Contents

List of Examples

List of Figures

List of Tables

Title and Copyright Information

Preface

• Audience
• Documentation Accessibility
• Related Documents
• Documentation Updates
• Conventions
• Online Help

1 Introduction to the Integration

• 1.1 The Integration Problem
• 1.2 The Oracle Identity Manager Solution
• 1.3 About Adapters
• 1.4 Tabs of the Adapter Factory Form
  • 1.4.1 Adapter Tasks
  • 1.4.2 Execution Schedule
  • 1.4.3 Resources
  • 1.4.4 Variable List
  • 1.4.5 Usage Lookup
  • 1.4.6 Responses

2 Getting Started

• 2.1 Overview of Oracle Identity Manager Configuration
• 2.2 Configuring Oracle Identity Manager to Reference JAR and Class Files
• 2.3 Installing the Remote Manager
• 2.4 Adding the Trust Relation

3 Creating Adapters

• 3.1 Overview of Adapter Creation
• 3.2 Defining Adapters
• 3.3 Disabling and Re-enabling Adapters
• 3.4 About Adapter Variables
  • 3.4.1 Creating an Adapter Variable
  • 3.4.2 Modifying an Adapter Variable
  • 3.4.3 Deleting an Adapter Variable
• 3.5 Creating Adapter Tasks
  • 3.5.1 Creating a Java Task
  • 3.5.2 To Create a Remote Task
  • 3.5.3 To Create a Stored Procedure Task
  • 3.5.4 To Create a Utility Task
  • 3.5.5 To Create an Oracle Identity Manager API Task
  • 3.5.6 Reassigning the Value of an Adapter Variable
  • 3.5.7 Adding an Error Handler Task
  • 3.5.8 Creating a Logic Task
• 3.6 Modifying Adapter Tasks
• 3.7 Changing the Order and Nesting of Tasks
• 3.8 Deleting Adapter Tasks
• 3.9 Working with Responses
  • 3.9.1 To Create a Response
  • 3.9.2 To Modify a Response
  • 3.9.3 To Delete a Response
• 3.10 Scheduling Rule Generators and Entity Adapters
  • 3.10.1 Scheduling Rule Generators and Entity Adapters

4 About Process Task Adapters

• 4.1 Introduction to Processes and Process Tasks
• 4.2 How a Process Task Adapter Works
• 4.3 Attaching Process Task Adapters to Process Tasks
• 4.4 Removing Process Task Adapters from Process Tasks
  • 4.4.1 To Remove a Process Task Adapter from a Process Task

5 Applying Task Assignment Adapters

• 5.1 Overview
• 5.2 Attaching Task Assignment Adapters to Process Tasks
  • 5.2.1 To Attach a Task Assignment Adapter to a Process Task
• 5.3 Removing Task Assignment Adapters from Process Tasks
  • 5.3.1 To Remove a Task Assignment Adapter from a Process Task

6 Understanding Rule Generators

• 6.1 Overview
• 6.2 Mapping Rule Generator Adapter Variables
• 6.3 Associating Rule Generators with Processes
• 6.4 Removing Rule Generators from Form Fields

7 Using Prepopulate Adapters

• 7.1 Overview
• 7.2 Attaching Prepopulate Adapters to Form Fields
• 7.3 Removing Prepopulate Adapters from Form Fields

8 Managing Entities

9 Compiling Adapters

• 9.1 Automatic Compilation of Adapters
• 9.2 Compiling Adapters Manually

10 Exporting and Importing Adapters

11 Creating and Testing a Remote Manager IT Resource

• 11.1 Postinstallation Configuration
• 11.2 To Create and Test a Remote Manager IT Resource

