4 Using the Connector

This chapter contains the following sections:

Configuring the Scheduled Tasks for Lookup Field Synchronization
Configuring Reconciliation
Performing Provisioning Operations

The guidelines for using this connector are described in the following section:

Guidelines on Using the Connector

4.1 Configuring the Scheduled Tasks for Lookup Field Synchronization

When you run the Connector Installer, the following scheduled tasks for lookup field synchronization are automatically created in Oracle Identity Manager:

PSFT UM LookUp Reconciliation

This scheduled task is used to synchronize the values of the lookup fields between the target system and Oracle Identity Manager.
PSFT UM_RM LookUp Reconciliation

This scheduled task is used to synchronize the values of the lookup fields between the target system and Oracle Identity Manager if you are using the connector with the Remote Manager.

Table 4-1 describes the attributes of both scheduled tasks.

Note:

Default attribute values are predefined in the connector XML file that is imported during the installation of the connector. Specify values only for those attributes that you want to change.
Values (either default or user-defined) must be assigned to all the attributes. If even a single attribute value were left empty, then reconciliation would not be performed.

Table 4-1 Scheduled Task Attributes For Lookup Field Synchronization

Attribute	Description
ServerName	Enter the name of the IT resource
LookupType	Enter any one of the following values for this attribute to specify the type of data that is searched for in the target system; `LanguageCode` `EmailTypes` `CurrencyCode` `PermissionList` `UserRoles` Default value: `UserRoles`
FilePath	Enter the full path of the file in which the lookup data to be reconciled is stored. The operating system of the computer on which Oracle Identity Manager is installed must be able to access this file path. The data extracted from this file is stored in the LookupName attribute. Sample value: `C:\PSFTUM\LookupRecon\Roles.txt`
LookupName	Enter the name of the lookup definitions created in Oracle Identity Manager that corresponds to the lookup fields in the target system. The value can be any one of the following: `Lookup.PSFTUM.LanguageCode` `Lookup.PSFTUM.EmailType` `Lookup.PSFTUM.CurrencyCode` `Lookup.PSFTUM.PermissionList` `Lookup.PSFTUM.Roles` Default value: `Lookup.PSFTUM.Roles` For the connector with the Remote Manager, the value can be any one of the following: `Lookup.PSFTUM_RM.LanguageCode` `Lookup.PSFTUM_RM.EmailType` `Lookup.PSFTUM_RM.CurrencyCode` `Lookup.PSFTUM_RM.PermissionList` `Lookup.PSFTUM_RM.Roles` Default value: `Lookup.PSFTUM_RM.Roles`
RecordDelimiter	Enter a value for this attribute to configure the delimiter. If you do not enter any value, then the delimiter will be set as "``" (asterisk) by default. Valid values are all special characters except the following: `#`, `;`, `.`, `@`, `,` Default value: `` Case 1: `RecordDelimiter = myDelimiter` In this case, `m` will be considered as the delimiter but the records will not be reconciled because the valid delimiter can only be a special character. Case 2: RecordDelimiter = `$myDelimiter` In this case, `$` will be set as a new delimiter. Case 3: RecordDelimiter = In this case, the default value "*" (asterisk) will be set as the delimiter. See "Configuring the Target System for Full Reconciliation" for instructions to configure the record delimiter in PeopleCode. Note: Ensure that the value that you enter for this attribute is the same as that mentioned in the flat file.

4.2 Configuring Reconciliation

This section describes the following topics:

Configuring Full Reconciliation
Configuring Incremental Reconciliation

4.2.1 Configuring Full Reconciliation

This section discusses the following topics:

Specifying the Number of Records to Be Reconciled
Determining the Last Record Reconciled
Limited Reconciliation
Configuring the Reconciliation Scheduled Tasks
Running the Application Engine Program

4.2.1.1 Specifying the Number of Records to Be Reconciled

During a reconciliation run, all changes in the target system records are reconciled into Oracle Identity Manager. Depending on the number of records to be reconciled, this process may require a large amount of time. In addition, if the connection breaks during reconciliation, then the process would take longer to complete.

