Sun[TM] Identity Manager 8.0 Resources Reference |
PeopleSoft Component InterfaceThe PeopleSoft Component Interface adapter is defined in the com.waveset.adapter.PeopleSoftCompIntfcAdapter class.
This resource adapter manages data in PeopleSoft via component interfaces. It can also manage additional PeopleSoft applications (such as HR and Financials) if these applications are installed on a system with a supported version of PeopleTools.
Resource Configuration Notes
The PeopleSoft Component Interface adapter is configured by default to support the USER_PROFILE and DELETE_USER_PROFILE component interfaces. The adapter can also use custom component interfaces to create, read, and update account data if the component interface supports the following methods:
To delete accounts, the custom component interface must support the following methods:
In addition, the user specified on the Resource Parameters page must have permission to execute the methods of the invoked component interfaces.
Identity Manager Installation Notes
The PeopleSoft Component Interface adapter is a custom adapter. You must perform the following steps to complete the installation process:
- Copy the following file from the PeopleSoft installation media to the $WSHOME/WEBINF/lib directory:
psjoa.jar
- To add this resource to the Identity Manager resources list, you must add the following value in the Custom Resources section of the Configure Managed Resources page:
com.waveset.adapter.PeopleSoftCompIntfcAdapter
Usage Notes
The PeopleSoft Component Interface adapter accomplishes user provisioning by invoking methods and setting properties on PeopleSoft component interfaces. Component interface definitions are assigned in the PeopleSoft Component Interface configuration object. This object can be modified via the debug pages or with the Identity Manager IDE. You can also edit a copy of the $WSHOME/sample/PeopleSoftComponentInterfaces.xml file and load that file into Identity Manager.
For more information about configuring and implementing component interfaces with this adapter, see the following sections:
Component Interface Map Definitions
The component interface map contains the list of component interfaces available to the adapter.
- interfaces object — Contains a list of component interfaces. If you have a custom component interface, you must define your own component interface definition in the map. Edit the PeopleSoft Component Interfaces Configuration object and add your definition as an additional Object into the <List> element under the <Attribute name='interfaces'> element.
Each available component interface has its own definition. Key elements of a component interface definition include:
- name — The label of a component interface. It often matches the value of the componentInterface attribute, but this is not a requirement. The value will be displayed in the drop-down menu on the adapter’s Resource Parameters page.
- componentInterface attribute — The name of the component interface, as defined in PeopleSoft.
- getKey attribute — The name of the component interface property that is set when performing a PeopleSoft GET operation. If getKey is not defined, then the key attribute is used instead.
- findKey attribute — The name of the component interface property that is set when performing a PeopleSoft FIND operation. If findKey is not defined, then the key attribute is used instead.
- createKey attribute — The name of the component interface property that is set when performing a PeopleSoft CREATE operation. If createKey is not defined, then key attribute is used instead.
- key attribute — Deprecated. Use getKey, findKey, or createKey instead.
- properties attribute — A list of properties that can be read or set from the PeopleSoft component interface.
Each Object in the properties list must have the following attribute:
If this a collection property, then you must define additional attributes. A collection property defines its key property and its own nested set of simple and/or complex properties:
- isCollection attribute — If the property is a collection, then set this to true.
- key attribute — If the property is a collection, set this to the name of the property which uniquely identifies each item of the collection.
- properties attribute — The list of properties which can be read/set for each item of the collection. To support arbitrary complexity, each member of this list is an Object with the same allowed attributes as the parent. That is, it can contain its own name, isCollection, key, and properties attributes.
- disableRule attribute — An Object that defines the logic to compute and set the user disable state. This attribute contains the following attributes
- supportedObjectTypes attribute — A list of Identity Manager resource objects types that can be accessed via the adapter. Each object defines a set of features.
Default Component Interfaces Supported
The default Component Interface configuration object defines the following interfaces:
USER_PROFILE Component Interface
The default USER_PROFLE component interface definition is used to perform create, read, and update actions. The key and findKey attributes are set to UserID, because the USER_PROFILE component interface assigns the UserID field for the GETKEYS and FINDKEYS keys.
The default definition for the USER_PROFILE component interface does not define all of the possible properties. It has been simplified to include those used in the sample user form. If you need to add more resource user attributes to the Account Attributes page, then the component interface definition must be updated first. A resource user attribute cannot be added to that page unless it is listed in the component interface definition.
Most properties are defined in USER_PROFILE are simple objects. However, the IDTypes and Roles objects are collections and can have multiple values. IDTypes contains a collection of its own, Attributes. These objects must include the isCollection attribute, the key name for the collection, and at least one property.
DELETE_USER_PROFILE Component Interface
The DELETE_USER_PROFILE component interface definition is used to delete user profile definitions. The OPRID key determines which user profile is to be deleted. Since the component interface does not have properties, none are listed in the definition.
ROLE_MAINT Component Interface
The ROLE_MAINT component interface definition is part of a sample implementation that illustrates how Identity Manager can be configured to list role resource objects. Other resource objects can be listed by following the general guidelines listed below and modifying the ROLE_MAINT example to match your requirements.
The ROLE_MAINT component interface definition has the following characteristics of note:
- The findKey and getKey attributes are assigned to ROLENAME because ROLENAME is the primary key for FINDKEYS and GETKEYS.
