| Oracle® Identity Manager Connector Guide for PeopleSoft User Management Release 9.1.1 E11206-06 |
|
 Previous |
 Next |
| Oracle® Identity Manager Connector Guide for PeopleSoft User Management Release 9.1.1 E11206-06 |
|
Previous |
Next |
This chapter contains the following sections:
Section 3.2, "Configuring the Scheduled Tasks for Lookup Field Synchronization"
Section 3.4, "Resending Messages That Are Not Received by the PeopleSoft Listener"
The following is a summary of the steps to use the connector for full reconciliation:
|
Note: It is assumed that you have performed all the procedures described in the preceding chapter. |
Configure and run the scheduled task to synchronize the lookup fields. See Section 3.2, "Configuring the Scheduled Tasks for Lookup Field Synchronization" for more information.
Generate XML files for the USER_PROFILE message for all users. See Section 3.3.2, "Performing Full Reconciliation" for more information.
Copy these XML files to a directory on the Oracle Identity Manager host computer.
Configure and run the PeopleSoft User Management Target Reconciliation scheduled task for the USER_PROFILE message. The XML files are read by this scheduled task to generate reconciliation events. See "Configuring the Scheduled Task for User Data Reconciliation" for more information.
Change from full reconciliation to incremental reconciliation. See Section 3.3.3, "Performing Incremental Reconciliation" for instructions.
When you run the Connector Installer, the following scheduled tasks for lookup field synchronization are automatically created in Oracle Identity Manager:
Currency Code Lookup Reconciliation
Email Type Lookup Reconciliation
Language Code Lookup Reconciliation
Permission List Lookup Reconciliation
Roles Lookup Reconciliation
These scheduled tasks are used to synchronize the values of the lookup fields between the target system and Oracle Identity Manager. Table 3-1 describes the attributes of this scheduled task. See Section 3.6, "Configuring Scheduled Tasks" for instructions on running the scheduled task.
|
Note: Default attribute values are predefined in the connector XML file that is imported during the installation of the connector. Specify values only for those attributes that you want to change. |
Table 3-1 Scheduled Task Attributes for Lookup Field Synchronization
| Attribute | Description |
|---|---|
|
IT Resource Name |
Enter the name of the IT resource. Default Value: |
|
FilePath |
Enter the full path of the file in which the lookup data to be reconciled is stored. The operating system of the computer on which Oracle Identity Manager is installed must be able to access this file path. The data extracted from this file is stored in the Lookup Definition Name. Default value: Enter a Value Sample value: |
|
Lookup Definition Name |
Enter the name of the lookup definitions created in Oracle Identity Manager that corresponds to the lookup fields in the target system. The value can be any one of the following:
|
|
Task Name |
Enter the name of the scheduled task. Sample value: |
|
Ref Data Provider Impl |
Enter the name of the lookup reconciliation implementation class. Default value: Note: You must not change this value. |
|
File Archival |
Enter Default value: |
|
File Archival Folder |
Enter the full path and name of the directory in which you want the lookup properties file used during lookup reconciliation to be archived. Default Value: Enter a Value Note: You must change this value if the File Archival attribute is set to Sample Value: |
This section discusses the following topics related to configuring reconciliation:
This section describes the procedure to generate the .properties file, which contains the lookup data to be consumed by the lookup reconciliation scheduled task.
Running the Application Engine Program
You can run the Application Engine program by using PeopleSoft Internet Architecture to perform Lookup Reconciliation as follows:
|
Note: You must run the Application Engine program periodically. |
Open a Web browser and enter the URL for PeopleSoft Internet Architecture. The URL is in the following format:
http://IPADDRESS:PORT/psp/ps/?cmd=login
For example:
http://172.21.109.69:9080/psp/ps/?cmd=login
Click People Tools, Process Scheduler, Processes, and then Add a new Value.
Select Application Engine as the process type, and enter LOOKUP_RECON as the process name.
Click Add.
In the Process Definition Options tab, enter the following values for Component and Process Groups, and click Save:
Component: AE_REQUEST
Process Groups: TLSALL, STALL
To make the Application Engine program run in PeopleSoft Internet Architecture, click People Tools, Application Engine, Request AE, and then click Add a new Value.
