Sun Identity Manager 8.1 Resources Reference

Adapter Details

Resource Configuration Notes

You must use the following PeopleSoft tools to integrate resources with the resource adapter.

Follow these steps to configure PeopleSoft for use with Identity Manager:

Step 1: Create the New Project

Create a new project with the PeopleSoft Application Designer using the following steps:

ProcedureCreating a New Project

  1. Create a new project in the Application Designer by selecting the File—>New menu. Then select Project from the list.

  2. Name the project by performing a save. Use the File—>Save Project As... menu, and enter a unique name for the project, such as “IDM”.

  3. Create the objects within the project by performing the tasks listed in Step 2: Edit Identity Manager Objects.

Step 2: Edit Identity Manager Objects

The Identity Manager project contains the following types of objects:

You must create these objects within the Application Designer. Each of these objects is described in detail below.

Fields

Create the following fields:

The following procedure describes how to create the AUDIT_PROC_ORDER field:

ProcedureCreating the AUDIT_PROC_ORDER Field

  1. Select File—> New...— >Field.

  2. Select Character field type.

  3. Set the field length to 20.

  4. Assign the Label ID AUDIT_PROC_ORDER

  5. Save the field by selecting File— > Save. Assign it the name AUDIT_PROC_ORDER.

  6. Select Insert— > Current Definition to add the field to the project

Records

There are three records (two views and one table) that must be defined within the Application Designer. The following record descriptions illustrate a typical implementation. The records can be customized to the needs of the implementation by adding or changing fields.

AUDIT_EFFDT_LH View

The AUDIT_EFFDT_LH view is polled by the PeopleSoft Active Sync resource adapter. Identity Manager uses the following fields to query for events that have not yet been processed:

All other fields in the AUDIT_EFFDT_LH table are optional.

The following table describes the Use Display characteristics of the AUDIT_EFFDT_LH view:

Field Name

Type

Key

Ordr  

Dir

Srch

List

Sys

Default

AUDIT_PROC_ORDER

Char 

Key 

Asc 

Yes 

Yes 

No 

 

AUDIT_PROC_END

Char 

Key 

 

Asc 

Yes 

Yes 

No 

 

AUDIT_STAMP

DtTm 

     

No 

No 

No 

 

EFFDT

Date 

     

No 

No 

No 

%date 

AUDIT_OPRID

Char 

     

No 

No 

No 

 

AUDIT_ACTN

Char 

     

No 

No 

No 

 

AUDIT_RECNAME

Char 

     

No 

No 

No 

 

EMPLID

Char 

     

No 

No 

No 

”NEW’ 

EMPL_RCD

Nbr 

     

No 

No 

No 

 

Information in the last audit entry is stored in Identity Manager as a “lastProcessed” configuration object to be used (and updated) on subsequent searches of the AUDIT_EFFDT_LH view. Maintenance of the lastProcessed Configuration object by the PeopleSoft Active Sync resource adapter prevents records from being processed more than once.

The following SQL code is used to generate the AUDIT_EFFDT_LH view:

SELECT audit1.AUDIT_PROC_ORDER AS AUDIT_PROC_ORDER
,audit1.AUDIT_PROC_ORDER AS AUDIT_PROC_END
,audit1.AUDIT_STAMP AS AUDIT_STAMP
,audit1.EFFDT AS EFFDT
,audit1.AUDIT_OPRID AS AUDIT_OPRID
,audit1.AUDIT_ACTN AS AUDIT_ACTN
,audit1.AUDIT_RECNAME AS AUDIT_RECNAME
,audit1.EMPLID AS EMPLID
,CAST(audit1.EMPL_RCD AS INTEGER) AS EMPL_RCD FROM PS_AUDIT_PRS_DATA audit1
WHERE audit1.AUDIT_PROC_DATE <= %CurrentDateIn
AND NOT EXISTS (
SELECT * FROM PS_AUDIT_PRS_DATA audit2
WHERE audit2.AUDIT_PROC_DATE <= %CurrentDateIn
AND audit2.AUDIT_PROC_ORDER > audit1.AUDIT_PROC_ORDER
AND (audit2.EMPLID = audit1.EMPLID AND audit2.EMPL_RCD = audit1.EMPL_RCD) );

The final line in this SQL code sample prevents Identity Manager from seeing operations with effective dates until the effective date has arrived.

AUDIT_PRS_DATA Table

The AUDIT_PRS_DATA table must contain the following fields:

All other fields in the AUDIT_PRS_DATA table are optional.

The following table describes the Use Display characteristics of the AUDIT_PRS_DATA view:

Field Name

Type

Key  

Ordr  

Dir  

Srch

List

Sys

Default

AUDIT_PROC_ORDER

Char 

Key 

Asc 

Yes 

Yes 

No 

 

AUDIT_PROC_DATE

Date 

Alt 

 

Asc 

No 

No 

No 

 

AUDIT_STAMP

DtTm 

     

No 

No 

No 

%date 

AUDIT_OPRID

Char 

     

No 

No 

No 

”ANON’ 

AUDIT_ACTN

Char 

     

No 

No 

No 

”C’ 

AUDIT_RECNAME

Char 

     

No 

No 

No 

”ANON’ 

EMPLID

Char 

     

No 

No 

No 

”NEW’ 

EFFDT

Date 

     

No 

No 

No 

%date 

EMPL_RCD

Nbr 

     

No 

No 

No 

 

PERS_SRCH_LH View

The PERS_SRCH_LH view must contain the EMPLID and EMPL_RCD fields, with the Key, Search Key, and List Box Item keys selected. All other fields provide the data that is synchronized with Identity Manager. It is up to the PeopleSoft Active Sync form to map this data into the Identity Manager user account.

The following table describes the Use Display characteristics of the PERS_SRCH_LH view:

Field Name

Type

Key  

Ordr  

Dir  

Srch

List

Sys

EMPLID

Char 

Key 

Asc 

Yes 

Yes 

No 

EMPL_RCD

Nbr 

Key 

Asc 

Yes 

Yes 

No 

NAME

Char 

     

No 

Yes 

No 

LAST_NAME_SRCH

Char 

     

No 

Yes 

No 

SETID_DEPT

Char 

     

No 

Yes 

No 

DEPTID

Char 

     

No 

Yes 

No 

ADDRESS1

Char 

     

No 

Yes 

No 

EMPL_STATUS

Char 

     

No 

Yes 

No 

FIRST_NAME

Char 

     

No 

Yes 

No 

LAST_NAME

Char 

     

No 

Yes 

No 

MIDDLE_NAME

Char 

     

No 

Yes 

No 

REPORTS_TO

Char 

     

No 

Yes 

No 

JOBCODE

Char 

     

No 

Yes 

No 

COMPANY

Char 

     

No 

Yes 

No 

NAME_INITIALS

Char 

     

No 

Yes 

No 

COUNTRY

Char 

     

No 

Yes 

No 

PHONE

Char 

     

No 

Yes 

No 

CITY

Char 

     

No 

Yes 

No 

STATE

Char 

     

No 

Yes 

No 

POSTAL

Char 

     

No 

Yes 

No 

The following SQL code is used to generate the PERS_SRCH_LH view:


Note –

For your convenience, the peoplesoft/idm.zip file on the installation media contains an SQL script file named pers_srch_lh.sql that duplicates the following SQL code.


SELECT P.EMPLID
 ,A.EMPL_RCD
 ,P.NAME
 ,P.LAST_NAME_SRCH
 ,A.SETID_DEPT
 ,A.DEPTID
 ,P.ADDRESS1
 ,A.EMPL_STATUS
 ,P.FIRST_NAME
 ,P.LAST_NAME
 ,P.MIDDLE_NAME
 ,A.REPORTS_TO
 ,A.JOBCODE
 ,A.COMPANY
 ,P.NAME_INITIALS
 ,P.COUNTRY
 ,P.PHONE
 ,P.CITY
 ,P.STATE
 ,P.POSTAL
 FROM PS_Job A
 , PS_PERSONAL_DATA P
 WHERE A.EMPLID = P.EMPLID
 AND A.EffDt = (
 SELECT MAX(C.EffDt)
 FROM PS_Job C
 WHERE C.EmplID = A.EmplID
 AND C.EMPL_RCD = A.EMPL_RCD
 AND C.EffDt <= %CurrentDateIn)
 AND A.EffSeq = (
 SELECT MAX(D.EffSeq)
 FROM PS_Job D
 WHERE D.EmplID = A.EmplID
 AND D.EMPL_RCD = A.EMPL_RCD
 AND D.EffDt = A.EffDt)

The WHERE clause returns the current employee record for the given employee ID. PeopleSoft allows multiple records for a given employee, each of which has its own effective date/effective sequence. This clause returns the record whose effective date/effective sequence pair is the latest out of all those that are already effective (whose effective date has occurred).

