2 Deploying the Connector

Deploying the connector involves the following steps:

2.1 Preinstallation

Preinstallation information is divided across the following sections:

2.1.1 Preinstallation on Oracle Identity Manager

This section contains the following topics:

2.1.1.1 Files and Directories on the Installation Media

Table 2-1 lists the files and directories on the installation media.

Table 2-1 Files and Directories on the Installation Media

File in the Installation Media Directory Description

Files in the bundle directory

These JAR files contain bundles for the connector.

configuration/Peoplesoft_User-Management-CI.xml

This XML file contains configuration information that is used during connector installation.

Files in the dataset directory:

ModifyProvisionedResource_PeoplesoftUser.xml

ProvisionResource_PeoplesoftUser.xml

These XML files contain preconfigured datasets that can be used to configure the provisioning operations.

Note: These files specific to Oracle Identity Manager release prior to 11.1.2.

JavaDoc

This directory contains information about the Java APIs used by the connector.

lib/PSFT_UM-oim-integration.jar

This JAR file contains the class files that are specific to integration of the connector with PeopleSoft target systems.

During connector deployment, this file is copied to the Oracle Identity Manager database.

lib/PSFTCommon.jar

This JAR file contains PeopleSoft-specific files common to both Employee Reconciliation and User Management versions of the connector.

During connector deployment, this file is copied to the Oracle Identity Manager database.

The following files and directories in the listener directory:

base directory

lib/deploytool.jar

build.xml

deploy.properties

The base directory contains the class files for the PeopleSoftOIMListener.ear file. This Enterprise Archive (EAR) file contains one or more entries representing the modules of the Web application to be deployed onto an application server.

During connector deployment, the PeopleSoft listener is deployed as an EAR file.

The deploytool.jar file contains the class files required for deploying the listeners.

The build.xml file contains configurations to build the listener EAR file.

The deploy.properties file contains Oracle Identity Manager connection details.

The following files in the peoplecode directory:

CurrencyCode.txt

EmailType.txt

LanguageCode.txt

PermissionList.txt

UserRoles.txt

The following project files in the peoplecode directory:

OIM_UM

OIM_UM_DELETE

These files contain the PeopleCode for the steps that you define for the Application Engine program. This is explained in Creating the Application Engine Program If PeopleSoft Application Designer Project Is Not Imported and Creating the Application Engine Program If PeopleSoft Application Designer Project Is Imported.

The project files contain the PeopleCode for the steps that you define for importing a Project from Application Designer. This is explained in Importing a Project from Application Designer.

Each project file contains two files with .ini and .xml extension that has the same name as the project. They are listed as follows:

  • OIM_UM.ini

  • OIM_UM.xml

  • OIM_UM_DELETE.ini

  • OIM_UM_DELETE.xml

Files in the resources directory

Each of these resource bundles contains language-specific information that is used by the connector.

During connector deployment, this file is copied to the Oracle Identity Manager database.

Note: A resource bundle is a file containing localized versions of the text strings that include GUI element labels and messages

test/config/reconConfig.properties

test/config/log.properties

These files are used by the InvokeListener.bat file. The reconConfig.properties file contains configuration information for running the InvokeListener.bat file. The log.properties file contains logger information.

test/config/config.properties

This file is used to specify the parameters and settings required to connect, create, update, and delete users in the target system by using the testing utility for provisioning operations.

test/lib/PSFTTest.jar

This JAR file is used by the testing utility for provisioning operations.

test/scripts/InvokeListener.bat

test/scripts/InvokeListener.sh

This BAT file and the UNIX shell script call the testing utility for reconciliation.

test/scripts/PeoplesoftProvisioningTester.bat

test/scripts/PeoplesoftProvisioningTester.sh

This BAT file and the UNIX shell script call the testing utility for provisioning.

xml/PeopleSoftComponentInterfaces.xml

This XML file contains PeopleSoft Component Interface map definitions for the connector components.

xml/PeoplesoftUserManagement-ConnectorConfig.xml

This XML file contains definitions for the connector components:

  • IT resource type

  • Scheduled tasks

  • IT resource

  • Resource objects (This file contains the configurations of the resource objects for the target resource.)

  • Process definition

  • Process tasks

  • Adapters

  • Process form

xml/PeoplesoftUserManagementRequestDatasets.xml

This XML file preconfigured request dataset for the PeopleSoft User Management connector that can be imported into the metadata store (MDS).

Note: This dataset should not be imported if you are using Oracle Identity Manager release 11.1.2.x or later.

2.1.1.2 JDK Requirement for PeopleTools 8.53, PeopleTools 8.54, and PeopleTools 8.55

If you are using PeopleTools 8.53, PeopleTools 8.54, or PeopleTools 8.55, then the following is the JDK requirement:

  • If you are already using a Connector Server, then it is mandatory to use JDK 1.7.0_02 as the minimum version in the Connector Server.

  • If the you are not using Connector Server and Oracle Identity Manager is not using JDK 1.7.0_02, then follow one of the following steps:

    • Refer the Oracle Identity Manager certification matrix and upgrade the JDK version used by Oracle Identity Manager to JDK 1.7.0_02 if it is supported.

    • If JDK 1.7.0_02 is not supported for Oracle Identity Manager, then it is mandatory to use a Connector Server with minimum JDK 1.7.0_02. In addition, enter the name of this Connector Server as the value of the Connector Server name parameter of the IT resource.

2.1.1.3 JDK Requirement for PeopleTools 8.56 and PeopleTools 8.57

If you are using PeopleTools 8.56 or 8.57, then the following is the JDK requirement:

  • If you are already using a Connector Server, then it is mandatory to use JDK 1.8.0_40 as the minimum version in the Connector Server.

  • If the you are not using Connector Server and Oracle Identity Manager is not using JDK 1.8.0_40, then follow one of the following steps:

    • Refer the Oracle Identity Manager certification matrix and upgrade the JDK version used by Oracle Identity Manager to JDK 1.8.0_40 if it is supported.

    • If JDK 1.8.0_40 is not supported for Oracle Identity Manager, then it is mandatory to use a Connector Server with minimum JDK 1.8.0_40. In addition, enter the name of this Connector Server as the value of the Connector Server name parameter of the IT resource.

2.1.2 Preinstallation on the Target System

Permission lists, roles, and user profiles are building blocks of PeopleSoft security. Each user of the system has an individual user profile, which in turn is linked to one or more roles. To each role, you can add one or more permission lists, which defines what a user can access. So, a user inherits permissions through the role that is attached to a user profile.

You must create limited rights users who have restricted rights to access resources in the production environment to perform PeopleSoft-specific installation or maintenance operations. A limited rights user has the privilege to invoke PeopleSoft User Profile Component Interface Java APIs for provisioning.

The preinstallation steps consist of creating a user account with limited rights. Permission lists may contain any number of accesses, such as the Web libraries permission, Web services permissions, page permissions, and so on. You attach this permission list to a role, which in turn is linked to a user profile.

This section describes the following procedures, which have to be performed on the target system to create a user account with limited rights:

2.1.2.1 Importing a Project from Application Designer

A PeopleSoft Application Designer project is an efficient way to configure your application.

You can import the OIM_UM project created in Application Designer to automate the steps for creating a permission list. You can also create a permission list by manually performing the steps described in Creating a Permission List. If you import the OIM_UM project, then you need not perform the steps mentioned in this section. You must perform a separate set of instructions for creating an Application Engine program if you have imported the project. See Creating the Application Engine Program If PeopleSoft Application Designer Project Is Not Imported and Creating the Application Engine Program If PeopleSoft Application Designer Project Is Imported for details.

Note:

If you install, uninstall, or upgrade the same project repeatedly, the earlier project definition will be overwritten in the database.

To import a project from Application Designer:

Note:

You can access the project files from the following directories:

OIM_HOME/server/XLIntegrations/PSFTUM/peoplecode/OIM_UM

OIM_HOME/server/XLIntegrations/PSFTUM/peoplecode/OIM_UM_DELETE

Copy these files to a directory on your computer from where you can access Application Designer.

  1. To open Application Designer in 2-tier mode, click Start, Programs, Peoplesoft8.x, and then Application Designer.
  2. From the Tools menu, click Copy Project and then From File.
    menu option

    The Copy From File : Select Project dialog box appears.

  3. Navigate to the directory in which the PeopleSoft project file is placed.

    The project files are present in the /peoplecode directory of the installation media. Place these files in a new folder so that is accessible by the Application Designer program. Ensure that the folder name is the same as that of the project you are importing.

    For example, place the OIM_UM.ini and OIM_UM.xml in OIM_UM folder.

  4. Select the project from the Select Project from the List Below region. The name of the project file is OIM_UM.
    project file
  5. Click Select.
  6. Click Copy.

Note:

You can remove the PeopleSoft project file and all its objects from the target system if needed. To do so, repeat the steps described in the preceding procedure. When you reach Step 4, select OIM_UM_DELETE from the Select Project from the List Below region.

2.1.2.2 Creating a Target System User Account for Connector Operations

You must create a target system account with privileges required for connector operations. The user account created on the target system has the permission to perform all the configurations required for connector operations. This includes configuring the PeopleSoft Integration Broker for full reconciliation and incremental reconciliation. This account does not have access to pages or components that are not required by the connector.

The following section describes the procedures to create a target system account:

Note:

For creating the target system account, you must log in to PeopleSoft Internet Architecture with administrator credentials.

2.1.2.2.1 Creating a Permission List

To create a permission list:

Note:

You can skip this section if you have imported a project from Application Designer. See Importing a Project from Application Designer for more information.

  1. Open a Web browser and enter the URL for PeopleSoft Internet Architecture. The URL is in the following format:

    http://IPADDRESS:PORT/psp/ps/?cmd=login
    

    For example:

    http://172.21.109.69:9080/psp/ps/?cmd=login
    
  2. In the PeopleSoft Internet Architecture window:

    • For PeopleTools 8.54 and earlier releases, click PeopleTools, Security, Permissions & Roles, and then click Permission Lists.

    • For PeopleTools 8.55, 8.56, and 8.57, click NavBar, Navigator, PeopleTools, Security, Permissions & Roles, and then click Permission Lists.

  3. Click Add a new Value. On the Add a New Value tab, enter the permission list name, for example, OIMUM and then click Add.

  4. On the General tab, enter a description for the permission list in the Description field.

  5. On the Component Interfaces tab, click the search icon for the Name field and perform the following:

    1. In the Name lookup, enter USER_PROFILE and then click Lookup. From the list, select USER_PROFILE. The application returns to the Component Interfaces tab. Click Edit.

    2. On the Component Interface Permissions page, click Full Access(All).

    3. Click OK and then click Save.

    4. Click the plus sign (+) to add a row for the Name field and repeat Steps a through c for the DELETE_USER_PROFILE component interface.

  6. On the Pages tab, click the search icon for Menu Name and perform the following:

    1. In the Menu Name lookup, enter APPLICATION_ENGINE and then click Lookup. From the list, select APPLICATION_ENGINE. The application returns to the Pages tab. Click Edit Components.

    2. On the Component Permissions page, click Edit Pages for the AE_REQUEST component name.

    3. Click Select All, and then click OK. Click OK on the Components Permissions page.

    4. On the Pages tab, click the plus sign (+) to add a row for Menu Name. Click the search icon for Menu Name. In the Menu Name lookup, enter IB_PROFILE and then click Lookup. From the list, select IB_PROFILE. The application returns to the Pages tab. Click Edit Components.

    5. On the Component Permissions page, click Edit Pages for each of the following component names:

      IB_GATEWAY

      IB_MESSAGE_BUILDER

      IB_MONITOR_QUEUES

      IB_NODE

      IB_OPERATION

      IB_QUEUEDEFN

      IB_ROUTINGDEFN

      IB_SERVICE

      IB_SERVICEDEFN

      IB_MONITOR

    6. Click Select All, and then click OK for each of the components. Click OK on the Components Permissions page.

    7. On the Pages tab, click the plus sign (+) to add another row for Menu Name.

    8. In the Menu Name lookup, enter PROCESSMONITOR and then click Lookup. From the list, select PROCESSMONITOR. The application returns to the Pages tab. Click Edit Components.

    9. On the Component Permissions page, click Edit Pages for the PROCESSMONITOR component name.

    10. Click Select All, and then click OK. Click OK on the Components Permissions page.

    11. On the Pages tab, click the plus sign (+) to add another row for Menu Name.

    12. In the Menu Name lookup, enter PROCESS_SCHEDULER and then click Lookup. From the list, select PROCESS_SCHEDULER. The application returns to the Pages tab. Click Edit Components.

    13. On the Component Permissions page, click Edit Pages for the PRCSDEFN component name.

    14. Click Select All, and then click OK. Click OK on the Components Permissions page.

  7. On the People Tools tab, select the Application Designer Access check box and click the Definition Permissions link. The Definition Permissions page is displayed.

  8. On this page, grant full access to the following object types by selecting Full Access from the Access list:

    • App Engine Program

    • Message

    • Component Interface

    • Project

    • Application Package

  9. Click OK.

  10. Click the Tools Permissions link. The Tools Permissions page is displayed. On this page, grant full access to the SQL Editor tool by selecting Full Access from the Access list.

  11. Click OK. The application returns to the People Tools tab.

  12. On the Web Libraries tab, click the search icon for the Web Library Name field and perform the following:

    1. In the Web Library Name lookup, enter WEBLIB_PORTAL and then click Lookup. From the list, select WEBLIB_PORTAL. The application returns to the Web Libraries tab. Click the Edit link.

    2. On the WebLib Permissions page, click Full Access(All).

    3. Click OK and then click Save.

    4. Click the plus sign (+) to add a row for the Web Library Name field and repeat Steps a through c for the WEBLIB_PT_NAV library.

    5. Click Save to save all the settings specified for the permission list.

  13. On the Process tab, click the Process Group Permissions link. The Process Group Permission page is displayed.

  14. In the Process Group lookup, click the search icon. From the list, select TLSALL. The application returns to the Process Group Permission page.

  15. Click the plus sign (+) to add another row for Process Group.

  16. In the Process Group lookup, click the search icon. From the list, select STALL. The application returns to the Process Group Permission page.

  17. Click OK.

  18. Click Save.

2.1.2.2.2 Creating a Role for a Limited Rights User

To create a role for a limited rights user:

  1. Open a Web browser and enter the URL for PeopleSoft Internet Architecture. The URL is in the following format:

    http://IPADDRESS:PORT/psp/ps/?cmd=login
    

    For example:

    http://172.21.109.69:9080/psp/ps/?cmd=login
    
  2. In the PeopleSoft Internet Architecture window:

    • For PeopleTools 8.54 and earlier releases, click PeopleTools, Security, Permissions & Roles, and then click Roles.

    • For PeopleTools 8.55, 8.56, and 8.57, click NavBar, Navigator, PeopleTools, Security, Permissions & Roles, and then click Roles.

  3. Click Add a new Value. On the Add a New Value tab, enter the role name, for example, OIMUM, and then click Add.

  4. On the General tab, enter a description for the role in the Description field.

  5. On the Permission Lists tab, click the search icon and perform the following:

    1. In the Permission Lists lookup, enter OIMUM and then click Lookup. From the list, select OIMUM.

    2. Click the plus sign (+) to add another row.

    3. In the Permission Lists lookup, enter EOEI9000 and then click Lookup. From the list, select EOEI9000.

      Note:

      Permission list EOEI9000 is not available in PeopleTools 8.53, PeopleTools 8.54, PeopleTools 8.55, 8.56, or PeopleTools 8.57, and is hence not applicable.

    4. Click the plus sign (+) to add another row.

    5. In the Permission Lists lookup, enter EOCO9000 and then click Lookup. From the list, select EOCO9000.

    6. Click Save.

2.1.2.2.3 Assigning the Required Privileges to the Target System Account

To assign the required privileges to a user:

  1. Open a Web browser and enter the URL for PeopleSoft Internet Architecture. The URL is in the following format:

    http://IPADDRESS:PORT/psp/ps/?cmd=login
    

    For example:

    http://172.21.109.69:9080/psp/ps/?cmd=login
    
  2. In the PeopleSoft Internet Architecture window:

    • For PeopleTools 8.54 and earlier releases, click PeopleTools, Security, User Profiles , and then click User Profiles.

    • For PeopleTools 8.55, 8.56, and 8.57, click NavBar, Navigator, PeopleTools, Security, User Profiles, and then click User Profiles.

  3. Click Add a new Value. On the Add a New Value tab, enter the user profile name, for example, OIMUM, and then click Add.

  4. On the General tab, perform the following:

    1. From the Symbolic ID list, select the value that is displayed, for example, SYSADM1.

    2. Enter valid values for the Password and Confirm Password fields.

    3. Click the search icon for the Process Profile permission list.

    4. In the Process Profile lookup, enter OIMUM and then click Lookup. From the list, select OIMUM. The application returns to the General tab.

  5. On the ID tab, select none as the value of the ID type.

  6. On the Roles tab, click the search icon and perform the following:

    1. In the Roles lookup, enter OIMUM and then click Lookup. From the list, select OIMUM.

    2. Click the plus sign (+) to add another row.

    3. In the Roles lookup, enter ProcessSchedulerAdmin and then click Lookup. From the list, select ProcessSchedulerAdmin.

    4. Click the plus sign (+) to add another row.

    5. In the Roles lookup, enter EIR Administrator and then click Lookup. From the list, select EIR Administrator.

      Note:

      Role EIR Administrator is not available in PeopleTools 8.53, PeopleTools 8.54, PeopleTools 8.55, 8.56, or PeopleTools 8.57 and is hence not applicable.

    6. Click Save to save this user profile.

      Oracle Identity Manager uses this profile for the Admin user parameter in IT resource to enable the connector to perform provisioning operations. This profile is also used for a user with limited rights in PeopleSoft for performing all reconciliation-related configurations.

2.1.3 Installing and Configuring the Connector Server

This procedure is optional. If you want to run the connector code (bundle) remotely in a Connector Server, then install and configure the Connector Server as follows:

  1. Create a new directory on the machine where you want to install the Connector Server. In this section, CONNECTOR_SERVER_HOME represents this directory.
  2. Unzip the Connector Server package in your new directory from Step 1. The Connector Server package is available with the Identity Connector Framework (ICF).
  3. In the ConnectorServer.properties file, set the following properties, as required by your deployment. The ConnectorServer.properties file is located in the conf directory.
    Property Description

    connectorserver.port

    Port on which the Connector Server listens for requests. The default is 8759.

    connectorserver.bundleDir

    Directory where the connector bundles are deployed. The default is bundles.

    connectorserver.libDir

    Directory in which to place dependent libraries. The default is lib.

    connectorserver.usessl

    If set to true, the Connector Server uses SSL for secure communication. The default is false. If you specify true, use the following options on the command line when you start the Connector Server:

    -Djavax.net.ssl.keyStore

    -Djavax.net.ssl.keyStoreType (optional)

    -Djavax.net.ssl.keyStorePassword

    connectorserver.ifaddress

    Bind address. To set this property, uncomment it in the file (if necessary). The bind address can be useful if there are more NICs installed on the machine.

    connectorserver.key

    Connector Server key. The default password for this property is changeit.

