1/56
Contents
List of Examples
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
Part I Concepts
1
Design Console Overview
1.1
Starting the Design Console
1.2
Navigating Around the Design Console
1.2.1
Design Console Menu Bar
1.2.1.1
File Menu
1.2.1.2
Edit Menu
1.2.1.3
Toolbar Menu
1.2.1.4
Help Menu
1.2.1.5
Keyboard Shortcuts in the Design Console
1.2.2
Design Console Toolbar
1.2.3
Design Console Explorer
1.2.3.1
Starting a Form
1.2.3.2
Refreshing the List of Forms
1.2.4
Design Console Workspace
1.2.4.1
The Form View
1.2.4.2
The Table View
1.3
Special Field and Form Types
1.3.1
Data Fields
1.3.2
Lookup Fields
1.3.3
Date and Time Fields
1.3.4
List
1.3.5
Notes Window
1.3.6
Tabs on Forms
1.4
Assignment Windows
1.5
Search Operations
1.5.1
Starting a Search
1.5.2
Constructing a Search Filter
1.5.3
Results of a Search
1.5.4
Working with a Set of Query Results
1.5.5
Optimizing Query Performance
1.5.6
Exceeding the Limit for a Result Set
1.6
Forms Accessible from the Design Console
1.6.1
Forms in the User Management Folder
1.6.2
Forms in the Resource Management Folder
1.6.3
Forms in the Process Management Folder
1.6.4
Forms in the Administration Folder
1.6.5
Forms in the Development Tools Folder
1.6.6
Forms in the Business Rule Definition Folder
2
Developing Adapters
2.1
Introduction to Adapters
2.2
Types of Adapters
2.3
Adapter Environment and Tools
2.3.1
Configuring the Adapter Environment
2.3.2
Remote Manager
2.3.3
The Adapter Factory
2.3.4
Compiling Adapters
2.3.4.1
Automatic Compilation of Adapters
2.3.4.2
Compiling Adapters Manually
2.4
Defining Adapters
2.5
Tabs of the Adapter Factory Form
2.5.1
Adapter Tasks
2.5.2
Execution Schedule
2.5.3
Resources
2.5.4
Variable List
2.5.5
Usage Lookup
2.5.6
Responses
2.6
Disabling and Re-enabling Adapters
2.7
About Adapter Variables
2.7.1
Creating an Adapter Variable
2.7.2
Modifying an Adapter Variable
2.7.3
Deleting an Adapter Variable
2.8
Creating Adapter Tasks
2.8.1
Types of Adapter Tasks
2.8.2
Creating a Java Task
2.8.3
Creating a Remote Task
2.8.4
Creating a Stored Procedure Task
2.8.5
Creating a Utility Task
2.8.6
To Create an Oracle Identity Manager API Task
2.8.7
Reassigning the Value of an Adapter Variable
2.8.8
Adding an Error Handler Task
2.8.9
Creating a Logic Task
2.9
Modifying Adapter Tasks
2.10
Changing the Order and Nesting of Tasks
2.11
Deleting Adapter Tasks
2.12
Working with Responses
2.12.1
To Create a Response
2.12.2
To Modify a Response
2.12.3
To Delete a Response
2.13
Scheduling Rule Generators and Entity Adapters
2.13.1
Scheduling Rule Generators and Entity Adapters
3
Using Adapters
3.1
Working with Rule Generator Adapters
3.1.1
Mapping Rule Generator Adapter Variables
3.1.2
Associating Rule Generators with Processes
3.1.3
Removing Rule Generators from Form Fields
3.2
Working with Entity Adapters
3.3
Working with Task Assignment Adapters
3.3.1
Attaching Task Assignment Adapters to Process Tasks
3.3.2
Removing Task Assignment Adapters from Process Tasks
3.3.2.1
To Remove a Task Assignment Adapter from a Process Task
3.4
Working with Prepopulate Adapters
3.4.1
Attaching Prepopulate Adapters to Form Fields
3.4.2
Removing Prepopulate Adapters from Form Fields
3.5
Working with Process Task Adapters
3.5.1
Guidelines for Working with a Process Task Adapter
3.5.2
Attaching Process Task Adapters to Process Tasks
3.5.3
Removing Process Task Adapters from Process Tasks
3.5.3.1
To Remove a Process Task Adapter from a Process Task
3.6
Adapter Mapping Information
3.6.1
Adapter Task Mapping Information
3.6.1.1
Adapter Variables
3.6.1.2
Adapter Task
3.6.1.3
Literal
3.6.1.4
Adapter References
3.6.1.5
Organization Definition
3.6.1.6
Process Definition
3.6.1.7
User Definition
3.6.2
Adapter Variable Mapping Information