The WHERE clause returns null for an employee whose sunrise date is in the future.

Pages

The Identity Manager project must also contain the following pages for the Component interface only:

LH_AUDIT_EFFDT

The LH_AUDIT_EFFDT page contains fields defined in the AUDT_EFFDT_LH table. This page is not displayed on the PeopleSoft GUI. Therefore, the layout and ordering of the fields is not important.

The following table describes the Use Display characteristics of the LH_AUDIT_EFFDT page. All items are defined in the AUDT_EFFDT_LH record.

Label

Type

Field

Unique order to process 

Edit Box 

AUDIT_PROC_ORDER 

EmplID 

Edit Box 

EMPLID 

Upper bound for search 

Edit Box 

AUDIT_PROC_END 

Empl Rcd Nbr 

Edit Box 

EMPL_RCD 

Date and Time Stamp 

Edit Box 

AUDIT_STAMP 

Effective Date 

Edit Box 

EFFDT 

User ID 

Edit Box 

AUDIT_OPRID 

Action 

Drop Down List 

AUDIT_ACTN 

Audit Record Name 

Edit Box 

AUDIT_RECNAME 

LH_EMPLOYEE_DATA

The LH_EMPLOYEE_DATA page is the container for the fields defined in the PERS_SRCH_LH view. All items are defined in the PERS_SRCH_LH record.

The following table describes the Use Display characteristics of the LH_EMPLOYEE_DATA page:

Label

Type

Field

EmplID 

Edit Box 

EMPLID 

Name 

Edit Box 

NAME 

Last Name 

Edit Box 

LAST_NAME_SRCH 

Department SetID 

Edit Box 

SETID_DEPT 

Department 

Edit Box 

DEPTID 

Address Line 1 

Edit Box 

ADDRESS1 

Personnel Status 

Edit Box 

PER_STATUS 

Employee Status 

Edit Box 

EMPL_STATUS 

First Name 

Edit Box 

FIRST_NAME 

Last Name 

Edit Box 

LAST_NAME 

Middle Name 

Edit Box 

MIDDLE_NAME 

Reports To Position 

Edit Box 

REPORTS_TO 

Job Code 

Edit Box 

JOBCODE 

Company 

Edit Box 

COMPANY 

Name Initials 

Edit Box 

NAME_INITIALS 

Country 

Edit Box 

COUNTRY 

Telephone 

Edit Box 

PHONE 

City 

Edit Box 

CITY 

State 

Edit Box 

STATE 

Postal Code 

Edit Box 

POSTAL 

Empl Rcd Nbr 

Edit Box 

EMPL_RCD 

Components

Components are the bridge between pages and menus. Once you have created your pages, you must add them to one or more components to use them on menus or in business processes.

Create a separate component for the each of the following pages:

The default component names are LH_AUDIT_EFFDT and LH_EMPLOYEE_COMP.

The following procedure describes how to create the LH_AUDIT_EFFDT component:

ProcedureCreating the LH_AUDIT_EFFDT Component

  1. Select File— > New...— > Component.

  2. Select Insert— > Page Into Component.... Specify the name as LH_AUDIT_EFFDT.

  3. Select File— > Definition/Object Properties. Then go to Use and Search Record AUDIT_EFFDT_LH

  4. Select File— > Save and name the component LH_AUDIT_EFFDT

Component Interfaces

A component interface is a PeopleTools object that exposes a PeopleSoft component for synchronous access from another application, such as Identity Manager. Create a separate component interface for each component you created. The default names for the Component Interfaces are LH_AUDIT_EFFDT_COMP_INTF and LH_EMPLOYEE_COMP_INTF. These values can be modified on the General Active Sync Settings page of the Active Sync Wizard.

The following procedure describes how to create the LH_AUDIT_EFFDT_COMP_INTF component interface:

ProcedureCreating the LH_AUDIT_EFFDT_COMP_INTF Component

  1. Select File— > New...— > Component Interface.

  2. Specify a source component, such as LH_AUDIT_EFFDT. When prompted, select Yes.

  3. Select File— > Save. Specify the name LH_AUDIT_EFFDT_COMP_INTF.

Step 3: Build the Project

Use this procedure to build the project and create PeopleSoft views and tables in the database.

To build the project using the Application Designer:

ProcedureBuilding the Project

  1. Select Build—>Project. The Build dialog appears.

  2. In the Build Options area, select the Create Tables and Create Views options. In the Build Execute Options area, select the Execute SQL now option.