  4. Set the properties in the ConnectorServer.properties file, as follows:
  5. The conf directory also contains the logging.properties file, which you can edit if required by your deployment.

Note:

For related information, see Running the Connector Server and Creating the IT Resource for the Connector Server.

To configure the Connector Server to support multiple versions of the connector:

  • The connector JAR files copied to the CONNECTOR_SERVER_HOME/bundle directory must contain target system-specific copy of the psjoa.jar file. For PeopleTools 8.54, PeopleTools 8.55, PeopleTools 8.56, and PeopleTools 8.57, the directory must contain target system-specific copy of the psmanagement.jar file.

  • Ensure that there are no JAR files in the CONNECTOR_SERVER_HOME/lib directory.

2.1.4 Running the Connector Server

This procedure is optional. If you want to run the connector code (bundle) remotely in a Connector Server, then install and configure the Connector Server as described in Installing and Configuring the Connector Server. See Creating the IT Resource for the Connector Server for related information.

After installing and configuring the Connector Server, perform one of the following procedures to run the Connector Server depending on your platform:

2.1.4.1 Running the Connector Server on UNIX and Linux Systems

To run the Connector Server on UNIX and Linux systems, use the connectorserver.sh script, as follows:

  1. Make sure that you have set the properties required by your deployment in the ConnectorServer.properties file, as described in Installing and Configuring the Connector Server.
  2. Change to the CONNECTOR_SERVER_HOME/bin directory.
  3. Use the chmod command to set the permissions to make the connectorserver.sh script executable.
  4. Run the connectorserver.sh script. The script supports the following options.
    Option Description

    /run [ -Jjava-option ]

    Runs the Connector Server in the console. Optionally, you can specify one or more Java options.

    For example, to run the Connector Server with SSL:

    ./connectorserver.sh /run
    -J-Djavax.net.ssl.keyStore=mykeystore.jks
    -J-Djavax.net.ssl.keyStorePassword=password
    

    /start [ -Jjava-option ]

    Runs the Connector Server in the background. Optionally, you can specify one or more Java options.

    /stop

    Stops the Connector Server, waiting up to 5 seconds for the process to end.

    /stop n

    Stops the Connector Server, waiting up to n seconds for the process to end.

    /stop -force

    Stops the Connector Server. Waits up to 5 seconds and then uses the kill -KILL command, if the process is still running.

    /stop n -force

    Stops the Connector Server. Waits up to n seconds and then uses the kill -KILL command, if the process is still running.

    /setKey key

    Sets the Connector Server key. The connectorserver.sh script stores the hashed value of key in the connectorserver.key property in the ConnectorServer.properties file.

2.1.4.2 Running the Connector Server on Windows Systems

To run the Connector Server on Windows systems, use the ConnectorServer.bat script as follows:

  1. Make sure that you have set the properties required by your deployment in the ConnectorServer.properties file, as described in Installing and Configuring the Connector Server.
  2. Change to the CONNECTOR_SERVER_HOME\bin directory and run the ConnectorServer.bat script.

    The ConnectorServer.bat script supports the following options:

    Option Description

    /install [serviceName] ["-J java-option"]

    Installs the Connector Server as a Windows service.

    Optionally, you can specify a service name and Java options. If you do not specify a service name, the default name is ConnectorServerJava.

    /run ["-J java-option"]

    Runs the Connector Server from the console. Optionally, you can specify Java options. For example, to run the Connector Server with SSL:

    ConnectorServer.bat /run
    "-J-Djavax.net.ssl.keyStore=mykeystore.jks"
    "-J-Djavax.net.ssl.keyStorePassword=password"
    

    /setKey [key]

    Sets the Connector Server key. The ConnectorServer.bat script stores the hashed value of the key in the connectorserver.key property in the ConnectorServer.properties file.

    /uninstall [serviceName]

    Uninstalls the Connector Server. If you do not specify a service name, the script uninstalls the ConnectorServerJava service.

  3. To stop the Connector Server, stop the respective Windows service.

2.2 Installation

You can run the connector code locally in Oracle Identity Manager or remotely in a Connector Server.

This section contains the following topics:

2.2.1 Installation Options

Depending on where you want to run the connector code (bundle), the connector provides the following installation options:

  • Run the connector code locally in Oracle Identity Manager.

    In this scenario, you deploy the connector in Oracle Identity Manager.

  • Run the connector code remotely in a Connector Server.

    In this scenario, you deploy the connector in Oracle Identity Manager, and then, deploy the connector bundle in a Connector Server. See Using an Identity Connector Server in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for information about installing, configuring, and running the Connector Server.

2.2.2 Installation on Oracle Identity Manager

Installation on Oracle Identity Manager consists of the following procedures:

2.2.2.1 Running the Connector Installer

Note:

Direct provisioning is automatically enabled after you run the Connector Installer. If required, you can enable request-based provisioning in the connector. Direct provisioning is automatically disabled when you enable request-based provisioning. See Enabling Request-Based Provisioning if you want to use the request-based provisioning feature for this target system.

To run the Connector Installer:

  1. Create a directory for the connector, for example, PSFT_UM-11.1.1.6.0, in the OIM_HOME/server/ConnectorDefaultDirectory/targetsystems-lib directory. This directory contains connector-specific files.

  2. Copy the psjoa.jar file from the PEOPLESOFT_HOME/web/psjoa directory to the directory created in Step 1.

    Note:

    If you are using PeopleTools 8.54, PeopleTools 8.55, PeopleTools 8.56, or PeopleTools 8.57, you must also copy the psmanagement.jar file from PEOPLESOFT_HOME/client-tools/class to the directory created in Step 1 of this procedure.

  3. Copy the contents of the connector installation media directory into another directory to hold the installation files.

    For example: OIM_HOME/server/ConnectorDefaultDirectory/PSFT_UM-11.1.1.6.0

    Note:

    In an Oracle Identity Manager cluster, perform this step on each node of the cluster.

  4. Depending on the Oracle Identity Manager release you are using, perform one of the following steps:

    • For Oracle Identity Manager release 11.1.1.x:

      1. Log in to Oracle Identity Manager Administration and User Console by using the user account described in Creating the User Account for Installing Connectors of Oracle Fusion Middleware Administering Oracle Identity Manager.

      2. On the Welcome to Identity Manager Advanced Administration page, in the System Management region, click Manage Connector.

    • For Oracle Identity Manager release 11.1.2.x:

      1. Log in to Oracle Identity System Administration.

      2. In the left pane, under System Management, click Manage Connector.

  5. In the Manage Connector page, click Install.

  6. From the Connector List, select PeopleSoft User Management 11.1.1.6.0. This list displays the names and release numbers of connectors whose installation files you copy into the default connector installation directory in Step 1.

    If you have copied the installation files into a different directory, then:

    1. In the Alternative Directory field, enter the full path and name of that directory.

    2. To repopulate the list of connectors in the Connector List, click Refresh.

    3. From the Connector List, select PeopleSoft User Management 11.1.1.6.0.

  7. Click Load.

  8. To start the installation process, click Continue.

    The following tasks are performed, in sequence:

    1. Configuration of connector libraries

    2. Import of the connector XML files (by using the Deployment Manager)

    3. Compilation of adapters

    On successful completion of a task, a check mark is displayed for the task. If a task fails, then an X mark and a message stating the reason for failure are displayed. Depending on the reason for the failure, make the required correction and then perform one of the following steps:

    • Retry the installation by clicking Retry.

    • Cancel the installation and begin again from Step 1.

  9. If all three tasks of the connector installation process are successful, then a message indicating successful installation is displayed. In addition, a list of steps that you must perform after the installation is displayed. These steps are as follows:

    Note:

    At this stage, run the PurgeCache utility to load the server cache with content from the connector resource bundle in order to view the list of prerequisites. See Clearing Content Related to Connector Resource Bundles from the Server Cache for information about running the PurgeCache utility.

    There are no prerequisites for some predefined connectors.

    1. Configuring the IT resource for the connector.

      See Configuring the IT Resource for more information.

    2. Configuring the scheduled tasks.

      See Configuring the Scheduled Jobs for Lookup Field Synchronization for more information.

    3. Configuring the xmlMapping lookup in the configuration lookup definition.

      See Setting Up the Lookup.PSFT.Configuration Lookup Definition for more information.

When you run the Connector Installer, it copies the connector files and external code files to destination directories on the Oracle Identity Manager host computer. These files are listed in Table 2-1.

2.2.2.2 Copying the Connector Files and External Code Files

Table 2-2 lists all the files that you must copy manually and the directories on the Oracle Identity Manager host computer to which you must copy them.

Note:

  • While installing Oracle Identity Manager in a cluster, you copy the contents of the installation directory to each node of the cluster. Similarly, you must copy the contents of the connectorResources directory and the JAR files to the corresponding directories on each node of the cluster.

  • The directory paths given in the first column of this table correspond to the location of the connector files on the installation media. See Files and Directories on the Installation Media for more information about these files.

  • If a particular destination directory does not exist on the Oracle Identity Manager host computer, then create it.

Table 2-2 Files to Be Copied to the Oracle Identity Manager Host Computer

File in the Installation Media Directory Destination for Oracle Identity Manager

xml/PeoplesoftComponentInterfaces.xml

Copy to a path applicable to each node of the target system. Map the path to the xmlMapping lookup in the configuration lookup.

lib/PeopleSoftOIMListener.ear

OIM_HOME/server/ConnectorDefaultDirectory/PSFT_UM-11.1.1.6.0/listener/

Files in the peoplecode directory

OIM_HOME/server/ConnectorDefaultDirectory/PSFT_UM-11.1.1.6.0/peoplecode

Files in the test/scripts directory

OIM_HOME/server/ConnectorDefaultDirectory/PSFT_UM-11.1.1.6.0/scripts

Files in the test/config directory

OIM_HOME/server/ConnectorDefaultDirectory/PSFT_UM-11.1.1.6.0/config

Note:

You might want to configure the connector for different versions of the target system simultaneously. See Configuring the Connector to Support Multiple Versions of the Target System for more information about creating and placing the target system-specific JAR files.

2.2.2.3 Configuring the IT Resource

The IT resource for the target system contains connection information about the target system. Oracle Identity Manager uses this information during provisioning and reconciliation.

When you run the Connector Installer, the PSFT User IT resource is automatically created in Oracle Identity Manager. You must specify values for the parameters of this IT resource as follows:

  1. Depending on the Oracle Identity Manager release you are using, perform one of the following steps:

    • For Oracle Identity Manager release 11.1.1.x:

      Log in to the Administrative and User Console.

    • For Oracle Identity Manager release 11.1.2.x:

      Log in to Oracle Identity System Administration.

  2. If you are using Oracle Identity Manager release 11.1.1.x, then:

    1. On the Welcome page, click Advanced in the upper-right corner of the page.

    2. On the Welcome to Oracle Identity Manager Advanced Administration page, in the Configuration region, click Manage IT Resource.

  3. If you are using Oracle Identity Manager release 11.1.2.x, in the left pane, under Configuration, click IT Resource.

  4. In the IT Resource Name field on the Manage IT Resource page, enter PSFT User and then click Search.

  5. Click the edit icon for the IT resource.

  6. From the list at the top of the page, select Details and Parameters.

  7. Click Edit and specify values for the parameters of the IT resource. Table 2-3 describes each parameter.

  8. Click Update to save the values.

2.2.2.4 IT Resource Parameters

Table 2-3 describes the IT resource parameters.

Table 2-3 IT Resource Parameters

Parameter Description

Configuration Lookup

Name of the lookup definition that contains configuration information.

Default value: Lookup.PSFT.Configuration

Note: You must not change the value of this parameter. However, if you create a copy of all the connector objects, then you can specify the unique name of the copy of this lookup definition as the value of the Configuration Lookup Name parameter in the copy of the IT resource.

Connector Server Name

Name of the remote connector server IT resource, if any.

See Creating the IT Resource for the Connector Server for related information.

IsActive

Specifies whether the specified IT Resource is in use or not. When Yes, the message from PeopleSoft is validated against this parameter apart from the IT Resource name.

If it is No, then the message from the PeopleSoft target is rejected and is not parsed.

Default value: Yes

TopologyName

Name of the Segregation of Duties (SoD) topology, if any SoD integration exists.

See Specifying a Value for the TopologyName IT Resource Parameter for more information.

URL

JOLT URL of the computer hosting the PeopleSoft application server.

Format: TARGET COMPUTER IPADDRESS or HOSTNAME:PORT

Sample value: 172.21.109.65:9070

See Determining the JOLT Listener Port for instructions to locate the Jolt Listener port.

Note: If you have implemented high availability for PeopleSoft Application Servers, then you need not perform any additional step on Oracle Identity Manager for provisioning to work. You have to provide the correct Jolt URL according to your high availability set up for PeopleSoft Application Servers.

For more information about high availability, see Red Paper on Clustering and High Availability for Enterprise Tools 8.4x on Oracle Support and Working with Jolt Configuration Options in the PeopleBook Enterprise PeopleTools 8.49 PeopleBook: System and Server Administration.

User

User name of the target system account to be used for connector operations.

You create this account by performing the procedure described in the Creating a Target System User Account for Connector Operations section.

Sample value: PS

Password

Password of the target system account specified by the User parameter.

2.2.2.5 Determining the JOLT Listener Port

You can obtain the Jolt Listener port number from the PeopleSoft Application Server configuration file, psappsrv.cfg.

To locate the Jolt Listener Port:

  1. Log in to the computer where you have deployed the Application Server.
  2. Navigate to the folder where you have deployed PeopleTools, for example, the PT8.49 folder for PeopleTools 8.49.
  3. Navigate to the appserv folder.
  4. Navigate to the folder that corresponds to the name of your application server.
  5. Open the psappsrv.cfg file using WordPad.

    The following is an example location for the file:

    C:\PT8.49\appserv\HR8DMO\psappsrv.cfg
    

    Note:

    You must not modify the contents of the file.

  6. Search for the following text in the file:
    [JOLT Listener]
    ;=========================================================================
    ; Settings for JOLT Listener
    ;=========================================================================
    

    Search for the string Port. This provides you the value for the Jolt Listener port.

2.2.2.6 Configuring the Connector to Support Multiple Versions of the Target System

You can configure the connector for multiple versions of the target system simultaneously.

This section contains the following topics:

2.2.2.6.1 About Configuring a Connector to Support Multiple Versions of the Target System

You might want to configure the connector for different versions of the target system simultaneously. For example, you can use the connector to perform provisioning operations on both PeopleTools 8.48 and PeopleTools 8.49 simultaneously. The following example illustrates this requirement:

To meet the requirement posed by such a scenario:

The London and New York offices of Example Multinational Inc. have their own installations of the target system. The London office has PeopleTools 8.48 installation, while the New York office has PeopleTools 8.49 installation. You have to provision resources on both installations of PeopleTools simultaneously.

You can configure a single version of the connector to simultaneously provision the resources on both the versions of the target system. The connector uses a class loading mechanism, which toggles between the different versions of the installation. You only need to place the target system-specific JAR files on the computer that hosts Oracle Identity Manager.

2.2.2.6.2 Configuring the Connector to Support Multiple Versions of the Target System

To configure the connector to support multiple versions of the target system:

  1. From the connector package, copy the bundle JAR file in a temporary directory.

    Sample JAR file: bundle/org.identityconnectors.peoplesoftintfc-1.0.5963.jar

    Sample temporary directory: c:\temp

  2. Run the following command to extract the manifest file, META-INF/MANIFEST.MF, from the JAR file:

    jar -xvf org.identityconnectors.peoplesoftintfc-1.0.5963.jar
    

    Note:

    You can also run the WinZip or WinRAR utility to extract the contents from the JAR file.

  3. Delete the bundle JAR file in the temporary directory.

  4. Update the value of ConnectorBundle-Version in the manifest file to a new value.

    For example:

    ConnectorBundle-Version: 1.0.5964

  5. Copy the psjoa.jar file (target specific) from the PEOPLESOFT_HOME/web/psjoa directory to the lib folder of the extracted bundle jar.

    Note:

    If you are using PeopleTools 8.54, PeopleTools 8.55, PeopleTools 8.56, or PeopleTools 8.57, you must also copy the psmanagement.jar file (target specific) from the PEOPLESOFT_HOME/client-tools/class directory to the lib folder of the extracted bundle jar.De

  6. Create a new bundle JAR file that contains the updated manifest file as follows:

    1. Open the command prompt and navigate to the temporary directory:

      c:\temp

    2. Run the following command:

      jar -cvfm org.identityconnectors.peoplesoftintfc-1.0.5964.jar META-INF/MANIFEST.MF *
      

    The new connector bundle JAR name contains the new bundle version.

  7. In the case of a remote connector server, copy the new bundle JAR file in the bundles directory of the remote connector server instead of posting the JAR file to the Oracle Identity Manager database. Skip to Step 8.

  8. Run the Oracle Identity Manager Upload JARs utility to post the JAR file created in Step 6 to the Oracle Identity Manager database. This utility is copied into the following location when you install Oracle Identity Manager:

    Note:

    Before you use this utility, verify that the WL_HOME environment variable is set to the directory in which Oracle WebLogic Server is installed.

    • For Microsoft Windows:

      OIM_HOME/server/bin/UploadJars.bat

    • For UNIX:

      OIM_HOME/server/bin/UploadJars.sh

    When you run the utility, you are prompted to enter the login credentials of the Oracle Identity Manager administrator, URL of the Oracle Identity Manager host computer, context factory value, type of JAR file being uploaded, and the location from which the JAR file is to be uploaded. Select ICFBundle as the JAR type.

    See Also:

    JARs utility in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for detailed information about the Upload JARs utility

  9. Create a copy of the configuration lookup, for example, Lookup.PSFTV2.Configuration.

    Ensure you update the new lookup with the bundle version.

  10. Create a new PeopleSoft UM IT resource definition for the new bundle. Map the Configuration Lookup parameter of the new IT resource to Lookup.PSFTV2.Configuration.

    The new IT resource will use the new bundle and the corresponding third-party libraries without affecting the previous installations.

  11. Repeat the preceding procedure for the other version of the target system, PeopleSoft 8.48.

2.2.2.7 Deploying the PeopleSoft Listener

The PeopleSoft listener is a Web application that is deployed on an Oracle Identity Manager host computer. The PeopleSoft listener parses the XML message and creates a reconciliation event in Oracle Identity Manager.

Note:

The PeopleSoft Employee Reconciliation and PeopleSoft User Management connectors have different IT resources. Therefore, you must configure separate HTTP nodes for messages of the Employee Reconciliation and User Management connectors.

Even if an existing node is configured to the PeopleSoft listener on Oracle Identity Manager, a separate node is required for messages of the PeopleSoft Employee Reconciliation connector.

A single listener is sufficient for both the connectors. You can configure the nodes to point to the same listener with different IT resource names.

If you are using IBM WebSphere Application Server, perform the procedure described in Deploying the PeopleSoft Listener on WebSphere Application Server.

See Also:

Upgrading the PeopleSoft Listener for information about upgrading the listener

This section contains the following topics:

2.2.2.7.1 Prerequisites for Deploying the PeopleSoft Listener

Before deploying the PeopleSoft listener, perform the following steps:

  • Ensure Apache Ant 1.7 or later and JDK 1.6 or later are installed.

  • Set the following environment values in ant.properties:

    • ORACLE_HOME maps to the Oracle Identity Manager installation directory. For example, /ps1/beahome/Oracle_IDM1

    • ORACLE_COMMON maps to the oracle_common directory in MW_HOME, where MW_HOME is the directory in which Oracle Identity Management Suite is installed. For example, /ps1/beahome/oracle_common

    • WLS_HOME maps to the WebLogic Server directory. For example, /middleware/wlserver_10.3

    • JAVA_HOME maps to your JDK environment. For example, C:\Program Files\Java\jdk1.6.0_24

    • PATH must include the JAVA_HOME/bin directory. You can set the PATH variable using the SET PATH=$JAVA_HOME/bin:$PATH command.

  • Build the wlfullclient.jar file in Oracle WebLogic server, for example, in the WLS_HOME/server/lib directory:

    1. Change directories to WLS_HOME/server/lib.

    2. Run the following command:

      java -jar ../../../modules/com.bea.core.jarbuilder_1.3.0.0.jar
      

      Note:

      The exact jar file version can be different based on the WebLogic Server. Use the corresponding file with the name as com.bea.core.jarbuilder at the WLS_HOME/../modules/ directory.

  • Start Oracle Identity Manager and the Admin Server.

2.2.2.7.2 Deploying the PeopleSoft Listener on Oracle Identity Manager

To deploy the PeopleSoft listener on Oracle Identity Manager:

  1. Set the Oracle Identity Manager connection details in the listener/deploy.properties file.

    The listener directory is located in the connector package directory, for example, OIM_HOME/server/ConnectorDefaultDirectory/PSFT_UM-11.1.1.6.0.

  2. Run the following command:
    ant setup-listener
    

Note:

If you need to deploy the listener in an Oracle Identity Manager cluster, then:

  • Specify the name of the cluster for the oim.server.name property in the listener/deploy.properties file.

  • Update the following configurations appropriately with the URL of the listener, /PeopleSoftOIMListener:

    • Front-end web server

    • Load balancer

    • PeopleSoft nodes

  • Copy the connector package into the OIM_HOME/server/ConnectorDefaultDirectory directory of every node.

2.2.2.7.3 Prerequisites for Deploying the PeopleSoft Listener on WebSphere Application Server

Before deploying the PeopleSoft listener, ensure Apache Ant 1.7 or later and JDK 1.6 or later are installed. Then, set the following environment values in the ant.properties file:

  • OIM_ORACLE_HOME maps to the Oracle Identity Manager installation directory. For example, /ps1/was/Oracle_IDM1

    You can set this variable using the setenv OIM_ORACLE_HOME <value> command.

  • JAVA_HOME maps to your JDK environment. For example, /usr/local/packages/jdk16/

    You can set this variable using the setenv JAVA_HOME <value> command.

  • PATH must include the JAVA_HOME/bin directory. You can set this variable using the setenv PATH $JAVA_HOME/bin:$PATH command.

  • Create the listener EAR file in listener directory. To do so:

    1. Change directories to $OIM_ORACLE_HOME/server/ConnectorDefaultDirectory/PSFT_UM-11.1.1.6.0/listener.

    2. Run the following commands:

      rm -rf deployear
      mkdir deployear
      cp -rf base/PeopleSoftOIMListener.ear/META-INF deployear
      cp -rf base/PeopleSoftOIMListener.ear/PeopleSoftOIMListener.war/WEB-INF deployear
      cp -rf $OIM_ORACLE_HOME/server/client/oimclient.jar deployear/WEB-INF/lib
      cp -rf $OIM_ORACLE_HOME/server/platform/iam-platform-utils.jar deployear/WEB-INF/lib
      cp -rf $OIM_ORACLE_HOME/server/platform/iam-platform-auth-client.jar deployear/WEB-INF/lib
      cd deployear
      sed -i 's/OIM_ADMIN_USER/xelsysadm/g' WEB-INF/web.xml
      jar -cvf PeopleSoftOIMListener.war WEB-INF
      rm -rf WEB-INF/
      jar -cvf PeopleSoftOIMListener.ear META-INF PeopleSoftOIMListener.war
      rm -rf META-INF
      rm -rf PeopleSoftOIMListener.war
      
2.2.2.7.4 Deploying the PeopleSoft Listener on WebSphere Application Server

To deploy the PeopleSoft listener on IBM WebSphere Application Server:

  1. Log in to the WebSphere Admin console.
  2. Expand Applications.
  3. Select Enterprise Applications from the list.
  4. Click Install and browse for the listener EAR directory.
  5. Select Fast Path and click Next.
  6. Under Map modules to servers, select oim_cluster to map the listener EAR file.
  7. Save the listener EAR application and start the service.
  8. Go to the $IBM_HTTP_SERVER/Plugins/bin directory on the computer hosting the IBM HTTP Server as your Web server. Suppose this is Node A.
  9. Copy configurewebserver1.sh to the $WAS_HOME/bin directory on the computer hosting the deployment manager.
  10. Run the ./configurewebserver1.sh command.

    This will generate the plugin-cfg.xml file.

  11. Copy plugin-cfg.xml from Node A to another node, say Node C.

    For example, copy plugin-cfg.xml from Node A in $WAS_HOME/profiles/Dmgr01/config/cells/CELL/nodes/NODE_C/servers/webserver1/plugin-cfg.xml to $IBM_HTTP_SERVER/Plugins/config/webserver1 directory on Node C.

  12. Perform syncNode for all nodes. To do so on Node A and another node, say Node B, run the following commands on both the nodes:

    Note:

    Ensure that the deployment manager is running on Node A. If a node is not stopped, then kill the node from the command line.

    $WAS_HOME/profiles/<Custom01>/bin/stopNode.sh
    $WAS_HOME/profiles/<Custom01>/bin/syncNode.sh <dmgr host>  8879
    $WAS_HOME/profiles/<Custom01>/bin/startNode.sh
    $WAS_HOME/profiles/<Custom01>/bin/startServer.sh soa_server
    $WAS_HOME/profiles/<Custom01>/bin/startServer.sh oim_server
    

    In the above commands, 8879 is the SOAP connector port of the deployment manager. You can find SOAP connector port in the $WAS_HOME/profiles/Dmgr01/logs/AboutThisProfile.txt file.

  13. Start IBM HTTP Server by running following command:
    $IBM_HTTP_SERVER/bin/apachectl start
    

    You can try to access Oracle Identity Manager from IBM HTTP Server by using the path such as http://NODE_C/oim.

2.2.2.7.5 Importing Oracle Identity Manager CA Root Certificate for WebLogic Server

If you have configured SSL in Oracle Identity Manager, for the PeopleSoft listener to work in SSL you must import Oracle Identity Manager CA root certificate into PeopleSoft WebServer.

To import the CA root certificate into PeopleSoft WebServer for WebLogic Server:

  1. Identity the certificate of issuing authority, the root CA for Oracle Identity Manager.

    If you use the default demo certificate, then the root certificate is located in the following location:

    MW_HOME/wlserver_10.3/server/lib/CertGenCA.der

    If the certificate is issued by an external entity, then you must import the corresponding root certificate.

  2. Use pskeymanager to import the root certificate into PeopleSoft WebServer keystore.
2.2.2.7.6 Importing Oracle Identity Manager CA Root Certificate for WebSphere Application Server

If you have configured SSL in Oracle Identity Manager, for the PeopleSoft listener to work in SSL you must import Oracle Identity Manager CA root certificate into PeopleSoft WebServer.

To import the CA root certificate into PeopleSoft WebServer for WebSphere Application Server:

  1. Identity the certificate of issuing authority, the root CA for Oracle Identity Manager.

    In the WebSphere Admin console, navigate to Security, SSL certificate and key management, Key stores and certificates, CellDefaultTrustStore, and Signer certificates. Then, select root and click Extract.

    If the certificate is issued by a different entity, then you must import the corresponding root certificate.

  2. Use pskeymanager to import the root certificate into PeopleSoft WebServer keystore.

2.2.2.8 Removing the PeopleSoft Listener

If you uninstall the connector, you must also remove the listener. Installing a new connector over a previously deployed listener creates discrepancies.

Note:

  • This section is not a part of installation on Oracle Identity Manager. You might need this procedure to extend the connector.

  • See Upgrading the PeopleSoft Listener for more information about upgrading the listener.

This section contains the following topics:

2.2.2.8.1 Removing the PeopleSoft Listener on WebSphere Application Server

To remove the PeopleSoft listener on WebSphere Application Server:

  1. Log in to the WebSphere Admin console.
  2. Expand Applications.
  3. Select Enterprise Applications from the list.

    A list of deployed applications is shown on the right pane.

  4. Select the PeopleSoftOIMListener.ear check box.
  5. Specify the Context root as PeopleSoftOIMListener.
  6. Click Uninstall.

    An Uninstall Application confirmation screen appears with the name of the application to be uninstalled. In this scenario, the application would be PeopleSoftOIMListener.

  7. Click OK.
2.2.2.8.2 Removing the PeopleSoft Listener for WebLogic Server

To remove the PeopleSoft listener from for WebLogic Server, run the following command from the listener directory:

ant undeploy

To remove the PeopleSoft listener of the connector of a previous release, perform the following procedure:

  1. Log in to the Oracle WebLogic admin console.
  2. From the Domain Structure list, select OIM_DOMAIN.

    Where OIM_DOMAIN is the domain on which Oracle Identity Manager is installed.

  3. Click the Deployments tab.
  4. On Microsoft Windows, in the Change Centre window, click Lock & Edit.
  5. Select PeopleSoftOIMListener.ear. This enables the Delete button of the Control tab in the Summary Of Deployments region.
  6. Click Stop. A list appears.
  7. Select Force Stop Now.

    The Force Stop Application confirmation screen appears.

  8. Click Yes.
  9. On the Control tab in the Summary Of Deployments region, select PeopleSoftOIMListener.ear.
  10. Click Delete.

    A confirmation message appears on successful deletion of the WAR file.

  11. On the left pane, click the Active Changes button.

2.2.3 Installation on the Target System

During this stage, you configure the target system to enable it for reconciliation and provisioning operations.

Note:

If the target system is PeopleSoft 9.1 with PeopleTools 8.51, the target system must be patched with the PeopleSoft USER_PROFILE project.

This information is provided in the following sections:

2.2.3.1 Configuring the Target System for Lookup Reconciliation

Lookup reconciliation is used to reconcile lookup definitions for currency codes, languages, roles, permissions, and e-mail types corresponding to the lookup fields on the target system created into Oracle Identity Manager.

Configuring the target system for lookup reconciliation involves creating the properties file by performing the procedure described in the following section:

The Application Engine program populates the .properties file with lookup data that is required for look up reconciliation. This is a one-time procedure.

You can create the Application Engine program based on whether you have imported the PeopleSoft Application Designer project. Perform the procedure described in one of the following sections:

2.2.3.1.1 Creating the Application Engine Program If PeopleSoft Application Designer Project Is Not Imported

To create the Application Engine program if you have not imported the PeopleSoft Application Designer Project as described in Importing a Project from Application Designer, you must perform the following tasks:

  1. To open Application Designer in 2-tier mode, click Start, Programs, Peoplesoft8.x, and then Application Designer.

    Note:

    To open Application Designer in 2-tier mode, the database client (client of the database that PeopleSoft is using) must be installed on the server. In addition, you must select the appropriate database type from the Connection Type field (for example, Oracle Database) while providing sign-on information in the PeopleSoft Application Designer Signon window.

  2. From the File menu, click New.
  3. In the New Definition dialog box, select App Engine Program from the Definition list.
  4. On the App Engine Program page, a plus sign (+) is displayed besides the MAIN section. The MAIN section may contain multiple steps. Expand MAIN. A step named Step01 is added to MAIN.
  5. Rename Step01 to Language.
  6. Click Action in the Insert menu. An action is added to the Language step.
  7. Select PeopleCode from the list for the new action.
  8. Click Save in the File menu, and save the Application Engine program as LOOKUP_RECON.
  9. Double-click the PeopleCode action. A new PeopleCode window is displayed.
  10. Copy the code from the OIM_HOME/xellerate/XLIntegrations/PSFTUM/peoplecode/languageCode.txt file into the PeopleCode window.
  11. Change the path to a directory location on the PeopleSoft server as follows:
    &DataFile = GetFile("absolute path where you want to generate the DataFile", "w", %FilePath_Absolute);
    &LOGFile = GetFile("absolute path where you want to generate the LogFile", "w", "a", %FilePath_Absolute);
    

    For example:

    &DataFile = GetFile("C:\PSFT_849_LOOKUPS\language.properties", "w", %FilePath_Absolute);
    &LOGFile = GetFile("C:\PSFT_849_LOOKUPS\language.log", "w", "a", %FilePath_Absolute);
    

    Note:

    Ensure that the name of the file ends in .properties, for example, language.properties.

  12. Save the PeopleCode action, and close the window.
  13. On the App Engine Program page, select the language step and then select Step/Action from the Insert menu.
  14. Repeat Steps 5 through 12 to create the remaining steps, which are listed in the following table:
    Step Name File Containing the Required PeopleCode

    Currency

    CurrencyCode.txt

    userrole

    UserRoles.txt

    permiss

    PermissionList.txt

    EmailType

    EmailType.txt

  15. Save the Application Engine program.
2.2.3.1.2 Creating the Application Engine Program If PeopleSoft Application Designer Project Is Imported

To create the Application Engine program if you have imported the PeopleSoft Application Designer Project as described in Importing a Project from Application Designer, you must perform the following tasks:

  1. To open Application Designer in 2-tier mode, click Start, Programs, Peoplesoft8.x, and then Application Designer.
  2. From the File menu, select Open and then select Project. Search for and open the project OIM_UM.

    The Open Definition dialog box appears.

  3. In the Name field, enter OIM_UM as the project name and then click Open.

    The project appears on the left pane.

  4. Click the plus sign (+) below Application Engine Programs.
  5. Double-click LOOKUP_RECON on the left pane.

    The LOOKUP_RECON (App Engine Program) window appears on the right pane.

  6. Double-click the PeopleCode action associated with Step01 - "Currency Code". A new PeopleCode window is displayed.
  7. Change the path to a directory location on the PeopleSoft server as follows:
    &DataFile = GetFile("absolute path where you want to generate the DataFile", "w", %FilePath_Absolute);
    &LOGFile = GetFile("absolute path where you want to generate the LogFile", "w", "a", %FilePath_Absolute);
    

    For example:

    &DataFile = GetFile("C:\PSFT_849_LOOKUPS\currencycodes.properties", "w", %FilePath_Absolute);
    &LOGFile = GetFile("C:\PSFT_849_LOOKUPS\lcurrencycodes.log", "w", "a", %FilePath_Absolute);
    

    Note:

    Ensure that the name of the file ends in .properties, for example, language.properties.

  8. Save the PeopleCode action, and close the window.
  9. Repeat Steps 6 through 8 for the remaining steps, such as Email Types, Language Codes, Permission Lists, and Roles.
  10. Save the Application Engine program.

2.2.3.2 Configuring the Target System for Full Reconciliation

2.2.3.2.1 Displaying the EI Repository Folder

EI Repository is a hidden folder in PeopleSoft. Therefore, you must display this folder.

Note:

  • If you are using PeopleTools 8.53 or later as the target system, do not perform the procedure described in this section.

  • Perform this procedure using the PeopleSoft administrator credentials.

To display the EI Repository folder:

  1. In the PeopleSoft Internet Architecture, expand People Tools, Portal, and then Structure and Content.
  2. Click the Enterprise Components link.
  3. Click the Edit link for EI Repository, and then uncheck Hide from portal navigation.
  4. Click Save.
  5. Log out, and then log in.
2.2.3.2.2 Activating the USER_PROFILE Messages

Note:

If you are using PeopleTools 8.53 or later as the target system, do not perform the procedure described in this section.

You must activate the USER_PROFILE message so that it can be processed.

To activate the USER_PROFILE messages:

  1. In the PeopleSoft Internet Architecture, expand Enterprise Components, EI Repository, and then click Message Properties.
  2. Search for and open the USER_PROFILE message.
  3. Click Activate All.
  4. Click the Subscription tab, and activate the Subscription PeopleCode if it exists.

    Note:

    To perform this step, your user profile must have the EIR Administrator role consisting of EOEI9000 and EOCO9000 permission lists.

2.2.3.2.3 Activating the Full Data Publish Rule

You must define and activate this rule, because it acts as a catalyst for the Full Reconciliation process. This rule provides the Full Reconciliation process the desired information to initiate reconciliation.

To activate the full data publish rule:

  1. In the PeopleSoft Internet Architecture window:

    • For PeopleTools 8.54 and earlier releases, expand Enterprise Components, Integration Definitions, and then click Full Data Publish Rules.

    • For PeopleTools 8.55, 8.56, and 8.57, click NavBar, Navigator, Enterprise Components, Integration Definitions, and then click Full Data Publish Rules.

  2. Search for and open the USER_PROFILE message.

  3. In the Publish Rule Definition region:

    1. In the Publish Rule ID field, enter OIM_USER_PROFILE.

    2. In the Description field, enter OIM_USER_PROFILE.

    3. From the Status list, select Active.

  4. Click Save.

2.2.3.2.4 About Configuring the PeopleSoft Integration Broker

PeopleSoft Integration Broker is installed as part of the PeopleTools installation process. The Integration Broker Gateway is a component of PeopleSoft Integration Broker, which runs on the PeopleSoft Web Server. It is the physical hub between PeopleSoft and the third-party system. The integration gateway manages the receipt and delivery of messages passed among systems through PeopleSoft Integration Broker.

PeopleSoft Integration Broker provides a mechanism for communicating with the outside world using XML files. Communication can take place between different PeopleSoft applications or between PeopleSoft and third-party systems. To subscribe to data, third-party applications can accept and process XML messages posted by PeopleSoft by using the available PeopleSoft connectors. The Integration Broker routes messages to and from PeopleSoft.

A remote node that you create within the Integration Broker acts as the receiver for XML messages from PeopleSoft. This remote node accepts XML messages and posts them as XML files to a folder that you specify. During a reconciliation run, a scheduled task running on Oracle Identity Manager uses the data in these XML files to Oracle Identity Manager.

2.2.3.2.5 Configuring the PeopleSoft Integration Broker Gateway

To configure the PeopleSoft Integration Broker gateway:

  1. Open a Web browser and enter the URL for PeopleSoft Internet Architecture.

    The URL for PeopleSoft Internet Architecture is in the following format:

    http://IPADDRESS:PORT/psp/ps/?cmd=login
    

    For example:

    http://172.21.109.69:9080/psp/ps/?cmd=login
    
  2. To display the Gateway component details:
    • For PeopleTools 8.54 and earlier releases, expand PeopleTools, Integration Broker, Configuration, and then click Gateways.

    • For PeopleTools 8.55, 8.56, and 8.57, click NavBar, Navigator, PeopleTools, Integration Broker, Configuration, and then click Gateways.

  3. In the Integration Gateway ID field, enter LOCAL and then click Search. The LOCAL gateway is a default gateway that is created when you install PeopleSoft Internet Architecture.
  4. Ensure that the IP address and host name specified in the URL of the PeopleSoft listener are those on which the target system is installed. The URL of the PeopleSoft listener is in one of the following formats:
    http://HOSTNAME_of_the_PeopleSoft_Web_Server or
    IP_address:port/PSIGW/PeopleSoftListeningConnector
    

    For example:

    http://10.121.16.42:80/PSIGW/PeopleSoftListeningConnector
    
  5. To load all target connectors that are registered with the LOCAL gateway, click Load Gateway Connectors. A window is displayed mentioning that the loading process is successful. Click OK.
  6. Click Save.
  7. Click Ping Gateway to check whether the gateway component is active. The PeopleTools version and the status of the PeopleSoft listener are displayed. The status should be ACTIVE.
2.2.3.2.6 Creating the Remote Node

To create the remote node:

  1. While creating the remote node, you use the value of the ig.fileconnector.password property in the integrationGateway.properties file. Determine the value of this property as follows:

    1. In the PeopleSoft Internet Architecture window:

      • For PeopleTools 8.54 and earlier releases, expand PeopleTools, Integration Broker, Configuration, and then click Gateways.

      • For PeopleTools 8.55 and 8.56, click NavBar, Navigator, PeopleTools, Integration Broker, Configuration, and then click Gateways.

    2. In the Integration Gateway ID field, enter LOCAL and then click Search.

    3. Click the Gateway Setup Properties link.

    4. Enter the user ID and password for accessing the integrationGateway.properties file, and then click OK.

    5. On the PeopleSoft Node Configuration page, click Advanced Properties Page.

      The contents of the integrationGateway.properties file are displayed.

    6. Search for ig.fileconnector.properties in the file contents. The line displayed in the file may be similar to the following sample line:

      ig.fileconnector.password={V1.1}%5GhbfJ89bvNT1HzF98==
      
    7. Copy the text after (that is, to the right of) the equal sign of the property. For example, copy {V1.1}%5GhbfJ89bvNT1HzF98== from the line given in the preceding sample.

      This is the password that you specify while creating the remote node. The sample password given here is encrypted. If the password displayed on your PeopleSoft installation is not encrypted, then you can encrypt it by following the steps given later in this section.

  2. In the PeopleSoft Internet Architecture window:

    • For PeopleTools 8.54 and earlier releases, expand PeopleTools, Integration Broker, Integration Setup, and then click Nodes.

    • For PeopleTools 8.55 and 8.56, click NavBar, Navigator, PeopleTools, Integration Broker, Integration Setup, and then click Nodes.

  3. On the Add a New Value tab, enter the node name, for example, OIM_FILE_NODE, and then click Add.

  4. On the Node Definition tab, provide the following values:

    In the Description field, enter a description for the node.

    In the Default User ID field, enter PS.

  5. Make this node a remote node by deselecting the Local Node check box and selecting the Active Node check box.

  6. Make the Node Type as PIA.

  7. On the Connectors tab, search for the following information by clicking the Lookup icon:

    Gateway ID: LOCAL

    Connector ID: FILEOUTPUT

  8. On the Properties page in the Connectors tab, enter the following information:

    Property ID: HEADER

    Property Name: sendUncompressed

    Required value: Y

    Property ID: PROPERTY

    Property Name: Method

    Required value: PUT

    Property ID: PROPERTY

    Property Name: FilePath

    Required value: Enter the full path of any folder on which the Integration Broker has Write permissions. The remote node will post XML files to this folder.

    Property ID: PROPERTY

    Property Name: Password

    Required value: Enter the value of the ig.fileconnector.password property in the integrationGateway.properties file. This is the password that you determine by performing Step 1. If the password is not already encrypted, that you can encrypt it as follows:

    1. In the Password Encrypting Utility region, enter the value of the ig.fileconnector.password property in the Password and Confirm Password fields.

    2. Click Encrypt.

    3. From the Encrypted Password field, copy the encrypted password to the Value field for the Password property.

  9. Click Save.

  10. Click Ping Node to check whether a connection is established with the specified IP address.

2.2.3.2.7 Activating the USER_PROFILE Service Operation

The service operation is a mechanism to trigger, receive, transform, and route messages that provide information about updates in the PeopleSoft or an external application. You must activate the service operation for successful transmission and receipt of messages.

To activate the USER_PROFILE service operation:

Note:

If the message version is not the same as specified, then you can change the message version as described in Changing Default Message Versions.

  1. In PeopleSoft Internet Architecture, expand PeopleTools, Integration Broker, Integration Setup, and then click Service Operations.
  2. On the Find Service Operation tab, enter USER_PROFILE in the Service field, and then click Search.
  3. Click the USER_PROFILE link.

    Note:

    In PeopleSoft HRMS, there are two versions of the message associated with this service operation. But, when you integrate PeopleSoft HRMS 9.0 or HRMS 9.2 and Oracle Identity Manager, you must send version_84. So, you must use the default version, VERSION_84, for HRMS 9.0 and HRMS 9.2.

    If you are using PeopleTools 8.53, then you must use PeopleSoft HRMS 9.2 as the minimum version.

  4. In the Default Service Operation Version region, click Active.
  5. Click Save.
2.2.3.2.8 Verifying the Queue Status for the USER_PROFILE Service Operation

All messages in PeopleSoft are sent through a queue. This is done to ensure that the messages are delivered in the correct sequence. Therefore, you must ensure that the queue is in the Run status.

To ensure that the status of the queue for the USER_PROFILE service operation is Run:

  1. In the PeopleSoft Internet Architecture window:

    • For PeopleTools 8.54 and earlier releases, expand PeopleTools, Integration Broker, Integration Setup, and then click Queues.

    • For PeopleTools 8.55, 8.56, and 8.57, click NavBar, Navigator, PeopleTools, Integration Broker, Integration Setup, and then click Queues.

  2. Search for the USER_PROFILE queue.

  3. In the Queue Status list, ensure that Run is selected.

    Note:

    If the queue status is not Run:

    1. From the Queue Status list, select Run.

    2. Click Save.

  4. Click Return to Search.

2.2.3.2.9 Setting Up the Security for the USER_PROFILE Service Operation

The target system user who has the permission to modify, add, or delete personal or job information of an employee might not have access to send messages regarding these updates. Therefore, it is imperative to explicitly grant security to enable operations.

To set up the security for the USER_PROFILE service operation:

  1. In the PeopleSoft Internet Architecture window:

    • For PeopleTools 8.54 and earlier releases, expand PeopleTools, Integration Broker, Integration Setup, and then click Service Operations.

    • For PeopleTools 8.55, 8.56 and 8.57, click NavBar, Navigator, PeopleTools, Integration Broker, Integration Setup, and then click Service Operations.

  2. Search for and open the USER_PROFILE service operation.

  3. On the General tab, click the Service Operation Security link.

  4. Attach the permission list OIMUM to the USER_PROFILE service operation. This list is created in Step 3 of the preinstallation procedure discussed in Creating a Permission List.

    To attach the permission list:

    Note:

    This procedure describes how to grant access to the OIMUM permission list. The OIMUM permission list is used as an example. However, to implement this procedure you must use the permission list (attached through a role) to the user profile of the actual user who maintains the user profile information or the user who performs full reconciliation.

    1. Click the plus sign (+) to add a row to the Permission List field.

    2. In the Permission List field, enter OIM and then click the Look up Permission List icon.

      The OIMUM permission list appears.

    3. From the Access list, select Full Access.

    4. Click Save.

    5. Click Return to Search.

2.2.3.3 Configuring the Target System for Incremental Reconciliation

Configuring the target system for incremental reconciliation involves configuration of USER_PROFILE and DELETE_USER_PROFILE service operations, nodes, and routing to send messages from PeopleSoft Integration Broker to other systems, and configuring PeopleSoft Integration Broker.

Note:

The PeopleSoft Employee Reconciliation and PeopleSoft User Management connectors have different IT resources. Therefore, you must configure separate HTTP nodes for messages of the Employee Reconciliation and User Management connectors.

Even if an existing node is configured to the PeopleSoft listener on Oracle Identity Manager, a separate node is required for messages of the PeopleSoft Employee Reconciliation connector.

A single listener is sufficient for both the connectors. You can configure the nodes to point to the same listener with different IT resource names.

This section contains the following topics:

2.2.3.3.1 About Configuring the Target System for Incremental Reconciliation

Configuring the target system for incremental reconciliation involves configuration of USER_PROFILE and DELETE_USER_PROFILE service operations, nodes, and routing to send messages from PeopleSoft Integration Broker to other systems, and configuring PeopleSoft Integration Broker.

The USER_PROFILE message contains information about user accounts that are created or modified. The DELETE_USER_PROFILE message contains information about user accounts that have been deleted.

A message is the physical container for the XML data that is sent from the target system. Message definitions provide the physical description of data that is sent from the target system. This data includes fields, field types, and field lengths. A queue is used to carry messages. It is a mechanism for structuring data into logical groups. A message can belong to only one queue.

Setting the PeopleSoft Integration Broker gateway is mandatory when you configure PeopleSoft Integration Broker. To subscribe to XML data, Oracle Identity Manager can accept and process XML messages posted by PeopleSoft by using PeopleSoft connectors located in the PeopleSoft Integration Broker gateway. These connectors are Java programs that are controlled by the Integration Broker gateway.

This gateway is a program that runs on the PeopleSoft Web server. It acts as a physical hub between PeopleSoft and PeopleSoft applications (or third-party systems, such as Oracle Identity Manager). The gateway manages the receipt and delivery of messages passed among systems through PeopleSoft Integration Broker.

To configure the target system for incremental reconciliation, perform the following procedures:

Note:

You must use an administrator account to perform the following procedures.

2.2.3.3.2 Configuring PeopleSoft Integration Broker

The Integration Broker Gateway is a component of PeopleSoft Integration Broker (a messaging system), which is deployed at the PeopleSoft Web server. The Integration Broker Gateway is used for sending messages from PeopleSoft and for receiving messages for PeopleSoft.

Integration Broker is the inherent messaging system of PeopleSoft. You must configure Integration Broker to send and receive messages from and to PeopleSoft.

To configure PeopleSoft Integration Broker:

  1. Create a remote node by performing the following steps:

    1. In the PeopleSoft Internet Architecture window:

      • For PeopleTools 8.54 and earlier releases, expand PeopleTools, Integration Broker, Integration Setup, and then click Nodes.

      • For PeopleTools 8.55 and 8.56, click NavBar, Navigator, PeopleTools, Integration Broker, Integration Setup, and then click Nodes.

    2. On the Add a New Value tab, enter the node name, for example, OIM_NODE, and then click Add.

    3. On the Node Definition tab, enter a description for the node in the Description field. In addition, enter PS in the Default User ID field.

    4. Make this node a remote node by deselecting the Local Node check box and selecting the Active Node check box.

    5. Make the Node Type as PIA.

    6. On the Connectors tab, search for the following information by clicking the Lookup icon:

      Gateway ID: LOCAL

      Connector ID: HTTPTARGET

    7. On the Properties page in the Connectors tab, enter the following information:

      Property ID: HEADER

      Property Name: sendUncompressed

      Required value: Y

      Property ID: HTTP PROPERTY

      Property Name: Method

      Required value: POST

      Property ID: HEADER

      Property Name: Location

      Required value: Enter the value of the IT resource name as configured for the target system.

      Sample value: PSFT User

      Property ID: PRIMARYURL

      Property Name: URL

      Required value: Enter the URL of the PeopleSoft listener that is configured to receive XML messages. This URL must be in the following format:

      http://HOSTNAME_of_OIM_SERVER or IPADDRESS:PORT/
      PeopleSoftOIMListener
      

      The URL depends on the application server that you are using. For an environment on which SSL is not enabled, the URL must be in the following format:

      For IBM WebSphere Application Server:

      http://10.121.16.42:9080/PeopleSoftOIMListener
      

      For JBoss Application Server:

      http://10.121.16.42:8080/PeopleSoftOIMListener
      

      For Oracle WebLogic Server:

      http://10.121.16.42:7001/PeopleSoftOIMListener
      

      For Oracle Application Server:

      http://10.121.16.42:7200/PeopleSoftOIMListener/
      

      For an environment on which SSL is enabled, the URL must be in the following format:

      https://COMMON_NAME:PORT/PeopleSoftOIMListener
      

      For IBM WebSphere Application Server:

      https://example088196:9443/PeopleSoftOIMListener
      

      For JBoss Application Server:

      https://example088196:8443/PeopleSoftOIMListener
      

      For Oracle WebLogic Server:

      https://example088196:7002/PeopleSoftOIMListener
      

      For Oracle Application Server

      https://example088916:7200/PeopleSoftOIMListener/
      
    8. Click Save to save the changes.

    9. Click Ping Node to check whether a connection is established with the specified IP address. Ping Node will fail if the IT resource is not specified correctly.

    Note:

    You might encounter the following error when you send a message from PeopleSoft Integration Broker over HTTP PeopleTools 8.50 target system:

    HttpTargetConnector:PSHttpFactory init or setCertificate failed

    This happens because the Integration Broker Gateway Web server tries to access the keystore even if SSL is not enabled using the parameters defined in the integrationgateway.properties file as follows:

    secureFileKeystorePath=<path to pskey>

    secureFileKeystorePasswd=password

    If either the <path to pskey> or the password (unencrypted) is incorrect, you will receive the preceding error message. Perform the following steps to resolve the error:

    1. Verify if secureFileKeystorePath in the integrationgateway.properties file is correct.

    2. Verify if secureFileKeystorePasswd in the integrationgateway.properties file is correct.

    3. Access the pskeymanager to check the accuracy of the path and the password. You can access pskeymanager from the following location:

      <PIA_HOME>\webserv\peoplesoft\bin

    Usually, a new PeopleTools 8.50 instance throws the preceding error when you message over the HTTP target connector. The reason is that the default password is not in the encrypted format in the integrationgateway.properties file.

2.2.3.3.3 Setting the CopyRowsetDelta Option

Before configuring the service operations for PeopleTools 8.50, ensure that the following setting is enabled:

  1. In PeopleSoft Internet Architecture, expand PeopleTools, Security, Security Objects, and then click Security PeopleCode Options.
  2. Select CopyRowsetDelta check box.
2.2.3.3.4 Configuring the USER_PROFILE Service Operation

The USER_PROFILE message contains information about user accounts that are created or modified.

Note:

The screenshots are taken on PeopleTools 8.49 version. They may vary for other versions of PeopleTools.

To configure the USER_PROFILE service operation:

  1. In the PeopleSoft Internet Architecture window:

    • For PeopleTools 8.54 and earlier releases, expand PeopleTools, Integration Broker, Integration Setup, and then click Service Operations.

    • For PeopleTools 8.55 and 8.56, click NavBar, Navigator, PeopleTools, Integration Broker, Integration Setup, and then click Service Operations.

  2. Search for and open the USER_PROFILE service operation.

  3. On the Routing tab, enter USER_PROFILE_HR_TO_OIM as the routing name and then click Add.

  4. On the Routing Definition tab, enter the following:

    Sender Node: PSFT_HR

    Note:

    The sender node is the default active local node. To locate the sender node:

    1. Click the Look up icon.

    2. Click Default to sort the results in descending order.

      The default active local node should meet the following criteria:

      Local Node: 1

      Default Local Node: Y

      Node Type: PIA

      Only one node can meet all the above conditions at a time.

    3. Select the node.

    4. Click Save.

    Receiver Node: OIM_NODE

  5. Click Save.

  6. Click Return to go back to the Routings tab of the Service Operation and verify whether your routing is active.

2.2.3.3.5 Activating the DELETE_USER_PROFILE Service Operation

To activate the DELETE_USER_PROFILE service operation:

Note:

  • If the message version is not the same as specified, then you can change the message version as described in Changing Default Message Versions.

  • The screenshots are taken on PeopleTools 8.49 version. They may vary for other versions of PeopleTools.

  1. In PeopleSoft Internet Architecture, expand PeopleTools, Integration Broker, Integration Setup, and then click Service Operations.
  2. On the Find Service Operation tab, enter DELETE_USER_PROFILE in the Service field, and then click Search.
  3. Click the DELETE_USER_PROFILE link.
  4. In the Default Service Operation Version region, click Active.
  5. Click Save.
2.2.3.3.6 Verifying the Queue Status for the DELETE_USER_PROFILE Service Operation

To ensure that the status of the queue for the DELETE_USER_PROFILE service operation is Run:

  1. In the PeopleSoft Internet Architecture window:

    • For PeopleTools 8.54 and earlier releases, expand PeopleTools, Integration Broker, Integration Setup, and then click Queues.

    • For PeopleTools 8.55 and 8.56, click NavBar, Navigator, PeopleTools, Integration Broker, Integration Setup, and then click Queues.

  2. Search for the DELETE_USER_PROFILE queue.

  3. In the Queue Status List, ensure that Run is selected.

    Note:

    If the queue status is not Run:

    1. From the Queue Status list, select Run.

    2. Click Save.

  4. Click Return to Search.

2.2.3.3.7 Setting Up the Security for the DELETE_USER_PROFILE Service Operation

To set up the security for the DELETE_USER_PROFILE service operation:

  1. In the PeopleSoft Internet Architecture window:

    • For PeopleTools 8.54 and earlier releases, expand PeopleTools, Integration Broker, Integration Setup, and then click Service Operations.

    • For PeopleTools 8.55 and 8.56, click NavBar, Navigator, PeopleTools, Integration Broker, Integration Setup, and then click Service Operations.

  2. Search for and open the DELETE_USER_PROFILE service operation.

  3. On the General tab, click the Service Operation Security link.

  4. Attach the permission list OIMUM, created as a part of the preinstalltion, in Step 3, (See Creating a Permission List) to the USER_PROFILE service operation.

    To attach the permission list:

    Note:

    This procedure describes how to grant access to the OIMUM permission list. The OIMUM permission list is used as an example. However, to implement this procedure, you must use the permission list (attached through a role) to the user profile of the actual user who maintains the user profile information.