- DESCR and ROLESTATUS are also keys in FINDKEYS, but since they are not primary keys, they are not listed as values for findKey. Instead, they are listed in the properties section.
- The supportedObjectTypes attribute defines the Role object. The Role object supports the find and get features.
Adding FIND Method Support to the USER_PROFILE Component Interface
The default USER_PROFILE component interface does not support the FIND method. However, the PeopleSoft Component Interface adapter requires the FIND method in order to support account iteration and list.
Use the following steps to to add FIND method support to an existing USER_PROFILE component interface.
- Load the USER_PROFILE componenent interface in the PeopleSoft Application Designer.
- On the left window (which shows the USERMAINT Component), select the OPRID field under the PSOPRDEFN_SRCH object.
Drag this field over to the right window (which shows the USER_PROFILE CI).
When you drop the field, a new key called FINDKEYS will be created in the USER_PROFILE CI. Under that key, there will be a sub-key called OPRID.
- Right-click on the OPRID name under FINDKEYS, and select Edit Name. Change the name to UserID.
- Right click on USER_PROFILE CI and select Component Interface Properties. Select the Standard Methods tab, then select the Find checkbox. Click OK to close the Component Interface Properties dialog.
- Save your changes to the USER_PROFILE component interface.
The Find method is now visible under the METHODS field for the component interface. To verify the functionality of the new FIND method, right-click on the component interface and select Test Component Interface.
Note
A PeopleSoft administrator should grant Full Access to the Find method for the component interface (in addition to the Create, Get, Save, and SetPassword methods).
PeopleSoft Component Interface Resource Objects
The XML of a PeopleSoft Component Interface resource can be edited so that resource objects can be managed. Use the debug pages or Identity Manager IDE to add an ObjectType element.
For example, to add support for the Role resource object, add an ObjectType element similar to the following.
<ObjectTypes>
<ObjectType name='Role' icon='role'>
<ObjectFeatures>
<ObjectFeature name='find'/>
</ObjectFeatures>
<ObjectAttributes idAttr='ROLENAME' displayNameAttr='ROLENAME' descriptionAttr='DESCR'>
<ObjectAttribute name='ROLENAME' type='string'/>
<ObjectAttribute name='DESCR' type='string'/>
<ObjectAttribute name='ROLESTATUS' type='string'/>
</ObjectAttributes>
</ObjectType>
</ObjectTypes>The ObjectType name (for example, Role) must match the name of one of the objects in the supportedObjectTypes list of exactly one component interface definition. Each ObjectFeature (for example, find) must have a corresponding feature in the features list in that same supportedObjectTypes. The matched component interface will be the one used to perform the resource feature. (If there are multiple matches, the first one found will be used.)
The following example is part of the component interface definition for the ROLE_MAINT component interface in the component interface map. Note that the Object name Role is found and that an item in the features list is named find.
<Attribute name='supportedObjectTypes' >
<List>
<Object name='Role'>
<Attribute name='features' >
<List>
<Object name='find' />
<Object name='get' />
</List>
</Attribute>
</Object>
</List>
</Attribute>User Form
The following user form fragment can be used to retrieve a list of PeopleSoft roles. Note that ROLENAME and DESCR attributes are being fetched.
<invoke name='getResourceObjects' class='com.waveset.ui.FormUtil'>
<ref>:display.session</ref>
<s>Role</s>
<s>PeopleSoft Component Interface</s>
<map>
<s>searchAttrsToGet</s>
<list>
<s>ROLENAME</s>
<s>DESCR</s>
</list>
</map>
</invoke>Security Notes
This section provides information about supported connections and privilege requirements.
Supported Connections
Identity Manager uses the Client Connection Toolkit (Read/Write) to communicate with this adapter.
Required Administrative Privileges
The user that connects to PeopleSoft must be assigned to a PeopleSoft role which can access the methods of the managed component interface(s).
Provisioning Notes
The following table summarizes the provisioning capabilities of this adapter.
Account Attributes
The account attributes for the PeopleSoft Component Interface resource depend on the component interface being managed.
Each entry of the schema map should have a Resource User Attribute name that matches one of the entries in the “properties” list defined for the component interface in the Component Interface Map. When editing the schema map, you can click the Test Configuration button to verify an appropriate match can be found.
If the Resource User Attribute name matches a collection property in the component interface map, the value for the account attribute will be an XML string representation of the collection. For examples of manipulating collection properties, see the sample user form field accounts[PeopleSoft Component Interface].ps_roles.
All account attributes are of type String.
Resource Object Management
None
Identity Template
$accountId$
Sample Forms
The following forms are provided in the $WSHOME/sample/forms directory:
This user form will function as expected only if the USER_PROFILE component interface is being managed, and if the default account attributes are used. This form assumes that you have added the email account attribute to the schema map.
The EmailAddress attribute is only available on older PeopleTools releases. Check with your PeopleTools administator to determine if you USER_PROFILE supports EmailAddress.
If you are managing a different component interface or using a different schema map, the user form must be changed accordingly.
This user form will function as expected only if the USER_PROFILE component interface is being managed. This form assumes that you have added the EmailAddresses account attribute to the schema map.
The EmailAddresses attribute is only available on new 8.4x PeopleTools releases. Check with your PeopleTools administator to determine if you USER_PROFILE supports EmailAddresses.
Troubleshooting
Use the debug pages to set trace options on the following class:
com.waveset.adapter.PeopleSoftCompIntfcAdapter