  3. Click Settings. The Build Settings dialog appears.

  4. Verify that the Recreate table if it already exists option is selected.

  5. Click the Logging tab.

  6. In the Logging Level area, select the Fatal errors, warnings and information messages option.

  7. In the Logging Output area, enter a unique log file name.

  8. Click OK, and then click Build to build the project and to create views and tables.

    Application Designer may display a warning message similar to the following:

    Potentially data destructive settings are active. Continue the build process?

  9. Click Yes to continue to build process.


    Note –

    After importing and building the project, you must test the components in Application Designer. The reliability of the import project feature within PeopleSoft varies from release to release. Therefore, validation of the objects is very important.


Step 4: Manually Execute the audittrigger Script

The idm.zip file contains an Oracle SQL script named audittrigger.oracle. This script creates the trigger and sequence necessary to maintain the AUDIT_PROC_DATE and AUDIT_PROC_ORDER columns of the PS_AUDIT_PRS_DATA table.


Note –

The audittrigger.oracle script is available only for Oracle. If you are using a different database, convert the script to run on that database.


The audittrigger.oracle script or its equivalent must be run every time you rebuild the PeopleSoft project.

Step 5: Enable Auditing

From the Application Designer, you will enable auditing on the JOB and PERSONAL_DATA tables, and possibly on the POSITION_DATA and EMPLOYMENT tables. This is record-level auditing that writes a simple summary record with the operator and the EMPLID of the changed record.

ProcedureUpdating your PeopleTools database objects

  1. Launch the Application Designer.

  2. Select File— >Open to display the Open Object dialog.

  3. Select Record from the Object type menu, and then type JOB in the Name field.

  4. Click Open to open the record.

  5. Select File—>Properties to open the record properties, and then click the Use tab.

  6. In the Record Name field, select AUDIT_PRS_DATA.

  7. In the Audit Options area, select the Add, Change, and Delete options. Leave the Selective option unchecked.

    Repeat these steps for the PERSONAL_DATA table and other tables that will be triggers for data synchronization.


    Note –

    For more information, see “Creating Record Definitions” in the Application Designer documentation.


Step 6: Configure PeopleTools

To complete the configuration process, you must use the PeopleTools browser-based GUI to assign component interfaces to a permission list, create a role and assign permission lists to the role, and assign the role to user profiles. Refer to the PeopleTools documentation for more information about these entities.

Component Interfaces

Use of component interfaces must be authorized.

ProcedureAuthorizing a Component Interface

  1. Log in to the PeopleTools browser-based GUI and navigate to Home— > People Tools— > Maintain Security— > Use— > Permission Lists. (For Peoplesoft 9, this path is Home—>People Tools—>Security—>Permissions & Roles—>Permission List.)

  2. Select the Add a New Value link and enter a value such as LH_ALL

  3. Click on the right arrow in the tabs section near the top of the page until the Component Interface tab is displayed. Then click on the Component Interface tab.

  4. Enter an existing Component Interface, such as LH_AUDIT_EFFDT_COMP_INTF, in the text box.

  5. Click the Edit link to go to the Component Interface Permissions page.

  6. Click the Full Access button to enable full access for all the methods, or use the drop-down menus to assign access for individual methods. Click OK to return to the Permission Lists page.

  7. Click the + (plus) button. An additional text box will be displayed.

  8. Enter a different existing Component Interface, such as LH_EMPLOYEE_COMP_INTF, in the text box.

  9. Repeat steps 5 and 6.

  10. Save your changes.

ProcedureAssigning a PeopleSoft Role to the Component Interfaces

  1. Navigate to Home— > People Tools— > Maintain Security— > Use— > Roles. (For Peoplesoft 9, the path is Home-> People Tools-> Security-> Permissions & Roles-> Roles.)

  2. Select the Add a New Value link and enter a value such as LH_ROLE.

  3. Click the Permission Lists tab.

  4. Enter an existing Permission List, such as LH_ALL.

  5. Save your changes.

ProcedureAssigning a Role to a User Profile

  1. Navigate to Home— > People Tools— > Maintain Security— > Use— > User Profiles. (For Peoplesoft 9, the path is Home—> People Tools—> Security—> User Profiles—> User Profiles.)

  2. Enter an existing user ID. This user can be specified as the user on the Resource Parameters page in Identity Manager.


    Note –

    You can also create a new user. Refer to the PeopleSoft documentation for more information about the requirements of a user account.