    1. Click the plus sign (+) to add a row for the Permission List field.

    2. In the Permission List field, enter OIM and then click the Look up Permission List icon.

      The OIMUM permission list appears.

    3. From the Access list, select Full Access.

    4. Click Save.

    5. Click Return to Search.

2.2.3.3.8 Defining the Routing for the DELETE_USER_PROFILE Service Operation

To define the routing for the DELETE_USER_PROFILE service operation:

  1. On the Routing tab, enter DELETE_USER_PROFILE_HR_TO_OIM as the routing name and then click Add. The following screenshot displays the routing information:

    On the Routing tab, enter the routing name
  2. On the Routing Definition tab, enter the following:

    Sender Node: PSFT_HR

    Note:

    The sender node is the default active local node. To locate the sender node:

    1. Click the Look up icon.

    2. Click Default to sort the results in descending order.

      The default active local node should meet the following criteria:

      Local Node: 1

      Default Local Node: Y

      Node Type: PIA

      Only one node can meet all the above conditions at a time.

    3. Select the node.

    4. Click Save.

    Receiver Node: OIM_NODE

    The following screenshot displays the Sender and Receiver nodes:

    Sender and Receiver nodes
  3. Click Save.

  4. Click Return to go back to the Routings tab of the Service Operation, and verify whether your routing is active.

2.2.3.3.9 Preventing Transmission of Unwanted Fields During Incremental Reconciliation

By default, Peoplesoft messages contain fields that are not needed in Oracle Identity Manager. If there is a strong use case that these fields should not be published to Oracle Identity Manager, then do the following:

Locate if there are any local-to-local or local-to-third party PeopleSoft active routings for the service operations using the message under study.

2.2.3.3.10 Removing Unwanted Fields at Message Level

To remove unwanted fields at the message level:

  1. Expand PeopleTools, Integration Broker, Integration Setup, and then click Messages.
  2. Search for and open the desired message, for example, DELETE_USER_PROFILE.VERSION_1 used for incremental reconciliation.
  3. Expand the message.
    expand message
  4. Navigate to the field that you do not want to transmit to Oracle Identity Manager, for example, USRPROF_PRG_STAT.
    transmit field
  5. Click the field and clear the Include check box.
    Include check box
  6. Click OK, return and save the message.

2.2.3.4 Configuring the Target System for Provisioning

To configure the target system for provisioning, you are required to perform the following procedure for adding FIND Method Support to the USER_PROFILE Component Interface:

The default USER_PROFILE component interface does not support the FIND method. However, the PeopleSoft User Management connector requires the FIND method in order to support account iteration and list.

To add FIND method support to an existing USER_PROFILE component interface, follow these steps:

  1. Load the USER_PROFILE component interface in the PeopleSoft Application Designer.
  2. On the left window (which shows the USERMAINT Component), select the OPRID field under the PSOPRDEFN_SRCH object.

    Drag this field over to the right window (which shows the USER_PROFILE component interface).

    When you drop the field, a new key called FINDKEYS will be created in the USER_PROFILE component interface. Under that key, there will be a sub-key called OPRID.

  3. Right-click on the OPRID name under FINDKEYS, and select Edit Name. Change the name to UserID.
  4. Right click on USER_PROFILE component interface and select Component Interface Properties. Select the Standard Methods tab, then select the Find checkbox. Click OK to close the Component Interface Properties dialog.
  5. Save your changes to the USER_PROFILE component interface.

The Find method is now visible under the METHODS field for the component interface. To verify the functionality of the new FIND method, right-click on the component interface and select Test Component Interface.

Note:

A PeopleSoft administrator should grant Full Access to the FIND method for the component interface (in addition to the Create, Get, Save, and SetPassword methods).

See Connector Component Interfaces for the PeopleSoft User Management for information about component interface map definitions.

2.2.3.5 Configuring Oracle Identity Manager Server as a Non-Proxy Host on PeopleSoft Server

To configure Oracle Identity Manager server as a non-proxy host on PeopleSoft server:

  1. Update PT_HOME/webserv/INSTANCE_NAME/bin/setEnv.sh file with OIM server value for the following parameter:
    HTTP_PROXY_NONPROXY_HOSTS=OIM_SERVER_HOST_NAME
    
  2. Update integrationGateway.properties, for example, /slot/ems1725/appmgr/pt850/webserv/h91c306/applications/peoplesoft/PSIGW.war/WEB-INF file with the following parameter:
    ig.nonProxyHosts=OIM_SERVER_HOST_NAME
    

2.3 Postinstallation

Postinstallation information is divided across the following sections:

2.3.1 Configuring Oracle Identity Manager

Postinstallation on Oracle Identity Manager consists of the following procedures:

Note:

In an Oracle Identity Manager cluster, you must perform this step on each node of the cluster.

2.3.1.1 Configuring Oracle Identity Manager 11.1.2 or Later

If you are using Oracle Identity Manager release 11.1.2 or later, you must create additional metadata such as a UI form and an application instance. In addition, you must run entitlement and catalog synchronization jobs. These procedures are described in the following sections:

2.3.1.1.1 Creating and Activating a Sandbox

Create and activate a sandbox as follows. For detailed instructions, see Managing Sandboxes in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager.

  1. On the upper navigation bar, click Sandboxes. The Manage Sandboxes page is displayed.
  2. On the toolbar, click Create Sandbox. The Create Sandbox dialog box is displayed.
  3. In the Sandbox Name field, enter a name for the sandbox. This is a mandatory field.
  4. In the Sandbox Description field, enter a description of the sandbox. This is an optional field.
  5. Click Save and Close. A message is displayed with the sandbox name and creation label.
  6. Click OK. The sandbox is displayed in the Available Sandboxes section of the Manage Sandboxes page.
  7. Select the sandbox that you created.
  8. From the table showing the available sandboxes in the Manage Sandboxes page, select the newly created sandbox that you want to activate.
  9. On the toolbar, click Activate Sandbox.

    The sandbox is activated.

2.3.1.1.2 Creating a New UI Form

Create a new UI form as follows. For detailed instructions, see Managing Forms in Oracle Fusion Middleware Administering Oracle Identity Manager.

  1. In the left pane, under Configuration, click Form Designer.
  2. Under Search Results, click Create.
  3. Select the resource type for which you want to create the form, for example, Peoplesoft User.
  4. Enter a form name and click Create.
2.3.1.1.3 Creating an Application Instance

Create an application instance as follows. For detailed instructions, see Managing Application Instances in Oracle Fusion Middleware Administering Oracle Identity Manager.

  1. In the System Administration page, under Configuration in the left pane, click Application Instances.
  2. Under Search Results, click Create.
  3. Enter appropriate values for the fields displayed on the Attributes form and click Save.
  4. In the Form drop-down list, select the newly created form and click Apply.
  5. Publish the application instance for a particular organization.
2.3.1.1.4 Publishing a Sandbox

To publish the sandbox that you created in Creating and Activating a Sandbox:

  1. Close all the open tabs and pages.
  2. From the table showing the available sandboxes in the Manage Sandboxes page, select the sandbox that you created in Creating and Activating a Sandbox.
  3. On the toolbar, click Publish Sandbox. A message is displayed asking for confirmation.
  4. Click Yes to confirm. The sandbox is published and the customizations it contained are merged with the main line.
2.3.1.1.5 Harvesting Entitlements and Sync Catalog

To harvest entitlements and sync catalog:

  1. Run the scheduled jobs for lookup field synchronization listed in Configuring the Scheduled Jobs for Lookup Field Synchronization.
  2. Run the Entitlement List scheduled job to populate Entitlement Assignment schema from child process form table. See Predefined Scheduled Tasks in Oracle Fusion Middleware Administering Oracle Identity Manager for more information about this scheduled job.
  3. Run the Catalog Synchronization Job scheduled job. See Predefined Scheduled Tasks in Oracle Fusion Middleware Administering Oracle Identity Manager for more information about this scheduled job.
2.3.1.1.6 Updating an Existing Application Instance with a New Form

For any changes you do in the Form Designer, you must create a new UI form and update the changes in an application instance. To update an existing application instance with a new form:

  1. Create a sandbox and activate it as described in Creating and Activating a Sandbox.
  2. Create a new UI form for the resource as described in Creating a New UI Form.
  3. Open the existing application instance.
  4. In the Form field, select the new UI form that you created.
  5. Save the application instance.
  6. Publish the sandbox as described in Publishing a Sandbox.

2.3.1.2 Enabling the Reset Password Option in Oracle Identity Manager 11.1.2.1.0 or Later

In Oracle Identity Manager release 11.1.2.1.0 or later, you can reset password for an account after logging in as the user by navigating to My Access, Accounts tab.

The Reset Password option is enabled for only those accounts that follow the UD_FORMNAME_PASSWORD naming convention for the password field. Otherwise, this option would be disabled as shown in the following sample screenshot:

Reset Password option

Note:

In Oracle Identity Manager 11.1.2 prior to release 11.1.2.1.0, if you want to change the password of a PeopleSoft User Management account under My Information, the account is not available for selection in the drop-down list of accounts. See bug 14697905 in Known Issues and Workarounds for more information about this known issue.

To enable the Reset Password option in Oracle Identity Manager release 11.1.2.1.0 or later:

  1. Log in to Oracle Identity System Design console.
  2. Under Development Tools, click Form Designer.
  3. Enter UD_PSFT_BAS in the Table Name field and click the Query for records button.
  4. Click Create New Version.
  5. In the Create a New Version dialog box, specify the version name in the Label field, save the changes, and then close the dialog box.
  6. From the Current Version list, select the newly created version.
  7. Click the Properties tab.
  8. Select the password field, and click Add Property.
  9. From the Property Name list, select AccountPassword.
  10. In the Property Value field, enter true.
  11. Click Save.

    The password field is tagged with the AccountPassword = true property as shown in the following screenshot:

    Password Properties
  12. Click Make Version Active.
  13. Update the application instance with the new form as described in Updating an Existing Application Instance with a New Form.

2.3.1.3 Clearing Content Related to Connector Resource Bundles from the Server Cache

Note:

In an Oracle Identity Manager cluster, you must perform this step on each node of the cluster. Then, restart each node.

When you deploy the connector, the resource bundles are copied from the resources directory on the installation media into the Oracle Identity Manager database. Whenever you add a new resource bundle to the connectorResources directory or make a change in an existing resource bundle, you must clear content related to connector resource bundles from the server cache.

To clear content related to connector resource bundles from the server cache:

  1. In a command window, switch to the OIM_HOME/server/bin directory.

    Note:

    You must perform Step 1 before you perform Step 2. An exception is thrown if you run the command described in Step 2 as follows:

    OIM_HOME/server/bin/SCRIPT_FILE_NAME
    
  2. Enter one of the following commands:

    Note:

    You can use the PurgeCache utility to purge the cache for any content category. Run PurgeCache.bat CATEGORY_NAME on Microsoft Windows or PurgeCache.sh CATEGORY_NAME on UNIX. The CATEGORY_NAME argument represents the name of the content category that must be purged.

    For example, the following commands purge Metadata entries from the server cache:

    PurgeCache.bat MetaData

    PurgeCache.sh MetaData

    On Microsoft Windows: PurgeCache.bat All

    On UNIX: PurgeCache.sh All

    When prompted, enter the user name and password of an account belonging to the SYSTEM ADMINISTRATORS group. In addition, you are prompted to enter the service URL in the following format:

    t3://OIM_HOST_NAME:OIM_PORT_NUMBER
    

    In this format:

    • Replace OIM_HOST_NAME with the host name or IP address of the Oracle Identity Manager host computer.

    • Replace OIM_PORT_NUMBER with the port on which Oracle Identity Manager is listening.

      Sample value: t3://localhost:8003

2.3.1.4 Enabling Logging

Oracle Identity Manager uses Oracle Java Diagnostic Logging (OJDL) for logging. OJDL is based on java.util.logger.

This section contains the following topics:

2.3.1.4.1 Log Levels and ODL Message Types

To specify the type of event for which you want logging to take place, you can set the log level to one of the following:

Note:

In an Oracle Identity Manager cluster, perform this procedure on each node of the cluster. Then, restart each node.

  • SEVERE.intValue()+100

    This level enables logging of information about fatal errors.

  • SEVERE

    This level enables logging of information about errors that may allow Oracle Identity Manager to continue running.

  • WARNING

    This level enables logging of information about potentially harmful situations.

  • INFO

    This level enables logging of messages that highlight the progress of the application.

  • CONFIG

    This level enables logging of information about fine-grained events that are useful for debugging.

  • FINE, FINER, FINEST

    These levels enable logging of information about fine-grained events, where FINEST logs information about all events.

These message types are mapped to ODL message type and level combinations as shown in Table 2-4.

Table 2-4 Log Levels and ODL Message Type:Level Combinations

Java Level ODL Message Type:Level

SEVERE.intValue()+100

INCIDENT_ERROR:1

SEVERE

ERROR:1

WARNING

WARNING:1

INFO

NOTIFICATION:1

CONFIG

NOTIFICATION:16

FINE

TRACE:1

FINER

TRACE:16

FINEST

TRACE:32

The configuration file for OJDL is logging.xml, which is located at the following path:

DOMAIN_HOME/config/fmwconfig/servers/OIM_SERVER/logging.xml

Here, DOMAIN_HOME and OIM_SEVER are the domain name and server name specified during the installation of Oracle Identity Manager.

2.3.1.4.2 Logger Names

You can specify the following logger names for logging of information:

  • Logger name for Identity Connector Framework (ICF) integration: ORACLE.IAM.CONNECTORS.ICFCOMMON

  • Logger name for ICF connectors: ORG.IDENTITYCONNECTORS

  • Logger name for PeopleSoft operations: ORACLE.IAM.CONNECTORS.PSFT

There are separate loggers for the PeopleSoft operations and the connector operations. The logger for the PeopleSoft operations uses Java-based logging and the logger name is ORACLE.IAM.CONNECTORS.PSFT. The logger for the connector operations uses org.identityconnectors.common.logging.Log and the logger name is ORG.IDENTITYCONNECTORS.PEOPLESOFT.

The logger name for the connector operations must include the package name of the connector for which you want to enable logging. For example, ORG.IDENTITYCONNECTORS, ORG.IDENTITYCONNECTORS.PEOPLESOFT,and ORG.IDENTITYCONNECTORS.PEOPLESOFT.COMPINTFC are valid logger names.

2.3.1.4.3 Enabling Logging in Oracle WebLogic Server

To enable logging in Oracle WebLogic Server:

  1. Edit the logging.xml file as follows:

    1. Add the following blocks in the file:

      <log_handler name='psft-um-handler' level='[LOG_LEVEL]' class='oracle.core.ojdl.logging.ODLHandlerFactory'>
      <property name='logreader:' value='off'/>
           <property name='path' value='[FILE_NAME]'/>
           <property name='format' value='ODL-Text'/>
           <property name='useThreadName' value='true'/>
           <property name='locale' value='en'/>
           <property name='maxFileSize' value='5242880'/>
           <property name='maxLogSize' value='52428800'/>
           <property name='encoding' value='UTF-8'/>
         </log_handler>
      
      <logger name="ORG.IDENTITYCONNECTORS.PEOPLESOFT.COMPINTFC" level="[LOG_LEVEL]" useParentHandlers="false">
           <handler name="psft-um-handler"/>
           <handler name="console-handler"/>
         </logger>
      
      <logger name="ORACLE.IAM.CONNECTORS.PSFT" level="[LOG_LEVEL]" useParentHandlers="false">
      <handler name="psft-um-handler"/>
      <handler name="console-handler"/>
      </logger>
      
    2. Replace all occurrences of [LOG_LEVEL] with the ODL message type and level combination that you require. Table 2-4 lists the supported message type and level combinations.

      Similarly, replace [FILE_NAME] with the full path and name of the log file in which you want log messages to be recorded.

      The following blocks show sample values for [LOG_LEVEL] and [FILE_NAME]:

      <log_handler name='psft-um-handler' level='NOTIFICATION:1' class='oracle.core.ojdl.logging.ODLHandlerFactory'>
      <property name='logreader:' value='off'/>
           <property name='path' value='F:\MyMachine\middleware\user_projects\domains\base_domain1\servers\oim_server1\logs\oim_server1-diagnostic-1.log'/>
           <property name='format' value='ODL-Text'/>
           <property name='useThreadName' value='true'/>
           <property name='locale' value='en'/>
           <property name='maxFileSize' value='5242880'/>
           <property name='maxLogSize' value='52428800'/>
           <property name='encoding' value='UTF-8'/>
         </log_handler>
      
      <logger name="ORG.IDENTITYCONNECTORS.PEOPLESOFT.COMPINTFC" level="NOTIFICATION:1" useParentHandlers="false">
           <handler name="psft-um-handler"/>
           <handler name="console-handler"/>
         </logger>
      
      <logger name="ORACLE.IAM.CONNECTORS.PSFT" level="NOTIFICATION:1" useParentHandlers="false">
      <handler name="psft-um-handler"/>
      <handler name="console-handler"/>
      </logger>
      

      With these sample values, when you use Oracle Identity Manager, all messages generated for this connector that are of a log level equal to or higher than the NOTIFICATION:1 level are recorded in the specified file.

    Note:

    The logging level for console-handler must be as fine as the level set in the loggers.For example, if the NOTIFICATION:1 level is specified in the ORACLE.IAM.CONNECTORS.PSFT logger, and the console-handler has ERROR:1 level, then only logs at ERROR:1 or coarser levels would be available.

  2. Save and close the file.

  3. Set the following environment variable to redirect the server logs to a file:

    • For Microsoft Windows:

      set WLS_REDIRECT_LOG=FILENAME
      
    • For UNIX:

      export WLS_REDIRECT_LOG=FILENAME
      

    Replace FILENAME with the location and name of the file to which you want to redirect the output.

  4. Restart the application server.

2.3.1.5 Setting Up the Lookup Definitions for Exclusion Lists

In the Lookup.PSFT.UM.Prov.ExclusionList and Lookup.PSFT.UM.Recon.ExclusionList lookup definitions, enter the user IDs of target system accounts for which you do not want to perform provisioning and reconciliation operations, respectively. See Lookup Definitions for Exclusion Lists for information about the format of the entries in these lookups.

To add entries in the lookup for exclusions during provisioning operations:

Note:

To specify user IDs to be excluded during reconciliation operations, add entries in the Lookup.PSFT.UM.Recon.ExclusionList lookup.

  1. On the Design Console, expand Administration and then double-click Lookup Definition.
  2. Search for and open the Lookup.PSFT.UM.Prov.ExclusionList lookup definition.
  3. Click Add.
  4. In the Code Key and Decode columns, enter the first user ID to exclude.

    Note:

    The Code Key represents the resource object field name on which the exclusion list is applied during provisioning operations.