Enter values for the following and then click Add:
User ID: Enter your User ID
Run Control ID: Enter a unique run control value
Program Name: Enter LOOKUP_RECON
Click Run.
From the list that is displayed, select the LOOKUP_RECON process, which you created in Step 3.
Click OK.
To determine the progress status of the Application Engine program, click People Tools, Process Scheduler, and then Process Monitor. Click Refresh until Success message is displayed as the status.
|
Note: If Status is displayed as "Queued," then you must check the status of the process scheduler. To do so, click People Tools, Process Scheduler, and then Process Monitor. Click the Server List tab and check the status of the server. If the status is not displayed, then start the process scheduler. |
Full reconciliation involves reconciling all existing user profile records from the target system into Oracle Identity Manager. After you deploy the connector, you must first perform full reconciliation.
The following sections discuss the procedures involved in full reconciliation:
You must generate XML files for all existing users in the target system.
|
Note: Before performing the procedure to generate XML files, you must ensure that you have configured the USER_PROFILE message. See Section 2.2.2.2, "Configuring the Target System for Full Reconciliation" for more information. |
To generate XML files for full reconciliation perform the following procedure:
Running the USER_PROFILE (VERSION_84) Message for Full Data Publish
To configure the USER_PROFILE message, see Section 2.2.2.2.5, "Configuring the USER_PROFILE Service Operation."
|
Note: You must run the Application Engine program if you are performing the full reconciliation for the first time. See "Running the Application Engine Program" for more information. |
To run the USER_PROFILE message:
In PeopleSoft Internet Architecture, expand Enterprise Components, Integration Definitions, Initiate Processes, and then click Full Data Publish.
Click the Add a New Value tab.
In the Run Control ID field, enter a value and then click ADD.
In the Process Request region, provide the following values:
Request ID: Enter a request ID.
Description: Enter a description for the process request.
Process Frequency: Select Always.
Message Name: Enter USER_PROFILE as the message name.
Click Save to save the configuration.
Click Run.
The following screenshot displays the preceding steps:
The Process Scheduler Request page appears.
From the Server Name list, select the appropriate server.
Select Full Table Data Publish process list, and click OK.
The following screenshot displays the Process Scheduler Request page:
Click Process Monitor to verify the status of EOP_PUBLISHT Application Engine. The Run Status is Success if the transaction is successfully completed.
On successful completion of the transaction, XML files for the USER_PROFILE message are generated at a location that you specified in the FilePath property while creating the OIM_FILE_NODE node for PeopleSoft Application Server. See "Configuring PeopleSoft Integration Broker" section for more information.
You must copy these XML files to a directory on the Oracle Identity Manager host computer.
|
Note: After you have performed this procedure:
|
This section describes the procedure to import XML files into Oracle Identity Manager.
Configuring the Scheduled Task for User Data Reconciliation
When you run the Connector Installer, the PeopleSoft User Management Target Reconciliation scheduled task is automatically created in Oracle Identity Manager.
The PeopleSoft User Management Target Reconciliation scheduled task is used for target resource reconciliation. In addition, this same scheduled task is used to reconcile data of deleted users from a target resource into Oracle Identity Manager.
The scheduled task transfers data from the XML file to the parser. The parser then converts this data into reconciliation events. Table 3-2 describes the attributes of this scheduled task. See Section 3.6, "Configuring Scheduled Tasks" for instructions on configuring the scheduled task.
Table 3-2 Attributes of the Scheduled Task for Reconciliation of User Data
| Attribute | Description |
|---|---|
|
Archive Mode |
Enter If |
|
Archive Path |
Enter the full path and name of the directory in which you want XML files used during full reconciliation to be archived. You must enter a value for the Archive Path attribute only if you specify Sample value: |
|
File Path |
Enter the path of the directory on the Oracle Identity Manager host computer into which you copied the file containing XML data. Sample value: |
|
IT Resource Name |
Enter the name of the IT resource that you create by performing the procedure described in the Section 2.2.1.3, "Configuring the IT Resource" section. Default value: |
|
Message Implementation Class |
Enter the name of the Implementation class for the message handler required to process the message. For example, the implementation class for the following messages are provided by default: For the USER_PROFILE message:
For the DELETE_USER_PROFILE message:
|
|
Message Name |
Use this attribute to specify the name of the delivered message used for full reconciliation. Sample value: |
|
Task Name |
This attribute holds the name of the scheduled task. Default value: |
You do not require additional configuration for incremental reconciliation.
