SAP Access Control Configuration Information
The following table lists actions and their corresponding parameter names and values. These must be set in the SAP Access Control connector configuration.
|
Action |
Parameter Name |
Parameter Value |
|---|---|---|
|
Create User |
SCHEMA_ID |
standard |
|
CREATE_USER:OC |
IDMperson |
|
|
CREATE_USER:options.AllowPasswordGeneration |
true |
|
|
CREATE_USER:options.onlyResourcesUserPasswordRequired |
true |
|
|
Change User |
CHANGE_USER:OC |
IDMperson |
|
Delete User |
DELETE_USER:OC |
IDMperson |
|
Assign Roles |
ASSIGN_ROLES:OC |
IDMperson |
|
ROLE |
roles |
|
|
Lock User |
LOCK_USER:EXT |
disableUser |
|
Unlock User |
UNLOCK_USER:EXT |
enableUser |
|
Audit Logs |
not configurable |
not applicable |
|
AUDIT_TYPE |
statusrequest |
|
|
Reset Password |
RESET_PASSWORD:EXT |
resetUserPassword |
|
Search Password |
SEARCH_PASSWORD:EXT |
launchProcess |
|
SEARCH_PASSWORD:process |
SPML Decrypt Password |
|
|
SEARCH_PASSWORD:taskName |
Decrypt Password |
|
|
Search |
SEARCH_CRITERIA |
identifier |
SAP Access Control currently does not support filtering the SPML attributes defined in the schema based on the object class. When you create the mapping for the SAP Access Control connector, all attributes are displayed, even the attributes that are not part of the object class used. During the fields mapping SAP Access Control sends a SchemaRequest to Waveset to allow you to map the attributes for the connector in SAP Access Control. By default, the Waveset schema contains multiple object classes, and you will see attributes that are not valid for the object class you have configured. There are two possible workarounds for this:
-
Reduce the SPML schema on the Waveset server temporarily to use just the object class and attributes needed. When the SAP Access Control server is configured you should reload the original schema again. Changes to the SPML schema require a restart of the server.
-
Use a printout of the schema and mark the available attributes for the object class used and do not rely on the attributes presented in the drop down of the SAP Access Control user interface.
The following table lists field mappings for the SAP Access Control connector. This is not a complete list of all the fields which could be mapped.
|
Access Control Field |
Application Field |
|---|---|
|
Email Address - STANDARD |
|
|
User FName - STANDARD |
gn |
|
User ID - STANDARD |
accountId |
|
User LName - STANDARD |
sn |
These application fields are the SPML schema attribute names. These names do not have to correspond with internal Waveset attribute names. In the SPML configuration, these names can be mapped using a form to internal Waveset attribute names.
Note –
The SAP Access Control connector must not be configured to run over HTTPS.
- © 2010, Oracle Corporation and/or its affiliates