3.6.2.1
From the Variable List Tab
3.6.2.2
Process Task Adapter Variable Mappings
3.6.2.3
Task Assignment Adapter Variable Mappings
3.6.2.4
Rule Generator and Entity Adapter Variable Mappings
3.6.2.5
Prepopulate Adapter Variable Mappings
4
Developing Rules
4.1
Overview of Business Rule Definition
4.2
Event Handler Manager Form
4.3
Data Object Manager Form
4.3.1
Tabs of the Data Object Manager Form
4.3.1.1
Attach Handlers Tab
4.3.1.2
Map Adapters Tab
4.4
Reconciliation Rules Form
4.4.1
Defining a Reconciliation Rule
4.4.2
Adding a Rule Element
4.4.3
Nesting a Rule Within a Rule
4.4.4
Deleting a Rule Element or Rule
5
Developing Scheduled Tasks
5.1
Overview of Task Creation
5.1.1
Steps in Task Creation
5.1.2
Example of Scheduled Task
5.2
Define the Metadata for the Scheduled Task
5.3
Configure the Scheduled Task XML File
5.4
Develop the Scheduled Task Class
5.5
Configure the Plug-in XML File
5.6
Create the Directory Structure for the Scheduled Task
6
Developing Plug-ins
6.1
Background of the Plug-in Framework
6.1.1
About the Plug-in Framework
6.1.2
About Plug-in Stores
6.1.2.1
File Store
6.1.2.2
Database Store
6.1.3
Steps for Developing Plug-ins
6.2
Configuring Plug-ins
6.3
Defining and Using Plug-ins
6.3.1
Declaring Plug-ins
6.3.2
Specifying Plug-in Metadata
6.3.3
Developing Plug-ins
6.4
Registering Plug-ins
6.4.1
Registering and Unregistering Plug-ins By Using APIs
6.4.2
Registering and Unregistering Plug-ins By Using the Plugin Registration Utility
6.5
About Mapped Values
6.5.1
Accessing Mapped Values
6.6
Plug-in Points
7
Developing Event Handlers for Extending User Management Operations
7.1
An Overview of User Management Operations
7.2
Extending User Management Operations with Event Handlers
7.2.1
Understanding Elements in Event Handlers XML Files
7.2.2
Writing Custom Event Handlers
7.2.2.1
Implementing Custom Event Handlers
7.2.2.2
Creating Plug-ins for Custom Event Handlers
7.2.2.3
Defining Custom Events
8
Configuring LDAP Container Rules
Part II Application-Specific Connectors
9
Developing Resource Objects
9.1
Viewing Resource Details
9.2
Working with Organizations Associated with Resources
9.3
Using the Resource Administrator Option
9.3.1
Assigning Roles as Administrators for Resources
9.3.2
Updating Permissions of an Administrative Role
9.4
Using the Resource Authorizers Option
9.5
Using the Resource Workflows Option to View Workflows
9.5.1
Opening the Workflow Visualizer
9.5.2
Elements of the Workflow Visualizer
9.5.2.1
Using the Provisioning Workflow Definition Event Tabs
9.5.3
Operations on the Workflow Visualizer
9.5.3.1
Rearranging Elements
9.5.3.2
Using the Expansion Nodes
9.5.3.3
Accessing the Task Details
9.6
Using the Resource Workflows Option to Create and Modify Workflows
9.6.1
Opening the Workflow Designer
9.6.2
Creating a Workflow
9.6.3
Workflow Designer Main Page
9.6.3.1
Information
9.6.3.2
Toolbar
9.6.3.3
Designer Page
9.6.3.4
Menu Section
9.6.4
Creating and Configuring Tasks and Responses
9.6.4.1
General Menu Options
9.6.4.2
Task Options
9.6.4.3
Response Options
9.6.4.4
Link Options
9.6.4.5
Configuring Tasks
9.6.4.6
Configuring Responses
9.6.5
Configuring Data Flows
9.7
Creating IT Resources
9.8
Managing IT Resources
9.8.1
Viewing IT Resources
9.8.2
Modifying IT Resources
9.8.3
Deleting IT Resources
9.9
Managing Resources By Using the Design Console
9.9.1
Overview of Resource Management
9.9.2
IT Resources Type Definition Form
9.9.2.1
Defining a Template (a Resource Type) for IT Resources
9.9.2.2
Tabs on the IT Resource Type Definition Form
9.9.2.3
IT Resource Type Definition Table
9.9.3
Rule Designer Form
9.9.3.1
Creating a Rule
9.9.3.2
Tabs on the Rule Designer Form
9.9.3.3
Rule Designer Table
9.9.4
Resource Objects Form