You can specify the number of records to be reconciled at a time by using the NoOfRecordsToBeReconciled scheduled task attribute. You must enter any integer value greater than zero. The default value of this attribute is 5.

Note:

During limited reconciliation, if the IsFilterApplied=Yes condition is specified, then this attribute will not be updated during a reconciliation.

4.2.1.2 Determining the Last Record Reconciled

You use the IndexOfLastReconciledRecord scheduled task attribute during a full reconciliation run to determine the last record reconciled. At the start of the first full reconciliation run, the value of this attribute is -1. At the end of each subsequent full reconciliation run, this attribute stores the index number of the last record reconciled during the previous reconciliation run.

Whenever you want to perform a full reconciliation run, change the value of the IndexOfLastReconciledRecord attribute to -1.

4.2.1.3 Limited Reconciliation

By default, all target system records that are added or modified after the previous reconciliation run are reconciled during the current reconciliation run. You can customize the reconciliation process by specifying the subset of newly added or modified records that must be reconciled. You implement this form of limited reconciliation by creating customized queries for reconciliation. You do this by creating filters for reconciliation.

Creating a filter involves specifying a value for the IsFilterApplied, FiltersToBeApplied, FiltersValues, Operator, SearchCriteria, and CaseSensitive scheduled task attributes.

When performing limited reconciliation for this connector, you can specify one or a combination of the following target system fields as values of the scheduled task attributes mentioned earlier:

OPRID
OPRDEFNDESC
ALIAS
EMPLID
PRIEMAILID
LANGUAGE_CD
MULTILANG
CURRENCY_CD
OPRCLASS
ROWSECCLASS
PRCSPRFLCLS
DEFAULTNAVHP
ROLES
EMAILIDS
USERTYPE
STATUS

If you want to use multiple target system fields to filter records, then you must also specify the logical operator (AND or OR) that you want to apply to the combination of target system fields that you select.

Consider the filters applied through the scheduled task attributes in the following examples of limited reconciliation:

4.2.1.4 Configuring the Reconciliation Scheduled Tasks

When you run the Connector Installer, reconciliation scheduled tasks are automatically created in Oracle Identity Manager. Table 4-2 describes these scheduled tasks.

Table 4-2 Reconciliation Scheduled Tasks

Schedule Task Name	Description
PSFT UM Target Resource User Reconciliation	This scheduled task is used for target resource reconciliation.
PSFT UM_RM Target Resource User Reconciliation	This scheduled task is used for target resource reconciliation if you are using the connector with the Remote Manager.
PSFT UM Target Resource Delete Reconciliation	This scheduled task is used to reconcile data of deleted users from a target resource into Oracle Identity Manager.
PSFT UM_RM Target Resource Delete Reconciliation	This scheduled task is used to reconcile data of deleted users from a target resource into Oracle Identity Manager if you are using the connector with the Remote Manager.

To perform a full reconciliation run, you must configure the scheduled tasks to reconcile the users in Oracle Identity Manager depending on the values that you have specified in the scheduled task attributes.

To configure the reconciliation scheduled tasks for this connector, perform the procedure described in the following section.

4.2.1.4.1 Managing Scheduled Tasks

Note:

This feature is in the process of being migrated from the Design Console to the Administrative and User Console. For the current Oracle Identity Manager release, this feature is available in both consoles.

To locate a scheduled task:

Expand Resource Management.
Click Manage Scheduled Task.
On the Scheduled Task Management page, you can use any one or a combination of the search options provided to locate a scheduled task. Click Search after you specify the search criteria.

