Skip Headers
Oracle® Identity Manager Connector Guide for Database User Management
Release 9.1.0
E11193-04
  Go To Documentation Library
Library		 Go To Product List
Product		 Go To Table Of Contents
Contents		 Go To Index
Index
Previous
Previous 		 Next
Next		  

5 Configuring the Connector for a JDBC-Based Database

The Database User Management connector is built on a framework designed for JDBC-based connectors. If your target system is a JDBC-based database other than the certified databases listed in Table 1-1, then you can create a connector for your target system by following the instructions given in this chapter.


Note:

In this chapter, Example Database has been used as the sample JDBC-based database to explain the procedures.

The following sections describe the procedure to deploy the connector and create each object of the connector:

5.1 Deploying the Connector

You must deploy the Database User Management connector before you can customize it for a JDBC-based database.

To deploy the connector, perform the procedure specified in the following sections for deploying the connector:

5.2 Creating an IT Resource for Your Database

The IT resource holds connection-related information about the target system. The DBUM ITResource IT resource type is the template from which IT resources are created for target systems of this connector. You must create an IT resource of the IT resource type, definition, which is a template for all IT resources associated with this connector.

To create an IT resource:

  1. Log in to the Oracle Identity Manager Administrative and User Console.

  2. If you are using Oracle Identity Manager release 9.1.0.x, expand Resource Management, and then click Create IT Resource.

  3. If you are using Oracle Identity Manager release 11.1.1, then:

    • On the Welcome to Oracle Identity Manager Self Service page, click Advanced.

    • On the Welcome to Oracle Identity Manager Advanced Administration page, in the Configuration region, click Create IT Resource.

  4. On the Step 1: Provide IT Resource Information page, enter the following information:

    • IT Resource Name: Enter a name for the IT resource. For example, ExampleDatabase.

    • IT Resource Type: Select the DBUM ITResource definition IT resource type for the IT resource.

  5. Click Continue.

  6. On the Step 2: Specify IT Resource Parameter Values page, specify values for the parameters of the IT resource. Table 2-9 describes each parameter.

    The following are sample parameter values:

    Admin ID: User ID of the Example Database user with privileges to perform connector operations.

    Sample value: admin

    Admin Password: Password for the user specified by the Admin ID parameter.

    Database Driver: Database drivers used to connect to the Example Database.

    Sample value: com.mysql.jdbc.Driver

    JDBC URL: JDBC URL for the target system database.

    Sample Value: jdbc:mysql://localhost/dbum

    Configuration Lookup: Name of the lookup definition in which you store the connector configuration information for the Example Database.

    Sample Value: Lookup.DBUM.ExampleDatabase.Configuration

  7. Click Continue.

    The Step 3: Set Access Permission to IT Resource page is displayed. On this page, the SYSTEM ADMINISTRATORS group is displayed by default in the list of groups that have Read, Write, and Delete permissions on the IT resource that you are creating.

  8. On the Step 3: Set Access Permission to IT Resource page, if you want to assign groups to the IT resource and set access permissions for the groups, then:

    a. Click Assign Group.

    b. For the groups that you want to assign to the IT resource, select Assign and the access permissions that you want to set. For example, if you want to assign the ALL USERS group and set the Read and Write permissions to this group, then you must select the respective check boxes in the row, as well as the Assign check box, for this group.

    c. Click Assign.

  9. On the Step 3: Set Access Permission to IT Resource page, if you want to modify the access permissions of groups assigned to the IT resource, then:


    Note:

    You cannot modify the access permissions of the SYSTEM ADMINISTRATORS group. You can modify the access permissions of only other groups that you assign to the IT resource.

    a. Click Update Permissions.

    b. Depending on whether you want to set or remove specific access permissions for groups displayed on this page, select or deselect the corresponding check boxes.

    c. Click Update.

  10. On the Step 3: Set Access Permission to IT Resource page, if you want to unassign a group from the IT resource, then:


    Note:

    You cannot unassign the SYSTEM ADMINISTRATORS group. You can unassign only other groups that you assign to the IT resource.

    a. Select the Unassign check box for the group that you want to unassign.

    b. Click Unassign.

  11. Click Continue.

  12. On the Step 4: Verify IT Resource Details page, review the information that you provided on the first, second, and third pages. If you want to make changes in the data entered on any page, click Back to revisit the page and then make the required changes.

