test

Oracle Waveset 8.1.1 Resources Reference

Adapter Details

Resource Configuration Notes

If you are using this adapter with the External Policy Check workflow process, the SAP Access Control autoprovision setting should be disabled in the SAP Access Control user interface. Otherwise, this setting should be enabled.

Waveset Installation Notes

The SAP Access Control web service adapter is a custom adapter. You must perform the following steps to complete the installation process.

ProcedureInstalling the SAP Access Control Web Service Adapter

  1. Download Glassfish Metro 1.5 from the following location:

    https://metro.dev.java.net/1.5/

    Note –

    Glassfish Metro might be incompatible with Apache Axis on some application servers. In this case, you must remove Apache Axis if it is present on your application server.

  2. Install Metro on your application server. Refer to the Metro documentation for more information.

    • If you are installing Metro on JBoss 4.2.3 and use JDK 1.6, delete all the JAR files related to JAXB, JAXWS, and JAAS from the jboss-4.2.3\lib\endorsed directory except for the following:

      • Serializer.jar

      • Xalan.jar

      • xercesImpl.jar

      Then place the following JAR files from Metro into idm-dir/WEB-INF/lib directory:

      • webservices-api.jar

      • webservices-extra.jar

      • webservices-extra-api.jar

      • webservices-rt.jar

      • webservices-tools.jar

      • webservices.war

    • Otherwise, note that the following JAR files are required at runtime:

      • webservices-api.jar

      • webservices-extra.jar

      • webservices-extra-api.jar

      • webservices-rt.jar

      • webservices-tools.jar

  3. Download the JCo (Java Connection) toolkit from http://service.sap.com/connectors. (Access to the SAP JCO download pages require a login and password.) The toolkit will have a name similar to sapjco-ntintel-2.1.6.zip. This name will vary depending on the platform and version selected.

    Note –

    Make sure that the JCo toolkit you download matches the bit version of Java your application server runs on. For example, JCo is available only in the 64-bit version on the Solaris x86 platform. Therefore, your application server must be running the 64-bit version on the Solaris x86 platform.

  4. Unzip the toolkit and follow the installation instructions. Be sure to place library files in the correct location and to set the environment variables as directed.

    Note –

    If you plan to use the SAP Access Control web service adapter with the Sun Application Server on a Windows machine, you must add SAP JCo RFC dlls to the Sun Application Server /lib directory or an error will result.

    • For SAP JCo 2.1.8: Add the sapjcorfc.dll and the librfc32.dll files to the Sun-app-server-install-dir/lib directory and restart the server.

    • For SAP JCo 3.0.x: Add the sapjco3.dll file to the Sun-app-server-install-dir/lib directory and restart the server.

  5. Copy the sapjco.jar file to the InstallDir\WEB-INF\lib directory.

  6. To add an SAP Access Control resource to the Waveset resources list, you must add the following value in the CustomResources section of the Configure Managed Resources page.

    com.waveset.adapter.SAPAccessControlWebServiceAdapter

Usage Notes

The SAP Access Control adapter can be used in the following types of integrations:

The External SAP Access Control User Form aggregates the data required for an SAP Access Control Risk Analysis web service implemented through the SAP Access Control adapter. This data is placed in the accounts[Lighthouse].properties.externalPolicy[ResourceName] property in the User object.

Security Notes

This section provides information about supported connections and privilege requirements.

Supported Connections

Web services using GlassFish Metro.

Required Administrative Privileges

The user name that connects to Access Control must be assigned to a role that can access the SAP users.

Provisioning Notes

This adapter does not support provisioning directly. If you are implementing an external policy check, use an SAP connector for provisioning. Otherwise, use an external resource configured with Web Service Notification and this resource as the delegated resource for provisioning requests.

Account Attributes

The following table provides information about the account attributes that are specific to SAP Access Control. Refer to the documentation for the SAP Access Control web services and SAP Access Control for information about general SAP attributes. Unless stated otherwise, all attribute types are String.

Identity System User Attribute 

Resource User Attribute 

Description 

firstname  

firstname  

Required. The user's first name.  

lastname  

lastname  

Required. The user's last name.  

email  

email  

Required. The email assigned to the user. 

acUserId  

userId  

Required. The User ID for the Access Control account.  

acManagerId  

managerId  

Required if a Manager stage is configured. The account ID of the user's manager.  

acManagerFirstname  

managerFirstname  

Required if a Manager stage is configured. The manager's first name.  

acManagerLastname  

managerLastname  

Required if a Manager stage is configured. The manager's last name.  

acManagerEmail  

managerEmail  

Required if a Manager stage is configured. The email assigned to the manager. This value must be a valid, existing value in Access Control. 

acRequestorId  

requestorId  

Required. The user ID of the person requesting the account.  

acRequestorFirstname  

requestorFirstname  

Required. The requestor.s first name.  

acRequestorLastname  

requestorLastname  

Required. The requestor.s last name.  

acRequestorEmail  

requestorEmail  

Required. The email address of the requestor.  

acApplications  

applications  

Required. The applications to grant access to. This value is a comma-separated list. 

acRoles  

rolesObject 

Required. Complex data type.The roles assigned to the user. This attribute contains values for ValidFrom, ValidTo, Rolename, CoApplicationId, and Company. 

acPriority  

priority 

Required. The priority of the request  

acEmployeeType  

employeeType 

The employment status of the user.  

acCustomFields 

customFieldsObject 

Complex data type. Additional fields for the user. 

acFunctionalArea 

functionalArea 

SAP functional area for the user. Valid only if 5.3 SP9 is selected as the version of the resource. 

acValidFrom 

validFrom 

The first date the user is valid. Valid only if 5.3 SP9 is selected as the version of the resource. 

acValidTo 

validTo 

The last date the user is valid. Valid only if 5.3 SP9 is selected as the version of the resource. 

acManagerTelephone 

managerTelephone 

The telephone number of the user's manager. Valid only if 5.3 SP9 is selected as the version of the resource. 

acRequestorTelephone 

requestorTelephone 

The telephone number of the requestor. Valid only if 5.3 SP9 is selected as the version of the resource. 

acSNCName 

sNCName 

The Secure Network Communications user name. Valid only if 5.3 SP9 is selected as the version of the resource. 

acUnsecureLogon 

unsecureLogon 

Allows the use of the unsecure logon feature. The value of this attribute must be “true” or “false” and be of type String. Valid only if 5.3 SP9 is selected as the version of the resource. 

Resource Object Management

The adapter supports the following:

Identity Template

Not applicable

Sample Forms

Troubleshooting

Use the Waveset debug pages to set trace options on the following classes: