| Oracle® Waveset 8.1.1 Connector Reference Release 8.1.1 E25959-06 |
|
|
PDF · Mobi · ePub |
| Oracle® Waveset 8.1.1 Connector Reference Release 8.1.1 E25959-06 |
|
|
PDF · Mobi · ePub |
This chapter includes the following information about the PeopleSoft User Management connector for Oracle Waveset:
Security Considerations for the PeopleSoft User Management Connector
Certified Components for the PeopleSoft User Management Connector
Supported Languages for the PeopleSoft User Management Connector
The PeopleSoft User Management connector manages data in PeopleSoft through component interfaces. The connector can also manage additional PeopleSoft applications (such as HR and Financials) if these applications are installed on a system with a supported version of PeopleTools.
The PeopleSoft User Management connector is implemented using the Identity Connector Framework (ICF). The ICF provides a container that separates the connector bundle from the application. The ICF also provides common features that developers would otherwise need to implement on their own, such as connection pooling, buffering, time outs, and filtering. For more information about the ICF, see Chapter 1, "Identity Connectors Overview".
The PeopleSoft User Management connector is configured by default to support the USER_PROFILE, ROLE_MAINT, and DELETE_USER_PROFILE component interfaces. The connector can also use custom component interfaces to create, read, and update account data if the component interface supports the create, get, find, and save methods. To delete accounts, the custom component interface must support get and save methods.
The PeopleSoft User Management connector supersedes the Peoplesoft Component Interface resource adapter. To migrate from a resource adapter deployment, see Migrating to the PeopleSoft User Management Connector from a Resource Adapter.
This section also describes:
The following figure shows the PeopleSoft User Management connector architecture.
Figure 8-1 PeopleSoft User Management Connector Architecture
The PeopleSoft User Management connector architecture includes these components:
Oracle Waveset includes the connector integration files. These files are XML files that provide the configuration information necessary to transform data from a resource to Oracle Waveset. Integration files are sometimes called the connector "glue" code.
The Identity Connector Framework (ICF) provides basic provisioning, logging, and other functions that Oracle Waveset (and Oracle Identity Manager) connectors can use.
The PeopleSoft User Management connector uses component interfaces to perform provisioning and reconciliation on the PeopleSoft HRMS target system.
The connector requires the PeopleSoft Java Object Adapter (psjoa.jar file) to access the target system data. The version of the psjoa.jar must match the version of the installed PeopleSoft target system.
The PeopleSoft User Management connector supports the operations described in the following table.
Table 8-1 PeopleSoft User Management Connector Operations
| Operation | Description |
|---|---|
|
Provisioning |
These provisioning operations are supported:
These provisioning operations are not supported:
|
|
Target reconciliation |
Full and incremental reconciliation operations are supported. The component interface must support the Reconciliation can perform these operations:
See also Customizing the Reconciliation Policy for Target Reconciliation. |
The following table describes the configuration properties for the PeopleSoft User Management connector.
Table 8-2 PeopleSoft User Management Connector Configuration Properties
| Property | Description |
|---|---|
|
Host |
Hostname or IP address of the PeopleSoft target resource. |
|
TCP Port |
Port number on which the PeopleSoft target resource is listening. |
|
User |
ID of a PeopleSoft user with the permissions required to invoke methods on the component interfaces. |
|
Password |
User's password. |
|
Read/Write component interface key |
Component interface that will perform user create, read, and update actions. This component interface must support the |
|
Delete user component interface key |
Component interface that will perform user deletions. This component interface must support the |
This section provides the following security considerations:
Supported Connections for the PeopleSoft User Management Connector
Required Administrative Privileges for the PeopleSoft User Management Connector
Oracle Waveset uses Oracle Jolt to communicate with the PeopleSoft User Management connector.
The administrative user that connects to the PeopleSoft target system must have privileges to perform any action on the USER_PROFILE and DELETE_USER_PROFILE component interfaces.
If the ROLE_MAINT component interface is configured for the connector, the administrator must have privileges to perform actions on this interface too.
To install the PeopleSoft User Management connector in Oracle Waveset, the user must have Oracle Waveset administrator permissions and access to the file system on the specific application server.
The PeopleSoft User Management connector for Oracle Waveset is certified with the following components:
Table 8-3 Certified Components for the PeopleSoft User Management Connector
| Component | Requirement |
|---|---|
|
Oracle Waveset |
Oracle Waveset 8.1.1 Patch 6 |
|
Target systems |
PeopleSoft HRMS 8.9, 9.0, 9.1, and 9.2 |
|
PeopleTools |
PeopleTools 8.48, 8.49, 8.50, 8.51 and 8.53 |
|
Identity Connector Framework (ICF) |
ICF 1.0 or later |
|
JDK |
JDK 1.5 or later If you are using PeopleTools 8.53, see the note in Section 8.3.2, "Installing the PeopleSoft User Management Connector in the Connector Server," for information related to JDK requirement. |
If you currently have the PeopleSoft Component resource adapter deployed, this section describes how to migrate the adapter to the PeopleSoft User Management connector.
