Sun Java[TM] System Identity Manager 7.1 Resources Reference |
PeopleSoft ComponentThe PeopleSoft Component resource adapter is read-only. You cannot use this adapter to create or modify PeopleSoft accounts. This adapter uses Active Sync to load account information into Identity Manager.
The adapter is defined in the com.waveset.adapter.
PeopleSoftComponentActiveSyncAdapter class.This adapter supports the following versions of PeopleSoft:
The following adapters have been deprecated:
com.waveset.adapter.PeopleSoftComponentResourceAdapter
This adapter has been replaced by the PeopleSoft Component Interface adapter. See PeopleSoft Component Interface for more information.
Resource Configuration Notes
You must use the following PeopleSoft tools to integrate resources with the resource adapter.
Follow these steps to configure PeopleSoft for use with Identity Manager:
Step 1: Create the New Project
Create a new project with the PeopleSoft Application Designer using the following steps:
- Create a new project in the Application Designer by selecting the File—>New menu. Then select Project from the list.
- Name the project by performing a save. Use the File—>Save Project As... menu, and enter a unique name for the project, such as “IDM”.
- Create the objects within the project by performing the tasks listed in Step 2: Edit Identity Manager Objects.
Step 2: Edit Identity Manager Objects
The Identity Manager project contains the following types of objects:
You must create these objects within the Application Designer. Each of these objects is described in detail below.
Fields
Create the following fields:
The following procedure describes how to create the AUDIT_PROC_ORDER field:
Records
There are three records (two views and one table) that must be defined within the Application Designer. The following record descriptions illustrate a typical implementation. The records can be customized to the needs of the implementation by adding or changing fields.
AUDIT_EFFDT_LH View
The AUDIT_EFFDT_LH view is polled by the PeopleSoft Active Sync resource adapter. Identity Manager uses the following fields to query for events that have not yet been processed:
- AUDIT_PROC_ORDER. This field must specify the Key, Search Key, List Box Item, and From Search Field keys.
- AUDIT_PROC_END. This field must specify the Key, Search Key, List Box Item, and Through Search Field fields.
- EMPLID and EMPL_RCD. These are required non-key properties that are used by an Identity Manager query to fetch employee data.
All other fields in the AUDIT_EFFDT_LH table are optional.
The following table describes the Use Display characteristics of the AUDIT_EFFDT_LH view:
Information in the last audit entry is stored in Identity Manager as a “lastProcessed” configuration object to be used (and updated) on subsequent searches of the AUDIT_EFFDT_LH view. Maintenance of the lastProcessed Configuration object by the PeopleSoft Active Sync resource adapter prevents records from being processed more than once.
The following SQL code is used to generate the AUDIT_EFFDT_LH view:
SELECT audit1.AUDIT_PROC_ORDER AS AUDIT_PROC_ORDER
,audit1.AUDIT_PROC_ORDER AS AUDIT_PROC_END
,audit1.AUDIT_STAMP AS AUDIT_STAMP
,audit1.EFFDT AS EFFDT
,audit1.AUDIT_OPRID AS AUDIT_OPRID
,audit1.AUDIT_ACTN AS AUDIT_ACTN
,audit1.AUDIT_RECNAME AS AUDIT_RECNAME
,audit1.EMPLID AS EMPLID
,CAST(audit1.EMPL_RCD AS INTEGER) AS EMPL_RCD
FROM PS_AUDIT_PRS_DATA audit1
WHERE audit1.AUDIT_PROC_DATE <= %CurrentDateIn
AND NOT EXISTS (
SELECT *
FROM PS_AUDIT_PRS_DATA audit2
WHERE audit2.AUDIT_PROC_DATE <= %CurrentDateIn
AND audit2.AUDIT_PROC_ORDER > audit1.AUDIT_PROC_ORDER
AND audit2.EMPLID = audit1.EMPLID )The final line in this SQL code sample prevents Identity Manager from seeing operations with effective dates until the effective date has arrived.
AUDIT_PRS_DATA Table
The AUDIT_PRS_DATA table must contain the following fields:
- AUDIT_PROC_ORDER. This field must specify the Key, Search Key, List Box Item, and From Search field keys. In addition, this field must be set to Required so that PeopleSoft puts a non-null integrity constraint on the database column.
- AUDIT_PROC_DATE. This field must specify the Alternate Search Key, List Box Item. In addition, this field must be set to Required so that PeopleSoft puts a non-null integrity constraint on the database column.
- EMPLID and EMPL_RCD. These are required non-key properties that are used by an Identity Manager query to fetch employee data.
All other fields in the AUDIT_PRS_DATA table are optional.
The following table describes the Use Display characteristics of the AUDIT_PRS_DATA view:
PERS_SRCH_LH View
The PERS_SRCH_LH view must contain the EMPLID and EMPL_RCD fields, with the Key, Search Key, and List Box Item keys selected. All other fields provide the data that is synchronized with Identity Manager. It is up to the PeopleSoft Active Sync form to map this data into the Identity Manager user account.