9.9.4.1
Creating a Resource Object
9.9.4.2
Tabs on the Resource Objects Form
9.9.4.3
Multiple Trusted Source Reconciliation
9.9.5
Service Account Management
10
Developing Provisioning Processes
10.1
Overview of Process Management
10.2
Email Definition Form
10.2.1
Specifying the E-Mail Server
10.2.2
Email Definition Form
10.2.3
Creating an E-Mail Definition
10.3
Process Definition Form
10.3.1
Creating a Process Definition
10.3.2
Tabs on the Process Definition Form
10.3.2.1
Tasks Tab
10.3.2.2
Reconciliation Field Mappings Tab
10.3.2.3
Administrators Tab
10.3.3
Modifying Process Tasks
10.3.3.1
General Tab
10.3.3.2
Integration Tab
10.3.3.3
Task Dependency Tab
10.3.3.4
Responses Tab
10.3.3.5
Undo/Recovery Tab
10.3.3.6
Notification Tab
10.3.3.7
Task to Object Status Mapping Tab
10.3.3.8
Assignment Tab of the Editing Task Window
11
Developing Process Forms
11.1
Form Designer Form
11.1.1
Creating a Form
11.1.2
Tabs of the Form Designer Form
11.1.2.1
Additional Columns Tab
11.1.2.2
Child Table(s) Tab
11.1.2.3
Object Permissions Tab
11.1.2.4
Properties Tab
11.1.2.5
Administrators Tab
11.1.2.6
Usage Tab
11.1.2.7
Pre-Populate Tab
11.1.2.8
Default Columns Tab
11.1.2.9
User Defined Fields Tab
11.1.3
Creating an Additional Version of a Form
11.2
Error Message Definition Form
11.2.1
Creating an Error Message
12
Developing Reconciliation Scheduled Tasks
12.1
Prerequisites for Developing Reconciliation Scheduled Tasks
12.2
Customizing Reconciliation Operations
13
Developing Lookup Definitions, UDFs, and Remote Manager
13.1
Overview
13.2
Lookup Definition Form
13.2.1
Creating a Lookup Definition
13.2.2
Lookup Code Information Tab
13.2.2.1
Creating and Modifying a Lookup Value
13.2.2.2
Deleting a Lookup Value
13.3
User Defined Field Definition Form
13.3.1
Selecting the Target Form for a User-Defined Field
13.3.2
Tabs on the User Defined Field Definition Form
13.3.2.1
User Defined Columns Tab
13.3.2.2
Properties Tab
13.3.2.3
Administrators Tab
13.4
Remote Manager Form
Part III Generic Technology Connectors
14
Understanding Generic Technology Connectors
14.1
Requirement for Generic Technology Connectors
14.2
Functional Architecture of Generic Technology Connectors
14.2.1
Providers and Data Sets of the Reconciliation Module
14.2.2
Providers and Data Sets of the Provisioning Module
14.2.3
Oracle Identity Manager Data Sets
14.3
Features of Generic Technology Connectors
14.3.1
Features Specific to the Reconciliation Module
14.3.1.1
Trusted Source Reconciliation
14.3.1.2
Account Status Reconciliation
14.3.1.3
Full and Incremental Reconciliation
14.3.1.4
Batched Reconciliation
14.3.1.5
Reconciliation of Multivalued Attribute Data (Child Data) Deletion
14.3.1.6
Failure Threshold for Stopping Reconciliation
14.3.2
Other Features
14.3.2.1
Custom Data Fields and Field Mappings
14.3.2.2
Custom Providers
14.3.2.3
Multilanguage Support
14.3.2.4
Custom Date Formats
14.3.2.5
Propagation of Changes in Oracle Identity Manager User Attributes to Target Systems
14.4
Connector Objects Created by the Generic Technology Connector Framework
14.4.1
Both Reconciliation and Provisioning Are Selected
14.4.2
Only Reconciliation Is Selected
14.4.3
Only Provisioning Is Selected
14.5
Roadmap for Information on Generic Technology Connectors in This Guide
15
Predefined Providers for Generic Technology Connectors
15.1
Shared Drive Reconciliation Transport Provider
15.2
CSV Reconciliation Format Provider
15.3
SPML Provisioning Format Provider
15.3.1
Run-Time Parameters
15.3.2
Design Parameters
15.3.3
Nonmandatory Parameters
15.3.4
Parameters with Predetermined Values
15.4
Web Services Provisioning Transport Provider
15.4.1
Configuring SSL Communication Between Oracle Identity Manager and the Target System Web Service
