 Home |  Book List |  Contents |  Contact Us |
Go to main content
|
|
After you deploy the connector, you can configure it to meet your requirements.
This topic discusses the following optional configuration procedures:
Note:
From Oracle Identity Manager Release 11.1.2 onward, lookup queries are not supported. See Managing Lookups in Oracle Fusion Middleware Administering Oracle Identity Manager for information about managing lookups by using the Form Designer in the Oracle Identity Manager System Administration console.
By default, the mandatory attributes listed in Table 4-12 are mapped for trusted source reconciliation between Oracle Identity Manager and the target system. To add new fields for trusted source reconciliation:
Add the new field on the OIM User process form. See Configuring Custom Attributes in Oracle Fusion Middleware Administering Oracle Identity Manager for information on creating UDFs.
Note:
If the new field that you want to add is already present on the OIM User field, then skip this step and proceed to the next step.
Log in to the Design Console.
In the resource object definition, add the reconciliation field corresponding to the attribute as follows:
Expand the Resource Management folder, and then double-click Resource Objects.
Search for and open the resource object corresponding to your target system.
On the Object Reconciliation tab, click Add Field to open the Add Reconciliation Field dialog box.
Specify a value for the field name. For example, Building.
From the Field Type list, select a data type for the field. In addition, if you want to designate the attribute as a mandatory attribute, then select the check box.
Click the Save icon, and then close the dialog box.
Click the Save icon.
Create a reconciliation field mapping in the process definition as follows:
Expand the Process Management folder, and then double-click Process Definition.
Search for and open the process definition for your target system.
On the Reconciliation Field Mapping tab, click Add Field Map.
From the Field Name list in the Add Reconciliation Field Mapping dialog box, select the name that you have assigned to the attribute created in the resource object.
Select a value from the User Attribute menu and click OK.
If the field mapping is a key field for matching the process data, check the key Field for Reconciliation matching check box.
Click the Save icon.
Create a reconciliation profile as follows:
Expand the Resource Management folder, and then double-click Resource Objects.
Search for and open the resource object corresponding to your target system.
On the Object Reconciliation tab, click Create Reconciliation Profile. This copies changes made to the resource object into the MDS.
Click the Save icon.
Add an entry for the attribute in the lookup definition for reconciliation attribute mapping as follows:
Expand the Administration folder, and then double-click Lookup Definition.
Search for and open the Lookup.RESOURCE.UM.ReconAttrMap lookup definition.
To add a row, click Add.
In the Code Key column, enter the name that you have set for the attribute in the resource object. For example, Building.
In the Decode column, enter the corresponding name of the target system column. For example, BUILDING.
Click the Save icon.
While generating the connector by performing the procedures described in Generating the Database Application Tables Connector, you create mappings between the OIM User fields and the corresponding target system fields (columns) by specifying a value for the alias entry. If there are additional target system fields that you want to use during target resource reconciliation, then you can extend the set of fields by creating custom or user-defined fields (UDFs).
To add a custom field for reconciliation:
Log in to the Design Console.
In the resource object definition, add the reconciliation field corresponding to the attribute as follows:
Expand the Resource Management folder, and then double-click Resource Objects.
Search for and open the resource object corresponding to your target system.
On the Object Reconciliation tab, click Add Field to open the Add Reconciliation Field dialog box.
Specify a value for the field name. For example, Building.
From the Field Type list, select a data type for the field. In addition, if you want to designate the attribute as a mandatory attribute, then select the check box.
Click the Save icon, and then close the dialog box.
Click the Save icon.
Add an entry for the attribute in the lookup definition for reconciliation attribute mapping as follows:
Expand the Administration folder, and then double-click Lookup Definition.
Search for and open the Lookup.RESOURCE.UM.ReconAttrMap lookup definition.
To add a row, click Add.
In the Code Key column, enter the name that you have set for the attribute in the resource object. For example, Building.
In the Decode column, enter the corresponding name of the target system column. For example, BUILDING.
Click the Save icon.
Add the attribute as a field on the process form as follows:
Expand the Development Tools folder, and then double-click Form Designer.
Search for and open the process form for your target system.