The PeopleSoft User Management connector is backwards compatible with the PeopleSoft Component Interface resource adapter. All forms, workflows, and tasks should function the same after you migrate the adapter. However, the connector defines account attributes that were not listed by default in the resource adapter. If you want incorporate any of these attributes into your environment, you might need to update your forms and tasks.
To migrate from a PeopleSoft Component resource adapter, follow these steps:
Make sure you have installed the Oracle Waveset patch shown in Certified Components for the PeopleSoft User Management Connector.
Log in to the Oracle Waveset Administrator interface.
Select the Resources tab and then the Migrate Adapters tab.
Follow the Migration Wizard and provide the values for the PeopleSoft User Managementconnector.
The Migrate Adapters operation automatically migrates the PeopleSoft Component resource adapter to the PeopleSoft User Management connector.
You can deploy the PeopleSoft User Management connector either locally in Oracle Waveset or remotely in the Connector Server, as described in the following sections:
Installing the PeopleSoft User Management Connector in Oracle Waveset
Installing the PeopleSoft User Management Connector in the Connector Server
Postinstallation Tasks for the PeopleSoft User Management Connector
To install the PeopleSoft User Management connector in Oracle Waveset, you must have Oracle Waveset administrator privileges and access to the file system on the application server you are using.
To install the PeopleSoft User Management connector in Oracle Waveset, follow these steps:
Make sure you have installed the Oracle Waveset patch shown in Certified Components for the PeopleSoft User Management Connector.
Stop the Oracle Waveset web application.
Explode the idm.war file.
Copy the PeopleSoft User Management connector bundle JAR file (org.identityconnectors.peoplesoftintfc-version.jar) to the $WSHOME/WEB-INF/bundles directory of the Oracle Waveset web application.
In this step, version represents the connector bundle version. For example: org.identityconnectors.peoplesoftintfc-1.0.5963.jar
Copy the peoplesoftintfc-idmglue.jar file from the PeopleSoft User Management connector glue code/WEB-INF/lib directory to the $WSHOME/WEB-INF/lib directory.
Copy the following XML files from the PeopleSoft User Management connector glue code/sample/connectors directory to the $WSHOME/sample/connectors/peoplesoftintfc-idmglue directory:
PeopleSoftCompIntfcConnectorUserForm.xml
postProcess.xml
preProcess.xml
resourceWizard.xml
migration.xml
Copy the PeopleSoftComponentInterfaces.xml file from the PeopleSoft User Management connector glue code/ sample/connectors directory to the $WSHome/sample directory.
Copy the psjoa.jar file from the PeopleSoft installation media to the $WSHOME/WEB-INF/lib directory. The version of the psjoa.jar must match the version of the installed PeopleSoft target system.
Note:
You can also copy the psjoa.jar file to thePeopleSoft User Management connector bundle /lib directory, which will enable support for different versions of the PeopleSoft target system.
Create a new idm.war file reflecting all of these changes.
Deploy the idm.war file in the application server you are using.
For example, start Oracle WebLogic Server. Go to Deployments->Install and provide the path to the new idm.war war file. Then click Install.
Start the Oracle Waveset web application.
Log in to the Oracle Waveset Administrator interface.
Click the Configure tab and then Import Exchange File.
Select and import the all of the XML files from the previous steps, including PeopleSoftComponentInterfaces.xml, PeopleSoftCompIntfcConnectorUserForm.xml, postProcess.xml, preProcess.xml, resourceWizard.xml, and migration.xml.
Edit the Tabbed User Form as described in Configuring the Tabbed User Form.
Create a PeopleSoft User Management resource by selecting the PeopleSoft User Management connector and following the Create PeopleSoft User Management Connector Resource wizard.
When you configure a resource object, select the following values for attributes:
USER_PROFILE_8_4x for RWCompIntfcKey
org.identityconnectors.peoplesoft.common.mapping.idm.IDMSAXComponentInterfacesFactory for Mapping Class Name
DELETE_USER_PROFILE for DelCompIntfcKey
When you set identity system parameters, specify accountid for the display name attribute.
After you install the PeopleSoft User Management connector see Configuring Account Attributes for the PeopleSoft User Management Connector.
The Connector Server requires a JDK to run. For the JDK requirements, see Certified Components for the PeopleSoft User Management Connector. If necessary, set your JAVA_HOME environment variable to point to your specific installation.
Note:
If you are using PeopleTools 8.53, following is the JDK requirement:
If you are already using a Connector Server, then it is mandatory to use JDK 1.7.0_02 as the minimum version in the Connector Server.
If the you are not using Connector Server and Oracle Waveset is not using JDK 1.7.0_02, then follow one of the below mentioned steps:
Refer the certification matrix and upgrade the JDK version used by Oracle Waveset to JDK 1.7.0_02 if it is supported.
If JDK 1.7.0_02 is not supported for Oracle Waveset, then it is mandatory to use a Connector Server with minimum JDK 1.7.0_02. In addition, create a new Connector Server Definition for the Connector Server and specify it in the PeopleSoft Component Interface Connector Resource.
PeopleSoft User Management Connector Deployment Architecture With the Connector Server
Installing the PeopleSoft User Management Connector in the Connector Server
If you install the PeopleSoft User Management connector in the Connector Server, the following figure shows the distributed deployment architecture.