15.5
Transformation Providers
15.5.1
Concatenation Transformation Provider
15.5.2
Translation Transformation Provider
15.5.2.1
Configuring Account Status Reconciliation
15.6
Validation Providers
16
Creating Custom Providers for Generic Technology Connectors
16.1
Role of Providers
16.1.1
Role of Providers During Generic Technology Connector Creation
16.1.2
Role of Providers During Reconciliation
16.1.3
Role of Providers During Provisioning
16.2
Creating Custom Providers
16.2.1
Determining Provider Requirements
16.2.1.1
Determining the Reconciliation Provider Requirements
16.2.1.2
Determining the Provisioning Provider Requirements
16.2.2
Identifying the Provider Parameters
16.2.3
Developing Java Code Implementations of the Value Objects
16.2.4
Developing Java Code Implementations of the Provider SPI Methods
16.2.5
Developing Java Code for Logging and Exception Handling
16.2.6
Creating the Provider XML File
16.2.7
Creating Resource Bundle Entries for the Provider
16.2.8
Deploying the Provider
16.3
Reusing Providers
16.3.1
Reusing Reconciliation Providers
16.3.2
Reusing Provisioning Providers
16.4
Deploying the Custom Providers
17
Creating and Managing Generic Technology Connectors
17.1
Overview
17.2
Creating Generic Technology Connectors
17.2.1
Determining Provider Requirements
17.2.2
Selecting the Providers to Include
17.2.3
Addressing the Prerequisites
17.2.4
Using the Administrative and User Console to Create the Connector
17.2.4.1
Step 1: Provide Basic Information Page
17.2.4.2
Step 2: Specify Parameter Values Page
17.2.4.3
Step 3: Modify Connector Configuration Page
17.2.4.4
Step 4: Verify Connector Form Names Page
17.2.4.5
Step 5: Verify Connector Information Page
17.2.5
Configuring Reconciliation
17.2.6
Configuring Provisioning
17.2.7
Enabling Logging
17.3
Managing Generic Technology Connectors
17.3.1
Modifying Generic Technology Connectors
17.3.2
Exporting Generic Technology Connectors
17.3.3
Importing Generic Technology Connectors
17.4
Using the Generic Connection Pool Framework in Custom Connectors
17.4.1
Providing concrete implementation for ResourceConnection interface
17.4.2
Defining Additional ITResource Parameters
17.4.3
Getting and Releasing Connections from the Pool
17.4.4
Using a Third-party Pool
17.4.5
Example: Implementation of ResourceConnection
17.5
Best Practices
17.5.1
Working with the Provide Basic Information Page
17.5.2
Working with the Specify Parameter Values Page
17.5.3
Working with the Modify Connector Configuration Page
17.5.3.1
Names of Fields
17.5.3.2
Password Fields
17.5.3.3
Password-Like Fields
17.5.3.4
Mappings
17.5.3.5
Oracle Identity Manager Data Sets
17.5.4
Working with Shared Drive Reconciliation Transport Provider
17.5.5
Working with Custom Providers
17.5.6
Working with Connector Objects
17.5.7
Modifying Generic Technology Connectors
18
Troubleshooting Generic Technology Connectors
18.1
General Issues for Generic Technology Connectors
18.1.1
Creation Issues
18.1.2
Multi-language Support
18.1.3
Other General Issues
18.2
Configuration Issues for Generic Technology Connectors
18.2.1
Names of Generic Technology Connectors and Connector Objects
18.2.2
Step 3: Modify Connector Configuration Page
18.2.3
Errors During Connector Creation
18.2.4
Errors During Reconciliation
18.2.5
Errors During Provisioning
Part IV Requests and Approval Processes
19
Configuring Requests
19.1
Step 1: Creating a Request Dataset for the Resources
19.1.1
Elements and Properties
19.1.1.1
The request-data-set Element
19.1.1.2
The DataSetValidator Element
19.1.1.3
The AttributeReference Element
19.1.1.4
The Attribute Element
19.1.2
Sample Request Dataset
19.1.3
Child Data
19.1.4
Common Request Dataset
19.1.5
Configuring Localized Values for Request Datasets
