| Oracle® Identity Manager Connector Guide for PeopleSoft Employee Reconciliation Release 9.1.0 Part Number E11205-05 |
|
|
View PDF |
| Oracle® Identity Manager Connector Guide for PeopleSoft Employee Reconciliation Release 9.1.0 Part Number E11205-05 |
|
|
View PDF |
The procedure to deploy the connector can be divided into the following stages:
Note:
This connector does not support target resource reconciliation or provisioning operations.This chapter provides information about each stage of connector deployment.
Note:
In this guide, PeopleSoft HRMS and PeopleSoft HCM have been referred to as the target system.Preinstallation information is divided across the following sections:
This section contains the following topics:
The contents of the connector installation media are described in Table 2-1.
Table 2-1 Files and Directories That Comprise the Connector
| File in the Installation Media Directory | Description |
|---|---|
|
config/configureReconciliation.properties |
This file is used to specify the date format used for full reconciliation. The date format is used in both the PeopleSoft server and Oracle Identity Manager. |
|
configuration/PeopleSoft Employee Recon-CI.xml |
This is the connector installer content file. |
|
ext/csv.jar |
This JAR file is a library that is used to parse and read the flat file used for full reconciliation. |
|
lib/xlPSFTERRecon.jar |
This JAR file contains the class files that are used to implement full reconciliation. |
|
lib/peopleSoftERApp.war |
This Web Archive (WAR) file contains the classes and configuration files required to implement incremental reconciliation. |
|
The following files in the peopleCode directory: For PeopleTools 8.49 on HRMS 8.8 SP1: JOB_DATA_ADD_NEE_component_8.49&8.8.txt JOB_DATA_HIRE_component_8.49&8.8.txt OIMConnector_appclass_8.49&8.8.txt OIMPublicationMgr_appclass_8.49&8.8.txt OIMSubscriptionMgr_appclass_8.49&8.8.txt For PeopleTools 8.49 on HCM 8.9/9.0: JOB_DATA_component_8.49.txt JOB_DATA_CONCUR_component_8.49.txt JOB_DATA_CWR_component_8.49.txt JOB_DATA_EMP_component_8.49.txt OIMConnector_appclass_8.49.txt OIMPublicationMgr_appclass_8.49.txt OIMSubscriptionMgr_appclass_8.49.txt PERSONAL_DATA_component_8.49.txt |
These files contain the PeopleCode that you must add to the SavePostChange event while performing the procedure described in "Publishing the Messages". |
|
The following files in the peopleCode directory: For PeopleTools 8.49 on HRMS 8.8 SP1: HRMSFullRecon_8.49&8.8.txt For PeopleTools 8.49 on HCM 8.9 and 9.0: HRMSFullRecon_8.49.txt |
These files contain the PeopleCode that generates the flat file during full reconciliation. |
|
test/cbrecon/psft-xel-test.vbs |
This VBScript file is used to test the incremental reconciliation functionality of the connector by creating a dummy XML message similar to the ones created by the target system. For information about testing incremental reconciliation, see "Testing Incremental Reconciliation". |
|
The following files in the test/cbrecon directory: pingRequest.xml pingResponse.xml publishRequest.xml publishResponse.xml |
These XML files are required by the psft-xel-test.vbs file for communicating with the connector by using XML over HTTP. |
|
test/cbrecon/psft_xellerate_msg.xml |
This XML file is used by the psft-xel-test.vbs file to define the template of the XML message that is received from the target system. |
|
test/scripts/psftER_Recon.bat test/scripts/psftER_Recon.sh |
The BAT file or UNIX shell script calls the testing utility for reconciliation. |
|
test/config/attributeMap_Recon.properties test/config/config_Recon.properties test/config/log.properties |
These files are used by the psftER_Recon.bat file. The attributeMap_Recon.properties file contains the field mappings between the Oracle Identity Manager fields and the target system fields. The config_Recon.properties file contains the configurations for running the psftER_Recon.bat file. The log.properties file contains the logger information. |
|
This XML file contains definitions for the following components of the connector:
|
You might have a deployment of an earlier release of the connector. While deploying the current release, you might want to know the release number of the earlier release. To determine the release number of a connector that has already been deployed:
In a temporary directory, extract the contents of the following JAR file:
OIM_HOME/JavaTasks/xlPSFTERRecon.jar
Open the manifest.mf file in a text editor. The manifest.mf file is one of the files bundled inside the xlPSFTERRecon.jar file.
In the Manifest.mf file, the release number of the connector is displayed as the value of the Version property.
Preinstallation on the target system consists of creating a target system account with appropriate privileges for connector operations. This special account created on the target system will be able to perform all the configurations required for connector operations. This includes configuring the PeopleSoft Integration Broker for incremental reconciliation, and configuring and running the Application Engine for bulk file generation and publishing effective-dated data. This account will not have access to any other pages or components that are not required by the connector. For creating this account, you must log in to PeopleSoft Internet Architecture with administrator credentials. The procedure to create a target system account is provided in the following section:
Note:
If a target system account with the required privileges exists, then you can skip this section.Creating a target system account for connector operations involves the procedures described in the following sections:
To create a permission list:
Open a Web browser and enter the URL for PeopleSoft Internet Architecture. The URL is in the following format:
http://SERVER_NAME/psp/ps/DATABASE_NAME/?cmd=login
For example:
http://psftserver.example.com/psp/ps/TestDB/?cmd=login
In the PeopleSoft Internet Architecture window, click PeopleTools, Security, Permissions & Roles, and then click Permission Lists.
Click Add a new Value. On the Add a New Value tab, enter the permission list name, for example, OIMER, and then click Add.
On the General tab, enter a description for the permission list in the Description field.
On the Pages tab, click the search icon for Menu Name and perform the following:
In the Menu Name lookup, enter APPLICATION_ENGINE and then click Lookup. From the list, select APPLICATION_ENGINE. The application returns to the Pages tab. Click the Edit Components link.
On the Component Permissions page, click Edit Pages for the AE_REQUEST component name.
Click Select All, and then click OK. Click OK on the Components Permissions page. The application returns to the Pages tab.
Click on the plus sign (+) to add a row for Menu Name. Click the search icon for Menu Name. In the Menu Name lookup, enter IB_PROFILE and then click Lookup. From the list, select IB_PROFILE. The application returns to the Pages tab. Click the Edit Components link.
On the Component Permissions page, click Edit Pages for each of the following component names:
IB_GATEWAY
IB_MESSAGE_BUILDER
IB_MONITOR_QUEUES
IB_NODE
IB_OPERATION
IB_QUEUEDEFN
IB_ROUTINGDEFN
IB_SERVICE
IB_SERVICEDEFN
Click Select All, and then click OK for each of the components. Click OK on the Components Permissions page. The application returns to the Pages tab.
Click on the plus sign (+) to add another row for Menu Name.
In the Menu Name lookup, enter PROCESSMONITOR and then click Lookup. From the list, select PROCESSMONITOR. The application returns to the Pages tab. Click the Edit Components link.
On the Component Permissions page, click Edit Pages for the PROCESSMONITOR component name.
Click Select All, and then click OK. Click OK on the Components Permissions page. The application returns to the Pages tab.
Click on the plus sign (+) to add another row for Menu Name.
In the Menu Name lookup, enter PROCESS_SCHEDULER and then click Lookup. From the list, select PROCESS_SCHEDULER. The application returns to the Pages tab. Click the Edit Components link.
On the Component Permissions page, click Edit Pages for the PRCSDEFN component name.
Click Select All, and then click OK. Click OK on the Components Permissions page. The application returns to the Pages tab.
Click on the plus sign (+) to add another row for Menu Name.
In the Menu Name lookup, enter MANAGE_INTEGRATION_RULES and then click Lookup. From the list, select MANAGE_INTEGRATION_RULES. The application returns to the Pages tab. Click the Edit Components link.
On the Component Permissions page, click Edit Pages for the EO_EFFDTPUB component name.
Click Select All, and then click OK. Click OK on the Components Permissions page. The application returns to the Pages tab.
On the People Tools tab, select the Application Designer Access check box and click the Definition Permissions link. The Definition Permissions page is displayed.
On this page, grant full access to the following object types by selecting Full Access from the Access list:
App Engine Program
Message
Component
Project
Application Package
Click OK.
Click the Tools Permissions link. The Tools Permissions page is displayed. On this page, grant full access to the SQL Editor tool by selecting Full Access from the Access list.
Click OK. The application returns to the People Tools tab.
On the Process tab, click the Process Group Permissions link. The Process Group Permission page is displayed.
In the Process Group lookup, click the search icon. From the list, select TLSALL. The application returns to the Process Group Permission page.
Click on the plus sign (+) to add another row for Process Group.
In the Process Group lookup, click the search icon. From the list, select STALL. The application returns to the Process Group Permission page.
Click OK.
On the Web Libraries tab, click the search icon for the Web Library Name field and perform the following:
In the Web Library Name lookup, enter WEBLIB_PORTAL and then click Lookup. From the list, select WEBLIB_PORTAL. The application returns to the Web Libraries tab. Click the Edit link.
On the WebLib Permissions page, click Full Access(All).
Click OK and then click Save.
Click on the plus sign (+) to add a row for the Web Library Name field and repeat Steps a through c for the WEBLIB_PT_NAV library.
Click Save to save all the settings specified for the permission list.
To create a role for a limited rights user:
Open a Web browser and enter the URL for PeopleSoft Internet Architecture. The URL is in the following format:
http://SERVER_NAME/psp/ps/DATABASE_NAME/?cmd=login
For example:
http://psftserver.example.com/psp/ps/TestDB/?cmd=login
In the PeopleSoft Internet Architecture window, click PeopleTools, Security, Permissions & Roles, and then click Roles.
Click Add a new Value. On the Add a New Value tab, enter the role name, for example, OIMER, and then click Add.