It is assumed that you have deployed the PeopleSoft listener as described in Section 2.2.1.5, "Deploying the PeopleSoft Listener."
By default, all target system records that are added or modified after the last reconciliation run are reconciled during the current incremental reconciliation run. For full reconciliation, all target system records are fetched into Oracle Identity Manager.
You can configure limited reconciliation to specify the subset of target system records that must be fetched into Oracle Identity Manager.
You configure limited reconciliation by specifying a query condition as the value of the Custom Query attribute of the PeopleSoft User Management Target Reconciliation scheduled task.
You must use the following format to specify a value for the Custom Query attribute:
RESOURCE_OBJECT_ATTRIBUTE_NAME=VALUE
For example, suppose you specify the following as the value of the Custom Query attribute:
Currency Code=1~USD
With this query condition, only records for users with currency code as 1~USD is considered for reconciliation.
You can add multiple query conditions by using the ampersand (&) as the AND operator and the vertical bar (|) as the OR operator. For example, the following query condition is used to limit reconciliation to records of those users for whom the Currency Code is 1~USD and User ID is John01:
Currency Code=1~USD & User ID=John01
To configure limited reconciliation:
Create the query condition. Apply the following guidelines when you create the query condition:
Use only the equal sign (=), the ampersand (&), and the vertical bar (|) in the query condition. Do not include any other special characters in the query condition. Any other character that is included is treated as part of the value that you specify.
Add a space before and after the ampersand and vertical bar used in the query condition. For example:
Currency Code=1~USD & User ID=John01
Currency Code=1~USD | User ID=John01
This is to help the system distinguish between ampersands and vertical bars used in the query and the same characters included as part of attribute values specified in the query condition.
You must not include unnecessary blank spaces between operators and values in the query condition.
A query condition with spaces separating values and operators would yield different results as compared to a query condition that does not contain spaces between values and operators. For example, the output of the following query conditions would be different:
Currency Code=1~USD & User ID=John01
Currency Code= 1~USD & User ID= John01
In the second query condition, the reconciliation engine would look for Currency Code and User ID values that contain a space at the start.
Ensure that attribute names that you use in the query condition are in the same case (uppercase or lowercase) as the case of the attribute defined in PeopleSoft User resource object. For example, the following query condition would fail:
cUrReNcY Code= 1~USD
Configure the message-specific configuration lookup with the query condition as the value of the Custom Query attribute. For example, to specify the query condition for the USER_PROFILE message, search and open the Lookup.PSFT.Message.UserProfile.Configuration lookup. Specify the query condition in the Decode column of the Custom Query attribute.
The messages are generated and sent to Oracle Identity Manager regardless of whether the WAR file is running. Reconciliation events are not created for the messages that are sent to Oracle Identity Manager while the WAR file is unavailable. To ensure that all the messages generated on the target system reach Oracle Identity Manager, perform the following procedure:
Manually Sending Messages
If Oracle Identity Manager is not running when a message is published, then the message is added to a queue. You can check the status of the message in the queue in the Message Instance tab. This tab lists all the published messages in a queue. When you check the details of the particular message, the status is listed as Timeout or Error.
To publish a message in the queue to Oracle Identity Manager, resubmit the message when Oracle Identity Manager is running.
If the status of the message is New or Started and it does not change to Timeout or Done, then you must restart the PeopleSoft application server after you restart Oracle Identity Manager.
|
Note: PeopleSoft supports this functionality for a limited rights user described in Section 2.1.2.2.2, "Creating a Role for a Limited Rights User." But, you can specify users who have rights to perform this task based on the security policy of your organization. |
To manually resend messages in Error or TimeOut status:
In PeopleSoft Internet Architecture, expand PeopleTools, Integration Broker, Service Operations Monitor, Monitoring, and then click Asynchronous Services.
