| Oracle® Identity Manager Connector Guide for Database User Management Release 9.1.0 E11193-01 |
|
 Previous |
 Next |
| Oracle® Identity Manager Connector Guide for Database User Management Release 9.1.0 E11193-01 |
|
Previous |
Next |
The procedure to deploy the connector can be divided into the following stages:
Preinstallation information is divided across the following sections:
This section contains the following topics:
Section 2.1.1.1, "Files and Directories on the Installation Media"
Section 2.1.1.2, "Determining the Release Number of the Connector"
Section 2.1.1.3, "Creating a Backup of the Existing Common.jar File"
Table 2-1 describes the files and directories on the installation media.
Table 2-1 Files and Directories on the Installation Media
| File in the Installation Media Directory | Description |
|---|---|
|
config/DBUMLookUpQuery.properties |
This file contains SQL queries that are used for lookup field synchronization. |
|
config/ DBUMReconQuery.properties |
This file contains SQL queries and stored procedures that are used for reconciliation. |
|
Files in the configuration directory DB_User-Management-DB2-CI.xml DB_User-Management-MSSQL-CI.xml DB_User-Management-Oracle-CI.xml DB_User-Management-Sybase-CI.xml |
This directory contains the configuration files that are used by the Connector Installer during installation of the connector for a particular target system. |
|
JavaDoc |
This directory contains information about the Java APIs used by the connector. |
|
lib/DBUM.jar |
This file contains the class files required for performing provisioning and reconciliation. During connector deployment, this file is copied into the following directories: OIM_HOME/xellerate/JavaTasks |
|
lib/DBUMCommon.jar |
This JAR file contains utility classes that support provisioning and reconciliation operations. During connector deployment, this file is copied into the following directory: OIM_HOME/xellerate/JavaTasks |
|
lib/Common.jar |
This JAR file contains classes that are used by all release 9.1.0 connectors. During connector deployment, this file is copied into the following directory: OIM_HOME/xellerate/JavaTasks |
|
Files in the resources directory |
Each of these resource bundles contains language-specific information that is used by the connector. During connector deployment, this file is copied into the following directory: OIM_HOME/xellerate/connectorResources Note: A resource bundle is a file containing localized versions of the text strings that are displayed on the Administrative and User Console. These text strings include GUI element labels and messages. |
|
test/config/config.properties |
This testing-utility file contains the attributes for Oracle Identity Manager to connect to the target system and perform provisioning operations. |
|
test/config/log.properties |
This file is used to store logging messages that are generated when you run the testing utility. |
|
test/scripts/DBUMTestingUtility.bat test/scripts/DBUMTestingUtility.sh |
These files are used to start the testing utility. |
|
Files in the xml directory DBUserManagement-DB2-ConnectorConfig.xml DBUserManagement-MSSQL-ConnectorConfig.xml DBUserManagement-Oracle-ConnectorConfig.xml DBUserManagement-Sybase-ConnectorConfig.xml |
This directory contains XML files specific to a target system. The XML file contains definitions for the various connector objects, such as resource objects and scheduled tasks.
|
|
xml/DBUserManagementTrusted-ConnectorConfig.xml |
This file contains the configuration for the OIM User. You import this file only if you plan to use the connector in trusted source reconciliation mode. |
You might have a deployment of an earlier release of the connector. While deploying the latest release, you might want to know the release number of the earlier release. To determine the release number of the connector that has already been deployed:
In a temporary directory, extract the contents of the connector JAR file that is in the OIM_HOME/xellerate/JavaTasks directory.
Open the Manifest.mf file in a text editor. The Manifest.mf file is one of the files bundled inside the connector JAR file.
In the Manifest.mf file, the release number of the connector is displayed as the value of the Version property.
The Common.jar file is in the deployment package of each release 9.1.x connector. With each new release, code corresponding to that particular release is added to the existing code in this file. For example, the Common.jar file shipped with Connector Y on 12-July contains:
Code specific to Connector Y
Code included in the Common.jar files shipped with all other release 9.1.x connectors that were released before 12-July
If you have already installed a release 9.1.x connector (for example, Microsoft Active Directory User Management release 9.1.1) that was released after the current release of this connector, then back up the existing Common.jar file, install the Database User Management connector, and then restore the Common.jar file. The steps to perform this procedure are as follows:
|
Caution: If you do not perform this procedure, then your release 9.1.x connectors might not work. |
Determine the release date of your existing release 9.1.x connector as follows:
Extract the contents of the following file in a temporary directory:
OIM_HOME/xellerate/JavaTask/Common.jar
Open the Manifest.mf file in a text editor.
Note down the Build Date and Build Version values.
Determine the release date of the Database User Management release 9.1.0 connector as follows:
On the installation media for the connector, extract the contents of the lib/Common.jar and then open the Manifest.mf file in a text editor.
Note down the Build Date and Build Version values.
If the Build Date and Build Version values for the Database User Management connector are less than the Build Date and Build Version values for the connector that is already installed, then:
Copy the OIM_HOME/xellerate/JavaTask/Common.jar to a temporary location.
After you perform the procedure described in Section 2.2, "Installation" overwrite the new Common.jar file in the OIM_HOME/xellerate/JavaTask directory with the Common.jar file that you backed up in the preceding step.
Preinstallation on the target system involves performing the following procedures:
If you are using Microsoft SQL Server 2000, then you must configure Microsoft SQL server by ensuring that:
The target database in which users are to be created exists in the target Microsoft SQL Server installation.
The TCP/IP port is enabled. The default port is 1433.
To enable the TCP/IP port:
Open the Microsoft SQL Server Configuration Manager.
Click SQL Server Network Configuration.
Click Protocols for MSSQLSERVER.
In the right frame, right-click TCP/IP and then click Enable.
The TCP/IP port is not the only port enabled. Ports other than the TCP/IP port must also be enabled.
Mixed mode authentication is enabled.
The TCP/IP port is not blocked by a firewall.