Click Create New Version to create a version of the process form. Then, enter a version name and click the Save icon.
Click Add.
In the newly added row, enter values for the Name, Variant Type, Field Label, and Field Type columns. If required, enter values for the rest of the columns.
Note:
If the attribute on the target system is of the Time, or Timestamp format, then set the value of the Variant Type column to String.
If you want to handle date attributes of the target system as a date editor, then set the value of the Variant Type column to Date. Otherwise, set it to String.
Click the Save icon.
Click Make Version Active to activate the new version of the process form.
Create a reconciliation field mapping in the process definition as follows:
Expand the Process Management folder, and then double-click Process Definition.
Search for and open the process definition for your target system.
On the Reconciliation Field Mapping tab, click Add Field Map.
From the Field Name list in the Add Reconciliation Field Mapping dialog box, select the name that you have assigned to the attribute created in the resource object.
Double-click the Process Data Field, a new pop-up will appear. The entries in the pop-up correspond to the process form fields.
Select the corresponding newly added field from the pop-up.
If the field mapping is a key field for matching the process data, check the key Field for Reconciliation matching check box.
Click the Save icon.
Create a reconciliation profile as follows:
Expand the Resource Management folder, and then double-click Resource Objects.
Search for and open the resource object corresponding to your target system.
On the Object Reconciliation tab, click Create Reconciliation Profile. This copies changes made to the resource object into the MDS.
Click the Save icon.
Perform all changes made to the Form Designer of the Design Console (in Step 4) in a new UI form as follows:
Log in to Oracle Identity System Administration.
Create and active a sandbox. See Creating and Activating a Sandbox for more information.
Create a new UI form to view the newly added field along with the rest of the fields. See Creating a New UI Form for more information about creating a UI form.
Associate the newly created UI form with the application instance of your target system. To do so, open the existing application instance for your resource, from the Form field, select the form (created in Step 7.7.c), and then save the application instance.
Publish the sandbox. See Publishing a Sandbox for more information.
Add the attribute for provisioning. Adding Custom Fields for Provisioning for detailed information about the procedure.
While generating the connector, you create mappings between the OIM User fields and the corresponding target system fields (columns) by specifying a value for the alias entry. If there are additional target system fields that you want to use during target resource reconciliation, then you can extend the set of fields by creating custom or user-defined fields (UDFs).
To add a new user-defined field for provisioning:
Add the attribute as a field on the process form as follows:
Note:
Directly proceed to the next step if you have already added the field to the process form while performing the procedure described in Adding Custom Fields for Target Resource Reconciliation.Expand Development Tools, and then double-click Form Designer.
Search for and open the process form for your target system.
Click Create New Version to create a version of the form. Then, enter a version name and click the Save icon.
Click Add.
In the newly added row, enter values for the Name, Variant Type, Field Label, and Field Type columns. If required, enter values for the rest of the columns.
Note:
If the attribute on the target system is of the Time, or Timestamp format, then set the value of the Variant Type column to String.
If you want to handle date attributes of the target system as a date editor, then set the value of the Variant Type column to Date. Otherwise, set it to String.
Click the Save icon.
Click Make Version Active to activate the new version of the process form.
Perform all changes made to the Form Designer of the Design Console (in Step 1) in a new UI form as follows:
Log in to Oracle Identity System Administration.
Create and active a sandbox. See Creating and Activating a Sandbox for more information.
Create a new UI form to view the newly added field along with the rest of the fields. See Creating a New UI Form for more information about creating a UI form.
Associate the newly created UI form with the application instance of your target system. To do so, open the existing application instance for your resource, from the Form field, select the form (created in Step 2.2.c), and then save the application instance.
Publish the sandbox. See Publishing a Sandbox for more information.
Add an entry in the lookup definition for provisioning attribute mappings as follows:
Expand Administration, and then double-click Lookup Definition.
Search for and open the Lookup.RESOURCE.UM.ProvAttrMap lookup definition.
To add a row, click Add.
In the Code Key column, enter the field label for the attribute on the process form. See Step 1 for information about this field name.
In the Decode column, enter the corresponding name of the target system column. For example, BUILDING.
Click the Save icon.