12 SPML Web Service

• 12.1 Introduction to the SPML Web Service
  • 12.1.1 Functional Architecture of the SPML Web Service
• 12.2 Provisioning Operations Supported by the SPML Web Service
• 12.3 Deploying the SPML Web Service
  • 12.3.1 Deploying the SPML Web Service on Oracle WebLogic Server
  • 12.3.2 Deploying the SPML Web Service on IBM WebSphere Application Server
  • 12.3.3 Deploying the SPML Web Service on JBoss Application Server
  • 12.3.4 Deploying the SPML Web Service on Oracle Application Server
• 12.4 Enabling Security by Using Oracle Web Services Manager and Then Deploying the SPML Web Service
  • 12.4.1 Configuring the Oracle WSM Server Agent
    • 12.4.1.1 Adding a Server Agent
    • 12.4.1.2 Defining a Policy for the Server Agent
    • 12.4.1.3 Injecting the Server Agent
    • 12.4.1.4 Deploying the SPML Web Service
  • 12.4.2 Configuring the Oracle WSM Gateway
    • 12.4.2.1 Registering the Oracle WSM Gateway
    • 12.4.2.2 Registering the SPML Web Service with the Gateway
    • 12.4.2.3 Adding a Custom Policy to the Gateway
    • 12.4.2.4 Deploying the SPML Web Service
    • 12.4.2.5 Viewing the WSDL File
• 12.5 Postdeployment Tasks
• 12.6 Enabling SSL Communication
  • 12.6.1 JBoss Application Server
    • 12.6.1.1 Prerequisites
    • 12.6.1.2 SSL Certificate Setup
  • 12.6.2 Oracle WebLogic Server
    • 12.6.2.1 Prerequisites
    • 12.6.2.2 SSL Certificate Setup
  • 12.6.3 IBM WebSphere Application Server
    • 12.6.3.1 Prerequisites
    • 12.6.3.2 SSL Certificate Setup
  • 12.6.4 Oracle Application Server
    • 12.6.4.1 Prerequisites
    • 12.6.4.2 SSL Certificate Setup
  • 12.6.5 Enabling SSL for HTTP Communication to Oracle HTTP Server
    • 12.6.5.1 Exporting Certificate
• 12.7 Developing the Client for the SPML Web Service
  • 12.7.1 Supported SPML Operations
  • 12.7.2 Authentication
  • 12.7.3 Fields Included in SPML Requests
  • 12.7.4 Structure of the SOAP Header
  • 12.7.5 Sample SOAP SPML Message

13 Segregation of Duties (SoD) in Oracle Identity Manager

• 13.1 SoD Implementation in Oracle Identity Manager
• 13.2 SoD Validation Process in Oracle Identity Manager
• 13.3 Implementing and Enabling SoD
  • 13.3.1 Creating the SIL Database Schema
  • 13.3.2 Installing and Configuring the Oracle Identity Manager Connector
  • 13.3.3 Copying Files Required by the SIL Providers
    • 13.3.3.1 Copying Files Required by the OAACG SIL Provider
    • 13.3.3.2 Copying Files Required by the SAP GRC SIL Provider
  • 13.3.4 Configuring the SoD Engine
    • 13.3.4.1 Configuring Oracle Application Access Controls Governor
    • 13.3.4.2 Configuring SAP GRC
  • 13.3.5 Deploying the SIL and SIL Providers
    • 13.3.5.1 Creating an IT Resource to Hold Information about the SoD Engine
    • 13.3.5.2 Running the Registration Script and Providing Registration Information
    • 13.3.5.3 Recording the Names of the System Types
    • 13.3.5.4 Deploying the SIL_HOME Directory in a Clustered Environment
  • 13.3.6 Enabling SSL Communication Between the SoD engine and Oracle Identity Manager
    • 13.3.6.1 Enabling SSL Communication Between Oracle Application Access Controls Governor and Oracle Identity Manager
    • 13.3.6.2 Enabling SSL Communication Between SAP GRC and Oracle Identity Manager
  • 13.3.7 Enabling SoD
  • 13.3.8 Enabling Logging for SoD-Related Events
• 13.4 Configuring Connectors for SoD
  • 13.4.1 Addressing Prerequisites
  • 13.4.2 Creating the Transformation Layer
  • 13.4.3 Modifying the Registration XML File
  • 13.4.4 Configuring the Provisioning and Approval Workflows for SoD
    • 13.4.4.1 Modifying the Approval Workflow for SoD
    • 13.4.4.2 Modifying the Provisioning Workflow for SoD
  • 13.4.5 Marking Child Process Form Tables That Hold Entitlement Data
  • 13.4.6 Registering the New Target System
• 13.5 Creating SIL Providers
  • 13.5.1 Addressing Prerequisites
  • 13.5.2 Implementing the Interfaces for the Provider
  • 13.5.3 Modifying the Registration XML File for the New SoD Engine
  • 13.5.4 Registering the New SIL Provider