  5. Repeat Steps 3 and 4 for the remaining user IDs to exclude.

    For example, if you do not want to provision users with user IDs User001, User002, and User088 then you must populate the lookup definition with the following values:

    Code Key Decode

    User ID

    User001

    User ID

    User002

    User ID

    User088

    You can also perform pattern matching to exclude user accounts. You can specify regular expressions supported by the representation in the java.util.regex.Pattern class.

    See Also:

    For information about the supported patterns, visit http://download.oracle.com/javase/6/docs/api/java/util/regex/Pattern.html

    For example, if you do not want to provision users matching any of the user IDs User001, User002, and User088, then you must populate the lookup definition with the following values:

    Code Key Decode

    User ID[PATTERN]

    User001|User002|User088

    If you do not want to provision users whose user IDs start with 00012, then you must populate the lookup definition with the following values:

    Code Key Decode

    User ID[PATTERN]

    00012*

  6. Click the save icon.

2.3.1.6 Setting Up the Lookup.PSFT.UM.UserProfile.UserStatus Lookup Definition

The lookup provides the mapping between the ACCTLOCK node in the USER_PROFILE message XML and the status to be shown on Oracle Identity Manager for the employee. See Lookup.PSFT.UM.UserProfile.UserStatus for more information about this lookup definition.

You can change the Decode value in this lookup definition for the Code Key value to modify the status of the provisioned resource. For example, you can change the Decode value from Enabled to Provisioned for the Code Key value, 0 defined in this lookup definition. This enables you to modify the status of the provisioned resource from enabled to provisioned.

To modify or set the Decode value in this lookup definition:

  1. On the Design Console, expand Administration and then double-click Lookup Definition.
  2. Search for and open the Lookup.PSFT.UM.UserProfile.UserStatus lookup definition.
  3. Click Add.
  4. In the Decode column for the Code Key, enter the following value.

    Code Key: 0

    Decode: Provisioned

  5. Click the Save icon.

2.3.1.7 Setting Up the Lookup.PSFT.UM.DeleteUserProfile.AttributeMapping Lookup Definition for PeopleTools 8.52

The Lookup.PSFT.UM.DeleteUserProfile.AttributeMapping lookup definition maps OIM User attributes with the attributes defined in the DELETE_PROFILE message XML. See Lookup.PSFT.UM.DeleteUserProfile.AttributeMapping for more information about this lookup definition.

By default, the this lookup definition has the following entries:

Code Key Decode

User ID

OPRID~PRG_USR_PROFILE~None~None~PRIMARY

If you are using PeopleTools 8.52, modify the Decode value in this lookup definition as follows:

  1. On the Design Console, expand Administration and then double-click Lookup Definition.
  2. Search for and open the Lookup.PSFT.UM.DeleteUserProfile.AttributeMapping lookup definition.
  3. In the Decode column for the User ID Code Key, enter the following value.

    EMPLID~PER_ORG_ASGN~None~None~PRIMARY

  4. Click the Save icon.

2.3.1.8 Setting Up the Lookup.PSFT.Configuration Lookup Definition

You can configure the message names, such as USER_PROFILE and DELETE_USER_PROFILE, defined in the Lookup.PSFT.Configuration lookup definition.

This section contains the following topics:

2.3.1.8.1 About Setting Up the Lookup.PSFT.Configuration Lookup Definition

Every standard PeopleSoft message has a message-specific configuration defined in the Lookup.PSFT.Configuration lookup definition. See Lookup.PSFT.Configuration for more information about this lookup definition.

For example, the mapping for the USER_PROFILE message in this lookup definition is defined as follows:

Code Key: USER_PROFILE.VERSION_84

Decode: Lookup.PSFT.Message.UserProfile.Configuration

You can configure the message names, such as USER_PROFILE and DELETE_USER_PROFILE, defined in this lookup definition.

You must map the xmlMapping lookup with the path to the PeopleSoft Component Interface map definition file, PeopleSoftComponentInterfaces.xml. By default, the PeopleSoftComponentInterfaces.xml file is located in the xml directory of the connector package.

Consider a scenario in which the target system sends the USER_PROFILE.VERSION_3 message. You must change the Code Key value in this lookup definition to implement the message sent by the target system.

2.3.1.8.2 Setting the Code Key Value

To modify or set the Code Key value:

  1. On the Design Console, expand Administration and then double-click Lookup Definition.
  2. Search for and open the Lookup.PSFT.Configuration lookup definition.
  3. Click Add.
  4. In the Code Key column, enter the name of the message you want to modify. In this scenario, define the mapping as follows:

    Code Key: USER_PROFILE.VERSION_3

    Decode: Lookup.PSFT.Message.UserProfile.Configuration

  5. Repeat Steps 3 and 4 to rename the DELETE_USER_PROFILE message name.
  6. Click the Save icon.

2.3.1.9 Setting up the Lookup.PSFT.Configuration Lookup Definition for Connection Pooling

By default, this connector uses the Identity Connector Framework (ICF) connection pooling.

This section contains the following topics:

2.3.1.9.1 Connection Pooling Properties

Table 2-5 lists the connection pooling properties, their description, and default values set in ICF.

Table 2-5 Connection Pooling Properties

Property Description

Pool Max Idle

Maximum number of idle objects in a pool.

Default value: 10

Pool Max Size

Maximum number of connections that the pool can create.

Default value: 10

Pool Max Wait

Maximum time, in milliseconds, the pool must wait for a free object to make itself available to be consumed for an operation.

Default value: 150000

Pool Min Evict Idle Time

Minimum time, in milliseconds, the connector must wait before evicting an idle object.

Default value: 120000

Pool Min Idle

Minimum number of idle objects in a pool.

Default value: 1

2.3.1.9.2 Modifying the Connection Pooling Properties

If you want to modify the connection pooling properties to use values that suit requirements in your environment, then:

  1. Log in to the Design Console.
  2. Expand Administration, and then double-click Lookup Definition.
  3. Search for and open the Lookup.PSFT.Configuration lookup definition.
  4. On the Lookup Code Information tab, click Add.

    A new row is added.

  5. In the Code Key column of the new row, enter Pool Max Idle.
  6. In the Decode column of the new row, enter a value corresponding to the Pool Max Idle property.
  7. Repeat Steps 4 through 6 for adding each of the connection pooling properties listed in Table 2-5.
  8. Click the Save icon.

2.3.1.10 Enabling Request-Based Provisioning

Note:

This procedure is only applicable to Oracle Identity Manager releases prior to release 11.1.2. Do not enable request-based provisioning if you want to use the direct provisioning feature of the connector.

In request-based provisioning, an end user creates a request for a resource by using the Administrative and User Console. Administrators or other users can also create requests for a particular user. Requests for a particular resource on the resource can be viewed and approved by approvers designated in Oracle Identity Manager.

The following are features of request-based provisioning:

  • A user can be provisioned only one resource (account) on the target system.

  • Direct provisioning cannot be used if you enable request-based provisioning.

To enable request-based provisioning, perform the following procedures:

2.3.1.10.1 Copying Predefined Request Datasets

A request dataset is an XML file that specifies the information to be submitted by the requester during a provisioning operation. Predefined request datasets are shipped with this connector. These request datasets specify information about the default set of attributes for which the requester must submit information during a request-based provisioning operation.

The following is the list of predefined request datasets available in the dataset directory on the installation media:

  • ModifyProvisionedResource_PeoplesoftUser.xml

  • ProvisionResource_PeoplesoftUser.xml

Copy the files from the dataset directory on the installation media to the OIM_HOME/DataSet/file directory.

Depending on your requirement, you can modify the file names of the request datasets. In addition, you can modify the information in the request datasets. See Validating Request Data in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for information about modifying request datasets.

2.3.1.10.2 Importing Request Datasets into MDS

Note:

In an Oracle Identity Manager cluster, perform this procedure on any node of the cluster.

All request datasets (predefined or generated) must be imported into the metadata store (MDS), which can be done by using the Oracle Identity Manager MDS Import utility.

To import a request dataset definition into the MDS:

  1. Ensure that you have set the environment variables for running the MDS Import utility. In the weblogic.properties file, set values for the wls_servername, application_name, and metadata_from_loc properties. See Migrating User Modifiable Metadata Files in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for detailed information about setting up the environment for MDS utilities.
  2. In a command window, change to the OIM_HOME/server/bin directory.
  3. Run one of the following commands:
    • On Microsoft Windows:

      weblogicImportMetadata.bat
      
    • On UNIX:

      weblogicImportMetadata.sh
      
  4. When prompted, enter values for the following:
    • Please enter your username [weblogic]

      Enter the username used to log in to the Oracle WebLogic Server

      Sample value: WL_User

    • Please enter your password [weblogic]

      Enter the password used to log in to the WebLogic server

    • Please enter your server URL [t3://localhost:7001]

      Enter the URL of the application server in the following format:

      t3://HOST_NAME_IP_ADDRESS:PORT

      In this format, replace:

      • HOST_NAME_IP_ADDRESS with the host name or IP address of the computer on which Oracle Identity Manager is installed.

      • PORT with the port on which Oracle Identity Manager is listening.

    The request dataset is imported into MDS.

2.3.1.10.3 Enabling the Auto Save Form Feature

To enable the Auto Save Form feature:

  1. Log in to the Design Console.
  2. Expand Process Management, and then double-click Process Definition.
  3. Search for and open the Peoplesoft User Management process definition.
  4. Select the Auto Save Form check box.
  5. Click the Save icon.
2.3.1.10.4 Running the PurgeCache Utility

Run the PurgeCache utility to clear content belonging to the Metadata category from the server cache. See Clearing Content Related to Connector Resource Bundles from the Server Cache for instructions.

The procedure to enable enabling request-based provisioning ends with this step.

2.3.1.11 Localizing Field Labels in UI Forms

Note:

Perform the procedure described in this section only if you are using Oracle Identity Manager release 11.1.2.x or later and you want to localize UI form field labels.

To localize field label that is added to the UI forms:

  1. Log in to Oracle Enterprise Manager.

  2. In the left pane, expand Application Deployments and then select oracle.iam.console.identity.sysadmin.ear.

  3. In the right pane, from the Application Deployment list, select MDS Configuration.

  4. On the MDS Configuration page, click Export and save the archive to the local computer.

  5. Extract the contents of the archive, and open one of the following files in a text editor:

    • For Oracle Identity Manager 11g Release 2 PS2 (11.1.2.2.0) and later:

      SAVED_LOCATION\xliffBundles\oracle\iam\ui\runtime\BizEditorBundle_en.xlf

    • For releases prior to Oracle Identity Manager 11g Release 2 PS2 (11.1.2.2.0):

      SAVED_LOCATION\xliffBundles\oracle\iam\ui\runtime\BizEditorBundle.xlf

  6. Edit the BizEditorBundle.xlf file in the following manner:

    1. Search for the following text:

      <file source-language="en"  
      original="/xliffBundles/oracle/iam/ui/runtime/BizEditorBundle.xlf"
      datatype="x-oracle-adf">
      
    2. Replace with the following text:

      <file source-language="en" target-language="LANG_CODE"
      original="/xliffBundles/oracle/iam/ui/runtime/BizEditorBundle.xlf"
      datatype="x-oracle-adf">
      

      In this text, replace LANG_CODE with the code of the language that you want to localize the form field labels. The following is a sample value for localizing the form field labels in French:

      <file source-language="en" target-language="fr"
      original="/xliffBundles/oracle/iam/ui/runtime/BizEditorBundle.xlf"
      datatype="x-oracle-adf">
      
    3. Search for the application instance code. This procedure shows a sample edit for PSFTUM application instance. The original code is:

      <trans-unit id="${adfBundle['oracle.adf.businesseditor.model.util.BaseRuntimeResourceBundle']['persdef.sessiondef.oracle.iam.ui.runtime.form.model.user.entity.userEO.UD_PSFT_BAS_LANGUAGE_CD__c_description']}">
      <source>Language Code</source>
      </target>
      </trans-unit>
      <trans-unit id="sessiondef.oracle.iam.ui.runtime.form.model.PSFTUM.entity.PSFTUMEO.UD_PSFT_BAS_LANGUAGE_CD__c_LABEL">
      <source>Language Code</source>
      </target>
      </trans-unit>
      
    4. Open the resource file from the connector package, for example PSFT-UM_fr.properties, and get the value of the attribute from the file, for example, global.udf.UD_PSFT_BAS_LANGUAGE_CD= Code de langue.

    5. Replace the original code shown in Step 6.c with the following:

      <trans-unit id="${adfBundle['oracle.adf.businesseditor.model.util.BaseRuntimeResourceBundle']['persdef.sessiondef.oracle.iam.ui.runtime.form.model.user.entity.userEO.UD_PSFT_BAS_LANGUAGE_CD__c_description']}">
      <source> Language Code</source>
      <target> Code de langue</target>
      </trans-unit>
      <trans-unit id="sessiondef.oracle.iam.ui.runtime.form.model.PSFTUM.entity.PSFTUMEO.UD_PSFT_BAS_LANGUAGE_CD__c_LABEL">
      <source> Language Code</source>
      <target> Code de langue</target>
      </trans-unit>
      
    6. Repeat Steps 6.a through 6.d for all attributes of the process form.

    7. Save the file as BizEditorBundle_LANG_CODE.xlf. In this file name, replace LANG_CODE with the code of the language to which you are localizing.

      Sample file name: BizEditorBundle_fr.xlf.

  7. Repackage the ZIP file and import it into MDS.

    See Also:

    Deploying and Undeploying Customizations in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager, for more information about exporting and importing metadata files

  8. Log out of and log in to Oracle Identity Manager.

2.3.2 Configuring SSL for Oracle Identity Manager

The following sections describe the procedure to configure SSL connectivity between Oracle Identity Manager and the target system:

2.3.2.1 Configuring SSL on IBM WebSphere Application Server

You can configure SSL connectivity on IBM WebSphere Application Server with either a self-signed certificate or a CA certificate. The following sections describe this:

2.3.2.1.1 Configuring SSL on IBM WebSphere Application Server with a Self-Signed Certificate

To configure SSL connectivity between Oracle Identity Manager on IBM WebSphere Application Server and the target system with a self-signed certificate, you must perform the following tasks:

  1. Log in to the WebSphere Integrated Solutions Console. The URL may be similar to the following:
    https://localhost:9043/ibm/console/logon.jsp
    
  2. Click Security, SSL certificate and key management, Related items, Key stores and certificates, NodeDefaultKeyStore, and then click Personal certificates.
  3. Click Create a self-signed certificate.
  4. In the Alias field, enter an alias name. You specify the alias name to identify the certificate request in the keystore.
  5. In the CN field, enter a value for common name. The common name must be the fully-qualified DNS host name or the name of the computer. The CN of the certificate must match the domain name or the name of the computer. For example, if the name of your domain is us.example.com, then the CN of the SSL certificate that you create for your domain must also be us.example.com.
  6. In the Organization field, enter an organization name.
  7. In the Organization unit field, specify the organization unit.
  8. In the Locality field, enter the locality.
  9. In the State or Province field, enter the state.
  10. In the Zip Code field, enter the zip code.
  11. From the Country or region list, select the country code.
  12. Click Apply and then Save.
  13. Click Security, SSL certificate and key management, Related items, Key stores and certificates, NodeDefaultKeyStore, and then click Personal certificates.
  14. Select the check box for the new alias name.
  15. Click Extract.
  16. Specify the absolute file path where you want to extract the certificate under the certificate file name, for example, C:\SSLCerts\sslcert.cer.
  17. Click Apply and then click OK.
2.3.2.1.2 Configuring SSL on IBM WebSphere Application Server with a CA Certificate

To configure SSL connectivity between Oracle Identity Manager on IBM WebSphere Application Server and the target system with a CA certificate, you must perform the following tasks:

  1. Log in to the WebSphere Integrated Solutions Console. The URL may be similar to the following:
    https://localhost:9043/ibm/console/logon.jsp
    
  2. Click Security, SSL certificate and key management, Related items, Key stores and certificates, NodeDefaultKeyStore.
  3. On the Additional Properties tab, click Personal certificate requests.
  4. Click New.
  5. In the File for certificate request field, enter the full path where the certificate request is to be stored, and a file name, for example, c:\servercertreq.arm (for a computer running on Microsoft Windows).
  6. In the Key label field, enter an alias name. You specify the alias name to identify the certificate request in the keystore.
  7. In the CN field, enter a value for common name. The common name must be the fully-qualified DNS host name or the name of the computer. The CN of the certificate must match the domain name of your community. For example, if the name of your domain is us.example.com, then the CN of the SSL certificate that you create for your community must also be us.example.com.
  8. In the Organization field, enter an organization name.
  9. In the Organization unit field, specify the organization unit.
  10. In the Locality field, enter the locality.
  11. In the State or Province field, enter the state.
  12. In the Zip Code field, enter the zip code.
  13. From the Country or region list, select the country code.
  14. Click Apply and then Save. The certificate request is created in the specified file location in the keystore. This request functions as a temporary placeholder for the signed certificate until you manually receive the certificate in the keystore.

    Note:

    Keystore tools such as iKeyman and keyTool cannot receive signed certificates that are generated by certificate requests from IBM WebSphere Application Server. Similarly, IBM WebSphere Application Server cannot accept certificates that are generated by certificate requests from other keystore utilities.

  15. Send the certification request arm file to a CA for signing.
  16. Create a backup of your keystore file. You must create this backup before receiving the CA-signed certificate into the keystore. The default password for the keystore is WebAS. The Integrated Solutions Console contains the path information for the location of the keystore. The path to the NodeDefaultKeyStore is listed in the Integrated Solutions Console as:
    was_profile_root\config\cells\cell_name\nodes\node_name\key.p12
    

    Now, you can receive the CA-signed certificate into the keystore to complete the process of generating a signed certificate for IBM WebSphere Application Server.

2.3.2.1.3 Receiving a Signed Certificate Issued By a CA

To receive a signed certificate issued by a CA, perform the following tasks:

  1. In the WebSphere Integrated Solutions Console, click Security, SSL certificate and key management, Related items, Key stores and certificates, NodeDefaultKeyStore, and then click Personal Certificates.
  2. Click Receive a certificate from a certificate authority.
  3. Enter the full path and name of the certificate file.
  4. Select the default data type from the list.
  5. Click Apply and then Save.

The keystore contains a new personal certificate that is issued by a CA. The SSL configuration is ready to use the new CA-signed personal certificate.

2.3.2.2 Configuring SSL on Oracle WebLogic Server

You can configure SSL connectivity on Oracle WebLogic Server with either a self-signed certificate or a CA certificate. The following sections describe the procedures:

2.3.2.2.1 Configuring SSL on Oracle WebLogic Server with a Signed Certificate

To configure SSL connectivity between Oracle Identity Manager on Oracle WebLogic Server and the target system with a self-signed certificate:

To generate the keystore:

  1. Generate the keystore. To do so:

    1. Run the following command:

      keytool -genkey -keystore ABSOLUTE_KEYSTORE_PATH -alias ALIAS_NAME -keyalg KEY_ALGORITHM -storepass KEYSTORE_PASSWORD -keypass PRIVATE_KEY_PASSWORD
      

      For example:

      keytool -genkey -keystore c:\temp\keys\keystore.jks -alias example088196 -keyalg RSA -storepass example1234 -keypass example1234
      

      Note:

      • The keystore password and the private key password must be the same.