Figure 8-2 PeopleSoft User Management Connector Deployment Architecture With the Connector Server
A PeopleSoft User Management connector deployment with the Connector Server includes these components:
Machine 1 has Oracle Waveset deployed.
Machine 2 has the PeopleSoft User Management connector installed in the Connector Server. The Connector Server is part of the Identity Connector Framework (ICF).
The PeopleSoft User Management connector bundle is installed in the CONNECTOR_SERVER_HOME/bundles directory.
The appropriate PeopleSoft Java Object Adapter (psjoa.jar) file is installed in the CONNECTOR_SERVER_HOME/lib directory.
Machine 3 has the PeopleSoft HRMS target system deployed.
To install and configure the Connector Server, follow these steps:
Create a new directory on the machine where you want to install the Connector Server. In this section, CONNECTOR_SERVER_HOME represents this directory.
Unzip the Connector Server package in your new directory from Step 1. The Connector Server package is available with the Identity Connector Framework (ICF).
In the ConnectorServer.properties file, set the following properties, as required by your deployment. The ConnectorServer.properties file is located in the conf directory.
| Property | Description |
|---|---|
|
|
Port on which the Connector Server listens for requests. The default is 8759. |
|
|
Directory where the connector bundles are deployed. The default is |
|
|
Directory in which to place dependent libraries. The default is |
|
|
If set to If you specify
|
|
|
Bind address. To set this property, uncomment it in the file (if necessary). The bind address can be useful if there are more NICs installed on the machine. |
|
|
Connector Server key. |
Set the properties in the ConnectorServer.properties file, as follows:
To set connectorserver.key, run the Connector Server with the setKey option.
For all other properties, edit the ConnectorServer.properties file manually.
The conf directory also contains the logging.properties file, which you can edit if required by your deployment.
To run the Connector Server on Windows systems, use the ConnectorServer.bat script as follows:
Make sure that you have set the properties required by your deployment in the ConnectorServer.properties file, as described in Installing and Configuring the Connector Server.
Change to the CONNECTOR_SERVER_HOME\bin directory and find the ConnectorServer.bat script.
The ConnectorServer.bat script supports the following options:
| Option | Description |
|---|---|
/install [serviceName] ["-J java option"] |
Installs the Connector Server as a Windows service. Optionally, you can specify a service name and Java options. If you do not specify a service name, the default name is |
/run ["-J java option"]
|
Runs the Connector Server from the console. Optionally, you can specify Java options. For example, to run the Connector Server with SSL:
ConnectorServer.bat /run
"-J-Djavax.net.ssl.keyStore=mykeystore.jks"
"-J-Djavax.net.ssl.keyStorePassword=password"
|
/setkey [key]
|
Sets the Connector Server key. The |
/uninstall [serviceName]
|
Uninstalls the Connector Server. If you do not specify a service name, the script uninstalls the |
If you need to stop the Connector Server, stop the respective Windows service.
To run the Connector Server on UNIX and Linux systems, use the connectorserver.sh script, as follows:
Make sure that you have set the properties required by your deployment in the ConnectorServer.properties file, as described in Installing and Configuring the Connector Server.
Change to the CONNECTOR_SERVER_HOME/bin directory.
Use the chmod command to set the permissions to make the connectorserver.sh script executable.
Run the connectorserver.sh script. The script supports the following options:
| Option | Description |
|---|---|
|
|
Runs the Connector Server in the console. Optionally, you can specify one or more Java options. For example, to run the Connector Server with SSL:
./connectorserver.sh /run
-J-Djavax.net.ssl.keyStore=mykeystore.jks
-J-Djavax.net.ssl.keyStorePassword=password
|
|
|
Runs the Connector Server in the background. Optionally, you can specify one or more Java options. |
/stop |
Stops the Connector Server, waiting up to 5 seconds for the process to end. |
/stop n
|
Stops the Connector Server, waiting up to |
/stop -force |
Stops the Connector Server. Waits up to 5 seconds and then uses the |
/stop n -force
|
Stops the Connector Server. Waits up to |
/setKey key
|
Sets the Connector Server key. The |
To install the PeopleSoft User Management connector for Oracle Waveset in the Connector Server, follow these steps:
Make sure you have installed Oracle Waveset with the patch shown in Certified Components for the PeopleSoft User Management Connector.
Stop the Connector Server.
Copy the PeopleSoft User Management connector bundle to the CONNECTOR_SERVER_HOME/bundles directory.
Copy the psjoa.jar file to the CONNECTOR_SERVER_HOME/lib directory. The version of the psjoa.jar must match the version of the installed PeopleSoft target system.
Note:
You can also copy the psjoa.jar file to the PeopleSoft User Management connector bundle /lib directory, which will enable support for different versions of the PeopleSoft target system.
Start the Connector Server.
For information about starting and stopping the Connector Server, see Running the Connector Server on Windows Systems or Running the Connector Server on UNIX and Linux Systems.
To configure the Tabbed User Form after you install the PeopleSoft User Management connector, follow these steps:
Go to Oracle Waveset debug page. For example:
http://host_name:port/idm/debug
Select User Form from the drop-down box, which is adjacent to List Objects, and then click on List Objects.
Search for the Tabbed User Form and then click Edit.
Note. Do not select the Dynamic Tabbed User Form or the Tabbed View User Form.
Make the following changes in the Tabbed User Form:
Add the following tag inside the <Include> tag:
<ObjectRef type='UserForm' name='PeopleSoftCompIntfcConnectorUserForm'/>
Find <Field name='_FM_ATTRIBUTES'> and replace the <FormRef ...> attribute with the following attribute:
<FormRef name='PeopleSoftCompIntfcConnectorUserForm'>
<Property name='RESOURCE_NAME' value='name-of-the-resource'/>
</FormRef>
Before starting target reconciliation, edit the Reconciliation Policy in Oracle Waveset for the following reconciliation action rules:
DELETED — Unlink resource account from user
FOUND — Link resource account to user
MISSING — Unlink resource account from user
UNASSIGNED — Link resource account to user
For some deployments, you might want to configure the PeopleSoft User Management connector for different versions of the PeopleSoft target system. For example, you can configure the connector to perform provisioning operations on both PeopleSoft 8.48 and PeopleSoft 8.49 target systems.
To configure the PeopleSoft User Management connector to support multiple versions of the PeopleSoft target system, follow these steps:
Explode the PeopleSoft User Management connector bundle JAR file in a temporary directory. For example:
jar -xvf org.identityconnectors.peoplesoftintfc-1.0.5963.jar
In the META-INF/MANIFEST.MF file, update the version entry to a new value. For example:
ConnectorBundle-Version: 1.0.5964
Copy the appropriate version of the psjoa.jar file to the exploded connector bundle /lib directory.
The version of the psjoa.jar file must match the specific version of the PeopleSoft target system.
Note: Make sure that the psjoa.jar is not in the $WSHOME/WEB-INF/lib directory.
Create a new connector bundle JAR file with a new version in the file name. For example:
jar -cvfm org.identityconnectors.peoplesoftintfc-1.0.5964.jar META-INF/MANIFEST.MF .
Note. Make sure that the manifest file is not overwritten during this step.
Copy the new connector bundle JAR file to the $WSHOME/WEB-INF/bundles directory.
If you are deploying the PeopleSoft User Management connector in the remote Connector Server, copy the new connector bundle JAR file to the CONNECTOR_SERVER_HOME/bundles directory.
Repeat these steps for additional versions of the PeopleSoft target system that you want to support. Each version of the PeopleSoft target system must have a separate connector bundle JAR file.
Login to Oracle Waveset and add a resource of type "PeopleSoft component interfaces connector". The new versions will be appear in the resource wizard.
Select the specific version and configure the new resource.
To configure the PeopleSoft User Management connector user form for an additional target resource, follow these steps:
Open the PeopleSoftCompIntfcConnectorUserForm.xml file (which is included with the PeopleSoft User Management connector).
Change the form name by replacing "PeopleSoftCompIntfcConnectorUserForm" with a new name such as PeopleSoftAPAC.
Update the section head with the new name. For example:
<Field>
<Display class = "SectionHead">
<Property name = "title" value = "PeopleSoftAPAC"/>
</Display>
</Field>
Replace RESOURCE_NAME with RSRC_NAME. This change is required because the parameter is currently shared across forms. A new parameter name must be used for each form reference.
Save the form as a new XML file and import the file into Oracle Waveset.
Repeat these steps for each new PeopleSoft target resource that you want to add.
Edit the Tabbed User Form as follows:
Go to Oracle Waveset debug page. For example:
http://host_name:port/idm/debug
Select User Form from the drop-down box, which is adjacent to List Objects, and then click on List Objects.
Search for the Tabbed User Form and then click Edit.
Edit the Tabbed User Form as follows:
Add the new entry for the form name (similar to first entry). For example:
<Form> <Include>
<ObjectRef type='UserForm' name='PeoplesoftAPAC'/>
</Include>
...
<Field name='_FM_ATTRIBUTES'>
...
<FormRef name='PeoplesoftAPAC'>
<Property name='RSRC_NAME' value='Resource Name'/>
</FormRef>
... </Field>
To display only the form for which the resource is selected, modify the contents associated with the resource. For example:
<Field name='_FM_ATTRIBUTES'>
...
<Field>
<Disable>
<not>
<contains>
<ref>accountInfo.assigned</ref>
<s>Resource Name</s>
</contains>
</not>
</Disable>
<FormRef name='PeoplesoftAPAC'>
<Property name='RSRC_NAME' value='Resource Name'/>
</FormRef>
</Field>
-- </Field>
To prevent showing additional attributes that are not configured in the User Form, remove the following entry:
<FormRef name='MissingFields'/>
Save the Tabbed User Form.
The PeopleSoft User Management connector provides the means to read and write account data on the PeopleSoft resource. The connector must be configured to specify which account attributes Oracle Waveset can manage.
Account Attributes for the PeopleSoft User Management Connector
Connector Component Interfaces for the PeopleSoft User Management
The account attributes for the PeopleSoft User Management connector resource depend on the component interface being managed.
Each entry of the schema map should have a Resource User Attribute name that matches one of the entries in the "properties" list defined for the component interface in the Component Interface Map. When editing the schema map, you can click the Test Configuration button to verify an appropriate match can be found.
If the Resource User Attribute name matches a collection property in the component interface map, the value for the account attribute will be a GenericObject (EmbeddedObject) representation of the collection. For example for manipulating collection properties, see the sample accounts[$(RESOURCE_NAME)].Roles, accounts[$(RESOURCE_NAME)].IDTypes, and accounts[$(RESOURCE_NAME)].EmailAddresses fields in the PeopleSoftCompIntfcConnectorUserForm.
Note:
The default schema map entries that are defined for a new resource instance are appropriate only when used with the default USER_PROFILE and DELETE_USER_PROFILE component interface maps. If you change these maps, or create your own, then you must change your schema map accordingly.
All account attributes are of type String unless otherwise stated.
The account attributes are described in Table 8-4.
Table 8-4 Account Attributes for the PeopleSoft User Management Connector
| Oracle Waveset User Attribute | Resource User Attribute | Description |
|---|---|---|
|
|
|
Description of the user. |
|
|
|
User's symbolic ID. |
|
|
|
Language code associated with this user. |
|
|
|
Another ID for the user. |
|
|
|
ID that sends workflow items. |
|
|
|
Integer. Sets the status of the account. A value of 1 indicates the account is locked (disabled). A value of 0 indicates the account is not locked (enabled). |
|
|
|
Start date associated with the |
|
|
|
End date associated with the |
|
|
|
Type of currency for this user's monetary transactions. |
|
|
|
Optional attribute that indicates if the user is set up to use PeopleSoft with multiple languages. |
|
|
|
Integer. Type of permission list that navigates to a specified home page. |
|
|
|
Integer. Primary Permissions that are assigned to the user. |
|
|
|
Integer. Type of permission list that specifies the process-level security for the user. |
|
|
|
Integer. Provides the row-level security. |
|
|
|
Employee ID assigned to the user. A user can be assigned one or more of these ID types: Different versions of PeopleSoft have different values for the Employee ID field name:
See Modifying the User Form for Different Versions of PeopleSoft. |
|
|
|
Customer ID assigned to the user. The ID type is determined by the |
|
|
|
Customer Set ID assigned to the user. Different versions of PeopleSoft have different values for the Customer Set ID field name:
See Modifying the User Form for Different Versions of PeopleSoft. |
|
|
|
Vendor ID assigned to the user. The ID type is determined by the |
|
|
|
Vendor Set ID assigned to the user. Different versions of PeopleSoft have different values for the Vendor Set ID field name:
See Modifying the User Form for Different Versions of PeopleSoft. |
|
|
|
List of roles assigned to the user. |
|
|
|
Complex email attribute name that contains space for all five email types and their primary markers. |
|
|
Complex attribute determined by |
User's business email address. If this address is the primary email address, check |
|
|
Complex attribute determined by |
User's work email address. If this address is the primary email address, check |
|
|
Complex attribute determined by |
User's home email address. If this address is the primary email address, check |
|
|
Complex attribute determined by |
User's BlackBerry email address. If this address is the primary email address, check |
|
|
Complex attribute determined by |
Any other email address of the user. If this address is the primary email address, check |
|
|
|
User ID at which workflow items are to be redirected. |
|
|
|
User ID to reassign work to. |
|
|
|
Integer. Indicates whether work for this user should be reassigned. The value 1 enables this feature. |
Note:
Configuring Email Addresses. If any of the email address attributes are provided for a user, you must specify one (but only one) as the primary email address by checking the appropriate box.
After you install the PeopleSoft User Management connector, configure the account attributes as follows:
Edit the PeopleSoft User Management connector user form:
Add the attributes to be displayed in the user form in the PeopleSoftCompIntfcConnectorUserForm.xml file.
This file is available in the following directory:
$WSHOME/sample/connectors/peoplesoftintfcidmglue/
Copy the PeopleSoft User Management connector bundle to the $WSHOME/WEB-INF/bundles directory.
Log in to the Oracle Waveset Administrator interface.
Click the Configure tab.
Click Import Exchange File and then import the PeopleSoftCompIntfcConnectorUserForm.xml file.
Link the attributes to the PeopleSoft target system.
Add the newly added attributes in the PeopleSoft User Management connector user form to the $WSHOME/sample/PeopleSoftComponentInterfaces.xml file.
In the Oracle Waveset web application, click the Configure tab.
Click Import Exchange File and then import the PeopleSoftComponentInterfaces.xml file.
Add values for the new attributes. For example, if new attributes are added for the USER_PROFILE_8_4x object, provide a value for the RWIntfcKey attribute USER_PROFILE_8_4x attributes.
Map the entities in Oracle Waveset and the PeopleSoft target system:
In the Oracle Waveset web application, click the Resources tab and then the name of the PeopleSoft User Management connector resource object. The resource type is PeopleSoft Component Interface Connector.
Click Next.
The Read/Write component interface key USER_PROFILE_8_4x is selected by default. The component interface metadata for the profile is displayed in the text area.
Add the newly added attributes and then map each Identity System User Attribute to the corresponding Resource User Attribute.
When you are finished mapping the attributes, click Next and then Save.
The PeopleSoftCompIntfcUserForm.xml sample form is provided in the $WSHOME/sample/connectors/peopleoftintfc-idmglue directory.
The PeopleSoftCompIntfcUserForm.xml is configured by default for the USER_PROFILE component interface. You can edit or replicate this form as required for your deployment.
The following attributes have different form field names for different versions of the PeopleSoft target system:
| Attribute | PeopleSoft Version and Form Field Name Value |
|---|---|
|
Employee ID |
|
|
Customer Set ID and Vendor Set ID |
|
The PeopleSoftCompIntfcUserForm.xml sample form has definitions for PeopleTools 8.50 and 8.51. If you are using PeopleSoft 8.48 or 8.49, follow these steps to modify the definitions:
Edit the PeopleSoftCompIntfcUserForm.xml file and change the form field name values for the Employee ID, Vendor Set ID, and Customer Set ID attributes, as required by your deployment.
For example, the following change is for the Employee ID attribute:
<Field name =
"accounts[$(RESOURCE_NAME)].IDTypes_raw[IDType==EMP].Attributes.AttributeName">
<Default>
<s>EmplID</s>
<!-- Changed the name from Empl ID to EmplID -->
</Default>
</Field>
<Field name =
"accounts[$(RESOURCE_NAME)].IDTypes_raw[IDType==EMP].Attributes.AttributeValue">
<Display class = "Text">
<Property name = "title" value = "Employee ID"/>
</Display>
</Field>
In Oracle Waveset, import the modified PeopleSoftCompIntfcUserForm.xml file.
The PeopleSoft User Management connector performs user provisioning by invoking methods and setting properties on PeopleSoft component interfaces. Component interface definitions are assigned in the PeopleSoft Component Interface configuration object. This object can be modified through the debug pages or with the Waveset IDE. You can also edit a copy of the $WSHOME/sample/PeopleSoftComponentInterfaces.xml file and load that file into Oracle Waveset.
This sectgion includes the following information about configuring and implementing component interfaces with the PeopleSoft User Management connector:
Adding FIND Method Support to the USER_PROFILE Component Interface
Adding New ID Types for the USER_PROFILE Component Interface
Adding New Attributes for the USER_PROFILE Component Interface
The component interface map contains the list of component interfaces available to the connector. The interfaces object contains a list of component interfaces. If you have a custom component interface, you must define your own component interface definition in the map. Edit the PeopleSoft Component Interfaces Configuration object and add your definition as an additional Object into the <List> element under the <Attribute name='interfaces'> element.
Each available component interface has its own definition. Key elements of a component interface definition include:
name. The label of a component interface. It often matches the value of the componentInterface attribute, but this is not a requirement. The value will be displayed in the drop-down menu on the connector's Resource Parameters page.
componentInterface attribute. The name of the component interface, as defined in PeopleSoft.
getKey attribute. The name of the component interface property that is set when performing a PeopleSoft GET operation. If getKey is not defined, then the key attribute is used instead.
findKey attribute. The name of the component interface property that is set when performing a PeopleSoft FIND operation. If findKey is not defined, then the key attribute is used instead.
createKey attribute. The name of the component interface property that is set when performing a PeopleSoft CREATE operation. If createKey is not defined, then key attribute is used instead.
key attribute. Deprecated. Use getKey, findKey, or createKey instead.
properties attribute. A list of properties that can be read or set from the PeopleSoft component interface.
Each Object in the properties list must have the following attribute:
name. The name of the property. This must match exactly with the name of a property exposed by the PeopleSoft component interface identified by the componentInterface property. The names of the properties are candidates to be listed as resource user attributes on the Account Attributes page.
If this a collection property, then you must define additional attributes. A collection property defines its key property and its own nested set of simple and/or complex properties:
isCollection attribute. If the property is a collection, then set this to true.
key attribute. If the property is a collection, set this to the name of the property that uniquely identifies each item of the collection.
properties attribute. The list of properties that can be read/set for each item of the collection. To support arbitrary complexity, each member of this list is an Object with the same allowed attributes as the parent. That is, it can contain its own name, isCollection, key, and properties attributes.
disableRule attribute. An Object that defines the logic to compute and set the user disable state. This attribute contains the following attributes
property attribute. The property to check. The value must be listed in the properties attribute for the componentInterface object.
trueValue attribute. A value that indicates the user is disabled.
falseValue attribute. A value that indicates the user is enabled.
supportedObjectTypes attribute. A list of Oracle Waveset resource objects types that can be accessed through the connector. Each object defines a set of features.
features attribute. A list supported features. Possible feature types include view, get, list, find, create, saveas, update, rename, and delete.
The default Component Interface configuration object defines the following interfaces:
USER_PROFILE. Performs create, read, and update actions.
DELETE_USER_PROFILE. Deletes user accounts.
ROLE_MAINT. Adds support for PeopleSoft roles.