From the Group By list, select Service Operation or Queue to view the number of messages in Error, TimeOut, Done, and so on.
The number is in the form of a link, which when clicked displays the details of the message.
Click the link pertaining to the message to be resent, for example, the link under the Error or the TimeOut column.
You are taken to the Operation Instance tab.
Click the Details link of the message to be resent. A new window appears.
Click the Error Messages link to check the error description.
Click ReSubmit after you have resolved the issue.
Provisioning a resource for an OIM User involves using Oracle Identity Manager to create a target system account for the user.
|
Note: The "Unable to access pstools.properties" message might be recorded in the server logs during provisioning operations. You can safely ignore this message. |
To provision a resource:
|
Note: The following procedure is performed using the direct provisioning approach. |
Log in to the Administrative and User Console.
From the Users menu:
Select Create if you want to first create the OIM User and then provision a PeopleSoft User account to the user.
Select Manage if you want to provision a PeopleSoft User account to an existing OIM User.
If you select Create, on the Create User page, enter values for the OIM User fields, and then click Create User.
If you select Manage, then search for the OIM User and select the link for the user from the list of users displayed in the search results.
On the User Detail page, select Resource Profile from the list at the top of the page.
On the Resource Profile page, click Provision New Resource.
Select a Resource page, select Peoplesoft User from the list, and then click Continue.
Verify the Resource Selection page, and click Continue.
Provide Process Data page, enter the details of the account that you want to create on the target system and then click Continue.
Verify Process Data page, verify the data that you entered and then click Continue.
Specify the Email child details.
Enter the Role child data, and click Continue.
The account is created on the target system and provisioned as a resource to the OIM User. The page that is displayed provides options to disable or revoke the resource from the OIM User.
|
See Also: Section 1.7, "Connector Objects Used During Provisioning" for more information about the provisioning functions supported by this connector and the process form fields used for provisioning |
This section describes the procedure to configure scheduled tasks. You can apply this procedure to configure the scheduled tasks for lookup field synchronization and reconciliation.
The following is a list of scheduled tasks that you must configure.
Currency Code Lookup Reconciliation
Email Type Lookup Reconciliation
Language Code Lookup Reconciliation
Permission List Lookup Reconciliation
Roles Lookup Reconciliation
PeopleSoft User Management Target Reconciliation
To configure a scheduled task:
Log in to the Administrative and User Console.
Expand Resource Management.
Click Manage Scheduled Task.
On the Scheduled Task Management page, enter the name of the scheduled task as the search criteria and then click Search.
The following screenshot shows the Scheduled Task Management page:
In the search results table displaying the list of scheduled tasks, click the edit icon in the Edit column of the table.
The following screenshot shows the Scheduled Task Details page:
On the Edit Scheduled Task Details page, you can modify all the details of the scheduled task by clicking Edit, except for the task name and class name.
Status: Specify whether you want to leave the task in the enabled state. In the enabled state, the task is ready for use.
Max Retries: Enter an integer value in this field. This number represents the number of times Oracle Identity Manager must attempt to complete the task before assigning the ERROR status to the task. The default value is 1.
Next Start: Use the date editor to specify the date when you want the task to run. After you select a date value in the date editor, you can modify the time value that is automatically displayed in the Next Start field.
Frequency: Specify the frequency at which you want the task to run.
After modifying the values for the scheduled task details listed in the previous step, click Continue.
Specify values for the attributes of the scheduled task. To do so, select each attribute from the Attribute list, specify a value in the field provided, and then click Update.
The following screenshot shows the Attributes page. The attributes of the scheduled task that you select for modification are displayed on this page.
|
Note: Attribute values are predefined in the connector XML file that is imported during the installation of the connector. Specify values only for the attributes that you want to change. |
Click Save Changes to commit all the changes to the database.
|
 Copyright © 2010, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|