To enable updates of the attribute, add an update process task in the process definition as follows:
Expand Process Management, and then double-click Process Definition.
Search for and open the process definition for your target system.
On the Tasks tab, click Add.
On the General tab of the dialog box that is displayed, enter a name and description for the task, and then select the following fields in the Task Properties section:
Conditional
Required for Completion
Allow Cancellation while Pending
Allow Multiple Instances
Note:
The name must be in the
PROCESS_FORM_FIELD_NAME Updated format.Click the Save icon.
On the Integration tab, attach the adapter responsible for performing the update account provisioning operations and map the adapter variables as listed in the following table:
| Variable Name | Data Type | Map To | Qualifier | Literal Value |
|---|---|---|---|---|
|
processKeyInstance |
Long |
Process Data |
Process Instance |
NA |
|
Adapter return value |
Object |
Response Code |
NA |
NA |
|
objectType |
String |
Literal |
String |
User |
|
attrFieldName |
String |
Literal |
String |
Building |
|
itResourceFieldName |
String |
Literal |
String |
IT Resource Form Field Name |
Click the Save icon.
On the Response tab, add appropriate responses.
Click the Save icon.
Click the Save icon and then close the dialog box.
Adding the attribute for reconciliation.
When you add an attribute on the process form, you must also enable reconciliation of values for that attribute from the target system. See Adding Custom Fields for Target Resource Reconciliation for more information.
You can configure transformation of reconciled single-valued data according to your requirements. For example, you can use First Name and Last Name values to create a value for the Full Name field in Oracle Identity Manager.
Note:
This section describes an optional procedure. Perform this procedure only if you want to configure transformation of data during reconciliation.To configure transformation of data:
Write code that implements the required transformation logic in a Java class.
The following sample transformation class creates a value for the Full Name attribute by using values fetched from the FIRST_NAME and LAST_NAME columns of the target system:
package oracle.iam.connectors.common.transform;
import java.util.HashMap;
public class TransformAttribute {
/*
Description:Abstract method for transforming the attributes
param hmUserDetails<String,Object>
HashMap containing parent data details
param hmEntitlementDetails <String,Object>
HashMap containing child data details
*/
public Object transform(HashMap hmUserDetails, HashMap hmEntitlementDetails,String sField) {
/*
* You must write code to transform the attributes.
Parent data attribute values can be fetched by
using hmUserDetails.get("Field Name").
*To fetch child data values, loop through the
* ArrayList/Vector fetched by hmEntitlementDetails.get("Child Table")
* Return the transformed attribute.
*/
String sFirstName= (String)hmUserDetails.get("First Name");
String sLastName= (String)hmUserDetails.get("Last Name");
String sFullName=sFirstName+"."+sLastName;
return sFullName;
}
}
Create a JAR file to hold the Java class.
Run the Oracle Identity Manager Upload JARs utility to post the JAR file to the Oracle Identity Manager database. This utility is copied into the following location when you install Oracle Identity Manager:
Note:
Before you use this utility, verify that theWL_HOME environment variable is set to the directory in which Oracle WebLogic Server is installed.For Microsoft Windows:
OIM_HOME/server/bin/UploadJars.bat
For UNIX:
OIM_HOME/server/bin/UploadJars.sh
When you run the utility, you are prompted to enter the login credentials of the Oracle Identity Manager administrator, URL of the Oracle Identity Manager host computer, context factory value, type of JAR file being uploaded, and the location from which the JAR file is to be uploaded. Specify 1 as the value of the JAR type.
Create a lookup definition for transformation and add an entry to it as follows:
Log in to the Design Console.
Expand Administration, and then double-click Lookup Definition.
In the Code field, enter Lookup.RESOURCE.UM.ReconTransformation as the name of the lookup definition.
Select the Lookup Type option.
On the Lookup Code Information tab, click Add.
A new row is added.
In the Code Key column, enter the name of the resource object field into which you want to store the transformed value. For example: FirstName.
In the Decode column, enter the name of the class that implements the transformation logic. For example, oracle.iam.connectors.common.transform.TransformAttribute.
Save the changes to the lookup definition.
Add an entry in the Lookup.RESOURCE.UM.Configuration lookup definition to enable transformation as follows:
Expand Administration, and then double-click Lookup Definition.