Perform the steps given in one of the following sections to copy external code files:
|
Note: While installing Oracle Identity Manager in a clustered environment, you copy the contents of the installation directory to each node of the cluster. Similarly, you must copy the contents of theconnectorResources directory and the JAR files to the corresponding directories on each node of the cluster. |
Section 2.1.2.2.1, "Copying External Code Files for IBM DB2 UDB"
Section 2.1.2.2.2, "Copying External Code Files for Microsoft SQL Server"
Section 2.1.2.2.3, "Copying External Code Files for Oracle Database"
Copy the db2jcc.jar and db2jcc4.jar files from the DB2_HOME/IBM/SQLLIB/java directory into the OIM_HOME/xellerate/ThirdParty directory.
|
Note: If your Oracle Identity Manager installation is running on Microsoft SQL Server, then you need not perform the instructions given in this section. |
Depending on the version of Microsoft SQL Server that you are using, copy the required JAR files into the OIM_HOME/xellerate/ThirdParty directory:
Microsoft SQL Server 2000
If you are using Microsoft SQL Server 2000 as the target system, then you must use the JDBC driver files: mssqlserver.jar, msbase.jar, and msutil.jar.
These files are shipped in the Microsoft SQL Server 2000 Driver for JDBC Service Pack 4, which you can download from the Microsoft Web site.
Microsoft SQL Server 2005
If you are using Microsoft SQL Server 2005 as the target system, then the required external JAR file is the sqljdbc.jar JDBC driver file. This file can be downloaded from the Microsoft Web site.
Microsoft SQL Server 2008
If you are using Microsoft SQL Server 2008 as the target system, then the required external JAR file is sqljdbc4.jar.
If the connector is used with Oracle9i Database or Oracle Database 10g or 11g, then the required external code file is ojdbc14.jar.
These JAR files are available in the Oracle Database installation at, for example, the following path:
ORACLE_HOME/jdbc/lib
In this directory path, ORACLE_HOME is the location where Oracle Database is installed. For example, C:\Oracle\ora92.
You must copy the required JAR file (classes12.jar or ojdbc14.jar) into the OIM_HOME/xellerate/ThirdParty directory.
Copy the jconn2.jar file from the SYBASE_HOME/jConnect-5_5/classes directory into the OIM_HOME/xellerate/ThirdParty directory.
Installing the connector on Oracle Identity Manager involves the following procedures:
To run the Connector Installer:
Copy the contents of the connector installation media into the following directory:
OIM_HOME/xellerate/ConnectorDefaultDirectory
Log in to the Administrative and User Console by using the user account described in the "Creating the User Account for Installing Connectors" section of Oracle Identity Manager Administrative and User Console.
Click Deployment Management, and then click Install Connector.
The Connector List list displays the names and release numbers of connectors whose installation files you copy into the default connector installation directory.
OIM_HOME/xellerate/ConnectorDefaultDirectory
You can select one of the following options:
For IBM DB2 UDB:
DB2 DBUM User Management 9.1.0.0
For Microsoft SQL Server:
MSSQL DBUM User Management 9.1.0.0
For Oracle Database:
Oracle DBUM User Management 9.1.0.0
For Sybase:
Sybase DBUM User Management 9.1.0.0
If you have copied the installation files into a different directory, then:
In the Alternative Directory field, enter the full path and name of that directory.
To repopulate the list of connectors in the Connector List list, click Refresh.
From the Connector List list, select DB User Management RELEASE_NUMBER.
Click Load.
To start the installation process, click Continue.
The following tasks are performed in sequence:
Configuration of connector libraries
Import of the connector XML file (through the Deployment Manager). If you want to import the target system as a trusted source for reconciliation, then see Section 2.3.1.1, "Configuring the Target System As a Trusted Source".
Compilation of adapters
On successful completion of a task, a check mark is displayed for the task. If a task fails, then an X mark and a message stating the reason for failure are displayed. Depending on the reason for the failure, make the required correction and then perform one of the following steps:
Retry the installation by clicking Retry.
Cancel the installation and begin again from Step 1.
If all three tasks of the connector installation process are successful, then a message indicating successful installation is displayed. In addition, a list of the steps that you must perform after the installation is displayed. These steps are as follows:
Ensuring that the prerequisites for using the connector are addressed
|
Note: At this stage, run thePurgeCache utility to load the server cache with content from the connector resource bundle in order to view the list of prerequisites. See Section 2.3.1.4, "Clearing Content Related to Connector Resource Bundles from the Server Cache" for information about running the PurgeCache utility.
There are no prerequisites for some predefined connectors. |
Configuring an IT resource for the connector
Record the name of the IT resource displayed on this page. The procedure to configure the IT resource is described later in this guide.
Configuring the scheduled tasks that are created when you installed the connector
Record the names of the scheduled tasks displayed on this page. The procedure to configure these scheduled tasks is described later in this guide.
When you run the Connector Installer, it copies the connector files and external code files to destination directories on the Oracle Identity Manager host computer. These files are listed in Table 2-1.
Installing the Connector in an Oracle Identity Manager Cluster
While installing Oracle Identity Manager in a clustered environment, you must copy all the JAR files and the contents of the connectorResources directory into the corresponding directories on each node of the cluster. Then, restart each node. See Section 2.1.1.1, "Files and Directories on the Installation Media" for information about the files that you must copy and their destination locations on the Oracle Identity Manager server.
Restoring the Common.jar File
If required, restore the Common.jar file that you had backed up by following the procedure described in Section 2.1.1.3, "Creating a Backup of the Existing Common.jar File."
After you run the Connector Installer, you must manually copy the files listed in Table 2-2.
Table 2-2 Files to Be Copied to the Oracle Identity Manager Host Computer
| Files on the Installation Media | Destination Directory on the Oracle Identity Manager Host Computer |
|---|---|
|
Files in the config directory |
OIM_HOME/xellerate/XLintegrations/DBUM/config Note: You must create the DBUM/config directory. |
|
Files in the test/config directory |
OIM_HOME/xellerate/XLintegrations/DBUM/config |
|
Files in the test/scripts directory |
OIM_HOME/xellerate/XLintegrations/DBUM/scripts Note: You must create the DBUM/scripts directory. |
Postinstallation steps are divided across the following sections:
Section 2.3.1, "Postinstallation on Oracle Identity Manager"
Section 2.3.2, "Creating the Administrator Account on Oracle Database Vault"
Section 2.3.4, "Determining Values for the JDBC URL and Connection Properties Parameters"
This section discusses the following topics:
|
Note: In a clustered environment, you must perform this step on each node of the cluster. |
Section 2.3.1.1, "Configuring the Target System As a Trusted Source"
Section 2.3.1.4, "Clearing Content Related to Connector Resource Bundles from the Server Cache"
Section 2.3.1.6, "Configuring the Connector for Incremental Reconciliation"
The target system can be designated as a trusted source or target resource. As discussed earlier in this guide, if you designate the target system as a trusted source, then during a reconciliation run:
For each newly created user on the target system, an OIM User is created.