On the General tab, enter a description for the role in the Description field.
On the Permission Lists tab, click the search icon and perform the following:
In the Permission Lists lookup, enter OIMER and then click Lookup. From the list, select OIMER.
Click Save.
To assign limited rights to a user:
Open a Web browser and enter the URL for PeopleSoft Internet Architecture. The URL is in the following format:
http://SERVER_NAME/psp/ps/DATABASE_NAME/?cmd=login
For example:
http://psftserver.example.com/psp/ps/TestDB/?cmd=login
In the PeopleSoft Internet Architecture window, click PeopleTools, Security, User Profiles, and then click User Profiles.
Click Add a new Value. On the Add a New Value tab, enter the user profile name, for example, OIMER, and then click Add.
On the General tab, perform the following:
From the Symbolic ID list, select the value that is displayed, for example, SYSADM1.
Enter valid values for the Password and Confirm Password fields.
Click the search icon for the Process Profile permission list.
In the Process Profile lookup, enter OIMER and then click Lookup. From the list, select OIMER. The application returns to the General tab.
On the ID tab, select none as the value of the ID type.
On the Roles tab, click the search icon and perform the following:
In the Roles lookup, enter OIMER and then click Lookup. From the list, select OIMER.
Click on the plus sign (+) to add another row.
In the Roles lookup, enter ProcessSchedulerAdmin and then click Lookup. From the list, select ProcessSchedulerAdmin.
Click Save to save this user profile. This user profile is used as a limited rights user at the target system for performing all reconciliation-related configurations.
Installation information is divided across the following sections:
Installation on Oracle Identity Manager consists of the following procedures:
Note:
In this guide, the term Connector Installer has been used to refer to the Connector Installer feature of the Oracle Identity Manager Administrative and User Console.To run the Connector Installer, refer to the instructions given in the "Installing Predefined Connectors" chapter of Oracle Identity Manager Administrative and User Console Guide. The following instructions are specific to individual steps of the procedure described in the "Installing a Predefined Connector" section of that chapter:
When you reach Step 3 of that procedure, apply the following instructions:
The following is the default connector installation directory:
OIM_HOME/ConnectorDefaultDirectory
If you have copied the installation files into this directory, then select PeopleSoft Employee Recon 9.1.0 from the Connector List list.
Perform Steps 1 through 5 of that procedure. When you reach Step 6 of that procedure, see "Configuring the IT Resource" in this guide. Instructions to Step 6 of that procedure are described in detail in this section.
When you run the Connector Installer, it copies the connector files and external code files to destination directories on the Oracle Identity Manager host computer. These files are listed in Table 2-2.
Table 2-2 Files Copied to Oracle Identity Manager
| File in the Installation Media Directory | Destination Directory |
|---|---|
|
ext/csv.jar |
OIM_HOME/ThirdParty |
|
lib/xlPSFTERRecon.jar |
OIM_HOME/ScheduleTask |
Note:
For a clustered environment, copy the files listed in Table 2-2 into their respective destination directories on each node of the cluster.Table 2-3 lists all the files that you must copy manually, and the directories on the Oracle Identity Manager host computer to which you must copy them.
Note:
The directory paths given in the first column of this table correspond to the location of the connector files in the PeopleSoft Employee Reconciliation directory on the installation media. See "Files and Directories That Comprise the Connector" for more information about these files.- If a particular destination directory does not already exist on the Oracle Identity Manager host computer, then create it.
Table 2-3 Files to be Copied to the Oracle Identity Manager Host Computer
| File in the Installation Media Directory | Destination Directory |
|---|---|
|
Files in the config directory |
OIM_HOME/XLIntegrations/PSFTER/config |
|
lib/peopleSoftERApp.war |
OIM_HOME/XLIntegrations/PSFTER/cbrecon_webapp |
|
Files in the test/cbrecon directory |
OIM_HOME/XLIntegrations/PSFTER/cbrecon |
|
Files in the test/scripts directory |
OIM_HOME/XLIntegrations/PSFTER/scripts |
|
Files in the test/config directory |
OIM_HOME/XLIntegrations/PSFTER/config |
|
OIM_HOME/XLIntegrations/PSFTER/connectorXML |
|
|
Files in the peopleCode directory |
OIM_HOME/XLIntegrations/PSFTER/peopleCode |
Note:
While installing Oracle Identity Manager in a clustered environment, you copy the contents of the installation directory to each node of the cluster. Similarly, after you install the connector, you must copy all the JAR files and the contents of the connectorResources directory into the corresponding directories on each node of the cluster.The IT resource for the target system contains connection information about the target system. Oracle Identity Manager uses this information during reconciliation.
When you run the Connector Installer, the PSFT_Employee IT resource is automatically created in Oracle Identity Manager. You must specify values for the parameters of this IT resource as follows:
Log in to the Administrative and User Console.
Expand Resource Management.
Click Manage IT Resource.
In the IT Resource Name field on the Manage IT Resource page, enter PSFT_Employee and then click Search.
Click the edit icon for the IT resource.
From the list at the top of the page, select Details and Parameters.
Specify values for the parameters of the IT resource. Table 2-4 describes each parameter:
Table 2-4 Parameters of the IT Resource for the Target System
| Parameter | Description |
|---|---|
|
NumberOfRetries |
Use this parameter to specify the number of times Oracle Identity Manager must try connecting to the target system. Default value: Note: The timeout feature is enabled only for full reconciliation. |
|
DelayBetweenRetries |
Use this parameter to specify the time difference between consecutive retries (in milliseconds). Default value: |
To save the values, click Update.
To deploy the PeopleSoft listener:
Copy the OIM_HOME/XLIntegrations/PSFTER/cbrecon_webapp/peopleSoftERApp.war file into a temporary folder. Enter the following command to extract the contents of the peopleSoftERApp.war file.
jar –xvf peopleSoftERApp.war
Note:
All the files mentioned in the remaining steps of this procedure are extracted from the peopleSoftERApp.war file.Edit the xlsession.properties file. This file contains the UserName Oracle Identity Manager connection parameter. The value that you specify for this parameter is the user name for logging in to Oracle Identity Manager. The default value is xelsysadm.
Edit the xlConnection.properties file. This file contains the following system properties that enable an API client to communicate with Oracle Identity Manager:
XL.HomeDir: Use this property to specify the full path and name of the OIM_HOME directory. Specify the following value for this parameter:
-DXL.HomeDir=OIM_HOME
java.security.policy: Use this property to specify the fully qualified file name of the security policy file. Typically, this file is located in the OIM_HOME/config directory.
java.security.auth.login.config: Use this property to specify the fully qualified file name of the authentication configuration file. Typically, this file is located in the OIM_HOME/config directory.
Each application server uses a different authentication configuration file:
IBM WebSphere Application Server: authws.conf
Oracle WebLogic Server: authwl.conf
JBoss Application Server: auth.conf
Oracle Application Server: auth.conf
java.naming.provider.url: Use this property to specify the JNP URL of the application server. This URL is located in the <Discovery><CoreServer><java.naming.provider.url> tag of the OIM_HOME/config/xlconfig.xml file. Each application server uses a different JNP URL:
Oracle WebLogic Server: t3://localhost:7001
IBM WebSphere Application Server: corbaloc:iiop:localhost:2809
JBoss Application Server: jnp://localhost:1099
Oracle Application Server: ormi://localhost:12401/Xellerate
Edit the following properties in the configureReconciliation.properties file:
Note:
This file is different from the configureReconciliation.properties file specified in Table 2-1.Serverdateformat: Use this property to specify the date format that is used by the target system. You can select one of the following date formats:
dd-mmm-yy
ddmmyy
yyddmm
yymmdd
dd.mm.yy (if the PeopleSoft installation uses Microsoft SQL Server)
dd.mm.yyyy (if the PeopleSoft installation uses IBM DB2 UDB)
OrganizationName: Use this property to specify the name of an Oracle Identity Manager organization. This property specifies the organization to which all OIM Users will be assigned. The default value of this property is Xellerate Users.
XelServerDate: Use this property to specify the date format that is used in Oracle Identity Manager.
The current format of the XelServerDate property is: yyyy/MM/dd hh:mm:ss z.
Note:
You must not change this date format if you are using Oracle Database. However, if you are using Microsoft SQL Server, then you might need to change this date format.User Type: Use this property to specify the Oracle Identity Manager user types. The default value of this property is End-User.
ReconcilingRO: Use this property to specify the name of the trusted resource object. The default value is PSFT_ER_RO.
LookupName: Use this property to specify the name of the lookup definition in which the person types are mapped to OIM employee types.
FiltersToBeApplied: Use this property to specify the comma-separated list of filters that are applied on the target system field names during reconciliation.
FiltersValues: Use this property to specify the comma-separated list of values for the filters that you specify as the values of the FiltersToBeApplied property.
Note:
In the FiltersValues property, data is separated by a comma. However, if a comma is part of the values specified, then it will be treated as a different value. Consider the following example:IsFilterApplied = yes, FiltersToBeApplied = Users.EMPLID,Users.ADDRESS, and FiltersValues =SFC1001,San Jose,California
In this scenario, you have entered the value of Users.ADDRESS as "San Jose, California". The reconciliation engine will consider it as two different values, "San Jose", and "California". The FiltersToBeApplied property contains two filters while the FiltersValues property contains three. As a result of this inconsistency, the "Filters are not synchronized" error message will be displayed.
For information about how these filters are applied during reconciliation, see Chapter 4, "Using the Connector".
IsFilterApplied: Use this property to specify whether or not filters must be applied during reconciliation. Valid values are yes and no. If invalid values are provided, then the default value no is used.
SearchCriteria: Use this property to specify the search algorithm to be applied on the filters that you enter. Valid values are INDEX_OF, EXACT_MATCH. Consider the following example.