  13. To proceed with the creation of the IT resource, click Continue.

  14. The Step 5: IT Resource Connection Result page displays the results of a connectivity test that is run using the IT resource information. If the test is successful, then click Create. If the test fails, then you can perform one of the following steps:

    • Click Back to revisit the previous pages and then make corrections in the IT resource creation information.

    • Click Cancel to stop the procedure, and then begin from the first step onward.

    • Proceed with the creation process by clicking Continue. You can fix the problem later, and then rerun the connectivity test by using the Diagnostic Dashboard.


      Note:

      If no errors are encountered, then the label of the button is Create, not Continue.

  15. Click Finish.

    The IT resource is created.

5.3 Creating a Resource Object

You must create a resource object for your target system database. A resource object is a virtual representation of your target system.

To create a resource object:

  1. Log in to the Design Console.

  2. Expand Resource Management, and then double-click Resource Objects.

  3. In the Name field, enter the name of the resource object. For example, enter ExampleDatbase.

  4. If required, you can attach a resource form to the resource object. To do this, double-click the Table Name lookup field. From the Lookup dialog box, select the table that represents the form that will be associated with the resource object.

  5. To request the resource object for a user, select Order For User.

  6. If you want to associate a custom form with the provisioning process of the resource object, this form contains fields that have prepopulate adapters attached to them, and you want these fields to be populated automatically by Oracle Identity Manager, select the Auto Pre-Populate option.


    Note:

    If the resource object has no custom form associated with it, or this form's fields have no prepopulate adapters attached to them, deselect the Auto Pre-Populate check box. For more information about prepopulate adapters, see Oracle Identity Manager Tools Reference.

  7. Double-click the Type lookup field.

    From the Lookup dialog box that is displayed, select the classification status Application to associate with the resource object.

  8. If you want multiple instances of the resource object to be requested for a user or an organization, select the Allow Multiple option. Otherwise, go to Step 9.

  9. If you want to be able to request the resource object for yourself, select the Self Request Allowed option.

  10. To provision the resource object for all users, regardless of whether the organization to which the user belongs has the resource object assigned to it, select the Allow All check box.

  11. To automatically initiate the provisioning process when the resource object's approval process has achieved a status of Completed, select the Auto Launch option.


    Caution:

    By default, Oracle Identity Manager sets all resource objects to Auto Launch, even though this check box is not selected.

  12. Click Save.

    The resource object is created.

5.4 Creating a Process Form

All target system fields to which Oracle Identity Manager writes data during a provisioning operation are defined in a process form. In addition, the fields defined in the process form appear on the page (in the Administrative and User Console) that is used for provisioning a target system resource to an OIM User.

To create a process form:


Note:

The procedure for creating child forms is similar to the process described here.

  1. Log in to the Design Console.

  2. Expand Development Tools, and then double-click Form Designer.

  3. In the Table Name field, enter the name of the database table that is associated with the form.


    Note:

    The table name contains the UD_ prefix followed by the form name. If the name of the form is DB_EXMPLDB_U, its table name is UD_DB_EXMPLDB_U.

  4. In the Description field, enter explanatory information about the form. For example, enter DBUM Provisioning form for Example Database User.

  5. If the form is assigned to an approval or provisioning process, then select the Process option.

  6. Click Save.

    The form is created. The words Initial Version are displayed in the Latest Version field. This signifies that you can populate the tabs of the Form Designer form with information, so the form is functional with its assigned process or resource.

5.5 Adding Attributes for Provisioning

After you create the process form, you must add the target system fields to which Oracle Identity Manager writes data during a provisioning operation.

To add a target system field to the process form:


Note:

You must add to the process form a field for IT resource.

  1. Expand the Development Tools folder, and then double-click Form Designer.

  2. Search for and open the process form that you created in Section 5.4, "Creating a Process Form."

  3. On the Additional Columns tab, click Add.

    A blank row is displayed in the Additional Columns tab.

  4. In the Name field, enter the name of the data field, which is displayed in the database, and is recognized by Oracle Identity Manager.


    Note:

    This name consists of the <TABLENAME_> prefix, followed by the name of the data field.

    For example, if the name that is displayed in the Table Name field is UD_DB_EXMPLDB_U, and the name for the data field is USERNAME, the data field name that is displayed in the database and Oracle Identity Manager recognizes, would be UD_DB_EXMPLDB_U_USERNAME.