19.1.5.1
Localization for Request Dataset Attributes
19.1.5.2
Localization of Column Names in LookupQuery for Dataset Attributes
19.2
Step 2: Uploading Request Datasets into MDS
19.3
Step 3: Creating SOA Composites Required for Approval
19.4
Step 4: Registering the SOA Composites in Oracle Identity Manager
19.5
Step 5: Defining Request Approvals
19.5.1
Approval Workflows
19.5.2
Approval Levels
19.5.2.1
Template-Level Approvals
19.5.2.2
Request-Level Approvals
19.5.2.3
Operation-Level Approvals
19.5.3
Creating Approval Policies
19.6
Step 6: Creating Request Templates
19.7
Extending Request Management Operations
19.7.1
Running Custom Code Based on Request Status Change
19.7.2
Validating Request Data
19.7.3
Prepopulation of an Attribute Value During Request Creation
20
Understanding Approval Process Development in Oracle SOA Suite
20.1
Integration with Oracle SOA Suite
20.1.1
Integration Prerequisites
20.1.2
Integration Components
20.2
Predefined SOA Composites
20.3
Developing an Approval Process for Oracle Identity Manager
20.4
Monitoring Oracle Identity Manager SOA Composites
20.5
Enabling Oracle Identity Manager to Connect to SOA
21
Developing SOA Composites
21.1
Creating New SOA Composites
21.1.1
Creating a New SOA Composite
21.1.2
Deploying a SOA Composite in Oracle SOA Server
21.1.3
Prerequisites for Communication to Oracle Identity Manager Through SSL Mode
21.1.4
Registering a SOA Composite with Oracle Identity Manager
21.2
Modifying Existing SOA Composites
21.2.1
Modifying a SOA Project in JDeveloper
21.2.2
Disabling a SOA Composite on Oracle Identity Manager
21.2.3
Deploying a SOA Composite in Oracle SOA Server
21.2.4
Enabling a SOA Composite with Oracle Identity Manager
22
Using Oracle Identity Manager APIs from SOA Composites
22.1
Software Prerequisites
22.2
Configuring the SOA Composite By Using JDeveloper
22.2.1
Setting an Application Server Connection in JDeveloper
22.2.2
Setting Up the SOA Composite in JDeveloper
22.2.3
Updating the SOA Composite
22.2.4
Deploying the SOA Composite
22.2.5
Testing the Setup
Part V Segregation of Duties
23
Understanding SoD
23.1
Overview
23.2
Using SoD in Provisioning Workflow
23.2.1
Direct Provisioning
23.2.2
Updating Entitlements
23.2.3
Request Provisioning
23.2.4
Creating a Request to Modify Provisioned Resource
23.2.5
Request Provisioning With the DefaultSODApproval Workflow
23.2.6
Request Provisioning with Approver-Only Field and With the DefaultSODApproval Workflow
23.2.7
Requesting for Self
23.2.8
Provisioning Based on Access Policies
23.2.9
Updating Entitlements By Using Provisioning Based on Access Policies
24
Configuring SoD Validation
24.1
Understanding SoD Validation Process
24.2
Implementing and Enabling SoD
24.2.1
Installing and Configuring the Oracle Identity Manager Connector
24.2.1.1
Configuring the Provisioning and Approval Workflows for SoD
24.2.1.2
Marking Fields as Entitlements
24.2.2
Configuring the SoD Engine
24.2.2.1
Configuring Oracle Application Access Controls Governor
24.2.2.2
Configuring SAP GRC
24.2.3
Deploying the SIL and SIL Providers
24.2.4
Enabling SSL Communication Between the SoD engine and Oracle Identity Manager
24.2.4.1
Enabling SSL Communication Between Oracle Application Access Controls Governor and Oracle Identity Manager
24.2.4.2
Enabling SSL Communication Between SAP GRC and Oracle Identity Manager
24.2.5
Enabling SoD
24.2.6
Disabling SoD
24.2.7
Enabling Logging for SoD-Related Events
24.3
Custom Combination of Target Systems and SoD Engines
24.3.1
Using a Custom Target System
24.3.1.1
Addressing Prerequisites
24.3.1.2
Creating the Transformation Layer
24.3.1.3
Deploying the Transformation Layer
24.3.1.4
Modifying the Registration XML File
24.3.1.5