Updates made to each user on the target system are propagated to the corresponding OIM User.
If you designate the target system as a target resource, then during a reconciliation run:
For each account created on the target system, a resource is assigned to the corresponding OIM User.
Updates made to each account on the target system are propagated to the corresponding resource.
|
Note: You can skip this section if you do not want to designate the target system as a trusted source for reconciliation. |
Configuring trusted source reconciliation involves the following steps:
Import the XML file for trusted source reconciliation, DBUserManagementTrusted-ConnectorConfig.xml, by using the Deployment Manager. This section describes the procedure to import the XML file.
|
Note: Only one target system can be designated as a trusted source. If you import the DBUserManagementTrusted-ConnectorConfig.xml file while you have another trusted source configured, then both connector reconciliations would stop working. |
Depending on the target system that you use, specify values for the attributes of the corresponding scheduled task for trusted source reconciliation. This procedure is described later in this guide.
To import the XML file for trusted source reconciliation:
Open the Oracle Identity Manager Administrative and User Console.
Click the Deployment Management link on the left navigation bar.
Click the Import link under Deployment Management. A dialog box for opening files is displayed.
Locate and open the DBUserManagementTrusted-ConnectorConfig.xml file, which is in the OIM_HOME/xellerate/ConnectorDefaultDirectory/DB_User_Management_9.1.0.0.0/xml directory. Details of this XML file are shown on the File Preview page.
Click Add File. The Substitutions page is displayed.
Click Next. The Confirmation page is displayed.
Click Import.
In the message that is displayed, click Import to confirm that you want to import the XML file and then click OK.
|
Note: After you import the XML file for trusted source reconciliation, you must also configure the scheduled task for trusted source reconciliation. The procedure is described in Section 3.4.5, "Reconciliation Scheduled Tasks". |
Changing to the required input locale (language and country setting) involves installing the required fonts and setting the required input locale.
You may require the assistance of the system administrator to change to the required input locale.
Change the length of the SVP_FIELD_VALUE column in the SVP table to 2000 as follows:
Log in to the Oracle Identity Manager database by using the Oracle Identity Manager database user credentials.
Enter the following command at the SQL prompt:
For Oracle Database:
ALTER TABLE SVP MODIFY SVP_FIELD_VALUE VARCHAR2(2000);
For Microsoft SQL Server:
ALTER TABLE SVP ALTER COLUMN SVP_FIELD_VALUE VARCHAR(2000);
Whenever you add a new resource bundle in the connectorResources directory or make a change in an existing resource bundle, you must clear content related to connector resource bundles from the server cache.
To clear content related to connector resource bundles from the server cache:
In a command window, change to the OIM_HOME/xellerate/bin directory.
|
Note: You must perform Step 1 before you perform Step 2. An exception is thrown if you run the command described in Step 2 as follows:OIM_HOME\xellerate\bin\batch_file_name |
Enter one of the following commands:
On Microsoft Windows:
PurgeCache.bat ConnectorResourceBundle
On UNIX:
PurgeCache.sh ConnectorResourceBundle
|
Note: You can ignore the exception that is thrown when you perform Step 2. |
In this command, ConnectorResourceBundle is one of the content categories that you can remove from the server cache. Refer to the following file for information about the other content categories:
OIM_HOME/xellerate/config/xlConfig.xml
When you enable logging, Oracle Identity Manager automatically stores in a log file information about events that occur during the course of provisioning and reconciliation operations. To specify the type of event for which you want logging to take place, you can set the log level to one of the following:
ALL
This level enables logging for all events.
DEBUG
This level enables logging of information about fine-grained events that are useful for debugging.
INFO
This level enables logging of messages that highlight the progress of the application at a coarse-grained level.
WARN
This level enables logging of information about potentially harmful situations.
ERROR
This level enables logging of information about error events that may allow the application to continue running.
FATAL
This level enables logging of information about very severe error events that could cause the application to stop functioning.
OFF
This level disables logging for all events.
The file in which you set the log level and the log file path depend on the application server that you use:
IBM WebSphere Application Server
To enable logging:
Make the following changes in the OIM_HOME/xellerate/config/log.properties:
Search for the following line:
log4j.rootLogger=WARN,stdout
Make this line a comment and remove the comment the line preceding this line.
Locate and remove the comment from following lines:
#log4j.appender.logfile=org.apache.log4j.DailyRollingFileAppender
#log4j.appender.logfile.DatePattern='.'yyyy-MM-dd
#log4j.appender.logfile.File=DIRECTORY_PATH/xel.log
#log4j.appender.logfile.MaxBackupIndex=20
#log4j.appender.logfile.layout=org.apache.log4j.PatternLayout
#log4j.appender.logfile.layout.ConversionPattern=%p %t %c - %m%n
Specify the name and the location of the file to which the preceding logs have to be written. You can do this by changing the value of the following line:
log4j.appender.logfile.File=c:/oracle/xellerate/logs/xel.log
Replace c:/oracle/xellerate/logs with a valid directory location.
Add the following line in the OIM_HOME/xellerate/config/log.properties file:
log4j.logger.OIMCP.DBUM=log_level
log4j.logger.OIMCP.DBUMCOMMON=LOG_LEVEL
In this line, replace log_level with the log level to set.
For example:
log4j.logger.OIMCP.DBUM=DEBUG log4j.logger.OIMCP.DBUMCOMMON=DEBUG
After you enable logging, the log information is written to the following file:
DIRECTORY_PATH/xel.log
JBoss Application Server
To enable logging:
In the JBOSS_HOME/server/default/conf/jboss-log4j.xml file, add the following lines:
<category name="OIMCP.DBUM">
<priority value="log_level"/>
</category>
<category name="OIMCP.DBUMCOMMON">
<priority value="LOG_LEVEL"/>
</category>
In case of cluster, make the changes in the following file:
JBOSS_HOME/server/all/conf/jboss-log4j.xml
In these lines, replace log_level with the log level that you want to set. For example:
<category name="OIMCP.DBUM"> <priority value="DEBUG"/> </category> <category name="OIMCP.DBUMCOMMON"> <priority value="DEBUG"/> </category>
After you enable logging, the log information is written to the following file:
JBOSS_HOME\server\default\log\server.log
In case of cluster, the log information is written to the following file:
JBOSS_HOME\server\all\log\server.log
Oracle WebLogic Server
To enable logging:
Make the following changes in the OIM_HOME/xellerate/config/log.properties:
Search for the following line:
log4j.rootLogger=WARN,stdout
Make this line a comment and remove the comment the line preceding this line.