Each row of the search results table displays the following information about a scheduled task:

Scheduled Task: This column displays the name of the scheduled task. If you want to view the details of the scheduled task, then click its name in this column.
Status: This column displays the status of the scheduled task. The status can be one of the following:
- INACTIVE: The scheduled task has been run successfully, and it is set to run again at the date and time specified in the Next Start field.
- RUNNING: The scheduled task is currently running.
- COMPLETED: The scheduled task has been run successfully, but will not run again (the frequency is set at the Once option).
- ERROR: An error was encountered due to which the task could not be started.
- FAILED: The scheduled task failed while running.
Frequency: This column displays the frequency at which the scheduled task has been set to run.
Last Start: This column displays the date and time at which the scheduled task began its last run.
Last Stop: This column displays the date and time at which the scheduled task ended its last run.
Next Start: This column displays the date and time at which the scheduled task will begin its next run.
Edit: This column displays the edit icon for each scheduled task. Click the edit icon if you want to modify the task.
Enable: For a particular scheduled task, if the Enable link is displayed in this column, then it means that the scheduled task is currently disabled and you can enable the task by clicking the Enable link. If Enabled is displayed, then it means that the task is already enabled.
Disable: For a particular scheduled task, if the Disable link is displayed in this column, then it means that the scheduled task is currently enabled and you can disable the task by clicking the Disable link. If Disabled is displayed, then it means that the task is already disabled.
Run Now: For a particular scheduled task, if the Status column displays INACTIVE and if the gray button is displayed in the Enable column (implying that the task is in the enabled state), then you can run the task by clicking the button in the Run Now column. This button cannot be used if any one of the following conditions is true:
- The Status column displays RUNNING, which means that the task is currently running.
- The Enable column displays the green button (and the Disable column displays the gray button), which means that the task must be enabled before it can be run.

Note:

The Stop Execution option is not available in the Administrative and User Console. If you want to stop a task, then click Stop Execution on the Task Scheduler form of the Design Console.

The following sections describe the procedures that you can perform by using the features of the Scheduled Task Management page:

Viewing Scheduled Tasks
Modifying Scheduled Tasks

Viewing Scheduled Tasks

To view the details of a scheduled task, click the task name in the Scheduled Task column of the search results table displayed on the Scheduled Task Management page.

After viewing the scheduled task details, click Edit if you want to modify the scheduled task. Alternatively, you can click Run now if you want to run the scheduled task. As mentioned earlier, only a scheduled task that is currently ENABLED can be run.

Modifying Scheduled Tasks

To modify the details of a scheduled task:

In the search results table displaying the list of scheduled tasks, click the edit icon in the Edit column of the table.

Note:
If you want to run the task, click the task name in the first column of the search results table and then click Run now. After you click Run now, you need not perform the rest of the steps in this procedure.
If you want to stop a scheduled task while it is running, then use the Stop Execution feature of the Design Console. See "The Task Scheduler Form" in Oracle Identity Manager Design Console Guide for information about this feature.
On the Scheduled Task Details page, you can modify all the details of the scheduled task, except for the task name and class name.
Click Continue.

If required, modify the attributes of the scheduled task. You can modify values of existing attributes, delete attributes, or add new ones.

You must specify values for the attributes of the user reconciliation scheduled tasks. Table 4-3 describes the attributes of the scheduled tasks.

Note:

Attribute values are predefined in the connector XML file that is imported during the installation of the connector. Specify values only for the attributes that you want to change.