  5. Double-click the Variant Type lookup field.

    From the Lookup window that is displayed, select the variant type for the data field.

  6. In the Length field, enter the length (in characters) of the data field.

  7. In the Field Label field, enter the label that will be associated with the data field.

    This label is displayed next to the data field on the form that is generated by Oracle Identity Manager.

  8. Double-click the Field Type lookup field.

    From the Lookup dialog box that is displayed, select the data type for the data field.

  9. In the Default Value field, enter the value that is displayed in the associated data field once the form is generated, and if no other default value has been specified.

  10. In the Order field, enter the sequence number, which will represent where the data field will be positioned on the generated form.

    For example, a data field with an order number of 2 is displayed below a data field with an order number of 1.

  11. If you want a specific organization or user's values to supersede the value that is displayed in the Default Value field, select the Application Profile check box. Otherwise, go to Step 10.

  12. If you want the information that is displayed in the data field to be encrypted when it is transmitted between the client and the server, then select the Encrypted check box. Otherwise, go to Step 11.

  13. Click Save.

  14. Repeat Steps 1 through 11 for each target system attribute that you want to add.

  15. Activate the form by clicking Make Version Active.

5.6 Creating Lookup Definitions Used During Connector Operations

In Oracle Identity Manager, you must create lookup definitions of the following types that will be used during connector operations:

To create a lookup definition:

  1. Log in to the Design Console.

  2. Expand Administration, and then double-click Lookup Definition.

  3. In the Code field, enter the name of the lookup definition. The lookup definitions that you must create are listed later in this section.

  4. If the lookup definition is to represent a lookup field or box, select the Lookup Type option.

  5. In the Group field, enter DBUM.

  6. Click Save.

    The lookup definition is created.

By performing the procedure described in this section, you must create the following lookup definitions:


See Also:

Appendix A, "Preconfigured Lookup Definitions" for information about lookup definitions and their entries

If you have configured your target system as a target resource and want to reconcile multivalued attributes, then in addition to the preceding lookup definitions, you must create lookup definitions similar to the following:

If your target system treats the Login and User database access entities as parent and child elements (respectively), then you have to create lookup definitions similar to the following:


See Also:

Appendix A, "Preconfigured Lookup Definitions" for more information

5.7 Creating a Process Definition

You must create a process definition for the provisioning process. Each process definition consists of one or more process tasks. A process task performs a specific function during a provisioning operation. For example, you can create a process definition that consists of three process tasks, one each for the create user, modify user, and delete user operations.

To create a process definition: 

  1. Log in to the Design Console.

  2. Expand Process Management, and then double-click Process Definition.

  3. In the Name field, enter the name of the process definition. For example, enter ExampleDatabase DB User.

  4. Double-click the Type lookup field.

  5. From the Lookup dialog box that is displayed, select Provisioning as the classification type of the process definition.

  6. Double-click the Object Name lookup field.

    From the Lookup dialog box that is displayed, select the resource object (that you had created in Section 5.3, "Creating a Resource Object") that will be associated with the process definition.

  7. Select the Default Process check box to make this the default provisioning process for the resource object to which it is assigned.

  8. Select the Auto Pre-Populate check box to enable Oracle Identity Manager to automatically populate the fields in this process form with prepopulate adapters.

  9. Double-click the Table Name lookup field.

    From the Lookup window that is displayed, select the table that represents the form (created in Section 5.4) associated with the process definition.

  10. Click Save.

    The process definition is created.

5.8 Adding Process Tasks, Assigning Adapters, and Mapping Adapter Variables

As mentioned in the preceding section, process tasks perform specific functions during a provisioning operation. You can add process tasks for functions such as the following:

The actual logic for implementing the functions in the preceding list is defined in adapters. The Database User Management connector is shipped with the adapters listed in Table 5-1.

Table 5-1 Adapters Used During Provisioning Operations

Adapter Description

adpDBUMExecuteQuery

Use this adapter if your target system uses DDL statements for maintaining the system catalog. This adapter executes the SQL queries defined in the Query Configuration lookup definition.

adpDBUMExecuteStoredProcedure

Use this adapter if your target system database uses stored procedures for maintaining the system catalog. This adapter executes the stored procedures defined in the Query Configuration lookup definition.

adpDBUMExecuteQueryForAuthTypeUser

Use this adapter if you must run SQL queries for users or logins depending on the authentication type.

adpDBUMExecuteStoredProcAuthTypeUser

Uses this adapter if you must run stored procedures for users or logins depending on the authentication type.

adpDBUMPreventFunctionality

Use this adapter to restrict specific provisioning operations such as updating a field, enabling a target system record, and disabling a target system record. This adapter displays the following message when an attempt to update the particular field is made:

This functionality is not supported.

adp DBUM Prepopulate UserLogin

Use this adapter to populate the Login Name or User Name fields with a value that was specified earlier in the UserLogin field of the OIM User form.

adp DBUM Prepopulate UserFullName

Use this adapter to populate the Full Name field with a value that was specified earlier in the FirstName, MiddleName, and LastName fields of the OIM User form.

adp DBUMExecuteOldDataStoredProc

Use this adapter to retrieve the old value of a particular field. Depending on the value retrieved, the corresponding provisioning operation is performed by running stored procedures for updating child data and password.

adp DBUMExecuteOldDataQuery

Use this adapter to retrieve the old value of a particular field. Depending on value retrieved, the corresponding provisioning operation is performed by running SQL statements for updating child data and password.

adpDBUMUserNotExist

Use this adapter to check whether the user record being created exists on the target system. If such a user is found, then the USER_EXISTS message is displayed on the Administrative and User Console.

adp DBUMExecuteOldMultiDataStoredProc

Use this adapter if both the conditions are true:

  • You want to run a stored procedure for a provisioning operation that revokes child data, and this stored procedure requires more than one identifier.

  • You want to retrieve the old value of more than one field of the child process form.

Depending on the value retrieved, the corresponding revoke provisioning operation is performed by running stored procedures for revoking child data.

adp DBUMExecuteOldMultiDataQuery

Use this adapter if both the conditions are true:

  • You want to run a SQL statement for provisioning operations that revoke child data, and this SQL statement requires more than one identifier.

  • You want to retrieve the old value of more than one field of the child process form.

Depending on the value retrieved, the corresponding revoke provisioning operation is performed by running the SQL statement for revoking child data.

All the adapters listed in Table 5-1 use some or all of the variables listed in Table 5-2. Depending on the variable mapping that you create for each adapter, the corresponding task is run.

Table 5-2 Adapter Variables

Variable Name Description

setFlag

You can set the value of this variable to YES or TRUE. This is used to set the process form data after the provisioning operation corresponding to the adapter is successfully completed.

columnName

Specify the column name for which you want to set data. For example, if you are using Oracle Database as the target system and you want to set value for the Account Status field on the Administrative and User Console, then you must specify the UD_DB_ORA_U_LOCK field on the process form as the value of this variable.

value

Set the value to be displayed when a user is disabled. For example, set the value to LOCKED.

action

This variable is used to perform specific operations. For example, you can set the value of the action variable to CREATEUSER, UPDATEUSER, ENABLELOGIN, or DISABLELOGIN.

itResourceColumnName

Provide the name of the field on the process form that holds the IT resource value.

authenticationType

This variable maps the process form authentication field in the process task to get the value of the authentication type at run time.

processInstanceKey

This variable maps with the process instance key in the process task to retrieve the process instance key at run time.

lookupCodeKey

Specify the query code key from the query configuration lookup definition corresponding to the specific operation.

childColumnName

Specify the process form field name to retrieve the old value of this field.

Sample value: UD_DB_EXMPLDB_U_ROLENAME

childFieldValue

Map this variable with the field specified above in the process task, and then select the old check box to retrieve the old value of this field.

ColName1

Specify the field name of the child process form to retrieve the old value of this field.

Note: You can map this variable only to the adpDBUMExecuteOldMultiDataQuery or adpDBUMExecuteOldMultiDataStoredProc adapters. See Table 5-1 for information about these adapters.

Sample value: UD_DB_EXMPLDB_U_PRIVILEGE_NAME1

ColValue1

Map this variable with the field specified above in the process task and then select the old check box to retrieve the old value of this field.

ColName2

Specify the field name of the child process form to retrieve the old value of this field.

Note: You can map this variable only to the adpDBUMExecuteOldMultiDataQuery or adpDBUMExecuteOldMultiDataStoredProc adapter. See Table 5-1 for more information about these adapters.

