4 Extending the Functionality of the Connector

This chapter discusses the following optional procedures:

Note:

From Oracle Identity Manager Release 11.1.2 onward, lookup queries are not supported. See Managing Lookups in Oracle Fusion Middleware Administering Oracle Identity Manager for information about managing lookups by using the Form Designer in the Oracle Identity Manager System Administration console.

4.1 Adding New Attributes for Provisioning

You can configure a new attribute for provisioning, in addition to those provided by default.

Note:

If you do not want to add new attributes for provisioning, then you can ignore this section.

To add a new attribute for provisioning, perform the procedures described in the following sections. In these sections, the Worklist User attribute in the USER_PROFILE PeopleSoft Component Interface is added. You can follow the same procedures to add other attributes.

4.1.1 Verifying the Attribute Definition in PeopleSoft Component Interface

You must verify that the new attribute, Worklist User, is listed as one of the properties of the USER_PROFILE Component Interface. Only the attributes listed under properties are supported for provisioning. If the attribute exists, verify and note the definition of the attribute.

To verify the definition of the attribute in the USER_PROFILE Component Interface:

  1. To open the PeopleSoft Application Designer, click Start and then select Programs, Peoplesoft8.x, and Application Designer.
  2. On the Application Designer page, click Open from the File menu.
  3. In the Open Definition dialog box, select Component Interface from the Definition list.
  4. Enter USER_PROFILE in the Name field, and then click Open.
  5. Double-click the USER_PROFILE entry.
  6. Expand PROPERTIES and select the Worklist User attribute. In addition, note that the Comment field of the Worklist User attribute has the following entry:

    Y for Yes, N for No

    The Comment entry means that the Worklist User attribute supports two values, Y and N.

  7. Right-click Worklist User and click View Definition.

    Note that the Worklist User attribute is of Char type and of length 1 character in upper case format. You must match this definition in the lookup definition entry for the new attribute.

4.1.2 Adding the Attribute to the PeopleSoft Component Interface Map Definition

The PeopleSoft User Management connector performs user provisioning by invoking methods and setting properties on PeopleSoft Component Interfaces. Component Interface definitions are assigned in the PeopleSoft Component Interface configuration objects. You can add and modify the definitions by editing a copy of the PeopleSoftComponentInterfaces.xml file located in the xml of the connector package.

See Also:

Connector Component Interfaces for the PeopleSoft User Management for more information about the PeopleSoft Component Interface map definition

To add the new attribute to the PeopleSoft Component Interface map definition XML file:

  1. In a text editor, open the PeopleSoft Component Interface map definition file, PeopleSoftComponentInterfaces.xml.
  2. Add the new attribute to the corresponding Object, USER_PROFILE_8_4X, into the <List> element under the <Attribute name="properties"> element.

    The following extract of the PeopleSoftComponentInterfaces.xml file shows the Worklist User attribute added to the USER_PROFILE Component Interface definition:

    <Object name="USER_PROFILE_8_4X">
        <Attribute name="componentInterface" value="USER_PROFILE" />
            <Attribute name="getKey" value="UserID" />
            <Attribute name="findKey" value="UserID" />
            <Attribute name="createKey" value="UserID" />
            <Attribute name="properties">
            <List>
                <Object name="RowSecurityPermissionList" />
                <Object name="SupervisingUserID" />
                <Object name="SymbolicID" />
                <Object name="UserDescription" />
                <!--Additional fields so that modification is not required-->
                <Object name="EffectiveDateFrom" />
                <Object name="EffectiveDateTo" />
                <Object name="ExpertEntry" />
                <Object name="WorklistUser" />
                <Object name="EmailUser" />
            </List>
        </Attribute>
    </Object>
    

4.1.3 Configuring the Attribute in Oracle Identity Manager

Configuring the attribute in Oracle Identity Manager involves the following steps:

Note:

If you are using Oracle Identity Manager release 11.1.2.x or later, create a new UI form and attach it to the application instance to make this new attribute visible. See Creating a New UI Form and Updating an Existing Application Instance with a New Form for the procedures.