Table 4-3 Attributes of the Scheduled Tasks for Reconciliation of User Data

Attribute	Description
MultiValueSeperator	Enter ## as the multivalue separator in the flat file.
ServerName	Enter the name of the IT resource Default value: `PSFT UM Server`
FilePath	Enter the full path of the directory in which the flat file is stored on Oracle Identity Manager. The operating system of the computer on which Oracle Identity Manager is installed must be able to access this file path. Note: The file path must contain the path of only the flat file that is generated when you run the Application Engine program, because the Scheduled Task searches for text files. Sample value: `C:\bulkrecon.txt` See "Configuring the Target System for Full Reconciliation" for information about generating the flat file.
ReconcilingRO	Enter the name of the resource object that is used for reconciliation. For target resource reconciliation: Default value: `PSFT_UM_RO` For the connector with the Remote Manager: Default value: `PSFTUM_RM`.
NoOfRecordsToBeReconciled	Enter the number of records to be reconciled See "Specifying the Number of Records to Be Reconciled" for more information about this attribute. Default value: `5`
Operator	Specify the operator that you want to apply to the filter attributes for which you specify a value other than `nodata`. Depending on the value specified (`AND` or `OR`), data is joined accordingly for any combination of the target system attributes specified in the FiltersToBeApplied scheduled task attribute. During reconciliation, only those target system records that contain the specified combination are reconciled. However, if an invalid value is provided, then the "Invalid Operators" error message is displayed and no records are reconciled. Default value: `OR`
IsFilterApplied	Specify whether or not filters must be applied during reconciliation The value can be `Yes`, `No`, or `Nodata`. However, if invalid values are provided, then by default, the value of this attribute is considered as `No`. Default value: `Nodata`
FiltersToBeApplied	Specify the comma-separated list of filters (for target system user fields) that you want to apply during reconciliation See "Limited Reconciliation" for more information about using this attribute.
FiltersValues	Enter the comma-separated list of values for the filter attributes that you specify as the value of the FiltersToBeApplied attribute See "Limited Reconciliation" for more information. The filtering process is controlled by the IsFilterApplied attribute. Based on the value specified (`Yes`, `No`, or `Nodata`), the filtering is performed. Consider the following test cases: Case 1: `IsFilterApplied` = `yes` Only if the value of the IsFilterApplied attribute is `yes`, will data be fetched for filtering. Case 2: `IsFilterApplied` = `yes`, `FiltersToBeApplied` =, and `FiltersValues` = `JOHN` In this case, the "Filters not synchronized" error message is displayed. Case 3: `IsFilterApplied` = `yes`, `FiltersToBeApplied` = `OPRID`, and `FiltersValues` = In this case, the "Filters not synchronized" error message is displayed. Case 4: `IsFilterApplied` = `yes`, `FiltersToBeApplied` = , and `FiltersValues` = or `IsFilterApplied` = `yes`, `FiltersToBeApplied` = `Nodata`, and `FiltersValues` = `Nodata` These cases are equivalent to `IsFilterApplied` = `No`. Note: In the FiltersValues attribute, the data is separated by a comma. However, if a comma is part of values, then it will be treated as a different value. Consider the following example: `IsFilterApplied = yes,` `FiltersToBeApplied = OPRID,DESCRIPTION,` and `FiltersValues = SFCA001, This is a, test` In this scenario, the user has entered the value of `DESCRIPTION` as "This is a, test". The filtering engine will consider it as two different values, "This is a", and "test". The FiltersToBeApplied attribute contains two filters while the FiltersValues attribute contains three. As a result of this inconsistency, the "Filters are not synchronized" error message will be displayed.
CaseSensitive	Enter Yes as the value of this attribute if you want to search records on the basis of the case (uppercase and lowercase letters). When the filters are applied, a case-sensitive search is applied for records that match the filter criteria. The value can be `Yes`, `No`, or `Nodata`. Default value: `Nodata`
SearchCriteria	Specify the search algorithm to be applied on the filters that you enter. The values can be `INDEX_OF`, `EXACT_MATCH`, or `NoData`. However, if invalid values are provided, then by default the value of this attribute will be considered as `INDEX_OF`. Default Value: `Nodata` See "Limited Reconciliation" for more information.
IndexOfLastReconciledRecord	Use this attribute to specify the index of the last successfully reconciled record. This attribute is applicable only for full reconciliation. See "Determining the Last Record Reconciled" for more information about this attribute. Default value: `-1`
ScheduledTaskName	The name of the scheduled task. This attribute is used to update the `IndexOfLastReconciledRecord` attribute. Default value: `PSFT UM Target Resource User Reconciliation` For the connector with the Remote Manager, the default value is `PSFT UM_RM Target Resource User Reconciliation`.
LookupForAttributeMapping	Enter a value for this attribute to specify the name of the lookup definition that maps reconciliation fields used during a reconciliation run. The name of this lookup definition cannot be changed. For target resource reconciliation: Default value: `Lookup.PSFTUM.Attr.Map.Recon` For a target resource reconciliation run on the connector with the Remote Manager: Default value: `Lookup.PSFTUM_RM.Attr.Map.Recon`
ChildAttributeMapLookUpForRecon	Enter a value for this attribute to specify the mappings of child tables reconciled during reconciliation. Default value: `Lookup.PSFTUM.Child.Attr.Map.Recon`
RecordDelimiter	Specify a value for this attribute to configure the delimiter. If you do not enter any value, then the asterisk character () will be used as the delimiter character. Valid values are all special characters except the following: Hash (`#)` Semicolon (`;`) Period (`.`) At sign (`@`) Comma (`,`) Default value: `` Consider the following sample scenarios: Sample scenario 1: `RecordDelimiter = myDelimiter` In this case, `m` will be considered as the delimiter but the records will not be reconciled because the delimiter must be a special character. Sample scenario 2: `RecordDelimiter = $myDelimiter` In this case, `$` will be set as a new delimiter. Sample scenario 3: `RecordDelimiter =` In this case, the default value "`*`" (asterisk) will be set as the delimiter. Note: Ensure that the value that you enter for this attribute is the same as that mentioned in the flat file. See "Configuring the Record Delimiter" for instructions to configure the record delimiter in PeopleCode.

