system and populates it in the USER_GUID field of the target system.
   SSO Login Attribute	Enter the name of the LDAP system user attribute that stores the user ID of users. For Oracle Internet Directory: uid For Microsoft Active Directory: sAMAccountName For Sun Java System Directory: uid Sun Java System Directory and OID both use different attributes to store the user ID of users. You can specify the name of the attribute as the value of the SSO Login Attribute parameter.
   Statement Timeout	Enter the time in milliseconds within which a query run on the target system is expected to return results. If the results of a query are not returned within the specified time, then it is assumed that the connection with the target system has failed. The connector then attempts to reestablish a connection with the target system. Default value: 1200
   Manage TCA Record	If you have installed the connector in the User Management with TCA Foundation connector, then set this parameter to yes. Otherwise, set the value to no. Note: If you are using the User Management with HR Foundation connector, then do not set a value for this parameter.
   TopologyName	If you have installed the OAACG SIL provider, then enter the value of the Topology element in the SILConfig.xml file. See the SoD documentation for more information. Default value: None
   Configuration Lookup Name	This parameter holds the name of the lookup definition that stores configuration information for connector operations. Depending on the connector that you are using, the value is one of the following: For the User Management connector: Lookup.EBS.UM.Configurations For the User Management with HR Foundation connector: Lookup.EBS.UMHRMS.Configurations For the User Management with TCA Foundation connector: Lookup.EBS.UMTCA.Configurations You must not change the value of this parameter. However, if you create a copy of this lookup definition, then you can enter the name of the newly created lookup definition as the value of the Configuration Lookup Name parameter.
   Connection Pooling Parameters
   Abandoned connection timeout	Time (in seconds) after which a connection must be automatically closed if it is not returned to the pool Note: You must set this parameter to a value that is high enough to accommodate processes that take a long time to complete (for example, full reconciliation). Default value: 600
   Connection wait timeout	Maximum time (in seconds) for which the connector must wait for a connection to be available Default value: 60
   Inactive connection timeout	Time (in seconds) of inactivity after which a connection must be dropped and replaced by a new connection in the pool Default value: 600
   Initial pool size	Number of connections that must be established when the connection pool is initialized The pool is initialized when it receives the first connection request from a connector. Default value: 1 Sample value: 3
   Max pool size	Maximum number of connections that must be established in the pool at any point of time This number includes the connections that have been borrowed from the pool. Default value: 100 Sample value: 30
   Min pool size	Minimum number of connections that must be in the pool at any point of time This number includes the connections that have been borrowed from the pool. Default value: 5
   Validate connection on borrow	Specifies whether or not a connection must be validated before it is lent by the pool The value can be true or false. It is recommended that you set the value to true. Default value: false
   Timeout check interval	Time interval (in seconds) at which the other timeouts specified by the other parameters must be checked Default value: 30
   Pool preference	Preferred connection pooling implementation Value: Default Note: Do not change this value of this parameter.
   Connection pooling supported	Enter true if you want to enable connection pooling for this target system installation. Otherwise, enter false. Default value: false
   Target supports only one connection	Indicates whether the target system can support one or more connections at a time Value: false Note: Do not change the value of this parameter.
   ResourceConnection class definition	Implementation of the ResourceConnection class Value: oracle.iam.connectors.ebs.common.vo.EBSResourceConnectionImpl Note: Do not change the value of this parameter.
   Native connection pool class definition	Wrapper to the native pool mechanism that implements the GenericPool Note: Do not specify a value for this parameter.
   Pool excluded fields	Comma-separated list of IT parameters whose change must not trigger a refresh of the connector pool Value: Configuration Lookup Name,Manage TCA Record,Enable Revoked User,Statement Timeout,Context User ID,Context Application Name,Context Responsibility Name,TopologyName,SSO Enabled,SSO Identifier,SSO Login Attribute,SSO IT Resource,Manage HR Record Note: Do not change the value of this parameter unless you are adding or deleting a parameter from the IT resource. You must ensure that the total length of the list does not exceed 2000 characters. If you are adding a parameter to the IT resource, then that parameter name must be added to the above list with a comma separator. If you are deleting a parameter from the IT resource, then that parameter must be removed from the list if it exists in the list. You must restart Oracle Identity Manager for changes that you make to this parameter to take effect.

   
   

8. To save the values, click Save.

Additional Configuration Step for Connection Pooling

If Oracle Identity Manager is running on Oracle Application Server, then edit the opmn.xml file as follows:

1. Open the following file in a text editor:

   OAS_HOME/opmn/conf/opmn.xml

2. Search for the following block of lines:

   <process-type id="home" module-id="OC4J" status="enabled">
   <module-data>
   <category id="start-parameters">
   

3. After this block of lines, add the following line:

   <data id="oc4j-options" value="-userThreads"/>
   

4. Save and close the file.

5. Restart the server.