Search for and open the Lookup.RESOURCE.UM.Configuration lookup definition.
Create an entry that holds the name of the lookup definition used for transformation as follows:
Code Key: Recon Transformation Lookup
Decode: Lookup.RESOURCE.UM.ReconTransformation
Save the changes to the lookup definition.
You can configure validation of reconciled and provisioned single-valued data according to your requirements.
For example, you can validate data fetched from the FIRST_NAME column to ensure that it does not contain the number sign (#). In addition, you can validate data entered in the First Name field on the process form so that the number sign (#) is not sent to the target system during provisioning operations.
For data that fails the validation check, the following message is displayed or recorded in the log file:
oracle.iam.connectors.icfcommon.recon.SearchReconTask : handle : Recon event skipped, validation failed [Validation failed for attribute: [FIELD_NAME]]
Note:
This feature cannot be applied to the Locked/Unlocked status attribute of the target system.To configure validation of data:
Write code that implements the required validation logic in a Java class.
The following sample validation class checks if the value in the First Name attribute contains the number sign (#):
package com.validate;
import java.util.*;
public class MyValidation {
public boolean validate(HashMap hmUserDetails,
HashMap hmEntitlementDetails, String field) {
/*
* You must write code to validate attributes. Parent
* data values can be fetched by using hmUserDetails.get(field)
* For child data values, loop through the
* ArrayList/Vector fetched by hmEntitlementDetails.get("Child Table")
* Depending on the outcome of the validation operation,
* the code must return true or false.
*/
/*
* In this sample code, the value "false" is returned if the field
* contains the number sign (#). Otherwise, the value "true" is
* returned.
*/
boolean valid=true;
String sFirstName=(String) hmUserDetails.get(field);
for(int i=0;i<sFirstName.length();i++){
if (sFirstName.charAt(i) == '#'){
valid=false;
break;
}
}
return valid;
}
}
Create a JAR file to hold the Java class.
Run the Oracle Identity Manager Upload JARs utility to post the JAR file to the Oracle Identity Manager database. This utility is copied into the following location when you install Oracle Identity Manager:
Note:
Before you use this utility, verify that theWL_HOME environment variable is set to the directory in which Oracle WebLogic Server is installed.For Microsoft Windows:
OIM_HOME/server/bin/UploadJars.bat
For UNIX:
OIM_HOME/server/bin/UploadJars.sh
When you run the utility, you are prompted to enter the login credentials of the Oracle Identity Manager administrator, URL of the Oracle Identity Manager host computer, context factory value, type of JAR file being uploaded, and the location from which the JAR file is to be uploaded. Specify 1 as the value of the JAR type.
If you created the Java class for validating a process form field for reconciliation, then:
Log in to the Design Console.
Expand Administration, and then double-click Lookup Definition.
In the Code field, enter Lookup.RESOURCE.UM.ReconValidation as the name of the lookup definition.
Select the Lookup Type option.
On the Lookup Code Information tab, click Add.
A new row is added.
In the Code Key column, enter the resource object field name. For example, First Name.
In the Decode column, enter the class name. For example, com.validate.MyValidation.
Save the changes to the lookup definition.
Search for and open the Lookup.RESOURCE.UM.Configuration lookup definition.
Create an entry with the following values:
Code Key: Recon Validation Lookup
Decode: Lookup.RESOURCE.UM.ReconValidation
Save the changes to the lookup definition.
If you created the Java class for validating a process form field for provisioning, then:
Log in to the Design Console.
Expand Administration, and then double-click Lookup Definition.
In the Code field, enter Lookup.RESOURCE.UM.ProvValidation as the name of the lookup definition.
Select the Lookup Type option.
On the Lookup Code Information tab, click Add.
A new row is added.
In the Code Key column, enter the process form field name. In the Decode column, enter the class name.
Save the changes to the lookup definition.
Search for and open the Lookup.RESOURCE.UM.Configuration lookup definition.
Create an entry with the following values:
Code Key: Provisioning Validation Lookup
Decode: Lookup.RESOURCE.UM.ProvValidation
Save the changes to the lookup definition.