The following table describes the Use Display characteristics of the PERS_SRCH_LH view:
The following SQL code is used to generate the PERS_SRCH_LH view:
Note
For your convenience, the peoplesoft/idm.zip file on the installation media contains an SQL script file named pers_srch_lh.sql that duplicates the following SQL code.
SELECT P.EMPLID
,A.EMPL_RCD
,P.NAME
,P.LAST_NAME_SRCH
,A.SETID_DEPT
,A.DEPTID
,P.ADDRESS1
,A.EMPL_STATUS
,P.FIRST_NAME
,P.LAST_NAME
,P.MIDDLE_NAME
,A.REPORTS_TO
,A.JOBCODE
,A.COMPANY
,P.NAME_INITIALS
,P.COUNTRY
,P.PHONE
,P.CITY
,P.STATE
,P.POSTAL
FROM PS_Job A
, PS_PERSONAL_DATA P
WHERE A.EMPLID = P.EMPLID
AND A.EffDt = (
SELECT MAX(C.EffDt)
FROM PS_Job C
WHERE C.EmplID = A.EmplID
AND C.EMPL_RCD = A.EMPL_RCD
AND C.EffDt <= %CurrentDateIn)
AND A.EffSeq = (
SELECT MAX(D.EffSeq)
FROM PS_Job D
WHERE D.EmplID = A.EmplID
AND D.EMPL_RCD = A.EMPL_RCD
AND D.EffDt = A.EffDt)The WHERE clause returns the current employee record for the given employee ID. PeopleSoft allows multiple records for a given employee, each of which has its own effective date/effective sequence. This clause returns the record whose effective date/effective sequence pair is the latest out of all those that are already effective (whose effective date has occurred).
The WHERE clause returns null for an employee whose sunrise date is in the future.
Pages
The Identity Manager project must also contain the following pages for the Component interface only:
LH_AUDIT_EFFDT
The LH_AUDIT_EFFDT page contains fields defined in the AUDT_EFFDT_LH table. This page is not displayed on the PeopleSoft GUI. Therefore, the layout and ordering of the fields is not important.
The following table describes the Use Display characteristics of the LH_AUDIT_EFFDT page. All items are defined in the AUDT_EFFDT_LH record.
LH_EMPLOYEE_DATA
The LH_EMPLOYEE_DATA page is the container for the fields defined in the PERS_SRCH_LH view. All items are defined in the PERS_SRCH_LH record.
The following table describes the Use Display characteristics of the LH_EMPLOYEE_DATA page:
Components
Components are the bridge between pages and menus. Once you have created your pages, you must add them to one or more components to use them on menus or in business processes.
Create a separate component for the each of the following pages:
The default component names are LH_AUDIT_EFFDT and LH_EMPLOYEE_COMP.
The following procedure describes how to create the LH_AUDIT_EFFDT component:
Component Interfaces
A component interface is a PeopleTools object that exposes a PeopleSoft component for synchronous access from another application, such as Identity Manager. Create a separate component interface for each component you created. The default names for the Component Interfaces are LH_AUDIT_EFFDT_COMP_INTF and LH_EMPLOYEE_COMP_INTF. These values can be modified on the General Active Sync Settings page of the Active Sync Wizard.
The following procedure describes how to create the LH_AUDIT_EFFDT_COMP_INTF component interface:
Step 3: Build the Project
Use this procedure to build the project and create PeopleSoft views and tables in the database.
To build the project using the Application Designer:
- Select Build—>Project. The Build dialog appears.
- In the Build Options area, select the Create Tables and Create Views options. In the Build Execute Options area, select the Execute SQL now option.
- Click Settings. The Build Settings dialog appears.
- Verify that the Recreate table if it already exists option is selected.
- Click the Logging tab.
- In the Logging Level area, select the Fatal errors, warnings and information messages option.
- In the Logging Output area, enter a unique log file name.
- Click OK, and then click Build to build the project and to create views and tables.
Application Designer may display a warning message similar to the following:
Potentially data destructive settings are active. Continue the build process?
- Click Yes to continue to build process.
Step 4: Manually Execute the audittrigger Script
The idm.zip file contains an Oracle SQL script named audittrigger.oracle. This script creates the trigger and sequence necessary to maintain the AUDIT_PROC_DATE and AUDIT_PROC_ORDER columns of the PS_AUDIT_PRS_DATA table.
Note
The audittrigger.oracle script is available only for Oracle. If you are using a different database, convert the script to run on that database.
The audittrigger.oracle script or its equivalent must be run every time you rebuild the PeopleSoft project.
Step 5: Enable Auditing
From the Application Designer, you will enable auditing on the JOB and PERSONAL_DATA tables, and possibly on the POSITION_DATA and EMPLOYMENT tables. This is record-level auditing that writes a simple summary record with the operator and the EMPLID of the changed record.
To update your PeopleTools database objects:
- Launch the Application Designer.