Locate and remove the comment from the following lines:
#log4j.appender.logfile=org.apache.log4j.DailyRollingFileAppender
#log4j.appender.logfile.DatePattern='.'yyyy-MM-dd
#log4j.appender.logfile.File=DIRECTORY_PATH/xel.log
#log4j.appender.logfile.MaxBackupIndex=20
#log4j.appender.logfile.layout=org.apache.log4j.PatternLayout
#log4j.appender.logfile.layout.ConversionPattern=%p %t %c - %m%n
Specify the name and the location of the file to which the preceding logs have to be written. You can do this by changing the value of the following line:
log4j.appender.logfile.File=c:/oracle/xellerate/logs/xel.log
Replace c:/oracle/xellerate/logs with a valid directory location.
Add the following line in the OIM_HOME/xellerate/config/log.properties file:
log4j.logger.OIMCP.DBUM=log_level
In this line, replace log_level with the log level that you want to set.
For example:
log4j.logger.OIMCP.DBUM=DEBUG
After you enable logging, the log information is written to the following file:
DIRECTORY_PATH/xel.log
|
Note: Perform the procedure described in this section to configure the connector for incremental reconciliation. If you are using Oracle Database as your target system, then you need not perform the procedure described in this section. |
During an incremental reconciliation run, the scheduled task fetches only target system records that are added or modified after the time stamp stored in the Last Execution Time attribute of the scheduled task. The connector requires a query to calculate the time-stamp value. This time-stamp value is used by the query that is used to perform reconciliation.
To configure the connector for incremental reconciliation, you must perform the following steps:
In a text editor, open the reconciliation properties file.
Enter a SQL query that returns in milliseconds the current date and time of the computer on which your database is running. The value returned by this query is stored as the value of the Last Execution Time attribute of the scheduled task.
The name of this query must be specified as the value of the Recon Time Query Name attribute while performing the procedure described in Section 3.4.5, "Reconciliation Scheduled Tasks."
For example, in Oracle Database the ORACLE_RECON_TIME query, in the properties file, is used for calculating a value for the Last Execution Time attribute:
SELECT (SYSDATE - TO_DATE('01011970', 'DDMMYYYY')) *24*60*60*1000 as ts FROM DUAL
The name of this query, ORACLE_RECON_TIME, is specified as the value of the Recon Time Query Name attribute while running the scheduled task.
Modify the query that is used to perform reconciliation by including a WHERE clause. The WHERE clause must contain the condition that determines if a target system record was added or modified after the time stamp stored in the Last Execution Time scheduled task attribute.
In the following example, the condition highlighted in bold has been added to the WHERE clause of the ORACLE_TARGET_USER_RECON query:
SELECT \
USERNAME, \
DECODE(PASSWORD, 'EXTERNAL', 'EXTERNAL', 'GLOBAL', 'GLOBAL', 'PASSWORD')
PASSWORD, \
EXTERNAL_NAME , \
DEFAULT_TABLESPACE, \
ACCOUNT_STATUS, \
TEMPORARY_TABLESPACE, \
PROFILE, \
SELECT BYTES FROM DBA_TS_QUOTAS WHERE dba.USERNAME = USERNAME AND
TABLESPACE_NAME = dba.DEFAULT_TABLESPACE) AS DEFAULT_TABLESPACE_QUOTA , \
SELECT BYTES FROM DBA_TS_QUOTAS WHERE dba.USERNAME = USERNAME AND
TABLESPACE_NAME = dba.TEMPORARY_TABLESPACE) AS TEMPORARY_TABLESPACE_QUOTA \
FROM DBA_USERS dba \
WHERE ((CREATED - TO_DATE('01011970','ddmmyyyy')) *24*60*60*1000) > :lastExecutionTime
Save a close the file.
|
Note: Perform the procedure described in this section only if you have Oracle Database Vault is installed and you want to configure the connector for provisioning and reconciling authorization to Oracle Database Vault realms. |
You must create an administrator account on Oracle Database Vault. This account is used by the connector for performing reconciliation and provisioning operations on Oracle Database Vault realms.
To create the administrator account on Oracle Database Vault:
Log in to Oracle Database Vault as a user with the DV_ACCTMGR privilege.
Create the administrator account by running the following command:
CREATE USER USERNAME IDENTIFIED BY PASSWORD;
Log out and then log in as a user with the DV_OWNER privilege.
Grant access to Oracle Database Vault and Data Dictionary realms by running the following commands:
exec DVSYS.DBMS_MACADM.ADD_AUTH_TO_REALM('Database Vault Account Management','USERNAME','Enabled',1)
exec DVSYS.DBMS_MACADM.ADD_AUTH_TO_REALM('Oracle Data Dictionary','USERNAME','Enabled',1)
Grant the DV_ADMIN and DV_SECANALYST privileges.
Log in as a user with the DV_ACCTMGR privilege..
Grant the DV_SECANALYST privilege.
Log in as SYS and grant the following privileges (run the command):
GRANT ANY OBJECT PRIVILEGE GRANT ANY PRIVILEGE GRANT ANY ROLE UNLIMITED TABLESPACE with ADMIN OPTION to USERNAME
|
Note: It is recommended that you perform the procedure described in this section to secure communication between the target system and Oracle Identity Manager. |
The procedure to secure communication depends on the database that you are using:
Section 2.3.3.1, "Configuring Secure Communication Between IBM DB2 UDB and Oracle Identity Manager"
Section 2.3.3.4, "Configuring Secure Communication Between Sybase and Oracle Identity Manager"
|
Note: IBM DB2 UDB version 9.1 Fix Pack 2 and later support secure communication over SSL. |
To configure secure communication between IBM DB2 UDB and Oracle Identity Manager:
See IBM DB2 UDB documentation for information about enabling SSL communication between IBM DB2 UDB and a client system. In this context, the client is Oracle Identity Manager.
Export the certificate on the IBM DB2 UDB host computer.