You specify a filter in which the value of Users.FirstName must contain "JO" and you also set a value for the SearchCriteria property. If you specify INDEX_OF, then all records containing "JO" will be reconciled. If you specify EXACT_MATCH, then only those records in which the value of Users.FirstName is "JO" will be reconciled.
If invalid values are provided, then by default the value of this property is considered as INDEX_OF.
CaseSensitive: Use this property to specify if the filters that search the records are case sensitive or not. Consider the following example:
You specify the value of this property as yes. In this case, if the filter specifies that Users.FirstName=JOHN, then only JOHN will match. The values John or john will be ignored. If you specify the value as no, then the value will be accepted regardless of the case in which it is specified.
If invalid values are provided, then the default value no is used.
Operator: Use this property to specify the operator that you want to apply to the filters. Valid values are AND or OR. Depending on the value specified, data is joined accordingly for any combination of the target system fields specified in the FiltersToBeApplied property. However, if invalid values are provided, then the "Invalid Operators" error message is displayed and no records are reconciled.
Copy the following files from the OIM_HOME/lib directory to the WEB-INF/lib directory in the temporary folder:
Note:
Before you copy these files from the OIM_HOME/lib directory, check if these files exist in the WEB-INF/lib directory of the temporary folder. If these files exist, then first delete them from the WEB-INF/lib directory.xlAPI.jar
xlAuthentication.jar
xlBackOfficeBeans.jar
xlBackofficeClient.jar
xlCache.jar
xlCrypto.jar
xlDataObjectBeans.jar (for IBM WebSphere Application Server, copy this file from the OIM_CLIENT/xlclient/lib directory)
xlDataObjects.jar
xlLogger.jar
xlUtils.jar
xlVO.jar
xlAdapterUtilities.jar
xlRemoteManager.jar
xlScheduler.jar
Copy the following files from the OIM_HOME/ext directory to the WEB-INF/lib directory:
oscache.jar
javagroups-all.jar
commons-collections.jar
commons-digester.jar
commons-logging.jar
commons-validator.jar
commons-beanutils.jar
jdbcpool-0.99.jar
log4j-1.2.8.jar
struts.jar
xerces.jar
xercesImpl.jar
velocity-dep.jar (only for UNIX)
Delete the peopleSoftERApp.war file from the temporary directory into which you extract it, and then use the following command to re-create the file:
jar –cvf peopleSoftERApp.war .
Ensure that the old version of the peopleSoftERApp.war file is removed from the application server deployment directory.
Deploy the newly created peopleSoftERApp.war file into the deployment directory of the application server as follows:
For Oracle WebLogic Server:
Log in to the Oracle WebLogic admin console.
From the Domain Structure list, select OIM_DOMAIN.
Where OIM_DOMAIN is the domain on which Oracle Identity Manager is installed
Click the Deployments tab
On Microsoft Windows, in the Change Centre window, click Lock & Edit. This enables the Install button of the Monitoring tab in the Summary Of Deployments section.
Click Install.
In the Install Application Assistant, enter the full path of the directory in which the WAR file is placed. Then, click Next.
Select the WAR file that you want to install.
Click Next.
Select the Install this deployment as an application option, and then click Next.
In the Name of deployment field, enter peopleSoftERApp.
In the Security section, select the DD Only: Use only roles and policies that are defined in the deployment descriptors option.
In the Source accessibility window, select the Use the defaults defined by the deployments targets option.
Click Finish.
On Microsoft Windows, the "The deployment has been successfully installed" message is displayed.
On UNIX platforms, click Save. The following messages are displayed:
Success All changes have been activated. No restarts are necessary.
Success Settings updated successfully.
On Microsoft Windows, to activate the changes that you have made up to this point:
i. Select the check box corresponding to the newly installed application.
ii. In the Change centre window, click Activate Changes.
On Microsoft Windows, select the check box for the newly installed application, select the Servicing all requests option from the Start list, and then click Yes.
For IBM WebSphere Application Server:
Log in to the WebSphere Admin console.
Expand Applications.
Click Install New Application.
Locate the WAR file by using the Browse button.
Specify the Context root as peopleSoftERApp.
Click Next.
In the Select installation options field, enter peopleSoftERApp as the application name and click Next.
On the Map modules to servers page, select peopleSoftERApp.war, and click Next.
On the Map virtual hosts page, select peopleSoftERApp.war, and click Next.
Click Finish.
Click Save to save all the configurations to the master configuration in IBM Websphere Application Server.
Click Enterprise Applications.
On the Enterprise Applications page, select peopleSoftERApp and then click Start to restart the application.
For JBoss Application Server:
Copy the modified WAR file to the JBOSS_HOME/server/default/deploy directory:
Restart JBoss Application Server.
For Oracle Application Server:
Log in to the Oracle Application Server Administrative Console.
Select the name of the instance on which the Oracle Identity Manager server is running.
Select the Applications tab.
Click Deploy.
Locate the WAR file by using the Browse button.
Click Next.
Specify the application name as peopleSoftERApp.
Click Next.
To accept the default deployment settings, click Deploy.
When the WAR file is successfully deployed, restart Oracle Application Server.
Restart Oracle Identity Manager and the Design Console.
Note:
You can add new fields to be reconciled during incremental reconciliation. However, you must complete the deployment procedure before you can add new fields.See "Adding New Fields for Incremental Reconciliation" for information about the procedure to add new fields for reconciliation.
During this stage, you configure the target system to enable it for reconciliation. This information is provided in the following sections:
As described in Chapter 1, "About the Connector", full reconciliation is used to reconcile all data that are added, modified, or deleted in the target system into Oracle Identity Manager. The PeopleCode that is activated extracts the required employee data through the following components:
For PeopleSoft HRMS 8.8 SP1
PERSONAL_DATA, JOB_DATA, JOB_DATA_NEE, JOB_DATA_CONCUR, and JOB_DATA_HIRE
For PeopleSoft HCM 8.9 and 9.0:
PERSONAL_DATA, JOB_DATA, JOB_DATA_EMP, JOB_DATA_CONCUR, and JOB_DATA_CWR
Configuring the target system for full reconciliation involves preparing the flat file for full reconciliation by performing the following procedures:
Creating the Application Engine Program
This is a one-time procedure.
Configuring the Record Delimiter
Depending on your requirements, you may configure the record delimiter once, or each time you want to perform full reconciliation.
Note:
The PeopleCode in an Application Engine program calls a method defined in the OIMConnector application class of the OIM_PUBLICATION_RULES Application Package. Ensure that you create the OIM_PUBLICATION_RULES application package before saving the Application Engine program. See "Creating the Application Package" for details about creating the application package.The Application Engine program populates a flat file with employee data that requires reconciliation. To create the Application Engine program:
To open Application Designer in 2-tier mode, click Start, Programs, Peoplesoft8.x, and then Application Designer.
Note:
To open Application Designer in 2-tier mode, the database client (client of the database that PeopleSoft is using) must be installed on the server. In addition, you must select the appropriate database type from the Connection Type field (for example, Oracle Database) while providing sign-on information in the PeopleSoft Application Designer Signon window.From the File menu, click New.
In the New Definition dialog box, select App Engine Program from the Definition list.
On the App Engine Program page, a plus sign (+) is displayed besides the MAIN section. The MAIN section may contain multiple steps. Expand MAIN. A step named Step01 is added to MAIN.
Rename Step01 to Populate.
Click Action in the Insert menu. An action is added to the Populate step.
Select PeopleCode from the list in the new action.
Click Save in the File menu, and save the Application Engine program as BLKPRCS_ER.
Double-click the PeopleCode action. A new PeopleCode window is displayed.
Copy the code from the following file into the PeopleCode window:
On PeopleSoft HRMS 8.8 SP1:
OIM_HOME/XLIntegrations/PSFTER/peopleCode/HRMSFullRecon_8.49&8.8.txt
On PeopleSoft HCM 8.9 or HCM 9.0:
OIM_HOME/XLIntegrations /PSFTER/peopleCode/HRMSFullRecon_8.49.txt
You must make the following changes in the code that you copied in Step 10:
Replace ABSOLUTE_PATH_OF_THE_FILE with the directory path at which you want the flat file to be created.
Save the PeopleCode action, and close the window.
On the App Engine Program page, right-click on the PeopleCode folder and select Insert Action. An action is added. Select SQL from the list in the new action.
Double-click the SQL action. A new SQL window is displayed. Enter COMMIT in the window and click Save.
If the target system is using Microsoft SQL Server, then you may need to change the value of the XelServerDate property in the following file:
OIM_HOME/XLIntegrations/PSFTER/config/configureReconciliation.properties
Set the value of this property to the following:
dd.mm.yy
If the target system is using Oracle Database, then you need not change the value of the XelServerDate property.
Save the Application Engine program.
If the record delimiter is part of any data that is reconciled, then you must configure the record delimiter to specify an appropriate value:
To open Application Designer in 2-tier mode, click Start, Programs, Peoplesoft8.x, and then Application Designer.
Note:
To open Application Designer in 2-tier mode, the database client (client of the database that PeopleSoft is using) must be installed on the server. In addition, you must select the appropriate database type from the Connection Type field (for example, Oracle Database) while providing sign-on information in the PeopleSoft Application Designer Signon window.From the File menu, click Open.
In the Open Definition dialog box, select App Engine Program from the Definition list, and enter BLKPRCS_ER as the name of the Application Engine program.
On the App Engine Program page, a plus sign (+) is displayed besides the MAIN section. The MAIN section may contain multiple steps. Expand MAIN. A step named Step01 is added to MAIN.
Double-click the PeopleCode action. A new PeopleCode window is displayed.
In the PeopleCode window, search for the following string:
&Sepratr = Left("*",1)
In this string, the asterisk character (*) represents the source string and 1 represents the numerical character.