Registering the New Target System
24.3.2
Adding Custom SoD Engine
24.3.2.1
Addressing Prerequisites
24.3.2.2
Creating an IT Resource to Hold Information about the SoD Engine
24.3.2.3
Implementing the Service Components for the Provider
24.3.2.4
Deploying the Service Components
24.3.2.5
Modifying the Registration XML File for the New SoD Engine
24.3.2.6
Registering the New SIL Provider
24.4
Troubleshooting SoD Check
24.5
Calling SoD Check Web Service Over SSL
Part VI Customization
25
Customizing Oracle Identity Manager Interfaces
25.1
Branding Customization
25.1.1
Login Page
25.1.2
Identity Administration
25.1.3
Unauthenticated Self-Service
25.1.4
Authenticated Self Service
25.1.5
Advanced Administration
25.2
Style Sheet Modifications
25.2.1
Introduction to the Style Sheets
25.2.2
Creating Custom Skins and Overriding Style Sheets
25.2.3
Style Sheets in Transitional UI
25.2.3.1
Files to Modify
25.2.3.2
Customizing the Appearance of the Transitional UI
25.3
Renaming Button Labels
25.3.1
Identity Administration
25.3.2
Other Consoles
25.3.3
Transitional UI Pop-ups
25.3.3.1
Files to Modify
25.3.3.2
Customizing Descriptive Text and Labels
25.4
Working with Menus and Tabs
25.4.1
Oracle Identity Administration
25.4.2
Other Consoles
25.5
Disabling Features
25.5.1
Disabling Access to Features Through the Authorization Policies
25.5.2
Other Administration Features
25.5.3
Other Consoles
25.6
Adding or Deleting Columns in Console Tables
25.6.1
Identity Administration
25.6.2
Transitional UI
25.6.2.1
Customizing Search Drop-Down Item
25.6.2.2
Customizing Number of Search Drop-Down Items and Search Results
25.7
Data Customization
25.7.1
Advanced Administration
25.7.2
Unauthenticated Self Service
25.7.3
Authenticated Self Service
25.8
Injecting Custom URLs
25.8.1
Custom URLs for the Identity Administration
25.8.2
Custom URLs for Other Consoles
25.9
Changing Popup Properties
25.10
Customizing the Workflow Designer
26
Adding Custom ADF Tabs to Self Service
27
General Customization Concepts
27.1
Rule Elements, Variables, Data Types, and System Properties
27.2
Service Accounts
27.2.1
Service Account Customization: Scenario One
27.2.2
Service Account Customization: Scenario Two
27.3
Design Console Actions
27.4
Creating Custom Proxy Plug-in
Part VII APIs and Web Services
28
Using APIs
28.1
Accessing Oracle Identity Manager Services
28.1.1
Using OIMClient
28.1.2
Using the tcUtilityFactory
28.2
Oracle Identity Manager Services
28.2.1
Services Introduced in Oracle Identity Manager
11
g
Release 1 (11.1.1)
28.2.2
Legacy Services or Utilities
28.3
Commonly Used Services
28.3.1
Mapping Between Legacy and New Services
28.4
Developing Clients for Oracle Identity Manager
28.4.1
Prerequisites for Developing Clients
28.4.2
Setup and Configuration
28.5
Working With Legacy Oracle Identity Manager APIs
28.5.1
Using a Result Set Object
28.5.2
Handling Oracle Identity Manager Exceptions
28.5.3
Cleaning Up
28.6
Code Sample
28.7
Reconciliation APIs
28.7.1
About the APIs
28.7.2
New Reconciliation APIs in 11
g
Release 1 (11.1.1)
29
Using SPML Services
29.1
Introduction
29.1.1
About SPML Interactions
29.1.2
Integration Interface
29.2
Create Identity (SPML Core Service: addRequest)
29.3
Modify Roles, Change Attributes and Role Memberships (SPML Core Service: modifyRequest)
29.4
Delete an Identity or Role (SPML Core Service: deleteRequest)
29.5
Check Request Status (SPML Core Service: statusRequest)
29.6
List Available Targets (SPML Core Service: listTargets)
29.7
Disable a User (SPML Suspend Service: suspendRequest)
29.8
Enable a User (SPML Suspend Service: resumeRequest)
29.9
Check if User is Active (SPML Suspend Service: activeRequest)
29.10
Validate a Username (SPML Username Service: validateUsername)