Copy the certificate to the Oracle Identity Manager host computer.
Import the certificate into the JVM truststore of the application server on which Oracle Identity Manager is running.
To import the certificate into the truststore, run the following command:
..\..\bin\keytool -import -file FILE_LOCATION -keystore TRUSTSTORE_LOCATION -storepass TRUSTSTORE_PASSWORD -trustcacerts -alias ALIAS
In this command:
Replace FILE_LOCATION with the full path and name of the certificate file.
Replace ALIAS with an alias for the certificate.
Replace TRUSTSTORE_PASSWORD with a password for the truststore.
Replace TRUSTSTORE_LOCATION with one of the truststore paths from Table 2-3. This table shows the location of the truststore for each of the supported application servers.
|
Note: For a clustered configuration, you must import the file into the truststore on each node of the cluster. |
Table 2-3 Truststore Locations on Supported Application Servers
| Application Server | Truststore Location |
|---|---|
|
Oracle WebLogic Server |
WEBLOGIC_HOME/java/jre/lib/security/cacerts |
|
IBM WebSphere Application Server |
WEBSPHERE_HOME/java/jre/lib/security/cacerts |
|
JBoss Application Server |
JAVA_HOME/jre/lib/security/cacerts |
To enable secure communication between IBM DB2 UDB and Oracle Identity Manager, set the value of the isSecure IT resource parameter to yes. You must provide a value for this parameter while performing the procedure described in Section 2.3.5, "Configuring the IT Resource."
To configure secure communication between Microsoft SQL Server and Oracle Identity Manager:
See Microsoft SQL Server documentation for information about enabling SSL communication between Microsoft SQL Server and a client system. In this context, the client is Oracle Identity Manager.
Export the certificate on the Microsoft SQL Server host computer.
Copy the certificate to the Oracle Identity Manager host computer.
Import the certificate into the JVM truststore of the application server on which Oracle Identity Manager is running.
To import the certificate into the truststore, run the following command:
..\..\bin\keytool -import -file FILE_LOCATION -keystore TRUSTSTORE_LOCATION -storepass TRUSTSTORE_PASSWORD -trustcacerts -alias ALIAS
In this command:
Replace FILE_LOCATION with the full path and name of the certificate file.
Replace ALIAS with an alias for the certificate.
Replace TRUSTSTORE_PASSWORD with a password for the truststore.
Replace TRUSTSTORE_LOCATION with one of the truststore paths from Table 2-4. This table shows the location of the truststore for each of the supported application servers.
|
Note: For a clustered configuration, you must import the file into the truststore on each node of the cluster. |
Table 2-4 Truststore Locations on Supported Application Servers
| Application Server | Truststore Location |
|---|---|
|
Oracle WebLogic Server |
WEBLOGIC_HOME/java/jre/lib/security/cacerts |
|
IBM WebSphere Application Server |
WEBSPHERE_HOME/java/jre/lib/security/cacerts |
|
JBoss Application Server |
JAVA_HOME/jre/lib/security/cacerts |
To enable secure communication between Microsoft SQL Server and Oracle Identity Manager, set the value of the isSecure IT resource parameter to yes. You must provide a value for this parameter while performing the procedure described in Section 2.3.5, "Configuring the IT Resource".
To secure communication between Oracle Database and Oracle Identity Manager, you can perform either one or both of the following procedures:
Section 2.3.3.3.1, "Configuring Data Encryption and Integrity in Oracle Database"
Section 2.3.3.3.2, "Configuring SSL Communication in Oracle Database"
Refer to Oracle Database Advanced Security Administrator's Guide for information about configuring data encryption and integrity.
|
Note: The Database User Management connector does not support SSL communication between an Oracle Database target system and Oracle Identity Manager running on IBM WebSphere Application Server or Oracle Application Server. This is also mentioned in Chapter 7, "Known Issues" (see Bug 6696248). |
To enable SSL communication between Oracle Database and Oracle Identity Manager:
See Oracle Database Advanced Security Administrator's Guide for information about enabling SSL communication between Oracle Database and Oracle Identity Manager.
Export the certificate on the Oracle Database host computer.
Copy the certificate to Oracle Identity Manager.
Import the certificate into the JVM truststore of the application server on which Oracle Identity Manager is running.
To import the certificate into the truststore, run the following command:
..\..\bin\keytool -import -file FILE_LOCATION -keystore TRUSTSTORE_LOCATION -storepass TRUSTSTORE_PASSWORD -trustcacerts -alias ALIAS
In this command:
Replace FILE_LOCATION with the full path and name of the certificate file.
Replace ALIAS with an alias for the certificate.
Replace TRUSTSTORE_PASSWORD with a password for the truststore.
Replace TRUSTSTORE_LOCATION with one of the truststore paths from Table 2-5. This table shows the location of the truststore for each of the supported application servers.
|
Note: For a clustered configuration, you must import the file into the truststore on each node of the cluster. |
To enable secure communication between Oracle Database and Oracle Identity Manager, set the value of the isSecure IT resource parameter to yes. You must provide a value for this parameter while performing the procedure described in Section 2.3.5, "Configuring the IT Resource".
To configure secure communication between Sybase and Oracle Identity Manager:
See Sybase Adaptive Server Enterprise documentation for information about enabling SSL communication between Sybase and a client system. In this context, the client is Oracle Identity Manager.
Export the certificate on the Sybase host computer.
Copy the certificate to the Oracle Identity Manager host computer.
Import the certificate into the JVM truststore of the application server on which Oracle Identity Manager is running.
To import the certificate into the truststore, run the following command:
..\..\bin\keytool -import -file FILE_LOCATION -keystore TRUSTSTORE_LOCATION -storepass TRUSTSTORE_PASSWORD -trustcacerts -alias ALIAS
In this command:
Replace FILE_LOCATION with the full path and name of the certificate file.
Replace ALIAS with an alias for the certificate.
Replace TRUSTSTORE_PASSWORD with a password for the truststore.