In the Left (source_str, num_chars) function, change the first parameter to a new delimiter value. For example, if you want to change the delimiter value from the asterisk character (*), to the ampersand (&), then change the line to the following:
&Sepratr = Left("&",1);
Click Save.
Configuring the target system for incremental reconciliation involves creating messages and queues, publishing messages by writing PeopleCode that is used to populate and send messages from PeopleSoft Integration Broker to other systems, and configuring PeopleSoft Integration Broker.
A message is the physical container for the XML data that is sent from the target system. Message definitions provide the physical description of data that is sent from the target system. This data includes fields, field types, and field lengths. A queue is used to carry messages. It is a mechanism for structuring data into logical groups. A message can belong to only one queue.
After messages are created and associated with their respective queue, they must be published. Publishing a message involves adding the required PeopleCode in Application Designer. This is because PeopleSoft Integration Broker and Oracle Identity Manager communicate through the exchange of XML messages and a message can only be generated by using specific instructions in the PeopleCode.
For this connector, the PSFT_OIM_ER_MSG message that is published to Oracle Identity Manager contains the current and effective employee data including Personal and Job details.
To publish the message for future-dated rows (publishing PSFT_OIM_ER_MSG on the day when the future employee data has become current), the following messages are created:
For Personal data:
OIM_PERSON_SYNC
OIM_PERSON_SYNC_EFF
For Job data:
OIM_JOB_SYNC
OIM_JOB_SYNC_EFF
The publishing of a message for the Effective Date feature is done in three steps as follows:
For Current-dated changes:
The application publishes the OIM_PERSON_SYNC or the OIM_JOB_SYNC (in the case of Job changes) message. This message is published internally to PeopleSoft. It contains all the data changes (past, current, and future). This message calls a PeopleSoft function that checks if the table rows contain current or future data.
Then the OIM_PERSON_SYNC_EFF or the OIM_JOB_SYNC_EFF message is published internally to PeopleSoft and contains only current data.
After the two preceding messages are published, the PSFT_OIM_ER_MSG is created. It contains the data from either the OIM_PERSON_SYNC_EFF or the OIM_JOB _SYNC_EFF message (current data only) and is formatted and sent to Oracle Identity Manager.
For Future-dated changes:
The application publishes the OIM_PERSON_SYNC or the OIM_JOB _SYNC (in the case of Job changes) message internally to PeopleSoft. It contains all the data changes (past, current, and future). This message calls a PeopleSoft function that checks if the table rows contain current or future data. If the row contains data that is future-dated, it is stored in the PS_EO_EFFDELAY table, which is available in PeopleSoft.
Then the OIM_PERSON_SYNC_EFF or the OIM_JOB _SYNC_EFF message is published internally to PeopleSoft. The future changes need to be published on the day they become current by using the EOP_PUBLISHE Application Engine program. Because of this, Oracle recommends that you must schedule the EOP_PUBLISHE Application Engine program to run daily. For information about configuring the EOP_PUBLISHE Application Engine Program, see "Configuring the EOP_PUBLISHE Application Engine Program".
The application checks all the rows in the PS_EO_EFFDELAY table containing data that becomes current on a particular date and creates the corresponding PSFT_OIM_ER_MSG message for each row in the table. The PSFT_OIM_ER message is then formatted and sent to Oracle Identity Manager.
Setting the PeopleSoft Integration Broker gateway is mandatory when you configure PeopleSoft Integration Broker. To subscribe to XML data, Oracle Identity Manager can accept and process XML messages posted by PeopleSoft by using PeopleSoft connectors located in the PeopleSoft Integration Broker gateway. These connectors are Java programs that are controlled by the PeopleSoft Integration Broker gateway.
This gateway is a program that runs on the PeopleSoft Web server. It acts as a physical hub between PeopleSoft and PeopleSoft applications (or third-party systems, such as Oracle Identity Manager). The gateway manages the receipt and delivery of messages passed among systems through PeopleSoft Integration Broker.
To configure the target system for incremental reconciliation, perform the following procedures:
Note:
You must use an administrator account to perform the following procedures.To create queues:
Open a Web browser and enter the URL for PeopleSoft Internet Architecture. The URL is in the following format:
http://SERVER_NAME/psp/ps/DATABASE_NAME/?cmd=login
For example:
http://psftserver.example.com/psp/ps/TestDB/?cmd=login
In the PeopleSoft Internet Architecture window, expand People Tools, Integration Broker, and Integration Setup, and then click Queues.
On the Add a New Value tab, enter the queue name, for example, OIM_ER_QUEUE, and then click Add.
On the Queue Definitions tab, select archive.
Select Run from the Queue Status list.
Click Save to save the changes.
To create messages:
Open a Web browser and enter the URL for PeopleSoft Internet Architecture. The URL is in the following format:
http://SERVER_NAME/psp/ps/DATABASE_NAME/?cmd=login
For example:
http://psftserver.example.com/psp/ps/TestDB/?cmd=login
In the PeopleSoft Internet Architecture window, expand People Tools, Integration Broker, and Integration Setup, and then click Messages.
On the Find an Existing Value tab:
Enter PERSON_BASIC_SYNC as the message name and VERSION_3 as the version. Click Search.
Note:
The version that you specify for PERSON_BASIC_SYNC is applicable for PeopleSoft HCM 8.9 and 9.0. For PeopleSoft HRMS 8.8 SP1, you must enterVERSION_2 as the version.Click Save As. Save the message with the name as OIM_PERSON_SYNC and the version as VERSION_1.
Click OK.
Repeat Steps b and c to save another message with the name OIM_PERSON_SYNC_EFF and the version as VERSION_1.
Repeat Step 2 to open the WORKFORCE_SYNC message with the version VERSION_2. Save the message as OIM_JOB_SYNC and OIM_JOB_SYNC_EFF with the versions as VERSION_1.
Note:
The version that you specify for WORKFORCE_SYNC is applicable for PeopleSoft HCM 8.9 and 9.0. For PeopleSoft HRMS 8.8 SP1, you must enterVERSION_1 as the version.In the PeopleSoft Internet Architecture window, expand People Tools, Integration Broker, and Integration Setup, and then click Messages.
On the Add a New Value tab, enter PSFT_OIM_ER_MSG as the message name and VERSION_1 as the version.
On the Message Definition tab, select Nonrowset-based as the message type.
Click Save to save the changes.
Publishing messages involves the following procedures:
Writing the PeopleCode for Components
To write the PeopleCode for components:
Click Start, Programs, Peoplesoft8.x, and then Application Designer. The Application Designer window is displayed in 2-tier mode
Note:
To open Application Designer in 2-tier mode, the database client (client of the database that PeopleSoft is using) must be installed on the server. In addition, you must select the appropriate database type from the Connection Type field (for example, Oracle Database) while providing sign-on information in the PeopleSoft Application Designer Signon window.From the File menu, click Open. The Open Definition dialog box is displayed.
Select Component from the Definition list, enter PERSONAL_DATA in the Name Selection Criteria field, and then press Enter. All component names starting with the text PERSONAL_DATA are displayed.
Select PERSONAL_DATA from the list, and then click Open. The details of the PERSONAL_DATA component are displayed.
Click the Structure tab, right-click PERSONAL_DATA, and then select View PeopleCode from the list. The PeopleCode window for the PERSONAL_DATA component is displayed.
Select the SavePostChange event from the list in the upper-right corner of the window. The PeopleCode for this event is displayed.
In the OIM_HOME/XLIntegrations/PSFTER/peopleCode/PERSONAL_DATA_component_8.49.txt file, perform the following:
Copy the following import definition and paste it at the beginning of the PeopleCode for the SavePostChange event:
/* OIM */ import OIM_PUBLICATION_RULES:OIMPublicationMgr; /* OIM end */
Copy the rest of the code and paste it at the end of the PeopleCode for the SavePostChange event.
From the File menu, click Save to save the changes to the component.
Repeat Steps 2 through 8 if you also want to publish messages for the following components:
For PeopleSoft HRMS 8.8 SP1:
JOB_DATA: In Step 7 of the procedure, copy the code provided in the following file:
OIM_HOME/XLIntegrations/PSFTER/peopleCode/JOB_DATA_component_8.49.txt
JOB_DATA_HIRE: In Step 7 of the procedure, copy the code provided in the following file:
OIM_HOME/XLIntegrations/PSFTER/peopleCode/JOB_DATA_HIRE_component_8.49&8.8.txt
JOB_DATA_ADD_NEE: In Step 7 of the procedure, copy the code provided in the following file:
OIM_HOME/XLIntegrations/PSFTER/peopleCode/JOB_DATA_ADD_NEE_component_8.49&8.8.txt
JOB_DATA_CONCUR: In Step 7 of the procedure, copy the code provided in the following file:
OIM_HOME/XLIntegrations/PSFTER/peopleCode/JOB_DATA_CONCUR_component_8.49.txt
For PeopleSoft HCM 8.9 and 9.0:
JOB_DATA: In Step 7 of the procedure, copy the code provided in the following file:
OIM_HOME/XLIntegrations/PSFTER/peopleCode/JOB_DATA_component_8.49.txt
JOB_DATA_EMP: In Step 7 of the procedure, copy the code provided in the following file:
OIM_HOME/XLIntegrations/PSFTER/peopleCode/JOB_DATA_EMP_component_8.49.txt
JOB_DATA_CWR: In Step 7 of the procedure, copy the code provided in the following file:
OIM_HOME/XLIntegrations/PSFTER/peopleCode/JOB_DATA_CWR_component_8.49.txt
JOB_DATA_CONCUR: In Step 7 of the procedure, copy the code provided in the following file:
OIM_HOME/XLIntegrations/PSFTER/peopleCode/JOB_DATA_CONCUR_component_8.49.txt
Creating the Application Package
To create the application package:
Click Start, Programs, Peoplesoft8.x, and then Application Designer. The Application Designer window is displayed in 2-tier mode.