      • Typically, the alias is the name or the IP address of the computer on which you are configuring SSL.

      • The alias used in the various commands of this procedure must be the same.

    2. When prompted, enter information about the certificate. This information is displayed to users attempting to access a secure page in the application. This is illustrated in the following example:

      keytool -genkey -keystore c:\temp\keys\keystore.jks -alias example088196    -keyalg RSA -storepass example1234 -keypass example1234
      What is your first and last name?
        [Unknown]: Must be the name or IP address of the computer
      What is the name of your organizational unit?
        [Unknown]:  example
      What is the name of your organization?
        [Unknown]:  example
      What is the name of your City or Locality?
        [Unknown]:  New York
      What is the name of your State or Province?
        [Unknown]:  New York
      What is the two-letter country code for this unit?
        [Unknown]:  US
      Is <CN=Name or IP address of the computer, OU=example, O=example, L=New York, ST=New York, C=US> correct?
        [no]:  yes
      

      When you enter yes in the last line of the preceding example, the keystore.jks file is created in the c:\temp\keys\directory.

    3. Export the keystore to a certificate file by running the following command:

      keytool -export -alias ALIAS_NAME -keystore ABSOLUTE_KEYSTORE_PATH -file CERTIFICATE_FILE_ABSOLUTE_PATH
      

      For example:

      keytool -export -alias example088196 -keystore c:\temp\keys\keystore.jks -file c:\temp\keys\keystore.cert
      
    4. When prompted for the private key password, enter the same password used for the keystore, for example, example1234.

    5. Import the keystore by running the following command:

      keytool -import -alias ALIAS_NAME -keystore NEW_KEYSTORE_ABSOLUTE_PATH -file CERTIFICATE_FILE_ABSOLUTE_PATH
      

      For example:

      keytool -import -alias example088196 -keystore c:\temp\keys\new.jks -file c:\temp\keys\keystore.cert
      

      When you run this command, it prompts for the keystore password, as shown in the following example:

      Enter keystore password:  example1234 [Enter]
      Trust this certificate? [no]:  yes [Enter]
      Certificate was added to keystore
      

      In this example, the instances when you can press Enter are shown in bold.

  2. After generating and importing the keystore, start Oracle WebLogic Server. To configure Oracle WebLogic Server, log in to the Oracle WebLogic Server console at http://localhost:7001/console and perform the following:

    1. Expand the servers node and select the oim server instance.

    2. Select the General tab.

    3. Select the SSL Listen Port Enabled option.

    4. Ensure that a valid port is specified in the SSL Listen Port field. The default port is 7002.

    5. Click Apply to save your changes.

  3. Click the Keystore & SSL tab, and then click Change.

  4. From the Keystores list, select Custom identity And Java Standard Trust, and then click Continue.

  5. Configure the keystore properties. To do so:

    1. In the Custom Identity Key Store File Name column, specify the full path of the keystore generated in Step 1 of this procedure, for example, c:\temp\keys\keystore.jks. In the Custom Identity Key Store Type column, specify the type of keystore, for example, JKS. In the Custom Identity Key Store Pass Phrase and Confirm Custom Identity Key Store Pass Phrase columns, specify the keystore password.

    2. Provide the Java standard trust keystore pass phrase and the Confirm Java standard trust keystore pass phrase. The default password is changeit.

    3. Click Continue.

  6. Specify the private key alias, pass phrase and the confirm pass phrase as the keystore password. Click Continue.

  7. Click Finish.

  8. Restart Oracle WebLogic Server. If the server starts successfully with the SSL configuration, then lines similar to the following are recorded in the startup log:

    <Apr 21, 2008 2:35:43 PM GMT+05:30> <Notice> <WebLogicServer> <BEA-000355> <Thread "ListenThread.Default" listening on port 7001, ip address *.*> 
    <Apr 21, 2008 2:35:43 PM GMT+05:30> <Notice> <WebLogicServer> <BEA-000355> <Thread "SSLListenThread.Default" listening on port 7002, ip address *.*>
    

    Note:

    The default SSL port for Oracle WebLogic Server is 7002.

2.3.2.2.2 Configuring SSL on Oracle WebLogic Server with a CA Certificate

To configure SSL connectivity between Oracle Identity Manager on Oracle WebLogic Server and the target system with a CA certificate:

Note:

Although this is an optional step in the deployment procedure, Oracle strongly recommends that you configure SSL communication between the target system and Oracle Identity Manager.

  1. The connector requires Certificate Services to be running on the host computer. To generate the keystore:

    1. Run the following command:

      keytool -genkey -keystore ABSOLUTE_KEYSTORE_PATH -alias ALIAS_NAME -keyalg KEY_ALGORITHM -storepass KEYSTORE_PASSWORD -keypass PRIVATE_KEY_PASSWORD
      

      For example:

      keytool -genkey -keystore c:\temp\keys\keystore.jks -alias example088196 -keyalg RSA -storepass example1234 -keypass example1234
      

      Note:

      • The keystore password and the private key password must be the same.

      • Typically, the alias name is the name or the IP address of the computer on which you are configuring SSL.

    2. When prompted, enter information about the certificate. This information is displayed to users attempting to access a secure page in the application. This is illustrated in the following example:

      keytool -genkey -keystore c:\temp\keys\keystore.jks -alias example088196    -keyalg RSA -storepass example1234 -keypass example1234
      What is your first and last name?
        [Unknown]:  Must be the name or IP address of the computer
      What is the name of your organizational unit?
        [Unknown]:  example
      What is the name of your organization?
        [Unknown]:  example
      What is the name of your City or Locality?
        [Unknown]:  New York
      What is the name of your State or Province?
        [Unknown]:  New York
      What is the two-letter country code for this unit?
        [Unknown]:  US
      Is <CN=Name or IP address of the computer, OU=example, O=example, L=New York, ST=New York, C=US> correct?
        [no]:  yes
      

      When you enter yes in the last line of the preceding example, the keystore.jks file is created in the c:\temp\keys\directory.

    3. Generate the certificate signing request by running the following command:

      keytool -certreq -keystore ABSOLUTE_KEYSTORE_PATH -alias ALIAS_NAME -keyalg KEY_ALGORITHM -file CERTIFICATE_FILE_ABSOLUTE_PATH
      

      For example:

      keytool -certreq -keystore c:\temp\keys\keystore.jks -alias example088196 -keyalg RSA -file c:\temp\keys\keystore.cert
      

      When prompted for the keystore password, enter the same password used for the keystore in Step 1, for example, example1234. This stores a certificate request in the file that you specified in the preceding command.

    4. Get the certificate from a CA by using the certificate request generated in the previous step, and store the certificate in a file.

    5. Export the keystore generated in Step 1 to a new certificate file, for example, myCert.cer, by running the following command:

      keytool –export –keystore ABSOLUTE_KEYSTORE_PATH -alias alias-name specified in step 1 -file CERTIFICATE_FILE_ABSOLUTE_PATH
      

      For example:

      keytool –export –keystore c:\temp\keys\keystore.jks -alias example088196 -file c:\temp\keys\myCert.cer
      
    6. Import the CA certificate to a new keystore by running the following command:

      keytool -import -alias ALIAS_NAME -file CERTIFICATE_FILE_ABSOLUTE_PATH -keystore NEW_KEYSTORE_ABSOLUTE_PATH -storepass KEYSTORE_PASSWORD generated in Step 1
      

      For example:

      keytool -import -alias example088196 -file c:\temp\keys\rootCert.cert -keystore c:\temp\keys\rootkeystore.jks 
      

      When you run this command, it prompts for the keystore password, as shown:

      Enter keystore password:  example1234 [Enter]
      Trust this certificate? [no]:  yes [Enter]
      Certificate was added to keystore
      

      In this example, the instances when you can press Enter are shown in bold.

  2. After creating and importing the keystore to the system, start Oracle WebLogic Server. To configure Oracle WebLogic Server, log in to the Oracle WebLogic Server console (http://localhost:7001/console) and perform the following:

    1. Expand the server node and select the server instance.

    2. Select the General tab.

    3. Select the SSL Port Enabled option.

    4. Ensure that a valid port is specified in the SSL Listen Port field. The default port is 7002.

    5. Click Apply to save your changes.

  3. Click the Keystore & SSL tab, and click the Change link.

  4. From the Keystores list, select Custom Identity And Custom Trust, and then click Continue.

  5. Configure the keystore properties. To do so:

    1. In the Custom Identity Key Store File Name column, specify the full path of the keystore generated in Step 1 of this procedure, for example, c:\temp\keys\keystore.jks. In the Custom Identity Key Store Type column, specify the type of keystore, for example, JKS. In the Custom Identity Key Store Pass Phrase and Confirm Custom Identity Key Store Pass Phrase columns, specify the keystore password.

    2. In the Custom Trust and Custom Trust Key Store File Name column, specify the full path of the keystore generated in Step 1 of this procedure, for example, c:\temp\keys\rootkeystore.jks. In the Custom Trust Key Store Type column, specify the type of keystore, for example, JKS. In the Custom Trust Key Store Pass Phrase and Confirm Custom Trust Key Store Pass Phrase columns, specify the keystore password.

    3. Provide the Java standard trust keystore password. The default password is changeit.

    4. Click Continue.

  6. Specify the alias name and private key password. Click Continue.

  7. Click Finish.

  8. Restart Oracle WebLogic Server. If the server starts successfully with the SSL configuration, then lines similar to the following are recorded in the startup log:

    <Apr 21, 2008 2:35:43 PM GMT+05:30> <Notice> <WebLogicServer> <BEA-000355> <Thread "ListenThread.Default" listening on port 7001, ip address *.*> 
    <Apr 21, 2008 2:35:43 PM GMT+05:30> <Notice> <WebLogicServer> <BEA-000355> <Thread "SSLListenThread.Default" listening on port 7002, ip address *.*>
    

    Note:

    The default SSL port for Oracle WebLogic Server is 7002.

2.3.3 Configuring SoD on Oracle Identity Manager

This section discusses the following procedures for configuring SoD on Oracle Identity Manager release 11.1.1.3 BP02:

2.3.3.1 Updating OAACG IT Resource Instance

To update OAACG IT Resource Instance:

  1. Log in to the Administrative and User Console.
  2. On the Welcome page, click Advanced in the upper-right corner of the page.
  3. Click Configuration, Manage IT Resource. The Manage IT Resource page is displayed.
  4. Search for and open OAACG as the resource type. Select PSFT-OAACG-ITRes and edit this IT resource.
  5. Provide the OAACG environment details that is configured for PeopleSoft. Table 2-6 shows the sample values.

    Table 2-6 OAACG Environment Values

    Field Name Sample Value Description

    Source Datastore Name

    PSFT 80

    Name of the data source that you had specified during PeopleSoft ETL on OAACG server.

    Port

    8080

    Port of the OAACG server.

    dbuser

    oaacg_850

    Database user used to configure OAACG.

    dbpassword

    ooacg_850

    Database user password used to configure OAACG

    username

    Admin

    Username to log in to OAACG.

    password

    Password

    Password to log in to OAACG.

    server

    10.1.6.82

    Host machine where OAACG is running.

    sodServerUrl

    http://10.1.6.82/grcc/services/GrccService

    SOD Server URL

    sslEnable

    False

    True or false

    jdbcURL

    jdbc:oracle:thin:@172.21.104.74:1521:orcl

    Jdbc url to connect to OAACG database.

  6. Click Save.

2.3.3.2 The TopologyName IT Resource Parameter

The TopologyName IT resource parameter holds the name of the combination of the following elements that you want to use for SoD validation of entitlement provisioning operations:

  • Oracle Identity Manager installation

  • Oracle Applications Access Controls Governor installation

  • PeopleSoft installation

The value that you specify for the TopologyName parameter must be the same as the value of the topologyName element in the SILConfig.xml file. If you are using default SIL registration, then specify oaacgpsft as the value of the topologyName parameter.

See Configuring the IT Resource section for information about specifying values for parameters of the IT resource.

2.3.3.3 Specifying a Value for the TopologyName IT Resource Parameter

To specify a value for TopologyName in the IT resource:

  1. Log in to the Administrative and User Console.
  2. On the Welcome page, click Advanced in the upper-right corner of the page.
  3. Click Configuration, Manage IT Resource. The Manage IT Resource page is displayed.
  4. Search for and edit "PSFT User" IT resource or open any IT resource, which you have configured for PeopleSoft User Management Connector.
  5. In the Topology Name attribute, enter oaacgpsft.
  6. Click Save.

2.3.3.4 Disabling SoD

To disable SoD:

Note:

The SoD feature is disabled by default. Perform the following procedure only if the SoD feature is currently enabled and you want to disable it.

  1. Log in to the Administrative and User Console.

  2. Set the XL.SoDCheckRequired system property to FALSE as follows:

    1. On the Welcome page, click Advanced in the upper-right corner of the page.

    2. On the Welcome to Identity Manager Advanced Administration page, in the System Management section, click Search System Properties.

    3. On the left pane, in the Search System Configuration field, enter XL.SoDCheckRequired, which is the name of the system property as the search criterion.

    4. In the search results table on the left pane, click the XL.SoDCheckRequired system property in the Property Name column.

    5. On the System Property Detail page, in the Value field, enter FALSE.

    6. Click Save to save the changes made.

      A message confirming that the system property has been modified is displayed.

  3. Restart Oracle Identity Manager. Figure 2-1 shows the details of disabling SoD.

2.3.3.5 Enabling SoD

To enable SoD:

Note:

If you are enabling SoD for the first time, then see Enabling and Disabling SoD in Oracle Fusion Middleware Developer's guide for Oracle Identity Manager for detailed information.

  1. Log in to the Administrative and User Console.

  2. Set the XL.SoDCheckRequired system property to TRUE as follows:

    1. On the Welcome page, click Advanced in the upper-right corner of the page.

    2. On the Welcome to Identity Manager Advanced Administration page, in the System Management section, click Search System Properties.

    3. On the left pane, in the Search System Configuration field, enter XL.SoDCheckRequired, which is the name of the system property as the search criterion.

    4. In the search results table on the left pane, click the XL.SoDCheckRequired system property in the Property Name column.

    5. On the System Property Detail page, in the Value field, enter TRUE.

    6. Click Save to save the changes made.

      A message confirming that the system property has been modified is displayed.

  3. Restart Oracle Identity Manager. Figure 2-2 shows the details of enabling SoD.

2.3.4 Configuring the Target System

Postinstallation on the target system involves configuring SSL.

To configure SSL on the target system:

  1. Copy the certificate to the computer on which PeopleSoft Enterprise Applications is installed.

    Note:

    If you are using IBM WebSphere Application Server, then you must download the root certificate from a CA.

  2. Run the following command:
    PEOPLESOFT_HOME/webserv/peoplesoft/bin/pskeymanager.cmd -import
    
  3. When prompted, enter the current keystore password.
  4. When prompted, enter the alias of the certificate that you imported while performing the application server specific procedures listed in Configuring SSL for Oracle Identity Manager.

    Note:

    The alias must be the same as the one created when the keystore was generated.

    If you are using IBM WebSphere Application Server, then enter root as the alias.

  5. When prompted, enter the full path and name of the certificate and press Enter.

    Note:

    If you are using IBM WebSphere Application Server, then enter the path of the root certificate.

  6. When prompted for the following:
    Trust this certificate? [no]: yes 
    

    Select yes and press Enter.

  7. Restart the Web server of the target system.

2.3.5 Creating the IT Resource for the Connector Server

Perform the procedure described in this section only if you have deployed the connector bundle remotely in a Connector Server.

This section contains the following topics:

Note:

Before you deploy the connector bundle remotely in a Connector Server, you must deploy the connector in Oracle Identity Manager by performing the procedures described in Installation.

2.3.5.1 Creating the IT Resource

To create the IT resource for the Connector Server:

  1. Depending on the Oracle Identity Manager release you are using, perform one of the following steps:

    • For Oracle Identity Manager release 11.1.1.x:

      Log in to the Administrative and User Console.

    • For Oracle Identity Manager release 11.1.2.x:

      Log in to Identity System Administration.

  2. If you are using Oracle Identity Manager release 11.1.1.x, then:

    1. On the Welcome page, click Advanced in the upper-right corner of the page.

    2. On the Welcome to Oracle Identity Manager Advanced Administration page, in the Configuration region, click Create IT Resource.

  3. If you are using Oracle Identity Manager release 11.1.2.x, then:

    1. In the left pane under Configuration, click IT Resource.

    2. In the Manage IT Resource page, click Create IT Resource.

  4. On the Step 1: Provide IT Resource Information page, perform the following steps:

    • IT Resource Name: Enter a name for the IT resource.

    • IT Resource Type: Select Connector Server from the IT Resource Type list.

    • Remote Manager: Do not enter a value in this field.

  5. Click Continue. Figure 2-3 shows the IT resource values added on the Create IT Resource page.

    Figure 2-3 Step 1: Provide IT Resource Information

    Description of Figure 2-3 follows
    Description of "Figure 2-3 Step 1: Provide IT Resource Information"
  6. On the Step 2: Specify IT Resource Parameter Values page, specify values for the parameters of the IT resource and then click Continue. Figure 2-4 shows the Step 2: Specify IT Resource Parameter Values page.

    Figure 2-4 Step 2: Specify IT Resource Parameter Values

    Description of Figure 2-4 follows
    Description of "Figure 2-4 Step 2: Specify IT Resource Parameter Values"

    Table 2-7 provides information about the parameters of the IT resource.

  7. On the Step 3: Set Access Permission to IT Resource page, the SYSTEM ADMINISTRATORS group is displayed by default in the list of groups that have Read, Write, and Delete permissions on the IT resource that you are creating.

    Note:

    This step is optional.

    If you want to assign groups to the IT resource and set access permissions for the groups, then:

    1. Click Assign Group.

    2. For the groups that you want to assign to the IT resource, select Assign and the access permissions that you want to set. For example, if you want to assign the ALL USERS group and set the Read and Write permissions to this group, then you must select the respective check boxes in the row, as well as the Assign check box, for this group.

    3. Click Assign.

  8. On the Step 3: Set Access Permission to IT Resource page, if you want to modify the access permissions of groups assigned to the IT resource, then:

    Note:

    • This step is optional.

    • You cannot modify the access permissions of the SYSTEM ADMINISTRATORS group. You can modify the access permissions of only other groups that you assign to the IT resource.

    1. Click Update Permissions.

    2. Depending on whether you want to set or remove specific access permissions for groups displayed on this page, select or deselect the corresponding check boxes.