Click Save Changes to commit all the changes to the database.

4.2.1.5 Running the Application Engine Program

You can run the Application Engine program by using PeopleSoft Internet Architecture as follows:

Note:

You must run the Application Engine program each time you want to perform full reconciliation.

Open a Web browser and enter the URL for PeopleSoft Internet Architecture. The URL is in the following format:
```
http://SERVER_NAME/psp/ps/DATABASE_NAME/?cmd=login
```
For example:
```
http://psftserver.example.com/psp/ps/TestDB/?cmd=login
```
Click People Tools, Process Scheduler, Processes, and then click Add a new Value.
Select Application Engine as the process type, and enter BLKPRCS_USER as the process name.
Click Add.
In the Process Definition Options tab, enter the following values for Component and Process Groups, and click Save:

Component: AE_REQUEST

Process Groups: TLSALL, STALL
To make the Application Engine program run in PeopleSoft Internet Architecture, click People Tools, Application Engine, Request AE, and then click Add a new Value.
Enter values for the following and then click Add:

User ID: Enter your employee ID

Run Control ID: Enter a unique run control value

Program Name: Enter BLKPRCS_USER
Click Run.
From the list that is displayed, select the BLKPRCS_USER process, which you created in Step 3.
Click OK.
To determine the progress status of the Application Engine program, click People Tools, Process Scheduler, and then Process Monitor. Click Refresh until the Success message is displayed as the status.

Note:
If the Status is displayed as "Queued", then you must check the status of the process scheduler. To do so, click People Tools, Process Scheduler, and then Process Monitor. Click the Server List tab and check the status of server. If no status is displayed, then start the process scheduler.

4.2.2 Configuring Incremental Reconciliation

Note:

In this section, the term "field" refers to the identity attributes that store user data.

This section discusses the following topic:

4.2.2.1 Limited Reconciliation

Creating a filter involves specifying a value for a target system attribute, which will be used in the SELECT query criteria to retrieve the records to be reconciled. This can be done by editing the configureReconciliation.properties file.

When performing limited reconciliation for this connector, you can specify one or a combination of the following resource object attributes as the criteria for filtering records:

Users.OprId
Users.OprDefnDesc
Users.Alias
Users.EmployeeId
Users.Multilanguage
Users.PrimaryPermission
Users.RowSecurityPermission
Users.LanguageCD
Users.CurrencyCode
Users.AccountStatus
Users.ProcessProfilePermission
Users.NavigatorHomePagePermission
Users.PrimaryEmailId
Users.EmailIds
Users.Roles
Users.EmailId

If you want to use multiple resource object attributes to filter records, then you must also specify the logical operator (AND or OR) that you want to apply to the combination of target system attributes that you select.