Note:
To open Application Designer in 2-tier mode, the database client (client of the database that PeopleSoft is using) must be installed on the server. In addition, you must select the appropriate database type from the Connection Type field (for example, Oracle Database) while providing sign-on information in the PeopleSoft Application Designer Signon window.From the File menu, click New. The New Definition dialog box is displayed.
Select application package from the Definition list, and save the package as OIM_PUBLICATION_RULES.
Right-click OIM_PUBLICATION_RULES and select Insert App Class. Enter OIMConnector.
Repeat Step 4 to enter two more application classes: OIMPublicationMgr and OIMSubscriptionMgr.
From the File menu, click Save All.
Double-click the application classes and copy the code from the following text files into the application classes:
In the OIMConnector application class:
For PeopleSoft HRMS 8.8 SP1:
OIMConnector_appclass_8.49&8.8.txt
For PeopleSoft HCM 8.9 and 9.0:
OIMConnector_appclass_8.49.txt
In the OIMPublicationMgr application class:
For PeopleSoft HRMS 8.8 SP1:
OIMPublicationMgr_appclass_8.49&8.8.txt
For PeopleSoft HCM 8.9 and 9.0:
OIMPublicationMgr_appclass_8.49.txt
In the OIMSubscriptionMgr application class:
For PeopleSoft HRMS 8.8 SP1:
OIMSubscriptionMgr_appclass_8.49&8.8.txt
For PeopleSoft HCM 8.9 and 9.0:
OIMSubscriptionMgr_appclass_8.49.txt
The following sections explain the procedures to configure PeopleSoft Integration Broker on PeopleTools 8.49:
Configuring PeopleSoft Integration Broker Gateway
To configure the PeopleSoft Integration Broker gateway:
Open a Web browser and enter the URL for PeopleSoft Internet Architecture. The URL for PeopleSoft Internet Architecture is in the following format:
http://SERVER_NAME/psp/ps/DATABSE_NAME/?cmd=login
For example:
http://psftserver.example.com/psp/ps/TestDB/?cmd=login
Expand PeopleTools, Integration Broker, Configuration, and then Gateways. The Gateway component details are displayed.
Enter LOCAL in the Integration Gateway ID field, and then click Search. The LOCAL gateway is a default gateway that is created when you install PeopleSoft Internet Architecture.
Ensure that the IP address and hostname specified in the URL of the PeopleSoft listener are that of the computer on which the target system is installed. The URL of the PeopleSoft listener is in the following format:
http://HOST_NAME or IP_ADDRESS:PORT/PSIGW/PeopleSoftListeningConnector
For example:
http://10.121.16.42:80/PSIGW/PeopleSoftListeningConnector
To load all target connectors that are registered with the LOCAL gateway, click Load Gateway Connectors. A window is displayed mentioning that the loading process is successful. Click OK.
Click Save.
Click Ping Gateway to check if the gateway component is active. The PeopleTools version and the status of the PeopleSoft listener are displayed. The status should be ACTIVE.
Configuring PeopleSoft Integration Broker
To configure PeopleSoft Integration Broker:
Create a remote node by performing the following steps:
In PeopleSoft Internet Architecture, expand PeopleTools, Integration Broker, Integration Setup, and then click Nodes.
On the Add a New Value tab, enter the node name, for example, OIM_ER_NODE, and then click Add.
On the Node Definition tab, enter a description for the node in the Description field. In addition, enter PS in the Default User ID field.
Make this node a remote node by deselecting the Local Node check box and selecting the Active Node check box.
On the Connectors tab, search for the following information by clicking on the Lookup icon:
Gateway ID: LOCAL
Connector ID: HTTPTARGET
On the Properties subpage in the Connectors tab, enter the following information:
Property ID: PRIMARYURL
Property Name: URL
Required value: Enter the URL of the PeopleSoft listener that is supposed to receive the XML message. This URL must be in the following format:
http://ORACLE_IDENTITY_MANAGER_SERVER_IP_ADDRESS:PORT/peopleSoftERApp/do/peopleSoftER
The URL depends on the application server that you are using. For an environment on which SSL is not enabled, the URL must be in the following format:
For Oracle WebLogic Server:
http://10.121.16.42:7001/peopleSoftERApp/do/peopleSoftER
For IBM WebSphere Application Server:
http://10.121.16.42:9080/peopleSoftERApp/do/peopleSoftER
For JBoss Application Server:
http://10.121.16.42:8080/peopleSoftERApp/do/peopleSoftER
For Oracle Application Server:
http://10.121.16.42/peopleSoftERApp/do/peopleSoftER
For an environment on which SSL is enabled, the URL must be in the following format:
https://COMMON_NAME:PORT/peopleSoftERApp/do/peopleSoftER
For Oracle WebLogic Server:
https://example088196:7002/peopleSoftERApp/do/peopleSoftER
For IBM WebSphere Application Server:
https://example088196:9443/peopleSoftERApp/do/peopleSoftER
For JBoss Application Server:
https://example088196:8443/peopleSoftERApp/do/peopleSoftER
Note:
The ports may vary depending on the installation that you are using.Click Save to save the changes.
Click the Ping Node button to check if a connection is established with the specified IP address.
Create a service by performing the following steps:
In PeopleSoft Internet Architecture, expand PeopleTools, Integration Broker, Integration Setup, and then click Services.
On the Add a New Value tab, enter the service name PSFT_OIM_ER_MSG, and then click Add.
Enter a description for the service in the Description field.
Click Save to save the changes.
Repeat Steps b through d to create the following services for the messages you created:
OIM_PERSON_SYNC
OIM_PERSON_SYNC_EFF
OIM_JOB_SYNC
OIM_JOB_SYNC_EFF
Create a service operation for each of the messages that you create. All these service operations must be associated with their corresponding services created in Step 2. To do so, perform the following steps:
In the PeopleSoft Internet Architecture window, expand PeopleTools, Integration Broker, Integration Setup, and then click Service Operations.
On the Add Service Operation tab, enter the service name for which you are creating the service operation. In addition, enter the service operation name. The name of the service operation must be the same as that of the service that you created in Step 2.
Note:
Each service is associated with a corresponding service operation. The name of the service operation is the same as that of the messages created.From the Operation type list, select Asynchronous-Oneway, and then click Add.
On the General tab of the Service Operation Definition page, enter a description for the Operation type in the Operation Description field. In addition, enter PSFT_OIM_ER_MSG.VERSION_1 in the Message.Version field, VERSION_1 in the Version field, and OIM_ER_QUEUE in the Queue Name field.
Click Save to save the changes.
On the Routing tab, enter PSFT_OIM_ER_MSG_ROUTING as the routing name and then click Add.
On the Routing Definition tab, enter PSFT_HR in the Sender Node field and OIM_ER_NODE in the Receiver Node field.
Click Save to save the changes.
Repeat Steps b through h to create the following service operations. For these service operations, enter PSFT_HR in both Sender Node and Receiver Node fields.
Note:
You must enterPSFT_HR in both fields.OIM_PERSON_SYNC
OIM_PERSON_SYNC_EFF
OIM_JOB_SYNC
OIM_JOB_SYNC_EFF
On the handlers tab of the service operations, for each service operation, except for the PSFT_OIM_ER_MSG service operation:
i. Enter the following values for the service operation:
Name: OIM_PUBLICATION_RULES
Type: OnNotify
Implementation: Application Class
Status: Active
ii. Click the Details link and enter the following values:
For OIM_JOB_SYNC and OIM_PERSON_SYNC:
Package Name: OIM_PUBLICATION_RULES
Path: :
Class ID: OIMSubscriptionMgr
Method: OnNotify
For OIM_JOB_SYNC_EFF and OIM_PERSON_SYNC_EFF:
Package Name: OIM_PUBLICATION_RULES
Path: :
Class ID: OIMConnector
Note:
You must enterOIMConnector in the Class ID field. This value is not present in the list.Method: OnNotify
iii. Click OK, and then click Save.
Before the XML messages are sent from the target system to Oracle Identity Manager, you must verify if the PeopleSoft node is running. You can do so by clicking the Ping Node button in the Connectors tab. To access the Connectors tab, click PeopleTools, Integration Broker, Integration Setup, and then Nodes.
If Oracle Identity Manager is not running when a message is published, then the message is added to a queue. You can check the status of the message in the queue in the Message Instance tab. This tab lists all the published messages in queue. When you check the details of the particular message, you will find the status listed as Timeout or Error.
To publish a message in the queue to Oracle Identity Manager, resubmit the message when Oracle Identity Manager is running. See "Publishing the Messages" for more information.
If the status of the message is New or Started and it does not change to Timeout or Done, then you must restart the PeopleSoft application server after you restart Oracle Identity Manager.
To manage the Effective Date feature, you must configure the EOP_PUBLISHE Application Engine Program. You must perform the procedures described in the following sections for PeopleTools and the target system.
This section describes the following topics:
Updating the EOP_PUBLISHE Application Engine Program
To update the EOP_PUBLISHE Application Engine program in PeopleSoft Internet Architecture:
Click Start, Programs, and then Application Designer. The Application Designer window is displayed in 2-tier mode.
Note:
To open Application Designer in 2-tier mode, the database client (client of the database that PeopleSoft is using) must be installed on the server. In addition, you must select the appropriate database type from the Connection Type field, for example, Oracle Database, while providing sign-on information in the PeopleSoft Application Designer Signon window.From the File menu, click Open.
In the Open Definition dialog box, select App Engine Program, enter EOP_PUBLISHE as the name of the program, and then click Open.