4.1.3.1 Adding a New Column in the Process Form

Add a new column in the process form by performing the following:

  1. Log in to Oracle Identity Manager Design Console.
  2. Expand Development Tools and then double-click Form Designer.
  3. Enter UD_PSFT_BAS in the Table Name field and click the Query for records button.
  4. Click Create New Version.
  5. In the Create a New Version dialog box, specify the version name in the Label field, save the changes, and then close the dialog box.
  6. From the Current Version list, select the newly created version.
  7. On the Additional Columns tab, click Add.
  8. Enter UD_PSFT_BAS_WORKLIST in the Name field and Worklist User in the Field Label field. Specify other values as shown in the following figure.
  9. Click Make Version Active.

4.1.3.2 Creating a New Lookup Definition

Create a new lookup definition of Lookup Type for the attribute, for example, Lookup.PSFT.UM.WorklistUser. Add the following Code Key and Decode entries:

Code Key Decode

Y

Yes

N

No

The following figure shows the mapping for the new lookup:

4.1.3.3 Associating the New Lookup With the Worklist User Process Form

Associate the new lookup, Lookup.PSFT.UM.WorklistUser, with the Worklist User process form. To do so:

  1. In the process form, click the Properties tab.
  2. Select Worklist User (ComboBox) and click Add Property.
  3. In the Add Property dialog, specify the following entries:

    Property Name: Lookup Code

    Property Value: Lookup.PSFT.UM.WorklistUser

  4. Click the save button and click Make Version Active.

4.1.3.4 Adding a Mapping for the New Attribute

Add a mapping for the new attribute to the Lookup.PSFT.UM.ProvAttrMap lookup definition. To do so:

  1. Expand Administration and then double-click Lookup Definition.
  2. Enter the Lookup.PSFT.UM.ProvAttrMap as the name of the lookup definition in the Code field and click the Query for records button.
  3. Click Add and the following Code Key and Decode values:
    Code Key Decode

    Worklist User

    WorklistUser

    The Code Key value maps to the process form label and the Decode value maps to the entry in the PeopleSoftComponentInterfaces.xml file for the new attribute.

Note:

To enable the update on the new attribute, perform the procedure described in Enabling Update on a New Attribute for Provisioning.

4.1.3.5 Updating the Request Dataset

Update the request dataset.

When you add an attribute on the process form, you also update the XML file containing the request dataset definitions. To update a request dataset:

  1. In a text editor, open the XML file located in the OIM_HOME/server/ConnectorDefault/PSFT_UM-11.1.1.6.0/dataset for editing.
  2. Add the AttributeReference element and specify values for the mandatory attributes of this element.

    For example, while performing Step 1 of this procedure, if you added City as an attribute on the process form, then enter the following line:

    <AttributeReference
    name = "City"
    attr-ref = "City"
    type = "String"
    widget = "text"
    length = "50"
    available-in-bulk = "false"/>
    

    In this AttributeReference element:

    • For the name attribute, enter the value in the Name column of the process form without the table name prefix.

      For example, if UD_PSFT_BAS_CITY is the value in the Name column of the process form, then you must specify CITY is the value of the name attribute in the AttributeReference element.

    • For the attr-ref attribute, enter the value that you entered in the Field Label column of the process form while performing Step 1.

    • For the type attribute, enter the value that you entered in the Variant Type column of the process form while performing Step 1.

    • For the widget attribute, enter the value that you entered in the Field Type column of the process form, while performing Step 1.

    • For the length attribute, enter the value that you entered in the Length column of the process form while performing Step 1.

    • For the available-in-bulk attribute, specify true if the data value is available for bulk modification. Otherwise specify false.

    While performing Step 1, if you added more than one attribute on the process form, then repeat this step for each attribute added.

  3. Save and close the XML file.
  4. Run the PurgeCache utility to clear content related to request datasets from the server cache.

    See Running the PurgeCache Utility in Oracle Fusion Middleware Administering Oracle Identity Manager for more information about the PurgeCache utility.

  5. Import into MDS, the request dataset definitions in XML format.

    See Importing Request Datasets into MDS for detailed information about the procedure.

4.2 Enabling Update on a New Attribute for Provisioning

To enable the update of newly provisioned attributes:

Note:

Some of the steps in the following procedure are specific to the values that have been used. If you use other values, then these steps must be performed differently.

To add new attributes for provisioning, see Adding New Attributes for Provisioning.

  1. Log in to Oracle Identity Manager Design Console.

  2. Expand Process Management and then double-click Process definition.

  3. In the Name field, enter Peoplesoft User Management and then click the Query for records button.

  4. Add a new task, for example WorkList User Updated and save the task.

    Note:

    While creating a new task, ensure that the task name is same as the name of the field in the process form.

  5. Click the Integration tab of the WorkList User Updated task, and then click Add.

  6. Select Adapter as the handler type and then perform the following:

    1. Select ADPPSFTUPDATEATTRIBUTEVALUE and click Save.

    2. In the Adapter Variables region, double-click Adapter return value. A window is displayed for editing the data mapping for the variable.

    3. From the Map To list, select Response Code and then click Save.

    4. In the Adapter Variables region, double-click AttrFieldName. A window is displayed for editing the data mapping of the variable.

    5. From the Map To list, select Literal.

    6. In the Literal Value field, enter UD_PSFT_BAS_WORKLIST as the column name for the new attribute that was added in the Lookup.PSFT.UM.ProvAttrMap lookup definition.

    7. In the Adapter Variables region, double-click ITResourceFieldName. A window is displayed for editing the data mapping of the variable.

    8. From the Map To list, select Literal.

    9. In the Literal Value field, enter UD_PSFT_BAS_SERVER as the column name of the ITResource field.

    10. In the Adapter Variables region, double-click objectType. A window is displayed for editing the data mapping of the variable.

    11. From the Map To list, select Literal.

    12. In the Literal Value field, enter User and then save.

    13. In the Adapter Variables region, double-click procInstanceKey. A window is displayed for editing the data mapping of the variable.

    14. From the Map To list, select Process Data and from the Qualifier list, select Process Instance and then save.

  7. Perform the mappings and save the form.

  8. Click the Responses tab of the Worklist Updated task. The SUCCESS response should be mapped to status C and all other responses to status R.

    Note:

    You must enter Y or N in the WorklistUser field, because PeopleSoft accepts only these values.

4.3 Adding New Attributes for Reconciliation

You can modify the default field mappings between Oracle Identity Manager and the target system. For example, the Lookup.PSFT.UM.UserProfile.ReconAttrMap lookup definition for the USER_PROFILE message holds the default attribute mappings. If required, you can add to this predefined set of attribute mappings.

To add a new attribute for reconciliation:

Note:

If you do not want to add new attributes for reconciliation, then you need not perform this procedure.

  1. In Oracle Identity Manager Design Console, make the required changes as follows:

    See Also:

    Adding Target System Attributes for Target Reconciliation in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for detailed instructions on performing the following steps

    1. Add a new attribute on the process form. See Adding New Attributes for Provisioning for more information.

    2. Expand Resource Management and then double-click Resource Objects.

    3. In the Name field, enter the name of the object definition and then click the Query for records button.

    4. On the Object Reconciliation tab, click Create Reconciliation Profile. This copies changes made to the resource object into the MDS.

    5. Add a reconciliation field corresponding to the new attribute in the Peoplesoft User resource object. For example, you can add the WorkList reconciliation field.

    6. Modify the Peoplesoft User Management process definition to include the mapping between the newly added field and the corresponding reconciliation field.

  2. Add the new attribute in the message-specific attribute mapping lookup definition, for example, the Lookup.PSFT.UM.UserProfile.ReconAttrMap lookup definition for the USER_PROFILE message.

    The following is the format of the values stored in this table:

    Code Key Decode

    AttributeName

    NODE~PARENT NODE~NODE TYPE=Value~EFFECTIVE DATED NODE~PRIMARY or Child Table=Multivalued Child Table RO Field

    For example:

    Code Key: WorkList

    Decode: WORKLIST_USER_SW~PSROLEXLATOPRVW

    In this example, WorkList is the reconciliation field, and its equivalent target system field is WORKLIST_USER_SW.

  3. Add the new attribute in the Resource Object attribute reconciliation lookup definition, for example, the Lookup.PSFT.UM.UserProfile.Recon lookup definition for the USER_PROFILE message.

    The following is the format of the values stored in this table:

    Code Key Decode

    RO Attribute

    ATTRIBUTE_NAME~LOOKUP_DEFINITION_NAME~LOOKUP_FIELD

    In this example, RO Attribute refers to the resource object attribute name added in the preceding steps. The Decode column refers to the Code Key value in the message-specific attribute mapping lookup definition.

    For example:

    Code Key: WorkList

    Decode: WorkList

  4. If you are using Oracle Identity Manager release 11.1.2.x or later, create a new UI form and attach it to the application instance to make this new attribute visible. See Creating a New UI Form and Updating an Existing Application Instance with a New Form for the procedures.

4.4 Adding New ID Types for Provisioning

You can also add new ID types depending on the PeopleSoft application module being provisioned. The new ID type can then be linked to a user profile for provisioning.

This section contains the following topics:

4.4.1 About Adding New ID Types for Provisioning

A user profile describes a particular user of the PeopleSoft system. Each user of the system has an individual user profile, which in turn is linked to one or more roles. Typically, a user profile must be linked to at least one role to be a usable profile. To each role, you can add one or more permission lists, which control what a user can and cannot access. So, a user inherits permissions through the role.

You can categorize user profiles based on ID types. In addition, you can grant data access based on ID type, such as customer, employee, and so on.

The Human Resource system is designed to focus on employee user type. On the other hand, the financial system is designed to keep track of customer and supplier user types. The ID type enables you to link user types with records that are most relevant when a user interacts with the system. So, when a user logs in to the PeopleSoft application, they see information relevant to them.

The Attribute Value field is where you select the value associated with the attribute name for the ID type. For example, the value reflects the employee number, but it could be a customer number or a vendor number.

PeopleSoft supports Customer and Vendor ID types in addition to Employee ID type. You can also add new ID types depending on the PeopleSoft application module being provisioned. The new ID type can then be linked to a user profile for provisioning.

Note:

  • You can assign multiple ID types to a user profile on the PeopleSoft target system. However, a single instance of an ID type can be assigned to the same user.

    For example, you can link a user profile to Employee ID and Vendor ID during provisioning. However, the same user cannot be linked to two Employee ID instances.

  • The ID type and attributes discussed in the following procedure are sample values, and might differ from the values in the actual environment. Therefore, you must follow the same procedure with the values applicable in your present environment.

4.4.2 Adding a New ID Type for Provisioning

Suppose you want to add a new ID type Equation SQL Auth Class with attribute EQS ID for provisioning. Perform the steps mentioned in the following procedure:

Note:

The ID type attribute that you decide to use while configuring the new user profile ID type must map to a field in the PSOPRALIAS table.

To add a new ID type for provisioning:

  1. Add a new column to the process form by performing the following steps:

    1. Log in to Oracle Identity Manager Design Console.

    2. Expand Development Tools and then double-click Form Designer.

    3. In the Table Name field, enter UD_PSFT_BAS and click the Query for records button.

    4. Click Create New Version.

    5. In the Create a new version dialog box, specify the version name in the Label field, save the changes, and then close the dialog box.

    6. From the Current Version list, select the newly created version.

    7. On the Additional Columns tab, click Add.

    8. Specify the new attribute name for the attribute EQS ID, for example Operator Alias Value. In addition, enter other values, such as the field label as EQS ID.

    9. Click Make Version Active.

  2. Add a mapping for the new ID type attribute. To do so:

    1. Log in to the Oracle Identity Manager Design Console.

    2. Expand Administration and then double-click Lookup Definition.

    3. Enter Lookup.PSFT.UM.ProvAttrMap as the name of the lookup definition in the Code field and click the Query for records button.

    4. Modify the Lookup.PSFT.UM.ProvAttrMap lookup definition by adding a new row with the following values:

      Code Key: Column name of the form

      Decode: Enter a combination of elements similar to the following Decode for the EQS ID type:

      IDTypes~UM_IDTypes[IDType=EQS]~Attributes~UM_Attributes[AttributeName=Operator Alias Value]~AttributeValue

      In this format:

      • IDTypes: Refers to the Identity Connector Framework (ICF) Parent Attribute Name

      • UM_IDTypes: Refers to the embedded ICF object class that contains IDType and Attributes. The default value of IDType is EQS.

      • Attributes: Refers to the ICF embedded object class that contains AttributeName and AttributeValue. The default value of AttributeName is Operator Alias Value. The value of AttributeValue is retrieved from the form field.

      See Lookup.PSFT.UM.ProvAttrMap for more information about the format of the elements in Decode.

      To add Equation SQL Auth Class ID type with ID type value EQS, and attribute name Operator Alias Value, you must define a mapping similar to the Employee ID mapping in the Lookup.PSFT.UM.ProvAttrMap lookup definition.

  3. If you are using Oracle Identity Manager release 11.1.2.x or later, create a new UI form and attach it to the application instance to make this ID type visible. See Creating a New UI Form and Updating an Existing Application Instance with a New Form for the procedures.

4.5 Enabling Update on a New ID Type for Provisioning

Suppose, you want to update the EQS ID field as described in Adding New ID Types for Provisioning. Then, perform the following procedure:

To update the newly added ID type attributes:

  1. Log in to Oracle Identity Manager Design Console.

  2. Expand Development Tools and then double-click Adapter Factory.

  3. Enter PSFT UM Update ID Types in the Adapter Name field, and then click the Query for records button.

  4. In the Adapter Tasks tab, expand PSFT UM Update ID Types, and then select updateIdType.

  5. Click the Variable List tab and add the attribute names along with their types and mappings based on your entries in Adding New ID Types for Provisioning. Click the save button.

    The Variable List tab
  6. In the Adapter Tasks tab, expand PSFT UM Update ID Types, and then double-click updateIdType.

  7. In the Edit Adapter Factory Task Parameters dialog, in the Application Method Parameters section, expand Method, and then right-click on the Input: String[] type of parameter. Click on Add String and add the attributes that you added in Step 5 one at a time. For each attribute, select values for the MapTo and Name fields. Click the save button.

    Edit Adapter Factory Task Parameters
  8. Expand Process Management and then double-click Process definition.

  9. Enter Peoplesoft User Management in the Name field, and then click the Query for records button.

  10. Add a new task, for example EQS ID Updated, and save the task.

    Process definition
  11. Double-click the EQS ID Updated task, click the Integration tab, and then click Add.

  12. Select Adapter as the handler type and then perform the following:

    1. Select ADPPSFTUPDATEIDTYPE as shown in the following mapping, and then click the save button.

      Editing Task
    2. In the Adapter Variables region, double-click Adapter return value and select Response Code from the Map To list. Click the save button.

    3. In the Adapter Variables region, double-click objectType and select Literal from the Map To list.

    4. Enter User in the Literal Value field and click the save button.

    5. In the Adapter Variables region, double-click ITResourceName and select Literal from the Map To list.

    6. In the Literal Value field, enter UD_PSFT_BAS_SERVER as the column name for the new attribute that was added in the Lookup.PSFT.UM.ProvAttrMap lookup definition.

    7. In Adapter Variables region, double-click ProcessInstanceKey.

    8. From the Map To list, select Process Data, and from the Qualifier list, select Process Instance and then click the save button.

  13. Perform the mappings and save the format.

  14. Click the Responses tab of the EQS ID Updated task. The SUCCESS response should be mapped with status C and all other responses with status R.

4.6 Adding New ID Types for Reconciliation

Suppose, you want to reconcile the EQS ID field as described in Adding New ID Types for Provisioning, then perform the following procedure:

To add a new ID type for reconciliation:

  1. Add new ID Type attribute on the process form. For the procedure to add a new ID Type attribute, see Adding New ID Types for Provisioning.