Sample value: UD_DB_EXMPLDB_U_TABLE _PRIVILEGE_NAME2

ColValue2

Map this variable with the field specified above in the process task and then select the old check box to retrieve the old value of this field.

In order to run a process task successfully, you must assign an adapter to it. The following is the procedure to add a process task, assign an adapter to the process task, and then map adapter variables:

  1. Expand Process Management, and then double-click Process Definition.

  2. Search for and open the process definition task that you created in Section 5.7, "Creating a Process Definition."

  3. To add a process task to the process definition:

    1. On the Tasks tab, click Add.

      The Creating New Task dialog box is displayed.

    2. In the Task Name field, enter the name of the process task. For example, enter Create User.

    3. In the Task Description field , enter descriptive information about the task.

    4. On the toolbar of the Creating New Task window, click Save. Then, click Close.

      The process task is added to the process definition.

    5. Repeat steps 3.a through 3.c for every process task that you want to create.

  4. To assign an adapter to the process task:

    1. Double-click the row heading of the process task to which you want to assign an event handler or adapter.

      The Editing Task dialog box is displayed. The following screenshot displays this dialog box after attaching the adapter and mapping adapter variables:

      Description of edit_task_dialog_box.gif follows
      Description of the illustration edit_task_dialog_box.gif

    2. On the Integration tab, click Add.

      The Handler Selection dialog box is displayed Figure 5-1.

    3. To add an adapter to the process task, select the Adapter option. A list of adapters that you can assign to the process task, is displayed in the Handler Name region.

      Figure 5-1 Handler Selection Dialog Box

      Handler Selection Window
      Description of "Figure 5-1 Handler Selection Dialog Box"

    4. Select the adapter that you want to assign to the process task.

    5. On the toolbar of the Handler Selection dialog box, click Save.

      A confirmation dialog box is displayed.

    6. Click OK.

      The adapter is assigned to the process task.

  5. Depending on your requirement, map adapter variables as follows:

    1. Select the adapter variable that you want to map.

    2. Click Map.

      The Edit Data Mapping for Variable dialog box is displayed.

    3. Specify values for the fields in the Adapter Variable region.

      The following screenshot displays the Edit Data Mapping For Variable dialog box in which the columnName adapter variable has been mapped to a blank literal:

      Description of edit_data_mapping.gif follows
      Description of the illustration edit_data_mapping.gif

    4. In the Edit Data Mapping for Variable dialog box, click Save.

    5. Click Close.

      The mapping status for the adapter variable changes from N to Y. This indicates that the adapter variable has been mapped.

    If your process form contains a read-only field and you want to set a value for this field, then you must map the following adapter variables and specify the appropriate values:


    See Also:

    Table 5-2 for more information about the following variables

    • columnName

      While mapping the columnName adapter variable, specify the column name of the process form field whose value has to be set as the value of this variable.

    • value

      While mapping the value adapter variable, specify the value to be displayed in the read-only field when a given operation is performed.

    • setFlag

      While mapping the setFlag adapter variable, set the value of this variable to YES or TRUE.

    If your process form contains a read-only field and you do not want to set any value for this field, then you map the columnName, value, and setFlag adapter variables to blank literals.

    If your process form contains a field (which is not a read-only field), then except for the columnName, value, and setFlag adapter variables, you can map one or more of the following variables:

    • Adapter Return Value: Response Code.

    • processInstancekey: Select Process Data and then Select Process Instance

    • itResourcecolumnName: Map to Literal, Select String, Enter the value of IT Resource column Name created on the process form.

      Sample value: UD_DB_EXMPLDB_U_IT_RESOURCE

    • lookupCodeKey: Map to Literal, select String, and then enter the value of the code key from the Lookup.DBUM.ExampleDatabase.Query.Configuration.

      Sample Value: EXAMPLEDATABASE_CREATE_USER


    See Also:

    Table 5-2 for a complete list of adapter variables

5.9 Configuring Oracle Identity Manager for Request-Based Provisioning


Note:

Perform the procedure described in this section only if you are using Oracle Identity Manager release 11.1.1 and you want to configure request-based provisioning.

A request-based provisioning operation involves an end user (a requester) who creates a request for a resource and an approver (an OIM User with the required privileges) who approves the request.