In "Section 3100, Step15" of the PeopleCode block that is displayed, you must replace the code for the IsChildRow() function with the following code:
/* ******************************** */
/* Is Child Row */
/* ******************************** */
Function IsChildRow(&REC_PARENT As Record, &REC_CHILD As Record, &IDXP As number, &IDXC As number, &PARENT_EFFDT As string, &CHILD_EFFDT As string) Returns number;
If &ARY_RECSTAT [&IDXC] = "B" Then
Return - 1;
Else
If &ARY_RECSTAT [&IDXC] = "E" Then
Return 1;
End-If;
End-If;
&ARY_KEYFLD = &ARY_ARY_KEYFLD [&IDXP];
If EO_EFFDTPUB_AET.MSGNAME = "OIM_JOB_SYNC_EFF" Or
EO_EFFDTPUB_AET.MSGNAME = "OIM_PERSON_SYNC_EFF" Then
&BAISMOD = 1;
Else
&BAISMOD = &ARY_KEYFLD.Len;
End-If;
REM For &I = 1 To &ARY_KEYFLD.Len;
For &I = 1 To &BAISMOD
&FIELD_PARENT = &REC_PARENT.GetField(@("FIELD." | &ARY_KEYFLD [&I]));
&FIELD_CHILD = &REC_CHILD.GetField(@("FIELD." | &ARY_KEYFLD [&I]));
If &FIELD_PARENT.Value > &FIELD_CHILD.Value Then
Return - 1;
Else
If &FIELD_PARENT.Value < &FIELD_CHILD.Value Then
Return 1;
End-If;
End-If;
End-For;
/* IF PARENT RECORD DOES NOT CONTAIN EFFDT, */
/* CHECK TO SEE IF CHILD RECORD CONTAINS */
/* EFFDT AND IT FALLS WITHIN FROM-TO RANGE */
If &PARENT_EFFDT = "N" And
&CHILD_EFFDT = "Y" Then
&ARY_KEYFLD = &ARY_ARY_KEYFLD [&IDXC];
For &I = 1 To &ARY_KEYFLD.Len;
&FIELD_CHILD = &REC_CHILD.GetField(@("FIELD." | &ARY_KEYFLD [&I]));
If &FIELD_CHILD.Name = "EFFDT" Then
Evaluate &FIELD_CHILD.Value
When < &EFFDT_FROM
Return - 1;
When > &EFFDT_TO
Return 1;
End-Evaluate;
End-If;
End-For;
End-If;
Return 0;
End-Function;
Note:
The two messages that contain data with an effective date are used in this code. Therefore, the message names in the code must be the same as the names of the messages created in "Creating the Messages".Click Save to save the changes.
Running the EOP_PUBLISHE Application Engine Program
The program checks for all the data rows in the table that have become current and effective and creates the corresponding third message for each current and effective data row.
To run the EOP_PUBLISHE Application Engine Program in PeopleSoft Internet Architecture:
Click Enterprise Components, Integration Definitions, Initiate Processes, and then click Effective Date Publish. The Connector tab is displayed.
Click the Add a new value tab and provide a new value for Run Control Id, and then click Add.
In the Description tab, enter a value for Request ID, Message Name, and End Date. This will result in all effective dated messages being triggered before the specified end date.
Note:
The message name can be either OIM_PERSON_SYNC_EFF or OIM_JOB_SYNC_EFF. These have to be same as that created in "Creating the Messages". Remember to use different Run Control ID's for the two messages.Click Save.
Click the Run tab on the top right corner, and then click OK. This action publishes the messages. For verification, search for the initiated process in the Process Monitor tab. A Success status must be displayed.
Postinstallation information is divided across the following sections:
Note:
In a clustered environment, you must perform these procedures on each node of the cluster.When you enable logging, Oracle Identity Manager automatically stores in a log file information about events that occur during the course of provisioning and reconciliation operations. To specify the type of event for which you want logging to take place, you can set the log level to one of the following:
ALL
This level enables logging for all events.
DEBUG
This level enables logging of information about fine-grained events that are useful for debugging.
INFO
This level enables logging of messages that highlight the progress of the application at a coarse-grained level.
WARN
This level enables logging of information about potentially harmful situations.
ERROR
This level enables logging of information about error events that may allow the application to continue running.
FATAL
This level enables logging of information about very severe error events that could cause the application to stop functioning.
OFF
This level disables logging for all events.
The file in which you set the log level depends on the application server that you use:
Oracle WebLogic Server
To enable logging:
Make the following changes in the OIM_HOME/config/log.properties:
Search for the following line:
log4j.rootLogger=WARN,stdout
Make this line a comment and uncomment the line preceding this line.
Locate and uncomment the following lines:
#log4j.appender.logfile=org.apache.log4j.DailyRollingFileAppender #log4j.appender.logfile.DatePattern='.'yyyy-MM-dd #log4j.appender.logfile.File=c:/oracle/xellerate/logs/xel.log #log4j.appender.logfile.MaxBackupIndex=20 #log4j.appender.logfile.layout=org.apache.log4j.PatternLayout #log4j.appender.logfile.layout.ConversionPattern=%p %t %c - %m%n
Specify the name and the location of the file to which the preceding logs will be written. You can do this by changing the value of the following line:
log4j.appender.logfile.File=DIRECTORY_PATH/xel.log
Add the following line in the OIM_HOME/config/log.properties file:
log4j.logger.OIMCP.PSFTER=LOG_LEVEL
In this line, replace LOG_LEVEL with the log level that you want to set.
For example:
log4j.logger.OIMCP.PSFTER=DEBUG
After you enable logging, the log information is written to the following file:
DIRECTORY_PATH/xel.log
IBM WebSphere Application Server
To enable logging:
Make the following changes in the OIM_HOME/config/log.properties:
Search for the following line:
log4j.rootLogger=WARN,stdout
Make this line a comment and uncomment the line preceding this line.
Locate and uncomment the following lines:
#log4j.appender.logfile=org.apache.log4j.DailyRollingFileAppender #log4j.appender.logfile.DatePattern='.'yyyy-MM-dd #log4j.appender.logfile.File=c:/oracle/xellerate/logs/xel.log #log4j.appender.logfile.MaxBackupIndex=20 #log4j.appender.logfile.layout=org.apache.log4j.PatternLayout #log4j.appender.logfile.layout.ConversionPattern=%p %t %c - %m%n
Specify the name and the location of the file to which the preceding logs will be written. You can do this by changing the value of the following line:
log4j.appender.logfile.File=DIRECTORY_PATH/xel.log
Add the following line in the OIM_HOME/config/log.properties file:
log4j.logger.OIMCP.PSFTER=LOG_LEVEL
In this line, replace LOG_LEVEL with the log level that you want to set.
For example:
log4j.logger.OIMCP.PSFTER=DEBUG
After you enable logging, the log information is written to the following file:
DIRECTORY_PATH/xel.log
JBoss Application Server
To enable logging:
In the JBOSS_HOME/server/default/conf/log4j.xml file, add the following lines:
<category name="OIMCP.PSFTER">
<priority value="LOG_LEVEL"/>
</category>
In these lines, replace log_level with the log level that you want to set. For example:
<category name="OIMCP.PSFTER"> <priority value="DEBUG"/> </category>
After you enable logging, the log information is written to the following file:
JBOSS_HOME/server/default/log/server.log
Oracle Application Server
To enable logging:
Add the following line in the OIM_HOME/config/log.properties file:
log4j.logger.OIMCP.PSFTER=LOG_LEVEL
In these lines, replace LOG_LEVEL with the log level that you want to set.
For example:
log4j.logger.OIMCP.PSFTER=DEBUG
After you enable logging, the log information is written to the following file:
ORACLE_HOME/opmn/logs/default_group~home~default_group~1.log
The following sections describe the procedure to configure SSL connectivity between Oracle Identity Manager and the target system:
You can configure SSL connectivity on Oracle WebLogic Server with either a self-signed certificate or a CA certificate. The following sections describe the procedures:
Configuring SSL on Oracle WebLogic Server with a Self-Signed Certificate
Configuring SSL on Oracle WebLogic Server with a CA Certificate
Configuring SSL on Oracle WebLogic Server with a Self-Signed Certificate
To configure SSL connectivity between Oracle Identity Manager on Oracle WebLogic Server and the target system with a self-signed certificate, you must perform the following tasks:
Generating Keystore
To generate the keystore:
Run the following command:
keytool -genkey -keystore ABSOLUTE_KEYSTORE_PATH -alias ALIAS_NAME -keyalg KEY_ALGORITHM -storepass KEYSTORE_PASSWORD -keypass PRIVATE_KEY_PASSWORD
For example:
keytool -genkey -keystore c:\temp\keys\keystore.jks -alias example088196 -keyalg RSA -storepass example1234 -keypass example1234
Note:
- The keystore password and the private key password must be the same.
- Typically, the alias is the name or IP address of the computer on which you are configuring SSL.
- The alias used in the various command of this procedure must be the same.
When prompted, enter information about the certificate. This information is displayed to users attempting to access a secure page in the application. This is illustrated in the following example:
keytool -genkey -keystore c:\temp\keys\keystore.jks -alias example088196 -keyalg RSA -storepass example1234 -keypass example1234 What is your first and last name? [Unknown]: Must be the name or IP address of the computer What is the name of your organizational unit? [Unknown]: example What is the name of your organization? [Unknown]: example What is the name of your City or Locality? [Unknown]: New York What is the name of your State or Province? [Unknown]: New York What is the two-letter country code for this unit? [Unknown]: US Is <CN=Name or IP address of the computer, OU=example, O=example, L=New York, ST=New York, C=US> correct? [no]: yes
When you enter yes in the last line of the preceding example, the keystore.jks file is created in the c:\temp\keys\ directory.
Export the keystore to a certificate file by running the following command:
keytool -export -alias ALIAS_NAME -keystore ABSOLUTE_KEYSTORE_PATH -file CERTIFICATE_FILE_ABSOLUTE_PATH
For example:
keytool -export -alias example088196 -keystore c:\temp\keys\keystore.jks -file c:\temp\keys\keystore.cert
When prompted for the private key password, enter the same password used for the keystore, for example, example1234.