29.11
Obtain a Username (SPML Username: suggestUsername)
29.12
Securing SPML Web Services
29.12.1
About Web Services Security
29.12.2
A Request Example
29.12.3
Applying Policies
Part VIII Utilities
30
MDS Utilities and User Modifiable Metadata Files
30.1
Setting up the Environment for MDS Utilities
30.2
Structure of Properties File
30.3
User Modifiable Metadata Files
30.4
Example of MDS Utility Usage
31
Bulk Load Utility
31.1
Features of the Bulk Load Utility
31.2
Installing the Bulk Load Utility
31.2.1
Scripts That Constitute the Utility
31.2.2
Options Offered by the Utility
31.3
Temporary Tables Used During a Bulk Load Operation
31.4
Loading OIM User Data
31.4.1
Creating a Tablespace for Temporary Tables
31.4.2
Creating a Datafile in the Oracle Identity Manager Tablespace
31.4.3
Setting a Default Password for OIM Users Added by the Utility
31.4.4
Creating the Input Source for the Bulk Load Operation
31.4.4.1
Using CSV Files As the Input Source
31.4.4.2
Creating Database Tables As the Input Source
31.4.5
Determining Values for the Input Parameters of the Utility
31.4.6
Running the Utility
31.4.7
Monitoring the Progress of the Operation
31.4.7.1
Data Recorded During the Operation
31.4.7.2
Querying the OIM_BLKLD_LOG Table for Progress and Error Messages
31.4.8
Handling Exceptions Recorded During the Operation
31.4.9
Fixing Exceptions and Reloading Data Records
31.4.10
Verifying the Outcome of the Bulk Load Operation
31.4.11
Gathering Performance Data from the Bulk Load Operation
31.4.12
Cleaning Up After a Bulk Load Operation
31.4.13
Generating an Audit Snapshot
31.5
Loading Account Data
31.5.1
Creating a Tablespace for Temporary Tables
31.5.2
Creating a Datafile in the Oracle Identity Manager Tablespace
31.5.3
Creating the Input Source for the Bulk Load Operation
31.5.3.1
Using CSV Files As the Input Source
31.5.3.2
Creating Database Tables As the Input Source
31.5.4
Determining Values for the Input Parameters of the Utility
31.5.5
Running the Utility
31.5.6
Monitoring the Progress of the Operation
31.5.6.1
Data Recorded During the Operation
31.5.6.2
Querying the OIM_BLKLD_LOG Table for Progress and Error Messages
31.5.7
Handling Exceptions Recorded During the Operation
31.5.8
Fixing Exceptions and Reloading Data Records
31.5.9
Verifying the Outcome of the Bulk Load Operation
31.5.10
Gathering Performance Data from the Bulk Load Operation
31.5.11
Cleaning Up After a Bulk Load Operation
31.5.12
Generating an Audit Snapshot
31.6
Loading Role, Role Hierarchy, Role Membership, and Role Category Data
31.6.1
Creating a Tablespace for Temporary Tables
31.6.2
Creating a Datafile in the Oracle Identity Manager Tablespace
31.6.3
Creating the Input Source for the Bulk Load Operation
31.6.3.1
Using CSV Files As the Input Source
31.6.3.2
Creating Database Tables As the Input Source
31.6.4
Determining Values for the Input Parameters of the Utility
31.6.5
Running the Utility
31.6.6
Monitoring the Progress of the Operation
31.6.6.1
Data Recorded During the Operation
31.6.6.2
Querying the OIM_BLKLD_LOG Table for Progress and Error Messages
31.6.7
Handling Exceptions Recorded During the Operation
31.6.8
Fixing Exceptions and Reloading Data Records
31.6.9
Verifying the Outcome of the Bulk Load Operation
31.6.10
Gathering Performance Data from the Bulk Load Operation
31.6.11
Cleaning Up After a Bulk Load Operation
31.6.12
Generating an Audit Snapshot
32
Upload JAR and Resource Bundle Utilities
32.1
Upload JAR Utility
32.2
Download JAR Utility
32.3
Delete JAR Utility
32.4
Upload Resource Bundle Utility
32.5
Download Resource Bundle Utility
32.6
Delete Resource Bundle Utility
Part IX Reporting
33
Configuring Reports
33.1
What is Oracle Identity Management Reports?