Replace TRUSTSTORE_LOCATION with one of the truststore paths from Table 2-6. This table shows the location of the truststore for each of the supported application servers.
|
Note: For a clustered configuration, you must import the file into the truststore on each node of the cluster. |
Table 2-6 Truststore Locations on Supported Application Servers
| Application Server | Truststore Location |
|---|---|
|
Oracle WebLogic Server |
WEBLOGIC_HOME/java/jre/lib/security/cacerts |
|
IBM WebSphere Application Server |
WEBSPHERE_HOME/java/jre/lib/security/cacerts |
|
JBoss Application Server |
JAVA_HOME/jre/lib/security/cacerts |
To enable secure communication between Sybase and Oracle Identity Manager, set the value of the isSecure IT resource parameter to yes. You must provide a value for this parameter while performing the procedure described in Section 2.3.5, "Configuring the IT Resource".
This section discusses the JDBC URL and Connection Properties parameters. You apply the information in this section while performing the procedure described in Section 2.3.5, "Configuring the IT Resource".
The values that you specify for the Database URL and Connection Properties parameters depend on the target system:
Section 2.3.4.1, "JDBC URL and Connection Properties for IBM DB2 UDB"
Section 2.3.4.2, "JDBC URL and Connection Properties for Microsoft SQL Server"
Section 2.3.4.3, "JDBC URL and Connection Properties for Oracle Database"
Section 2.3.4.4, "JDBC URL and Connection Properties for Sybase Adaptive Server Enterprise"
The following are guidelines on specifying the JDBC URL and Connection Properties parameters:
JDBC URL parameter
Enter the following component of the connection URL as the value of the JDBC URL provider:
jdbc:db2://[SERVER_NAME][:PORT_NUMBER]/[DATABASE_NAME]
In this format:
SERVER_NAME is the IP address (not the host name) of the target system host computer.
PORT_NUMBER is the port at which the target system database is listening.
DATABASE_NAME is the name of the database we are connecting.
The following is a sample value for the Database URL parameter:
jdbc:db2://192.168.16.76:50000/DBUSER
Connection Properties parameter
Enter the following component of the connection URL as the value of the Connection Properties parameter:
[,PROPERTY=VALUE[,PROPERTY=VALUE]] . . .
In this format:
PROPERTY is the name of one or more database connection properties, such as applicationName and disableStatementPooling.
VALUE is the value of each database connection property whose name you specify by using the PROPERTY placeholder.
|
Note: Semicolons must be changed to commas in the value that you specify. |
The following is a sample value for the Connection Properties parameter:
databaseName=sales,port=50000
If you enable SSL communication between IBM DB2 UDB and Oracle Identity Manager, then you must include the javax.net.ssl.trustStore, and javax.net.ssl.trustStorePassword properties in the Decode value that you specify for the SSL Keystore Properties Code Key entry in the Lookup.DBUM.DB2.Configuration lookup definition. In other words, the Decode value of the SSL Keystore Properties Code Key must be in the following format:
javax.net.ssl.trustStore=STORE_LOCATION~javax.net.ssl.trustStorePassword=STORE_PASSWORD
When you specify this value, replace STORE_LOCATION with the full path and name of the truststore, and replace STORE_PASSWORD with the password of the truststore.
For example:
Djavax.net.ssl.trustStore=C:/j2sdk1.4.2_12/jre/lib/security/cacerts~javax.net.ssl.trustStorePassword=changeit
|
Note: In Microsoft SQL Server documentation, the term "connection URL" is used instead of "JDBC URL." |
JDBC URL parameter
Enter the following component of the connection URL as the value of the JDBC URL provider:
jdbc:sqlserver://[SERVER_NAME][:PORT_NUMBER][;database=DATABASE_NAME]
In this format:
SERVER_NAME is the IP address (not the host name) of the target system host computer.
PORT_NUMBER is the port at which the target system database is listening.
DATABASE_NAME is the name of the database we are connecting.
The following is a sample value for the Database URL parameter:
jdbc:sqlserver://192.168.16.76:1433;database=model
Connection Properties parameter
Enter the following component of the connection URL as the value of the Connection Properties parameter:
[;PROPERTY=VALUE[;PROPERTY=VALUE]] . . .
In this format:
PROPERTY is the name of one or more database connection properties, such as applicationName and disableStatementPooling.
VALUE is the value of each database connection property whose name you specify by using the PROPERTY placeholder.
|
Note: Semicolons must be changed to commas in the value that you specify. |
The following is a sample value for the Connection Properties parameter:
databaseName=sales,port=1433
If you enable SSL communication between Microsoft SQL Server and Oracle Identity Manager, then you must include the encrypt and hostNameInCertificate properties in the value that you specify for the Connection Properties parameter. In other words, the following must be part of the string that you enter as the value of the parameter:
encrypt=true,hostNameInCertificate=HOST_NAME
Replace HOST_NAME with the host name given in the certificate that you use.
In addition, you must specify the location of the truststore if you import the certificate into a truststore other than the JVM truststore of Oracle Identity Manager. To specify the location of the truststore, include the following properties in the value that you specify for the Connection Properties parameter:
encrypt=true,hostNameInCertificate=HOST_NAME,trustStore=STORE_LOCATION,trustStorePassword=STORE_PASSWORD
When you specify this value, replace STORE_LOCATION with the full path and name of the truststore, and replace STORE_PASSWORD with the password of the truststore.
The values that you specify for the JDBC URL and Connection Properties parameters depend on the security measures that you have implemented:
Section 2.3.4.3.1, "Only Data Encryption and Integrity Is Configured"
Section 2.3.4.3.3, "Both Data Encryption and Integrity and SSL Communication Are Configured"
If you are using Oracle Database with RAC implementation as the target system, then enter a value for the JDBC URL property in the format specified in the following section:
Section 2.3.4.3.4, "JDBC URL and Connection Properties for Oracle RAC"
If you have configured only data encryption and integrity, then enter the following values:
JDBC URL parameter
While configuring the IT resource, the value that you specify for the JDBC URL parameter must be in the following format:
jdbc:oracle:thin:@TARGET_HOST_NAME_or_IP_ADDRESS:PORT_NUM:sid
The following is a sample value for the JDBC URL parameter:
jdbc:oracle:thin:@ten.mydomain.com:1521:cust_db
Connection Properties parameter
After you configure data encryption and integrity, the connection properties are recorded in the sqlnet.ora file. The value that you must specify for the Connection Properties parameter is explained by the following sample scenario:
|
See Also: Oracle Database Advanced Security Administrator's Guide for information about the sqlnet.ora file |
Suppose the following entries are recorded in the sqlnet.ora file:
SQLNET.ENCRYPTION_SERVER=REQUIRED SQLNET.ENCRYPTION_TYPES_SERVER=(3DES168, DES40, DES, 3DES112) SQLNET.CRYPTO_CHECKSUM_SERVER=REQUESTED SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER=(SHA1,MD5)
While configuring the IT resource, you must specify the following as the value of the Connection Properties parameter:
|
Note:
|
oracle.net.encryption_client=REQUIRED,oracle.net.encryption_types_client=(3DES168),oracle.net.crypto_checksum_client=REQUESTED,oracle.net.crypto_checksum_types_client=(MD5)
After you configure SSL communication, the JDBC URL is recorded in the tnsnames.ora file. See Oracle Database Net Services Reference for detailed information about the tnsnames.ora file.
The following are sample formats of the contents of the tnsnames.ora file. In these formats, DESCRIPTION contains the connection descriptor, ADDRESS contains the protocol address, and CONNECT_DATA contains the database service identification information.
Sample Format 1:
NET_SERVICE_NAME= (DESCRIPTION= (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) (CONNECT_DATA= (SERVICE_NAME=SERVICE_NAME)))
Sample Format 2:
NET_SERVICE_NAME= (DESCRIPTION_LIST= (DESCRIPTION= (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) (CONNECT_DATA= (SERVICE_NAME=SERVICE_NAME))) (DESCRIPTION= (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) (CONNECT_DATA= (SERVICE_NAME=SERVICE_NAME))))
Sample Format 3:
NET_SERVICE_NAME= (DESCRIPTION= (ADDRESS_LIST= (LOAD_BALANCE=on) (FAILOVER=off) (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))) (ADDRESS_LIST= (LOAD_BALANCE=off) (FAILOVER=on) (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))) (CONNECT_DATA= (SERVICE_NAME=SERVICE_NAME)))
If you have configured only SSL communication and imported the certificate that you create on the target system host computer into the JVM truststore of Oracle Identity Manager, then enter the following values:
JDBC URL parameter
While configuring the IT resource, the value that you specify for the JDBC URL parameter must be derived from the value of NET_SERVICE_NAME in the tnsnames.ora file. For example:
|
Note: As shown in this example, you must include only the(ADDRESS=(PROTOCOL=TCPS)(HOST=HOST_NAME)(PORT=2484)) element because you are configuring SSL. You need not include other (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) elements. |
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCPS)(HOST=myhost)(PORT=2484)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=mysid)))
Connection Properties parameter
Whether you need to specify a value for the Connection Properties parameter depends on the truststore into which you import the certificate:
If you import the certificate into the truststore of the JVM that Oracle Identity Manager is using, then you need not specify a value for the Connection Properties parameter.
If you import the certificate into any other truststore, then while creating the connector, specify a value for the Connection Properties parameter in the following format:
javax.net.ssl.trustStore=STORE_LOCATION,javax.net.ssl.trustStoreType=JKS,javax.net.ssl.trustStorePassword=STORE_PASSWORD
When you specify this value, replace STORE_LOCATION with the full path and name of the truststore, and replace STORE_PASSWORD with the password of the truststore.
If both data encryption and integrity and SSL communication are configured, then:
JDBC URL parameter
While configuring the IT resource, to specify a value for the JDBC URL parameter, enter a comma-separated combination of the values for the JDBC URL parameter described in Section 2.3.4.3.1, "Only Data Encryption and Integrity Is Configured" and Section 2.3.4.3.2, "Only SSL Communication Is Configured". For example:
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCPS)(HOST=myhost)(PORT=2484)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=mysid)))
Connection Properties parameter
While configuring the IT resource, , to specify a value for the Connection Properties parameter, enter a comma-separated combination of the values for the Connection Properties parameter described in Section 2.3.4.3.1, "Only Data Encryption and Integrity Is Configured" and Section 2.3.4.3.2, "Only SSL Communication Is Configured". For example:
oracle.net.encryption_client=REQUIRED,oracle.net.encryption_types_client=(3DES168),oracle.net.crypto_checksum_client=REQUESTED,oracle.net.crypto_checksum_types_client=(MD5),javax.net.ssl.trustStore=STORE_LOCATION,javax.net.ssl.trustStoreType=JKS,javax.net.ssl.trustStorePassword=STORE_PASSWORD
As shown in the following example, for the encryption_types and crypto_checksum_types properties, you can select any of the values recorded in the sqlnet.ora file. When you specify this value, replace STORE_LOCATION with the full path and name of the truststore, and replace STORE_PASSWORD with the password of the truststore.
The following are guidelines on specifying the JDBC URL and Connection Properties parameters:
JDBC URL parameter
While configuring the IT resource, the value that you specify for the JDBC URL parameter must be in the following format:
|
Note: The JDBC URL connection string must not exceed 200 characters. |
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=HOST1_NAME.DOMAIN)(PORT=PORT1_NUMBER))(ADDRESS=(PROTOCOL=TCP)(HOST=HOST2_NAME.DOMAIN)(PORT=PORT2_NUMBER))(ADDRESS=(PROTOCOL=TCP)(HOST=HOST3_NAME.DOMAIN)(PORT=PORT3_NUMBER)) . . . (ADDRESS=(PROTOCOL=TCP)(HOST=HOSTn_NAME.DOMAIN)(PORT=PORTn_NUMBER))(CONNECT_DATA=(SERVICE_NAME=ORACLE_DATABASE_SERVICE_NAME)))
Sample value:
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST= host1.example.com)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST= host2.example.com)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST= host3.example.com)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST= host4.example.com)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME= srvce1)))
Connection Properties parameter
While configuring the IT resource, do not specify any value for the Connection Properties parameter.
The following are guidelines on specifying the JDBC URL and Connection Properties parameters:
JDBC URL parameter
Enter the following component of the connection URL as the value of the JDBC URL provider:
jdbc:sybase:Tds:SERVER_NAME:PORT_NUMBER/DATABSE_NAME
In this format:
SERVER_NAME is the IP address (not the host name) of the target system host computer.
PORT_NUMBER is the port at which the target system database is listening.
DATABSE_NAME is the name of the target system database.
The following is a sample value for the JDBC URL parameter:
jdbc:sybase:Tds:172.21.109.62:9050/master
Connection Properties parameter
Enter the following component of the connection URL as the value of the Connection Properties parameter:
[,PROPERTY=VALUE[,PROPERTY=VALUE]] . . .