Consider the filters applied in the following examples of limited reconciliation:

Example 1:

IsFilterApplied=yes
FiltersToBeApplied=Users.OprId,Users.OprDefnDesc,Users.Alias
FiltersValues=SFCA001,Application User,John
CaseSensitive=yes
SearchCriteria= INDEX_OF
Operator=and

This example will reconcile all the records in which Users.OprId, Users.OprDefnDesc, and Users.Alias contain the values SFCA001, Application User, and John, respectively. The search criteria INDEX_OF has been specified. Therefore, the search will be conducted within a string and all the records that contain these values will be reconciled.

If you specify SearchCriteria= EXACT_MATCH, then the query will search the full string instead of searching within the string.

Example 2:

IsFilterApplied=yes
FiltersToBeApplied=Users.OprId,Users.OprDefnDesc,Users.Alias
FiltersValues=SFCA001,Application User,John
CaseSensitive=EXAMPLE
SearchCriteria=EXAMPLE
Operator=and

This example will reconcile all the records in which Users.OprId, Users.OprDefnDesc, and Users.Alias contain the values SFCA001, Application User, and John, respectively. The case (uppercase or lowercase) of the values will not be considered. The values of SearchCriteria and CaseSensitive are specified as EXAMPLE. Therefore, by default, INDEX_OF and NODATA are used as the valid values, respectively.

Example 3:

IsFilterApplied=EXAMPLE
FiltersToBeApplied=Users.OprId,Users.OprDefnDesc,Users.Alias
FiltersValues=SFCA001,Application User,John
CaseSensitive=EXAMPLE
SearchCriteria=EXAMPLE
Operator=NODATA

This example will reconcile all the records. The value of IsFilterApplied is specified as EXAMPLE. Therefore, by default, Nodata is used as a valid value and all the records are reconciled.

Example 4:

IsFilterApplied=YES
FiltersToBeApplied=Users.OprId,Users.OprDefnDesc,Users.Alias
FiltersValues=SFCA001,Application User,John
CaseSensitive=EXAMPLE
SearchCriteria=EXAMPLE
Operator=NODATA

The value specified for Operator is invalid. As a result of this, no records will be reconciled. The valid values are AND or OR.

4.3 Performing Provisioning Operations

Note:

The "Unable to access pstools.properties" message might be recorded in the server logs during provisioning operations. You can ignore this message.

Provisioning a resource for an OIM User involves using Oracle Identity Manager to create a target system account for the user. To provision a resource:

Note:

The following procedure is performed using the direct provisioning approach.

Log in to the Administrative and User Console.
From the Users menu:
- Select Create if you want to first create the OIM User and then provision a PeopleSoft User Management account to the user.
- Select Manage if you want to provision a PeopleSoft User Management account to an existing OIM User.
If you select Create, on the Create User page, enter values for the OIM User fields, and then click Create User.
If you select Manage, then search for the OIM User and select the link for the user from list of users displayed in the search results.
On the User Detail page, select Resource Profile from the list at the top of the page.
On the Resource Profile page, click Provision New Resource.
On the Step 1: Select a Resource page, select PSFT_UM_RO from the list, and then click Continue.

If you are using the connector with the Remote Manager, then select PSFTUM_RM.
On the Step 2: Verify Resource Selection page, click Continue.
On the Step 5: Provide Process Data page, enter the details of the account that you want to create on the target system and then click Continue.
On the Step 6: Verify Process Data page, verify the data that you entered and then click Continue.

The account is created on the target system and provisioned as a resource to the OIM User. The page that is displayed provides options to disable or revoke the resource from the OIM User.

See Also:
"Provisioning" for more information about the provisioning functions supported by this connector and the process form fields used for provisioning

4.4 Guidelines on Using the Connector

Some Asian languages use multibyte character sets. If the character limit for the fields in the target system is specified in bytes, then the number of Asian-language characters that you can enter in a particular field may be less than the number of English-language characters that you can enter in the same field. The following example illustrates this limitation:

Suppose you can enter 50 characters of English in the User Last Name field of the target system. If you were using the Japanese language and if the character limit for the target system fields were specified in bytes, then you would not be able to enter more than 25 characters in the same field.