Import the keystore by running the following command:
keytool -import -alias ALIAS_NAME -keystore NEW_KEYSTORE_ABSOLUTE_PATH -file CERTIFICATE_FILE_ABSOLUTE_PATH
For example:
keytool -import -alias example088196 -keystore c:\temp\keys\new.jks -file c:\temp\keys\keystore.cert
When you run this command, it will prompt for the keystore password, as shown in the following example:
Enter keystore password: example1234 [Enter] Trust this certificate? [no]: yes [Enter] Certificate was added to keystore
In this example, the instances when you may press Enter are shown in bold.
Configuring Oracle WebLogic Server
After generating and importing the keystore, start Oracle WebLogic Server. To configure Oracle WebLogic Server:
Log in to the Oracle WebLogic Server console at http://localhost:7001/console and perform the following:
Expand the servers node and select the server instance.
Select the General tab.
Select the SSL Listen Port Enabled option.
Ensure that a valid port is specified in the SSL Listen Port field. The default port is 7002.
Click Apply to save your changes.
Click the Keystore & SSL tab, and then click Change.
From the Keystores list, select Custom identity And Java Standard Trust, and then click Continue.
Configure the keystore properties. To do so:
In the Custom Identity Key Store File Name column, specify the full path of the keystore generated in Step 1 of "Generating Keystore", for example, c:\temp\keys\keystore.jks. In the Custom Identity Key Store Type column, specify the type of keystore, for example, JKS. In the Custom Identity Key Store Pass Phrase and Confirm Custom Identity Key Store Pass Phrase columns, specify the keystore password.
Provide the Java standard trust keystore pass phrase and Confirm Java standard trust keystore pass phrase. The default password is changeit, unless you change the password.
Click Continue.
Specify the private key alias, pass phrase and the confirm pass phrase as the keystore password. Click Continue.
Click Finish.
Restart Oracle WebLogic Server. If the server starts successfully with the SSL configuration, then lines similar to the following are recorded in the startup log:
<Apr 21, 2008 2:35:43 PM GMT+05:30> <Notice> <WebLogicServer> <BEA-000355> <Thread "ListenThread.Default" listening on port 7001, ip address *.*> <Apr 21, 2008 2:35:43 PM GMT+05:30> <Notice> <WebLogicServer> <BEA-000355> <Thread "SSLListenThread.Default" listening on port 7002, ip address *.*>
Note:
7002 is the default SSL port for Oracle WebLogic Server.Configuring SSL on Oracle WebLogic Server with a CA Certificate
To configure SSL connectivity between Oracle Identity Manager on Oracle WebLogic Server and the target system with a CA certificate, you must perform the following tasks:
Note:
Although this is an optional step of the deployment procedure, Oracle strongly recommends that you configure SSL communication between the target system and Oracle Identity Manager.Generating Keystore
The connector requires Certificate Services to be running on the host computer. To generate the keystore:
Run the following command:
keytool -genkey -keystore ABSOLUTE_KEYSTORE_PATH -alias ALIAS_NAME -keyalg KEY_ALGORITHM -storepass KEYSTORE_PASSWORD -keypass PRIVATE_KEY_PASSWORD
For example:
keytool -genkey -keystore c:\temp\keys\keystore.jks -alias example088196 -keyalg RSA -storepass example1234 -keypass example1234
Note:
The keystore password and the private key password must be the same.
Typically, the alias name is the name or the IP address of the computer on which you are configuring SSL.
When prompted, enter the information about the certificate. This information is displayed to users attempting to access a secure page in the application. This is illustrated in the following example:
keytool -genkey -keystore c:\temp\keys\keystore.jks -alias example088196 -keyalg RSA -storepass example1234 -keypass example1234 What is your first and last name? [Unknown]: Must be the name or IP address of the computer What is the name of your organizational unit? [Unknown]: example What is the name of your organization? [Unknown]: example What is the name of your City or Locality? [Unknown]: New York What is the name of your State or Province? [Unknown]: New York What is the two-letter country code for this unit? [Unknown]: US Is <CN=Name or IP address of the computer, OU=example, O=example, L=New York, ST=New York, C=US> correct? [no]: yes
When you enter yes in the last line of the preceding example, the keystore.jks file is created in the c:\temp\keys\ directory.
Generate the certificate signing request by running the following command:
keytool -certreq -keystore ABSOLUTE_KEYSTORE_PATH -alias ALIAS_NAME -keyalg KEY_ALGORITHM -file CERTIFICATE_FILE_ABSOLUTE_PATH
For example:
keytool -certreq -keystore c:\temp\keys\keystore.jks -alias example088196 -keyalg RSA -file c:\temp\keys\keystore.cert
When prompted for the keystore password, enter the same password used for the keystore in Step 1, for example example1234. This will store a certificate request in the file that you specified in the preceding command.
Get the certificate from a CA by using the certificate request generated in the previous step and store the certificate in a file.
Export the keystore generated in Step 1 to a new certificate file, for example, myCert.cer, by running the following command:
keytool –export –keystore ABSOLUTE_KEYSTORE_PATH -alias alias-name specified in step 1 -file CERTIFICATE_FILE_ABSOLUTE_PATH
For example:
keytool –export –keystore c:\temp\keys\keystore.jks -alias example088196 -file c:\temp\keys\myCert.cer
Import the CA certificate to a new keystore by running the following command:
keytool -import -alias ALIAS_NAME -file CERTIFICATE_FILE_ABSOLUTE_PATH -keystore NEW_KEYSTORE_ABSOLUTE_PATH -storepass KEYSTORE_PASSWORD generated in Step 1
For example:
keytool -import -alias example088196 -file c:\temp\keys\rootCert.cert -keystore c:\temp\keys\rootkeystore.jks
When you run this command, it will prompt for the keystore password, as shown:
Enter keystore password: example1234 [Enter] Trust this certificate? [no]: yes [Enter] Certificate was added to keystore
In this example, the instances when you can press Enter are shown in bold.
Configuring Oracle WebLogic Server
After creating and importing the keystore to the system, start Oracle WebLogic Server. To configure Oracle WebLogic Server:
Log in to the Oracle WebLogic Server console ((http://localhost:7001/console) and perform the following:
Expand the server node and select the server instance.
Select the General tab.
Select the SSL Port Enabled option.
Ensure that a valid port is specified in the SSL Listen Port field. The default port is 7002.
Click Apply to save your changes.
Click the Keystore & SSL tab, and click the Change link.
From the Keystores list, select Custom Identity And Custom Trust, and then click Continue.
Configure the keystore properties. To do so:
In the Custom Identity Key Store File Name column, specify the full path of the keystore generated in Step 1 of "Generating Keystore", for example, c:\temp\keys\keystore.jks. In the Custom Identity Key Store Type column, specify the type of keystore, for example, JKS. In the Custom Identity Key Store Pass Phrase and Confirm Custom Identity Key Store Pass Phrase columns, specify the keystore password.
In the Custom Trust and Custom Trust Key Store File Name column, specify the full path of the keystore generated in Step 1 of "Generating Keystore", for example, c:\temp\keys\rootkeystore.jks. In the Custom Trust Key Store Type column, specify the type of keystore, for example, JKS. In the Custom Trust Key Store Pass Phrase and Confirm Custom Trust Key Store Pass Phrase columns, specify the keystore password.
Provide the Java standard trust keystore password. The default password is changeit, unless you change the password.
Click Continue.
Specify the alias name and private key password. Click Continue.
Click Finish.
Restart Oracle WebLogic Server. If the server starts successfully with the SSL configuration, then lines similar to the following are recorded in the startup log:
<Apr 21, 2008 2:35:43 PM GMT+05:30> <Notice> <WebLogicServer> <BEA-000355> <Thread "ListenThread.Default" listening on port 7001, ip address *.*> <Apr 21, 2008 2:35:43 PM GMT+05:30> <Notice> <WebLogicServer> <BEA-000355> <Thread "SSLListenThread.Default" listening on port 7002, ip address *.*>
Note:
7002 is the default SSL port for Oracle WebLogic Server.You can configure SSL connectivity on IBM WebSphere Application Server with either a self-signed certificate or a CA certificate. The following sections describe this:
Configuring SSL on IBM WebSphere Application Server with a Self-Signed Certificate
Configuring SSL on IBM WebSphere Application Server with a CA Certificate
Configuring SSL on IBM WebSphere Application Server with a Self-Signed Certificate
To configure SSL connectivity between Oracle Identity Manager on IBM WebSphere Application Server and the target system with a self-signed certificate, you must perform the following tasks:
Log in to the WebSphere Integrated Solutions Console. The URL may be similar to the following:
https://localhost:9043/ibm/console/logon.jsp
Click Security, SSL certificate and key management, Related items, Key stores and certificates, NodeDefaultKeyStore, and then click Personal certificates.
Click Create a self-signed certificate.
In the Alias field, enter an alias name. You specify the alias name to identify the certificate request in the keystore.
In the CN field, enter a value for common name. The common name must be the fully-qualified DNS host name or the name of the computer. The CN of the certificate must match the domain name or the name of the computer. For example, if the name of your domain is us.example.com, then the CN of the SSL certificate that you create for your domain must also be us.example.com.
In the Organization field, enter an organization name.
In the Organization unit field, specify the organization unit.
In the Locality field, enter the locality.
In the State or Province field, enter the state.
In the Zip Code field, enter the zip code.
From the Country or region list, select the country code.
Click Apply and then Save.
Click Security, SSL certificate and key management, Related items, Key stores and certificates, NodeDefaultKeyStore, and then click Personal certificates.
Select the check box for the new alias name.
Click Extract.
Specify the absolute file path where you want to extract the certificate under the certificate file name. For example, C:\SSLCerts\sslcert.cer.