  2. Create a reconciliation profile for the new ID type attribute. To do so:

    1. Expand Resource Management and then double-click Resource Objects.

    2. In the Name field, enter the name of the object definition and then click the Query for records button.

    3. Click the Object Reconciliation tab and add a reconciliation field corresponding to the new attribute in the Peoplesoft User resource object. Click the save button.

    4. Click Create Reconciliation Profile. This copies changes made to the resource object into the MDS.

  3. Modify the Peoplesoft User Management process definition to include the mapping between the newly added field and the corresponding reconciliation field.

  4. Add the new attribute in the message-specific attribute mapping lookup definition, for example, the Lookup.PSFT.UM.UserProfile.ReconAttrMap lookup definition for the USER_PROFILE message.

    The following is the format of the values stored in this table:

    Code Key Decode

    AttributeName

    OPRALIASVALUE~PSOPRALIAS~OPRALIASTYPE=EQS

    For example:

    Code Key: EQS

    Decode: EQS_ID~PSOPRALIAS

    In this example, EQS is the reconciliation field and its equivalent target system field is EQS_ID.

  5. Add the new attribute in the Resource Object attribute reconciliation lookup definition, for example, the Lookup.PSFT.UM.UserProfile.Recon lookup for the USER_PROFILE message.

    In this example, the following values must be added to this lookup:

    Code Key Decode

    EQS ID

    EQS ID

  6. If you are using Oracle Identity Manager release 11.1.2.x or later, create a new UI form and attach it to the application instance to make this ID type visible. See Creating a New UI Form and Updating an Existing Application Instance with a New Form for the procedures.

4.7 Configuring Validation of Data During Reconciliation

You can configure validation of reconciled and provisioned single-valued data according to your requirements. For example, you can validate data entered in the User ID field on the process form so that the number sign (#) is not sent to the Oracle Identity Manager during reconciliation operation.

For data that fails the validation check, the following message is displayed or recorded in the log file:

Value returned for field FIELD_NAME is false.

To configure validation of data:

  1. Write code that implements the required validation logic in a Java class.

    See Also:

    The Javadocs shipped with the connector for more information about this interface

    You must create a class with the following signature:

    public boolean validate(HashMap arg0, HashMap arg1, String arg2)

    In this signature code:

    • arg0 contains primary table field values

    • arg1 contains child table field values

    • arg2 is the field on which validation needs to be done

    The following sample validation class checks if the value in the User ID attribute contains the number sign (#):

    package com.validate;
    import java.util.*;
    public class MyValidation {
    
    public boolean validate(HashMap hmUserDetails,
             HashMap hmEntitlementDetails, String field) {
                /*
             * You must write code to validate attributes. Parent
             * data values can be fetched by using hmUserDetails.get(field)
             * For child data values, loop through the
             * ArrayList/Vector fetched by hmEntitlementDetails.get("Child Table")
             * Depending on the outcome of the validation operation, 
             * the code must return true or false.
             */
             /*
             * In this sample code, the value "false" is returned if the field
             * contains the number sign (#). Otherwise, the value "true" is
             * returned.
             */
                boolean valid=true;
                String sUserID=(String) hmUserDetails.get(field);
                for(int i=0;i<sUserID.length();i++){
                  if (sUserID.charAt(i) == '#'){
                        valid=false; 
                        break;
                  } 
                }
                return valid;
            }
          } /* End */
    
  2. Create a JAR file to hold the Java class.

  3. Run the Oracle Identity Manager Upload JARs utility to post the JAR file created in Step 2 to the Oracle Identity Manager database. This utility is copied into the following location when you install Oracle Identity Manager:

    Note:

    Before you use this utility, verify that the WL_HOME environment variable is set to the in which Oracle WebLogic Server is installed.

    • For Microsoft Windows:

      OIM_HOME/server/bin/UploadJars.bat

    • For UNIX:

      OIM_HOME/server/bin/UploadJars.sh

    When you run the utility, you are prompted to enter the login credentials of the Oracle Identity Manager administrator, URL of the Oracle Identity Manager host computer, context factory value, type of JAR file being uploaded, and the location from which the JAR file is to be uploaded. Specify 1 as the value of the JAR type.