  3. Select the Roles tab.

  4. Click the + (plus) button. An additional text box will be displayed.

  5. Enter the name of a role, such as LH_ROLE.

  6. Save your changes.

Step 7: Prune the Audit Log

Identity Manager does not delete audit events from the audit log. The PeopleSoft administrator must set up a task to prune old audit entries. This task must retain transactions with a future effective date until Identity Manager processes them. That is, entries whose AUDIT_PROC_DATE is in the future must NOT be pruned.

Identity Manager Installation Notes

The PeopleSoft Component resource adapter is a custom adapter. You must perform the following steps to complete the installation process:

ProcedureInstalling the PeopleSoft Component Resource Adapter

  1. Copy the psjoa.jar file from the PeopleSoft installation media to the InstallDir\idm\WEB-INF\lib directory:

    The version number of the jar file must match the version of PeopleSoft.

  2. To add this resource to the Identity Manager resources list, you must add the following value in the Custom Resources section of the Configure Managed Resources page.


    com.waveset.adapter.PeopleSoftComponentActiveSyncAdapter

Usage Notes

This section provides information related to using the PeopleSoft Component resource adapter, including:

Controlling Hosts in a Cluster

You can use the sources.ResourceName.hosts property in the waveset.properties file to control which host(s) in a cluster are used to execute the synchronization portion of an Active Sync resource adapter. You must replace ResourceName with the name of the Resource object.

Active Sync Configuration

Specify the Audit Component Interface Name and the Employee Component Interface Name on the General Active Sync Settings page of the Active Sync Wizard.

Security Notes

This section provides information about supported connections and privilege requirements.

Supported Connections

Identity Manager uses the Client Connection Toolkit (Sync Only) to communicate with this adapter.

Required Administrative Privileges

The user name that connects to PeopleSoft must be assigned to a PeopleSoft role that can access the component interfaces.

Provisioning Notes

The following table summarizes the provisioning capabilities of this adapter.

Feature  

Supported?  

Create account 

No 

Update account 

No 

Delete account 

No 

Enable/disable account 

No 

Password update 

No 

Rename account 

No 

Pass-through authentication 

No 

Before/after actions 

No 

Data loading methods 

Active Sync 

Account Attributes

The following table provides information about the PeopleSoft Component Active Sync adapter account attributes.

Resource User Attribute

mapName

Description

accountId

EMPLID 

Required. 

ACTION

ACTION 

An action code of up to 3 characters 

ACTION_REASON

ACTION_REASON 

A reason code of up to 3 characters 

AUDIT_ACTN

AUDIT_ACTN 

The type of action the system audited (A=add, C=change, D=delete). 

AUDIT_OPRID

AUDIT_OPRID 

The operator who caused the system to trigger the audit. 

AUDIT_STAMP

AUDIT_STAMP 

Date and time stamp 

AUDIT_RECNAME

AUDIT_RECNAME 

The name of the record the system audited. 

EFFSEQ

EFFSEQ 

Effective sequence 

EFFDT

EFFDT 

Effective date 

Employee ID

EMPL_ID 

The key field used to uniquely identify users. 

fullname

NAME 

The user’s full name. 

firstname

FIRST_NAME 

The user’s first name. 

lastname

LAST_NAME 

The user’s last name. 

Middle Name

MIDDLE_NAME 

The user’s middle name 

PS_PER_STATUS

PER_STATUS 

Personnel status, such as employee or non-employee. 

PS_EMPL_STATUS (Status on the AS adapter)

EMPL_STATUS 

The status of the employee, such as Active, Suspended, or Terminated. 

Home Address

ADDRESS1 

The user’s home address 

Department

DEPTID 

The user’s department 

Manager

REPORTS_TO 

The user’s manager 

Job Title

JOBCODE 

A code that identifies the user’s job title. 

Initials

NAME_INITIALS 

The user’s initials 

Country

COUNTRY 

3-letter country code 

Company

COMPANY 

Company name 

Home Phone

PHONE 

The user’s home phone number 

Home City

CITY 

The city in which the user resides 

Home State

STATE 

The state in which the user resides 

Home Zip

POSTAL 

The user’s home Zip or postal code. 

Resource Object Management

Not applicable.

Identity Template

$accountId$

Sample Forms

PeopleSoftForm.xml

Troubleshooting

Use the Identity Manager debug pages to set trace options on the following class:

com.waveset.adapter.PeopleSoftComponentActiveSyncAdapter