To perform request-based provisioning operations, you must configure a request workflow that suits your requirements. See the "Configuring Requests" chapter in Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager for complete information on configuring the request workflow.


See Also:

Oracle Fusion Middleware User's Guide for Oracle Identity Manager for information of managing requests

5.10 Adding Attributes for Reconciliation

After you create the resource object, you must define the attributes on the target resources that must be used for reconciliation. In addition, you must also map these attributes to the corresponding fields on Oracle Identity Manager. Note that the attributes that you add to the resource object are mapped for reconciliation between Oracle Identity Manager and the target system.

See Section 4.2, "Adding or Removing Attributes for Reconciliation" for information about adding attributes for reconciliation.

5.11 Guidelines on Creating or Configuring Queries Used for Reconciliation and Lookup Synchronization

See Section 4.1, "Guidelines on Extending the Functionality of the Connector" for guidelines on creating or configuring queries used for reconciliation and lookup synchronization.

5.12 Creating Scheduled Tasks


Note:

In Oracle Identity Manager release 11.1.1, a scheduled job is an instance of a scheduled task. In this guide, the term scheduled task used in the context of Oracle Identity Manager release 9.1.0.x is the same as the term scheduled job in the context of Oracle Identity Manager release 11.1.1.

See Oracle Fusion Middleware System Administrator's Guide for Oracle Identity Manager for more information about scheduled tasks and scheduled jobs.

You need scheduled tasks for the following reasons:

You need not create scheduled tasks for lookup field synchronization. Instead, you can use the DBUM Lookup reconciliation scheduled task that is shipped with this connector. See Section 3.3, "Scheduled Task for Lookup Field Synchronization" for more information about this scheduled task.

Depending on your requirements, you must create one or more of the following scheduled tasks, to fetch user records from target system during reconciliation:

For each of the items listed in the preceding list, perform the procedure described in one of the following sections to create a scheduled task:

5.12.1 Creating Scheduled Tasks on Oracle Identity Manager Release 9.1.0.x

To create a scheduled task:

  1. Expand Resource Management.

  2. Click Create Scheduled Task.

  3. On the Step 1: Provide Scheduled Task Details and Schedule page, enter the following information:

    • Task Name: Enter a name for the scheduled task.

      Sample Value: DBUM ExampleDatabase Target Resource User Reconciliation

    • Class Name: Specify the Java class for running the scheduled task. To do this, click the magnifying glass icon to open the Class Name list of values and then select a class. Alternatively, enter the class name.

      Sample Value: oracle.iam.connectors.dbum.tasks.DBUMReconTask

    • Status: Specify whether or not you want to leave the task in the enabled state after it is created. In the enabled state, the task is ready for use. If the task is disabled, then you must enable it before you can use it. The default value is INACTIVE.

    • Max Retries: Enter an integer value in this field. This number represents the number of times Oracle Identity Manager must attempt to complete the task before assigning the ERROR status to the task. The default value is 1.

    • Next Start: Use the date editor to specify the date when you want the task to run. After you select a date value in the date editor, you can modify the time value that is automatically displayed in the Next Start field.

    • Frequency: Specify the frequency at which you want the task to run. The default value is Once.

  4. Click Continue.

  5. On the Step 2: Define Scheduled Task Attributes page, create attributes for the task as follows. Table 3-2 lists the scheduled task attributes that you must create for reconciling user records from a target resource. Table 3-3 lists the scheduled task attributes that you must create for reconciling data about deleted target system user records from a target resource.

    1. In the Attribute field, enter the name of the attribute.

    2. In the With field, enter the value of the attribute.

    3. Click Add.

    4. Repeat Steps 5.a through 5.c for each attribute that you want to add.


      Note:

      Each attribute that you add is displayed in a table. The attributes you add are not posted to the Oracle Identity Manager database until you complete the procedure to create the scheduled task. If required, you can modify the value of a newly added attribute by selecting it from the Attribute list, and then editing its value. To delete an attribute, click the cross-shaped icon displayed for that attribute.

  6. Click Continue.

  7. On the Step 3: Verify Scheduled Task Details page, review the information that you provided on the first and second pages. If you want to make changes in this information, click Back to revisit the first or second page and then make the required changes.