USER_PROFILE Component Interface
The default USER_PROFLE component interface definition is used to perform create, read, and update actions. The key and findKey attributes are set to UserID, because the USER_PROFILE component interface assigns the UserID field for the GETKEYS and FINDKEYS keys.
The default definition for the USER_PROFILE component interface does not define all of the possible properties. It has been simplified to include those used in the sample user form. If you need to add more resource user attributes to the Account Attributes page, then the component interface definition must be updated first. A resource user attribute cannot be added to that page unless it is listed in the component interface definition.
Most properties are defined in USER_PROFILE are simple objects. However, the IDTypes and Roles objects are collections and can have multiple values. IDTypes contains a collection of its own, Attributes. These objects must include the isCollection attribute, the key name for the collection, and at least one property.
DELETE_USER_PROFILE Component Interface
The DELETE_USER_PROFILE component interface definition is used to delete user profile definitions. The OPRID key determines which user profile is to be deleted. Since the component interface does not have properties, none are listed in the definition.
ROLE_MAINT Component Interface
The ROLE_MAINT component interface definition is part of a sample implementation that illustrates how Oracle Waveset can be configured to list role resource objects. Other resource objects can be listed by following the general guidelines listed below and modifying the ROLE_MAINT example to match your requirements.
The ROLE_MAINT component interface definition has the following characteristics:
The findKey and getKey attributes are assigned to ROLENAME because ROLENAME is the primary key for FINDKEYS and GETKEYS.
DESCR and ROLESTATUS are also keys in FINDKEYS, but since they are not primary keys, they are not listed as values for findKey. Instead, they are listed in the properties section.
The supportedObjectTypes attribute defines the Role object. The Role object supports the find and get features.
The PeopleSoft Component Interface resource XML can be edited so that resource objects can be managed. Use the debug pages or the Waveset IDE to add an ObjectType element. For example, to add support for the Role resource object, add an ObjectType element similar to the following example:
<ObjectTypes>
<ObjectType name='Role' icon='role'>
<ObjectFeatures>
<ObjectFeature name='find'/>
</ObjectFeatures>
<ObjectAttributes idAttr='ROLENAME' displayNameAttr='ROLENAME' descriptionAttr='DESCR'>
<ObjectAttribute name='ROLENAME' type='string'/>
<ObjectAttribute name='DESCR' type='string'/>
<ObjectAttribute name='ROLESTATUS' type='string'/>
</ObjectAttributes>
</ObjectType>
</ObjectTypes>
The ObjectType name (for example, Role) must match the name of one of the objects in the supportedObjectTypes list of exactly one component interface definition. Each ObjectFeature (for example, find) must have a corresponding feature in the features list in that same supportedObjectTypes. The matched component interface is used to perform the resource feature. (If there are multiple matches, the first one found will be used.)
The following example is part of the component interface definition for the ROLE_MAINT component interface in the component interface map. Note that the Object name Role is found and that an item in the features list is named find.
<Attribute name='supportedObjectTypes' >
<List>
<Object name='Role'>
<Attribute name='features' >
<List>
<Object name='find' />
<Object name='get' />
</List>
</Attribute>
</Object>
</List>
</Attribute>
User Form
The following user form fragment can be used to retrieve a list of PeopleSoft roles. Note that ROLENAME and DESCR attributes are being fetched.
<invoke name='getResourceObjects' class='com.waveset.ui.FormUtil'>
<ref>:display.session</ref>
<s>Role</s>
<s>PeopleSoft Component Interface</s>
<map>
<s>searchAttrsToGet</s>
<list>
<s>ROLENAME</s>
<s>DESCR</s>
</list>
</map>
</invoke>
The default USER_PROFILE component interface does not support the FIND method. However, the PeopleSoft Component Interface adapter requires the FIND method in order to support account iteration and list.
To add FIND method support to an existing USER_PROFILE component interface, follow these steps:
Load the USER_PROFILE component interface in the PeopleSoft Application Designer.
On the left window (which shows the USERMAINT Component), select the OPRID field under the PSOPRDEFN_SRCH object.
Drag this field over to the right window (which shows the USER_PROFILE component interface).
When you drop the field, a new key called FINDKEYS will be created in the USER_PROFILE CI. Under that key, there will be a sub-key called OPRID.
Right-click on the OPRID name under FINDKEYS, and select Edit Name. Change the name to UserID.
Right click on USER_PROFILE CI and select Component Interface Properties. Select the Standard Methods tab, then select the Find checkbox. Click OK to close the Component Interface Properties dialog.
Save your changes to the USER_PROFILE component interface.
The Find method is now visible under the METHODS field for the component interface. To verify the functionality of the new FIND method, right-click on the component interface and select Test Component Interface.
Note:
A PeopleSoft administrator should grant Full Access to the FIND method for the component interface (in addition to the Create, Get, Save, and SetPassword methods).
To add a new ID type for the USER_PROFILE component interface, follow these steps:
In the PeopleSoft Application Designer, use the component interface tester to determine the values for ID Type and Attribute Name.
The definition for ID Types is already in the PeopleSoftComponentInterfaces.xml file, so you don't have to modify this file.
Modify the PeopleSoftCompIntfcConnectorUserForm.xml file to include the new ID type.