14 Using Entitlement Data

• 14.1 Available Entitlements and Assigned Entitlements
• 14.2 Entitlement Data Capture Process
  • 14.2.1 Capture of Data About Available Entitlements
  • 14.2.2 Capture of Data About Assigned Entitlements
• 14.3 Configuring the Oracle Application Server Installation to Use This Feature
• 14.4 Marking Entitlement Attributes on Child Process Forms
• 14.5 Configuring Scheduled Tasks for Working with Entitlement Data
  • 14.5.1 Entitlement List
  • 14.5.2 Entitlement Assignments
  • 14.5.3 Entitlement Updations
• 14.6 Disabling the Capture of Modifications to Assigned Entitlements
• 14.7 Entitlement-Related Reports
  • 14.7.1 Entitlement Access List
  • 14.7.2 Entitlement Access List History
  • 14.7.3 User Resource Entitlement
  • 14.7.4 User Resource Entitlement History
• 14.8 Archiving Data Stored in the ENT_ASSIGN_HIST Table
  • 14.8.1 Creating a Tablespace to Store Archived Entitlement Data
  • 14.8.2 Running the Entitlement Archival Utility

15 Bulk Load Utility

• 15.1 Features of the Bulk Load Utility
• 15.2 Installing the Bulk Load Utility
  • 15.2.1 Scripts That Constitute the Utility
  • 15.2.2 Options Offered by the Utility
• 15.3 Temporary Tables Used During a Bulk Load Operation
• 15.4 Loading OIM User Data
  • 15.4.1 Creating a Tablespace for Temporary Tables
  • 15.4.2 Creating a Datafile in the Oracle Identity Manager Tablespace
  • 15.4.3 Setting a Default Password for OIM Users Added by the Utility
  • 15.4.4 Creating the Input Source for the Bulk Load Operation
    • 15.4.4.1 Using CSV Files As the Input Source
    • 15.4.4.2 Creating Database Tables As the Input Source
  • 15.4.5 Determining Values for the Input Parameters of the Utility
  • 15.4.6 Running the Utility
  • 15.4.7 Monitoring the Progress of the Operation
    • 15.4.7.1 Data Recorded During the Operation
    • 15.4.7.2 Querying the OIM_BLKLD_LOG Table for Progress and Error Messages
  • 15.4.8 Handling Exceptions Recorded During the Operation
  • 15.4.9 Fixing Exceptions and Reloading Data Records
  • 15.4.10 Verifying the Outcome of the Bulk Load Operation
  • 15.4.11 Gathering Performance Data from the Bulk Load Operation
  • 15.4.12 Cleaning Up After a Bulk Load Operation
  • 15.4.13 Generating an Audit Snapshot
• 15.5 Loading Account Data
  • 15.5.1 Creating a Tablespace for Temporary Tables
  • 15.5.2 Creating a Datafile in the Oracle Identity Manager Tablespace
  • 15.5.3 Creating the Input Source for the Bulk Load Operation
    • 15.5.3.1 Using CSV Files As the Input Source
    • 15.5.3.2 Creating Database Tables As the Input Source
  • 15.5.4 Determining Values for the Input Parameters of the Utility
  • 15.5.5 Running the Utility
  • 15.5.6 Monitoring the Progress of the Operation
    • 15.5.6.1 Data Recorded During the Operation
    • 15.5.6.2 Querying the OIM_BLKLD_LOG Table for Progress and Error Messages
  • 15.5.7 Handling Exceptions Recorded During the Operation
  • 15.5.8 Fixing Exceptions and Reloading Data Records
  • 15.5.9 Verifying the Outcome of the Bulk Load Operation
  • 15.5.10 Gathering Performance Data from the Bulk Load Operation
  • 15.5.11 Cleaning Up After a Bulk Load Operation
  • 15.5.12 Generating an Audit Snapshot

A Reference for Design Console Users

B Sample SPML Messages

Index