  8. To proceed with the creation of the scheduled task, click Continue.

  9. If the creation process is successful, then a message stating that the scheduled task has been created is displayed.

5.12.2 Creating Scheduled Jobs on Oracle Identity Manager Release 11.1.1

To create a scheduled job:


Note:

See the "Managing Scheduled Tasks" chapter of Oracle Fusion Middleware System Administrator's Guide for Oracle Identity Manager for detailed information about this procedure.

  1. Log in to the Oracle Identity Manager Administrative and User Console.

  2. On the Welcome to Oracle Identity Manager Self Service page, click Advanced.

  3. On the Welcome to Oracle Identity Manager Advanced Administration page, click the System Management tab and then click Scheduler.

  4. On the left pane, from the Actions list, select Create.

    The Create Job page is displayed.

  5. In the Job Information region, enter values for the following fields:

    • Job Name: Enter the name for the job, for example, DBUM Example Target Resource User Reconciliation.

    • Task: Specify the name of the scheduled task that must run the job being created, for example, DBUM Oracle Target Resource User Reconciliation.

      Alternatively, you can search for and specify a scheduled task.


      See ALso:

      Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager for information on creating your own scheduled task

    • Start Date: Specify the date on which you want the job to run.

    • Start Time: Enter the time when you want the job to run.

    • Retries: Enter an integer value in this field. This number represents the number of times the scheduler tries to start the job before assigning the Stopped status to the job.

    • Schedule Type: Depending on the frequency at which you want the job to run, select one of the following schedule types:

      • Periodic

      • Cron

      • Single

      • No pre-defined schedule

  6. In the Parameters region, specify values for the attributes of the scheduled job whose copy you are creating, and then click Apply.

    A message confirming that the job has been successfully created is displayed. Click OK to close the message.

5.13 Configuring Status Reconciliation

If your target system database contains a column that holds the status of the user account, then you can perform status reconciliation by setting a value for the Status Reconciliation Primary Key Field attribute of the scheduled task.

If your target system database does not contain a column that holds a user account status, and requires retrieving input from several columns of the target database to determine the status of the target system account, then perform the following procedure:

  1. Add a new attribute, for example Status, in the corresponding resource object for status reconciliation.


    See Also:

    The "Reconciliation Field Mappings Tab" section in Oracle Identity Manager Design Console Guide for information about status reconciliation

  2. In the properties file for reconciliation, add the query for retrieving data from columns required to determine the target system user account status.

  3. Write code that implements the required status reconciliation logic in a Java class.

    This status reconciliation class must implement the DBUMStatusReconciliation interface and the getStatus method. See the Javadocs shipped with the connector for more information about this interface.

  4. Log in to the Design console.

  5. Search for and open the lookup definition that maps resource object fields with column names or column name aliases used in the reconciliation query.

  6. In the Decode column of the resource object attribute that you added in Step 1, for example Status, enter a value in the following format:

    COL_NAME~STATUS_MAPPING_LOOKUP

    In this format:

    • COL_NAME is the column name or column name alias used in the reconciliation query.

    • STATUS_MAPPING_LOOKUP is the name of the lookup definition that maps user record status fetched from the target system with the status that can be displayed on the Administrative and User Console.

    Sample value: Status~Lookup.DBUM.TargetRecon.StatusMapping

  7. Save the changes to the lookup definition.

  8. Search for and open the Lookup.DBUM.TargetRecon.StatusMapping the lookup definition. See Section A.6.1, "Lookup.DBUM.TargetRecon.StatusMapping" for more information about this lookup definition.

  9. In the Code Key column, enter the status returned by the status reconciliation class that you created in Step 3.

  10. In the Decode column, enter the corresponding status to be displayed on the process form in the Administrative and User Console.

  11. Repeat Steps 9 and 10 for all possible statuses returned by the status reconciliation class.

  12. Save the changes to the lookup definition.

  13. To enable status reconciliation:

    • In the Configuration lookup definition for your target system, set values for the following Code Key columns:

      • Status Reconciliation Class Name: Enter the name of the class that you created in Step 3 that implements the logic for status reconciliation.

      • Use Status Reconciliation: Enter Yes to specify that you want to enable status reconciliation.

    • In the scheduled task for user reconciliation, set the value of the Status Reconciliation Primary Key Field attribute to the name of the resource object field, which is the key field for reconciliation matching.

  Previous
Previous 		 Next
Next
  Go To Documentation Library
Library		 Go To Product List
Product		 Go To Table Of Contents
Contents		 Go To Index
Index