Since the ID Type is a complex attribute, you must define a field for the ID type in the user form and then add a conditional expression. The following example shows how a new field is added for ID type "Equation Sql Auth Classes" found in the ID tab of the use profile followed by a conditional expression:
<Field name =
"accounts[$(RESOURCE_NAME)].IDTypes_raw[IDType==EQS].Attributes.AttributeName">
<Default>
<s>Operator Alias Value</s>
</Default>
</Field>
<Field name =
"accounts[$(RESOURCE_NAME)].IDTypes_raw[IDType==EQS].Attributes.AttributeValue">
<Display class = "Text">
<Property name = "title" value = "EQS ID"/>
</Display>
</Field>
<cond>
<notnull>
<ref>
accounts[
<ref>RESOURCE_NAME</ref>
].IDTypes_raw[IDType==EQS].Attributes.AttributeValue
</ref>
</notnull>
<new class = "com.waveset.object.GenericAttribute">
<block>
<defvar name = "IDTypes">
<new class = "com.waveset.object.GenericObject"/>
</defvar>
<set>
<ref>IDTypes</ref>
<s>Attributes</s>
<block>
<defvar name = "IDTypes_Attribute">
<new class = "com.waveset.object.GenericObject"/>
</defvar>
<set>
<ref>IDTypes_Attribute</ref>
<s>AttributeValue</s>
<ref>
accounts[
<ref>RESOURCE_NAME</ref>
].IDTypes_raw[IDType==EQS].Attributes.AttributeValue
</ref>
</set>
<set>
<ref>IDTypes_Attribute</ref>
<s>AttributeName</s>
<ref>
accounts[
<ref>RESOURCE_NAME</ref>
].IDTypes_raw[IDType==EQS].Attributes.AttributeName
</ref>
</set>
<ref>IDTypes_Attribute</ref>
</block>
</set>
<set>
<ref>IDTypes</ref>
<s>IDType</s>
<ref>
accounts[
<ref>RESOURCE_NAME</ref>
].IDTypes_raw[IDType==EQS].IDType
</ref>
</set>
<ref>IDTypes</ref>
</block>
</new>
</cond>
After you are finished, save the PeopleSoftCompIntfcConnectorUserForm.xml file.
Login to Oracle Waveset, navigate to Configure -> Import Exchange File, and then import the modified PeopleSoftCompIntfcConnectorUserForm.xml file.
To add a new attribute for the USER_PROFILE component interface, follow these steps:
Using the PeopleSoft Application Designer, add the new attribute to the PROPERTIES list and save it. Note the value of the new attribute under the Name column, because this value will be specified later in the XML file.
Using the Component Interface tester, ensure that you can perform find, create, get, save operations for the newly added attribute.
Define the new attribute in the PeopleSoftComponentInterfaces.xml file. Configurations added in the XML file for "Default Mobile page" are present in the user profile General tab. For example:
<Attribute name="properties">
<List>
...
<Object name="MPDEFAULMP"/>
...
</List>
</Attribute>
After you are finished, save the PeopleSoftComponentInterfaces.xml file.
Login to Oracle Waveset, navigate to Configure -> Import Exchange File, and then import the modified PeopleSoftComponentInterfaces.xml file.
Modify the PeopleSoftCompIntfcConnectorUserForm.xml file. Configurations added in the XML file for the "Default Mobile page" field are present in the user profile General tab. For example:
...
<Field name = "accounts[$(RESOURCE_NAME)].MPDEFAULMP">
<Display class = "Text">
<Property name = "title" value = "Default Mobile page"/>
</Display>
</Field>
...
After you are finished, save the PeopleSoftCompIntfcConnectorUserForm.xml file.
Login to Oracle Waveset, navigate to Configure -> Import Exchange File, and then import the modified PeopleSoftCompIntfcConnectorUserForm.xml file.
This section describes the following troubleshooting options:
Use the Oracle Waveset debug pages to set trace options on the following class:
org.identityconnectors.peoplesoft.compintfc
To set the logging options for the Connector Server, edit the properties in the CONNECTOR_SERVER_HOME/conf/logging.properties file. See Installing and Configuring the Connector Server.
For more information about enabling Oracle Waveset tracing and setting the tracing levels, see "Tracing Waveset Objects and Activities," in the Oracle Waveset 8.1.1 System Administrator's Guide in the following library:
To increase the Resource Timeout value, which is needed for target reconciliation, follow these steps:
Go to the Oracle Waveset debug page. For example:
http://host:port/idm/debug
Change to configuration against the List Objects option.
Click on List Objects.
Click Edit on Reconcile Configuration.
Change List Timeout by adding 40 seconds.
Save your change and then run reconciliation.
The PeopleSoft User Management connector has the following known issue:
During the reconciliation of user profiles, users with names starting with a wildcard character such as _ or % do not get reconciled in Oracle Waveset. For example, a name such as _firstname_lastname does not get reconciled. This problem occurs because the escape characters specified in PeopleBooks such as //, -, ", and _ are not functioning properly.
Workaround. Do not specify a user name that starts with a wildcard character that must be escaped during reconciliation.
|
 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|