In this format:
PROPERTY is the name of one or more database connection properties, such as applicationName and disableStatementPooling.
VALUE is the value of each database connection property whose name you specify by using the PROPERTY placeholder.
The following is a sample value for the Connection Properties parameter:
databaseName=sales,port=9000
If you enable SSL communication between Sybase Adaptive Server Enterprise and Oracle Identity Manager, then you must include the SYBSOCKET_FACTORY property in the value that you specify for the Connection Properties parameter. In other words, the following must be part of the string that you enter as the value of the parameter:
SYBSOCKET_FACTORY=VALUE
Replace VALUE with the of the class that implements com.sybase.jdbcx.SybSocketFactory; or "DEFAULT", which instantiates a new java.net.Socket( ).
|
Note: Perform the procedure described in this section if you are using IBM DB2 UDB, Microsoft SQL Server, Oracle Database, and Sybase as your target system. For all other databases, proceed to Chapter 5, "Configuring the Connector for a JDBC-Based Database." |
You must specify values for the parameters of the IT resource as follows:
Log in to the Administrative and User Console.
Expand Resource Management.
Click Manage IT Resources.
In the IT Resource Name field on the Manage IT Resource page, enter the name of one of the following IT resources, and then click Search:
For IBM DB2 UDB, enter DB2UDB.
For Microsoft SQL Server, enter MS SQL Server.
For Oracle Database, enter Oracle.
For Sybase, enter Sybase.
Click the edit icon for the IT resource.
From the list at the top of the page, select Details and Parameters.
Specify values for the parameters of the IT resource. Table 2-7 describes each parameter.
Table 2-7 IT Resource Parameters
| Parameter | Description |
|---|---|
|
Admin ID |
Enter the user name of the target system account to be used for connector operations. Note: If you are configuring the connector for Oracle Database Vault, then you must enter the user name of the account that you had created in Section 2.3.2, "Creating the Administrator Account on Oracle Database Vault." Sample value: See the "Target system user account" row in Table 1-1 more information. |
|
Admin Password |
Enter the password of the target system account specified by the Admin ID parameter. Note: If you are configuring the connector for Oracle Database Vault, then you must enter the password of the account that you had created in Section 2.3.2, "Creating the Administrator Account on Oracle Database Vault." |
|
Database Driver |
Depending on the target system that you are using, enter one of the following values as the JDBC driver class name:
|
|
JDBC URL |
Specify the JDBC URL for the target system database. See Section 2.3.4, "Determining Values for the JDBC URL and Connection Properties Parameters" for information about the JDBC URL value that you must enter. |
|
Configuration Lookup |
This parameter holds the name of the lookup definition that stores configuration information for connector operations. If you have configured your target system as a target resource, then enter one of the following values:
If you have configured your target system as a trusted source, then enter one of the following values:
|
|
Database Name |
If you are using Microsoft SQL Server or Sybase as the target system for creating users, then specify a value for this parameter. Otherwise, do not enter any value. This parameter holds the name of the database as specified in the JDBC URL parameter. Sample value: |
|
isSecure |
Enter Default value: n |
|
Connection Properties |
Specify the connection properties for the target system database. See Section 2.3.4, "Determining Values for the JDBC URL and Connection Properties Parameters" for information about the connection properties value that you must enter. |
|
Connection Pooling Parameters |
|
|
Abandoned connection timeout |
Enter the time (in seconds) after which a connection must be automatically closed if it is not returned to the pool. Note: You must set this parameter to a value that is high enough to accommodate processes that take a long time to complete (for example, full reconciliation). Default value: |
|
Connection wait timeout |
Enter the maximum time (in seconds) for which the connector must wait for a connection to be available. Default value: |
|
Inactive connection timeout |
Enter the time (in seconds) of inactivity after which a connection must be dropped and replaced by a new connection in the pool. Default value: |
|
Initial pool size |
Enter the number of connections that must be established when the connection pool is initialized. The pool is initialized when it receives the first connection request from a connector. Default value: |
|
Max pool size |
Enter the maximum number of connections that must be established in the pool at any point of time. This number includes the connections that have been borrowed from the pool. Default value: |
|
Min pool size |
Enter the minimum number of connections that must be in the pool at any point of time. This number includes the connections that have been borrowed from the pool. Default value: |
|
Validate connection on borrow |
Enter It is recommended that you set the value to Default value: |
|
Timeout check interval |
Enter the time interval (in seconds) at which the other timeouts specified by the other parameters must be checked. Default value: |
|
Pool preference |
This parameter holds the preferred connection pooling implementation. Value: Note: Do not change this value of this parameter. |
|
Connection pooling supported |
Enter Default value: |
|
Target supports only one connection |
This parameter indicates whether the target system can support one or more connections at a time. Value: Note: Do not change the value of this parameter. |
|
ResourceConnection class definition |
This parameter holds the implementation of the ResourceConnection class. Value: Note: Do not change the value of this parameter. |
|
Native connection pool class definition |
This parameter holds the name of the wrapper to the native pool mechanism that implements the GenericPool class. Note: Do not specify a value for this parameter. |
|
Pool excluded fields |
This parameter holds a list of comma-separated list of IT parameters whose change must not trigger a refresh of the connector pool Value: Configuration Lookup Name,Manage TCA Record,Enable Revoked User,Statement Timeout,Context User ID,Context Application Name,Context Responsibility Name,TopologyName,SSO Enabled,SSO Identifier,SSO Login Attribute,SSO IT Resource,Manage HR Record Note: Do not change the value of this parameter unless you are adding or deleting a parameter from the IT resource. You must ensure that the total length of the list does not exceed 2000 characters. If you are adding a parameter to the IT resource, then that parameter name must be added to the above list with a comma separator. If you are deleting a parameter from the IT resource, then that parameter must be removed from the list if it exists in the list. You must restart Oracle Identity Manager for changes that you make to this parameter to take effect. |
|
Connection Retries |
Enter the number of consecutive attempts to be made at establishing a connection with the target system. Default value: |
|
Connection wait timeout |
Enter the time in milliseconds within which the target system is expected to respond to a connection attempt. For a particular connection attempt, if the target system does not respond within the time interval specified by the Connection Timeout parameter, then it is assumed that the connection attempt has failed. Default value: |
|
Retry Interval |
Enter the interval in milliseconds between consecutive attempts at establishing a connection with the target system. Default value: |
To save the values, click Update.