Click Apply and then click OK.
Configuring SSL on IBM WebSphere Application Server with a CA Certificate
To configure SSL connectivity between Oracle Identity Manager on IBM WebSphere Application Server and the target system with a CA certificate, you must perform the following tasks:
Log in to the WebSphere Integrated Solutions Console. The URL may be similar to the following:
https://localhost:9043/ibm/console/logon.jsp
Click Security, SSL certificate and key management, Related items, Key stores and certificates, NodeDefaultKeyStore.
On the Additional Properties tab, click Personal certificate requests.
Click New.
In the File for certificate request field, enter the full path where the certificate request is to be stored, and a file name. For example: c:\servercertreq.arm (for a computer running on Microsoft Windows).
In the Key label field, enter an alias name. You specify the alias name to identify the certificate request in the keystore.
In the CN field, enter a value for common name. The common name must be the fully-qualified DNS host name or the name of the computer. The CN of the certificate must match the domain name of your community. For example, if the name of your domain is us.example.com, then the CN of the SSL certificate that you create for your community must also be us.example.com.
In the Organization field, enter an organization name.
In the Organization unit field, specify the organization unit.
In the Locality field, enter the locality.
In the State or Province field, enter the state.
In the Zip Code field, enter the zip code.
From the Country or region list, select the country code.
Click Apply and then Save. The certificate request is created in the specified file location in the keystore. This request functions as a temporary placeholder for the signed certificate until you manually receive the certificate in the keystore.
Note:
Keystore tools such as iKeyman and keyTool cannot receive signed certificates that are generated by certificate requests from IBM WebSphere Application Server. Similarly, IBM WebSphere Application Server cannot accept certificates that are generated by certificate requests from other keystore utilities.Send the certification request arm file to a CA for signing.
Create a backup of your keystore file. You must create this backup before receiving the CA-signed certificate into the keystore. The default password for the keystore is WebAS. The Integrated Solutions Console contains the path information for the keystore's location. The path to the NodeDefaultKeyStore is listed in the Integrated Solutions Console as:
was_profile_root\config\cells\cell_name\nodes\node_name\key.p12
Now you can receive the CA-signed certificate into the keystore to complete the process of generating a signed certificate for IBM WebSphere Application Server.
To receive a signed certificate issued by a CA, perform the following tasks:
In the WebSphere Integrated Solutions Console, click Security, SSL certificate and key management, Related items, Key stores and certificates, NodeDefaultKeyStore, and then click Personal Certificates.
Click Receive a certificate from a certificate authority.
Enter the full path and name of the certificate file.
Select the default data type from the list.
Click Apply and then Save.
The keystore contains a new personal certificate that is issued by a CA. The SSL configuration is ready to use the new CA-signed personal certificate.
Before configuring SSL on JBoss Application Server, ensure the following:
JBoss Application Server is installed on the Oracle Identity Manager host computer
Java Developer's Kit is installed on the JBoss Application Server host
You can configure SSL connectivity on JBoss Application Server with either a self-signed certificate or a CA certificate. The following sections describe this. If you are configuring SSL on JBoss Application Server with a self-signed certificate, then perform the following tasks:
If you are configuring SSL on JBoss Application Server with a CA certificate, then perform the following tasks:
Creating the Self-Signed Certificate
To create the self-signed certificate, see "Generating Keystore".
Importing a CA Certificate
To import a CA certificate, perform the following tasks:
Run the following command:
keytool -genkey -alias ALIAS_NAME -keystore ABSOLUTE_KEYSTORE_PATH -keyalg KEY_ALGORITHM -storepass KEYSTORE_PASSWORD -keypass PRIVATE_KEY_PASS
For example:
keytool -genkey -alias example088196 -keystore c:\temp\keys\custom.keystore -keyalg RSA -storepass example1234 -keypass example1234
Note:
- The keystore password and the private key password must be the same.
- Typically, the alias is the name or IP address of the computer on which you are configuring SSL.
- The alias used in the various command of this procedure must be the same.
When prompted, enter the information about the certificate, such as company and contact name. This information is displayed to employees attempting to access a secure page in the application. This is illustrated in the following example:
What is your first and last name? [Unknown]: Must be the name or IP address of the computer What is the name of your organizational unit? [Unknown]: example What is the name of your organization? [Unknown]: example What is the name of your City or Locality? [Unknown]: New York What is the name of your State or Province? [Unknown]: New York What is the two-letter country code for this unit? [Unknown]: US Is <CN=Name or IP address of the computer, OU=example, O=example, L=New York, ST=New York, C=US> correct? [no]: yes
When you enter yes in the last line of the preceding example, the custom keystore file is created in the c:\temp\keys\ directory.
Generate the certificate signing request by running the following command:
keytool -certreq -alias ALIAS_NAME -file ABSOLUTE_CSR_PATH -keystore ABSOLUTE_KEYSTORE_PATH
For example:
keytool -certreq -alias example088196 -file c:\temp\keys\certReq.csr -keystore c:\temp\keys\custom.keystore
Submit the certReq.csr file on a CA Web site for downloading the CA certificate.
Ensure that your %JAVA_HOME%\jre\lib\security\cacerts has the root certificate of the CA that has generated the CA certificate.
To check all the root certificates that %JAVA_HOME%\jre\lib\security\cacerts contains, run the following command:
keytool -list -keystore %JAVA_HOME%\jre\lib\security\cacerts -storepass cacerts_store_password
For example:
%JAVA_HOME%\jre\bin\keytool -list -keystore %JAVA_HOME%\jre\lib\security\cacerts -storepass changeit
If the %JAVA_HOME%\jre\lib\security\cacerts keystore does not contain the root certificate of CA that has generated the CA certificate, then you must import the root certificate of CA into %JAVA_HOME%\jre\lib\security\cacerts.
Run the following command to import the root certificate of CA:
keytool -import -alias <cacerts_key_entry_alias> -file <CARootCertificate.cer> -keystore %JAVA_HOME%\jre\lib\security\cacerts -storepass cacerts_store_password
For example:
keytool -import -alias cakey -file "C:\temp\Thawte Test Root.cer" -keystore %JAVA_HOME%\jre\lib\security\cacerts -storepass changeit
You will see that the certificate has been added to the keystore.
Import the CA certificate by running the following command:
keytool -import -alias ALIAS_NAME -keystore ABSOLUTE_KEYSTORE_PATH -trustcacerts -file ABSOLUTE_CACERT_PATH
ABSOLUTE_CACERT_PATH represents the path in which you have stored the certificate downloaded from CA.
For example:
keytool -import -alias example088196 -keystore c:\temp\keys\custom.keystore -trustcacerts -file c:\temp\keys\CACert.cer
When you run this command, it will prompt for the keystore password, as shown:
Enter keystore password: example1234 [Enter] Owner: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FOR TESTING PURPOSES ONLY, C=ZA Issuer: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FOR TESTING PURPOSES ONLY, C=ZA Serial number: 0 Valid from: Thu Aug 01 05:30:00 GMT+05:30 1996 until: Fri Jan 01 03:29:59 GMT+05:30 2021 Certificate fingerprints: MD5: 5E:E0:0E:1D:17:B7:CA:A5:7D:36:D6:02:DF:4D:26:A4 SHA1: 39:C6:9D:27:AF:DC:EB:47:D6:33:36:6A:B2:05:F1:47:A9:B4:DA:EA Trust this certificate? [no]: yes [Enter]
In this example, the instances when you can press Enter are shown in bold.
Moving the Keystore
To move the certificate to a JBoss Application Server directory, copy the generated keystore to the conf directory of your JBoss installation. For example, the directory can be C:\Program Files\jboss-4.0.3\server\default\conf\.
Updating the Configuration File
Before updating the configuration file, shut down JBoss Application Server. The JBOSS_HOME/server/default/deploy/jbossweb-tomcat55.sar/server.xml file contains information about what web features to turn on when the server starts up. Inside this file, there is a part that looks similar to the following:
<!-- SSL/TLS Connector configuration using the admin devl guide keystore
<Connector port="8443" address="${jboss.bind.address}"
maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
emptySessionPath="true"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${jboss.server.home.dir}/conf/chap08.keystore"
keystorePass="rmi+ssl" sslProtocol = "TLS" />
-->
In the code, make the following changes:
Uncomment the block of code.
Change the value of Connector port to 443 (default SSL port).
Change the value of keystoreFile to the absolute path of the keystore generated in "Generating Keystore".
Change the value of keystorePass to the password of the keystore.
After making the changes, the code block will look similar to the following:
<!-- SSL/TLS Connector configuration using the admin devl guide keystore -->
<Connector port="443" address="${jboss.bind.address}"
maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
emptySessionPath="true"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${jboss.server.home.dir}/conf/ custom.keystore"
keystorePass=" example1234 " sslProtocol = "TLS" />
<!-- -->
SSL is now enabled. You can restart JBoss Application Server and browse to the following URL to verify if SSL is enabled:
https://localhost:443
Postinstallation on the target system consists of the following procedure:
To configure SSL:
Copy the certificate to the computer on which PeopleSoft HRMS/HCM is installed.
Note:
If you are using IBM WebSphere Application Server, then you must download the root certificate from a CA.Run the following command:
PEOPLESOFT_HOME/webserv/peoplesoft/bin/pskeymanager.cmd -import
When prompted, enter the current keystore password.
When prompted, enter the alias of the certificate that you want to import.
Note:
The alias must be the same as the one created when the keystore was generated.If you are using IBM WebSphere Application Server, then enter root as the alias.
When prompted, enter the full path and name of the certificate and press Enter.
Note:
If you are using IBM WebSphere Application Server, then enter the path of the root certificate.When prompted for the following:
Trust this certificate? [no]: yes
Select yes and press Enter.
Restart the Web server of the target system.
|
 Copyright © 2009, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|