33.2
What is Oracle BI Publisher?
33.3
Supported Products
33.4
Licensing
33.5
Deploying Oracle Identity Management Reports
33.5.1
Upgrading to 11
g
Release 1 (11.1.1)
33.5.2
Installing 11
g
Release 1 (11.1.1)
33.5.2.1
Describing the Oracle Identity Management Reports Directories
33.5.2.2
Acquiring and Installing Oracle BI Publisher
33.5.2.3
Installing Oracle Identity Management Reports
33.6
Configuring Oracle Identity Management Reports
33.6.1
Configuring Oracle Identity Management Reports for Oracle Identity Manager
33.6.2
Configuring a Secondary Data Source for BPEL-Based Oracle Identity Manager Reports
33.7
Generating Oracle Identity Management Reports
33.7.1
Generating Sample Reports Against the Sample Data Source
33.7.2
Generating Reports Against the Production JDBC Data Source
33.7.3
Generating Reports Against the BPEL-Based JDBC Data Source
34
Developing Entitlements
34.1
Available Entitlements and Assigned Entitlements
34.2
Entitlement Data Capture Process
34.2.1
Capture of Data About Available Entitlements
34.2.2
Capture of Data About Assigned Entitlements
34.3
Configuring the Oracle Application Server Installation to Use This Feature
34.4
Marking Entitlement Attributes on Child Process Forms
34.5
Configuring Scheduled Tasks for Working with Entitlement Data
34.5.1
Entitlement List
34.5.2
Entitlement Assignments
34.5.3
Entitlement Updates
34.6
Disabling the Capture of Modifications to Assigned Entitlements
34.7
Entitlement-Related Reports
34.7.1
Entitlement Access List
34.7.2
Entitlement Access List History
34.7.3
User Resource Entitlement
34.7.4
User Resource Entitlement History
Part X Appendixes
A
Scheduled Task Configuration File
A.1
Structure of the Scheduler XML File
A.2
scheduledTasks Element
A.3
Level 1 Elements
A.4
Level 2 Elements
A.4.1
The name Element
A.4.2
The class Element
A.4.3
The description Element
A.4.4
The retry Element
A.4.5
The parameters Element
A.5
Level 3 Elements
A.5.1
The string-param Element
A.5.2
The number-param Element
A.5.3
The boolean-param Element
B
SPML Attributes and LDAP Mappings, and Oracle Identity Manager Attributes
B.1
Identity PSO Attributes
B.1.1
Custom Identity Attributes
B.2
Role PSO Attributes
B.2.1
Custom Role Attributes
B.3
Preference Attributes
B.4
Special Character Restrictions in Oracle Identity Manager Attributes
B.4.1
Characters Available in All Attributes
B.4.2
Special Characters in the Password Field
B.4.3
Usage of Single Quotation Mark
B.4.4
Usage of Semicolon
B.4.5
Unsupported Special Characters
B.5
Operation Data
B.5.1
Passing Operation Data
B.5.2
Passing Reference Data
C
SPML Examples
C.1
SPML Example - Add User
C.2
SPML Example - Delete User
C.3
SPML Example - Modify User
C.4
SPML Example - Resume User
C.5
SPML Example - Suggest User Name
C.6
SPML Example - Suspend User
C.7
SPML Example - Validate User Name
C.8
SPML Example - Check If User is Active
C.9
SPML Example - Lookup Username Policy
C.10
SPML Example – Add User with Role Assignment
C.11
SPML Example - Assign Role Membership
C.12
SPML Example – Revoke Role Membership
C.13
SPML Example - Modify Role
C.14
SPML Example - Modify Role with Parent
C.15
SPML Example - Role Grant
C.16
SPML Example - Role with Parent
C.17
SPML Example - Delete Role
C.18
SPML Example - Status Request
C.19
SPML Example - List Target
D
Metadata Column Codes
D.1
Extracting the Metadata Column Code
D.2
Mapping Information for the Metadata Column Code
E
User and Role API Provider for Oracle Identity Manager
Index
Scripting on this page enhances content navigation, but does not change the content in any way.