- Select File —>Open to display the Open Object dialog.
- Select Record from the Object type menu, and then type JOB in the Name field.
- Click Open to open the record.
- Select File—>Properties to open the record properties, and then click the Use tab.
- In the Record Name field, select AUDIT_PRS_DATA.
- In the Audit Options area, select the Add, Change, and Delete options. Leave the Selective option unchecked.
Repeat these steps for the PERSONAL_DATA table and other tables that will be triggers for data synchronization.
Note
For more information, see “Creating Record Definitions” in the Application Designer documentation.
Step 6: Configure PeopleTools
To complete the configuration process, you must use the PeopleTools browser-based GUI to assign component interfaces to a permission list, create a role and assign permission lists to the role, and assign the role to user profiles. Refer to the PeopleTools documentation for more information about these entities.
Component Interfaces
Use of component interfaces must be authorized. To authorize a component interface:
- Log in to the PeopleTools browser-based GUI and navigate to Home —> People Tools —> Maintain Security —> Use —> Permission Lists. (For Peoplesoft 9, this path is is Home—>People Tools—>Security—>Permissions & Roles—>Permission List.)
- Select the Add a New Value link and enter a value such as LH_ALL
- Click on the right arrow in the tabs section near the top of the page until the Component Interface tab is displayed. Then click on the Component Interface tab.
- Enter an existing Component Interface, such as LH_AUDIT_EFFDT_COMP_INTF, in the text box.
- Click the Edit link to go to the Component Interface Permissions page.
- Click the Full Access button to enable full access for all the methods, or use the drop-down menus to assign access for individual methods. Click OK to return to the Permission Lists page.
- Click the + (plus) button. An additional text box will be displayed.
- Enter a different existing Component Interface, such as LH_EMPLOYEE_COMP_INTF, in the text box.
- Repeat steps 5 and 6.
- Save your changes.
Roles
To assign a PeopleSoft role to the Component Interfaces:
- Navigate to Home —> People Tools —> Maintain Security —> Use —> Roles. (For Peoplesoft 9, the path is Home-> People Tools-> Security-> Permissions & Roles-> Roles.)
- Select the Add a New Value link and enter a value such as LH_ROLE.
- Click the Permission Lists tab.
- Enter an existing Permission List, such as LH_ALL.
- Save your changes.
User Profiles
To assign a role to a user profile:
- Navigate to Home —> People Tools —> Maintain Security —> Use —> User Profiles. (For Peoplesoft 9, the path is Home—> People Tools—> Security—> User Profiles—> User Profiles.)
- Enter an existing user ID. This user can be specified as the user on the Resource Parameters page in Identity Manager.
Note
You can also create a new user. Refer to the PeopleSoft documentation for more information about the requirements of a user account.
- Select the Roles tab.
- Click the + (plus) button. An additional text box will be displayed.
- Enter the name of a role, such as LH_ROLE.
- Save your changes.
Step 7: Prune the Audit Log
Identity Manager does not delete audit events from the audit log. The PeopleSoft administrator must set up a task to prune old audit entries. This task must retain transactions with a future effective date until Identity Manager processes them. That is, entries whose AUDIT_PROC_DATE is in the future must NOT be pruned.
Identity Manager Installation Notes
The PeopleSoft Component resource adapter is a custom adapter. You must perform the following steps to complete the installation process:
- Copy the following file from the PeopleSoft installation media to the InstallDir\idm\WEB-INF\lib directory:
psjoa.jar
The version number of the jar file must match the version of PeopleSoft.
- To add this resource to the Identity Manager resources list, you must add the following value in the Custom Resources section of the Configure Managed Resources page.
com.waveset.adapter.PeopleSoftComponentActiveSyncAdapter
Usage Notes
This section provides information related to using the PeopleSoft Component resource adapter, including:
Controlling Hosts in a Cluster
You can use the sources.ResourceName.hosts property in the waveset.properties file to control which host(s) in a cluster are used to execute the synchronization portion of an Active Sync resource adapter. You must replace ResourceName with the name of the Resource object.
Active Sync Configuration
Specify the Audit Component Interface Name and the Employee Component Interface Name on the General Active Sync Settings page of the Active Sync Wizard.
Security Notes
This section provides information about supported connections and privilege requirements.
Supported Connections
Identity Manager uses the Client Connection Toolkit (Sync Only) to communicate with this adapter.
Required Administrative Privileges
The user name that connects to PeopleSoft must be assigned to a PeopleSoft role that can access the component interfaces.
Provisioning Notes
The following table summarizes the provisioning capabilities of this adapter.
Account Attributes
The following table provides information about the PeopleSoft Component Active Sync adapter account attributes.
Resource Object Management
Not applicable.
Identity Template
$accountId$
Sample Forms
PeopleSoftForm.xml
Troubleshooting
Use the Identity Manager debug pages to set trace options on the following class:
com.waveset.adapter.PeopleSoftComponentActiveSyncAdapter