    3. Click Update.

  9. On the Step 3: Set Access Permission to IT Resource page, if you want to unassign a group from the IT resource, then:

    Note:

    • This step is optional.

    • You cannot unassign the SYSTEM ADMINISTRATORS group. You can unassign only other groups that you assign to the IT resource.

    1. Select the Unassign check box for the group that you want to unassign.

    2. Click Unassign.

  10. Click Continue. Figure 2-5 shows the Step 3: Set Access Permission to IT Resource page.

    Figure 2-5 Step 3: Set Access Permission to IT Resource

    Description of Figure 2-5 follows
    Description of "Figure 2-5 Step 3: Set Access Permission to IT Resource"
  11. On the Step 4: Verify IT Resource Details page, review the information that you provided on the first, second, and third pages. If you want to make changes in the data entered on any page, click Back to revisit the page and then make the required changes.

  12. To proceed with the creation of the IT resource, click Continue. Figure 2-6 shows Step 4: Verify IT Resource Details page.

    Figure 2-6 Step 4: Verify IT Resource Details

    Description of Figure 2-6 follows
    Description of "Figure 2-6 Step 4: Verify IT Resource Details"
  13. The Step 5: IT Resource Connection Result page displays the results of a connectivity test that is run using the IT resource information. If the test is successful, then click Continue. If the test fails, then you can perform one of the following steps:

  14. Click Finish. Figure 2-8 shows the IT Resource Created Page.

    Figure 2-8 Step 6: IT Resource Created

    Description of Figure 2-8 follows
    Description of "Figure 2-8 Step 6: IT Resource Created"

2.3.5.2 IT Resource Parameters

Table 2-7 provides information about the parameters of the IT resource.

Table 2-7 Parameters of the IT Resource for the Connector Server

Parameter Description

Host

Enter the host name or IP address of the computer hosting the connector server.

Sample value: RManager

Key

Enter the key for the Java connector server.

Port

Enter the number of the port at which the connector server is listening.

Default value: 8759

Timeout

Enter an integer value which specifies the number of milliseconds after which the connection between the connector server and Oracle Identity Manager times out.

Sample value: 300

Note: A value of 0 (zero) indicates unlimited timeout.

UseSSL

Enter true to specify that you will configure SSL between Oracle Identity Manager and the Connector Server. Otherwise, enter false.

Default value: false

Note: It is recommended that you configure SSL to secure communication with the connector server. To configure SSL, run the connector server by using the /setKey [key] option. The value of this key must be specified as the value of the Key IT resource parameter of the connector server.

2.4 Upgrading the Connector

You can upgrade the PeopleSoft User Management connector while in production, and with no downtime. Your customizations will remain intact and the upgrade should be transparent to your users. Form field names are preserved from the legacy connector.

To upgrade the PeopleSoft User Management connector, perform the steps listed in Prerequisites for Upgrading the Connector.

Then, perform one of the following procedures depending on the version of the existing connector:

See Also:

Upgrading Connectors in Oracle Fusion Middleware Administering Oracle Identity Manager for detailed information of these steps

2.4.1 Prerequisites for Upgrading the Connector

Before you perform the upgrade procedures:

  • It is strongly recommended that you create a backup of the Oracle Identity Manager database. Refer to the database documentation for information about creating a backup.

  • As a best practice, first perform the upgrade procedure in a test environment.

You might encounter the following issue during or after performing the upgrade procedures:

  • After the upgrade process, an additional IT resource is created with the name PSFT User, in addition to converting existing IT resources. The additional IT resource is created because the default IT resource name has been changed.

    As a workaround, if the additional IT resource is unused, you can delete it.

2.4.2 Upgrade the Connector from Release 11.1.1.5.0

To upgrade the PeopleSoft User Management connector from release 11.1.1.5.0 to this release of the connector, perform the following steps:

  1. Set entitlement tagging for PeopleSoft child form (UD_PSROLES) as follows:

    1. Log in to the Oracle Identity Manager Design Console.

    2. Expand Development Tools and then double-click Form Designer.

    3. Enter the name of the PeopleSoft Roles child form, UD_PSROLES, in the Table Name field and click the Query for records button.

    4. Click Create New Version.

    5. In the Create a New Version dialog box, specify the version name in the Label field, save the changes, and then close the dialog box.

    6. From the Current Version list, select the newly created version.

    7. Click the Properties tab.

    8. Select the Role Name field, and click Add Property.

    9. From the Property Name list, select Entitlement.

    10. In the Property Value field, enter true.

    11. Click Make Version Active.

  2. Set IT resource, Account ID, and Account Name tagging in the process form (UD_PSFT_BAS) as follows:

    1. In the Oracle Identity Manager Design Console, expand Development Tools and then double-click Form Designer.

    2. Enter the name of the PeopleSoft parent form, UD_PSFT_BAS, in the Table Name field and click the Query for records button.

    3. Click Create New Version.

    4. In the Create a New Version dialog box, specify the version name in the Label field, save the changes, and then close the dialog box.

    5. From the Current Version list, select the newly created version.

    6. Click the Properties tab.

    7. Select the Server (IT resource) field, and click Add Property.

    8. From the Property Name list, select ITResource.

    9. In the Property Value field, enter true.

    10. Select the User Id field, and click Add Property.

    11. From the Property Name list, select AccountName.

    12. In the Property Value field, enter true.

    13. Select the User Id field, and click Add Property.

    14. From the Property Name list, select AccountID.

    15. In the Property Value field, enter true.

    16. Update the parent form to add the child form created in Step 1.

    17. Click Make Version Active.

    18. Recreate the form in the user interface (UI) and update the application instance with the new form as described in Updating an Existing Application Instance with a New Form.

  3. Set the status of Task to Object Status Mapping of the Role Updated process task to None as follows:

    1. In the Oracle Identity Manager Design Console, expand Process Management and then double-click Process definition.

    2. In the Name field, enter Peoplesoft User Management and then click the Query for records button.

    3. Under Tasks, open the Role Updated task.

    4. In the Task to Object Status Mapping tab, change the object status of status C from Provisioned to None.

    5. Repeat Steps 3.c and 3.d for the Email Updated task.

  4. Update the bundle in the Oracle Identity Manager database with the latest bundle JAR from this release as described in Upgrading the Connector Files and External Code Files.

2.4.3 Upgrade the Connector from Release 9.1.1.6

To upgrade the PeopleSoft User Management connector from release 9.1.1.6 to this release of the connector, perform the following procedures:

2.4.3.1 Running the Upgrade Wizard

To upgrade the connector in wizard mode:

  1. Create a copy of the following XML file in a temporary directory, for example, c:\tmp:

    OIM_HOME/server/ConnectorDefaultDirectory/PSFT_UM-11.1.1.6.0/xml/PeoplesoftUserManagement-ConnectorConfig.xml

    The PeoplesoftUserManagement-ConnectorConfig.xml file contains definitions for the connector components. See Files and Directories on the Installation Media for more information.

  2. Log in to the Administrative and User Console.
  3. On the Welcome to Identity Manager Advanced Administration page, under the System Management section, click Manage Connector.
  4. Search for the Peoplesoft User Management connector and click the upgrade icon.
  5. In the Step 1: Select Connector XML to Upgrade dialog, click Browse and provide the path to the Wizard mode XML file, which is the PeoplesoftUserManagement-ConnectorConfig.xml file created in Step 1.

    For example, c:\tmp\PeoplesoftUserManagement-ConnectorConfig.xml

    Provide the path to the Wizard mode XML file

    Then, click Continue.

  6. In the Step 2: Define Resource Object Mapping dialog, map the new and existing resource objects, as shown in the following sample screenshot. Then, click Continue.
    Define Resource Object Mapping dialog
  7. In the Step 3: Resource Object Mapping Summary dialog, verify the mapping summary of the new and existing resource objects, and click Continue.
    Resource Object Mapping Summary dialog
  8. In the Step 4: Define Process Definition Mappings dialog, map the new and existing process definitions, as shown in the following sample screenshots.
    Define Process Definition Mappings dialog

    Select the process tasks that you want to retain from the existing process definitions. Then, click Continue.

    Select the process tasks
  9. In the Step 5: Process Definition Mapping Summary dialog, verify the mapping summary of the new and existing process definitions, and click Continue.
  10. In the Step 6: Define Form Mappings dialog, map the new and existing forms, as shown in the following sample screenshots. Then, click Continue.
    Define Form Mappings dialog
    Define Form Mappings dialog
    Define Form Mappings dialog
  11. In the Step 7: Form Mapping Summary dialog, verify the mapping summary of the new and existing forms, and click Continue.
  12. In the Step 8: Define IT Resource Type Definition Mappings dialog, map the new and existing IT resource type definitions, as shown in the following sample screenshots. Then, click Continue.
    Define IT Resource Type Definition Mappings dialog
    Define IT Resource Type Definition Mappings dialog
  13. In the Step 9: IT Resource Type Definition Mapping Summary dialog, verify the mapping summary of the new and existing IT resource type definitions, and click Continue.
  14. In the Step 10: Define Scheduled Task dialog, select the scheduled tasks that must be deleted. Then, click Continue.
    Define Scheduled Task dialog
  15. In the Step 11: Define Lookup Definition dialog, select the lookup definitions that must be deleted. Then, click Continue.
    Define Lookup Definition dialog
  16. In the Step 12: Preupgrade Steps dialog, enter the release number of the connector. Verify and ensure the prerequisites are addressed as per the Note section. Then, click Continue.
    Preupgrade Steps dialog
  17. In the Step 13: Select Connector Objects to be Upgraded dialog, ensure there are no red cross-shaped icons in the Current Selections section. Then, click Upgrade.
    Select Connector Objects to be Upgraded dialog
  18. In the Step 14: Connector Upgrade Status dialog, verify the upgrade status. Perform the specified steps before using the connector and to complete the upgrade process, as shown in the following sample screenshot. Then, click Exit.
    Connector Upgrade Status dialog

2.4.3.2 Upgrading the Connector Files and External Code Files

To upgrade the connector files and external code files:

  1. Run the Oracle Identity Manager Delete JARs utility to delete the JAR files from the Oracle Identity Manager database. This utility is copied into the following location when you install Oracle Identity Manager:

    Note:

    Before you use this utility, verify that the WL_HOME environment variable is set to the directory in which Oracle WebLogic Server is installed.

    • For Microsoft Windows:

      OIM_HOME/server/bin/DeleteJars.bat

    • For UNIX:

      OIM_HOME/server/bin/DeleteJars.sh

    When you run the utility, you are prompted to enter the login credentials of the Oracle Identity Manager administrator, URL of the Oracle Identity Manager host computer, context factory value, type of JAR files being deleted, and the location from which the JAR files are to be deleted.

    Select the JAR files and indicate the JAR types as specified in the following table:

    JAR File Name JAR Type

    PSFTUM.jar

    1 - JavaTasks

    PSFTCommon.jar

    1 - JavaTasks

    CustomClassLoader.jar

    1 - JavaTasks

    Common.jar

    Select this JAR file only if no other connector is using it.

    1 - JavaTasks

    psjoa.jar

    3 - ThirdParty

    peoplesoft.jar

    3 - ThirdParty

    See Also:

    Delete JAR Utility in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for detailed information about the Delete JARs utility

  2. Patch the psjoa.jar file in the connector bundle as follows:

    1. Open the command prompt and navigate to the bundle JAR file.

      For example:

      cd PSFT_UM-11.1.1.6.0/bundle bundle/org.identityconnectors.peoplesoftintfc-1.0.5963.jar
      
    2. Run the following command to create a lib directory.

      mkdir lib
      
    3. Copy the psjoa.jar file (target specific) from the PEOPLESOFT_HOME/web/psjoa directory to the new lib directory.

      For example:

      cp psjoa/psjoa.jar lib
      
    4. Run the following command:

      jar -uvf org.identityconnectors.peoplesoftintfc-1.0.5963.jar lib/psjoa.jar
      
  3. Run the Oracle Identity Manager Upload JARs utility to post the new bundle JAR file created in Step 2 and other JAR files to the Oracle Identity Manager database. This utility is copied into the following location when you install Oracle Identity Manager:

    • For Microsoft Windows:

      OIM_HOME/server/bin/UploadJars.bat

    • For UNIX:

      OIM_HOME/server/bin/UploadJars.sh

    When you run the utility, you are prompted to enter the login credentials of the Oracle Identity Manager administrator, URL of the Oracle Identity Manager host computer, context factory value, type of JAR files being uploaded, and the location from which the JAR files are to be uploaded.

    Select the JAR files and indicate the JAR types as specified in the following table:

    JAR File Name JAR Type

    bundle/org.identityconnectors.peoplesoftintfc-1.0.5963.jar

    4 - ICFBundle

    lib/PSFTCommon.jar

    1 - JavaTasks

    lib/PSFT_UM-oim-integration.jar

    1 - JavaTasks

    See Also:

    Upload JAR Utility in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for detailed information about the Upload JARs utility

2.4.3.3 Upgrading the Configurations

To upgrade the connector configurations:

  1. Update the IT resource with connection parameters.

    The existing IT resources will be mapped to the new definitions. See Configuring the IT Resource for information about this step.

  2. Configure PeopleSoft target system for multiple versions as per the Identity Connector Framework (ICF) conventions.
  3. Update the xmlMapping entry in the Lookup.PSFT.Configuration lookup definition.

    See Setting Up the Lookup.PSFT.Configuration Lookup Definition for information about this step.

2.4.3.4 Upgrading the Customizations

To upgrade the connector customizations:

  1. Update the validation customizations as follows:
  2. Update the transformation customizations as follows:
  3. Update the resource exclusion customizations as follows:
    • Re-write the resource exclusion rules as per the Identity Connector Framework (ICF) conventions.

      For more information, see Configuring Resource Exclusion Lists in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager.

    • Update the entries in the provisioning exclusion list lookup, Lookup.PSFT.UM.Prov.ExclusionList.

    • Update the entries in the reconciliation exclusion list lookup, Lookup.PSFT.UM.Recon.ExclusionList.

    See Lookup Definitions for Exclusion Lists for information about the preceding steps.

  4. Add custom provisioning and reconciliation attributes.

    If any custom provisioning and reconciliation attributes were added in the previous connector, add the same attributes in the new version of the connector.

    See Adding New Attributes for Provisioning and Adding New Attributes for Reconciliation for information about this step.

  5. Add custom ID types.

    If any new ID types were added in addition to the default ID types, add the same ID types in the new version of the connector.

    See Adding New ID Types for Provisioning and Adding New ID Types for Reconciliation for information about this step.

  6. If you are using Oracle Identity Manager release 11.1.2.x or later, you must create a new UI form and attach it to an existing application instance to view the user-defined fields (UDFs or custom attributes).

    For more information about UDFs, see Configuring Custom Attributes in Oracle Fusion Middleware Administering Oracle Identity Manager.

2.4.3.5 Upgrading the PeopleSoft Listener

Note:

If you upgrade the connector, you must also upgrade the listener. Installing a new connector over a previously deployed listener creates discrepancies.

To upgrade the PeopleSoft listener:

  1. Remove the existing PeopleSoft listener by performing the procedure described in Removing the PeopleSoft Listener.
  2. Deploy the new PeopleSoft listener by performing the procedure described in Deploying the PeopleSoft Listener.

If there are any validation or transformation JARs, you must add the JARs to the deployable connector bundle JAR and re-deploy the listener. See Configuring Validation of Data During Reconciliation, Configuring Transformation of Data During Reconciliation, and Configuring Validation of Data During Provisioning for more information.

2.4.3.6 Migrating the Form Data

The Form Version Control (FVC) utility is used to migrate data changes on a form after an upgrade operation.

Note:

After performing this procedure, you cannot revert the data changes.

To run the FVC utility:

  1. In a text editor, open the fvc.properties file located in the OIM_DC_HOME directory and include the following entries:
    ResourceObject;Peoplesoft User
    FormName;UD_PSFT_BAS
    FromVersion;9
    ToVersion;v_11.1.1.6.0
    ParentParent;UD_PSFT_BAS_OPRID;UD_PSFT_BAS_RETURN
    ChildConstant;UD_PS_EMAIL;UD_PS_EMAIL_PRIMARYEMAIL;N
    MultipleParentChild;UD_PSFT_BAS_PRIEMAILTYPE:UD_PS_EMAIL_EMAILTYPE;UD_PSFT_BAS_PRIEMAILADDRESS:UD_PS_EMAIL_EMAILADDRESS;'Y':UD_PS_EMAIL_PRIMARYEMAIL
    
  2. Run the FVC utility. This utility is copied into the following directory when you install the design console:
    • For Microsoft Windows:

      OIM_DC_HOME/fvcutil.bat

    • For UNIX:

      OIM_DC_HOME/fvcutil.sh

    When you run this utility, you are prompted to enter the login credentials of the Oracle Identity Manager administrator, and the logger level and log file location.

    Note:

    If you encounter the following error in the debug logs, you can ignore it:

    ERROR  [Exception Thor.API.Exceptions.tcAPIException: The following
     required fields have not been given values:Email Address : The
     following required fields have not been given values:Email Address
     : The following required fields have not been given values:Email
     Address : The following required fields have not been given
     values:Email Address - Updation of form data failed for
     user=RDRAVIDS, object instance key=12, proc instance key=18,
     form instance version=0
    

2.4.3.7 Updating the PeopleSoft Target System

To update the PeopleSoft target system for the upgrade process:

  1. Enable the Find and Get methods on the USER_PROFILE component interface. To do so:

    1. To open the PeopleSoft Application Designer, click Start and then select Programs, Peoplesoft8.x, and Application Designer.

    2. On the Application Designer page, click Open from the File menu.

    3. In the Open Definition dialog box, select Component Interface from the Definition list.

    4. Enter USER_PROFILE in the Name field, and then click Open.

      All the component interfaces with names that start with USER_PROFILE are displayed in the Open Definition dialog box.

    5. Double-click the USER_PROFILE entry.

    6. Drag the User ID field from the USERMAINT definition and drop to the component interface definition on the right hand side, as shown in the following screenshot. This will set the Find and Get keys.

    7. Right-click on the USER_PROFILE component interface and click Component Interface Properties.

    8. In the Properties dialog, click the Standard Methods tab, and then select the Get check-box.

    9. Click OK and save the component interface.

  2. Update the OIM_NODE node based on HTTP Connector. To do so:

    1. Open the OIM_NODE node that is configured for the PeopleSoft listener.

    2. Update the IT resource header type from Host to Location.

2.4.3.8 Compiling the Adapters

At the end of the upgrade process, you must compile every adapter that resides within the Oracle Identity Manager database.

To compile the adapters:

  1. Log in to Oracle Identity Manager Design Console.
  2. Expand Development Tools and double-click Adapter Manager.

    The Adapter Manager form is used to compile multiple adapters simultaneously.

  3. Select the Compile All check box.
  4. Click the Start button.