  4. If you created the Java class for validating a process form field for reconciliation, then:

    1. Log in to the Design Console.

    2. Search for and open the message-specific configuration lookup definition, in this example, the Lookup.PSFT.Message.UserProfile.Configuration lookup definition for the USER_PROFILE message. See Lookup.PSFT.Message.UserProfile.Configuration for information about this lookup definition. Check for the Validation Lookup Definition parameter in this lookup definition. The Decode value specifies the name of the validation lookup. In this example, the Decode value is Lookup.PSFT.UM.ReconValidation.

    3. Search for and open the Lookup.PSFT.UM.ReconValidation lookup definition.

    4. In the Code Key column, enter User ID. In the Decode column, enter com.validate.MyValidation.

      Here, the Code Key value specifies the column name of the field you want to validate. The Decode value is the complete package name of the Java class that has the validation logic.

    5. Save the changes to the lookup definition.

    6. Search for and open the message-specific configuration lookup definition, in this example, the Lookup.PSFT.Message.UserProfile.Configuration lookup definition.

    7. Set the value of the Use Validation entry to yes.

    8. Save the changes to the lookup definition.

  5. Remove the PeopleSoftOIMListener.ear file from the application server.

  6. Copy the validation JAR file created in Step 2 to the following :

    PeoplSoftOIMListener.ear/PeoplSoftOIMListener.war/WEB-INF/lib

  7. Redeploy the PeopleSoftOIMListener.ear file on the application server. See Deploying the PeopleSoft Listener for the procedure.

4.8 Configuring Transformation of Data During Reconciliation

You can configure the transformation of reconciled single-valued data according to your requirements. For example, you can use the Currency Code value to create a value for the Currency Code field in Oracle Identity Manager.

To configure the transformation of data:

  1. Write code that implements the required transformation logic in a Java class.

    See Also:

    The Javadocs shipped with the connector for more information about this interface

    The following sample transformation class modifies a value for the Currency Code attribute by prefixing a dollar sign ($) in the Currency Code value received from the target system:

    package com.transform;
    import java.util.*;
    public class MyTransform {
    
          /*
          Description:Abstract method for transforming the attributes
          param hmUserDetails<String,Object>
          HashMap containing parent data details
          param hmEntitlementDetails <String,Object>
          HashMap containing child data details
          
          */
          public Object transform(HashMap hmUserDetails, HashMap                  
          hmEntitlementDetails,String sField) {
          /*
           * You must write code to transform the attributes.
           Parent data attribute values can be fetched by
           using hmUserDetails.get("Field Name").
           *To fetch child data values, loop through the
           * ArrayList/Vector fetched by hmEntitlementDetails.get("Child Table")
           * Return the transformed attribute.
           */
          System.out.println("sfield =" + sField);
          String sCurrencyCode= (String)hmUserDetails.get(sField);
          sCurrencyCode = "$"+sCurrencyCode;
          return sCurrencyCode;
          }
    } /* End */
    
  2. Create a JAR file to hold the Java class.

  3. Run the Oracle Identity Manager Upload JARs utility to post the JAR file created in Step 2 to the Oracle Identity Manager database. This utility is copied into the following location when you install Oracle Identity Manager:

    Note:

    Before you use this utility, verify that the WL_HOME environment variable is set to the in which Oracle WebLogic Server is installed.

    • For Microsoft Windows:

      OIM_HOME/server/bin/UploadJars.bat

    • For UNIX:

      OIM_HOME/server/bin/UploadJars.sh

    When you run the utility, you are prompted to enter the login credentials of the Oracle Identity Manager administrator, URL of the Oracle Identity Manager host computer, context factory value, type of JAR file being uploaded, and the location from which the JAR file is to be uploaded. Specify 1 as the value of the JAR type.

  4. If you created the Java class for transforming a process form field for reconciliation, then:

    1. Log in to the Design Console.

    2. Search for and open the message-specific configuration lookup definition, in this example, the Lookup.PSFT.Message.UserProfile.Configuration lookup definition for the USER_PROFILE message. See Lookup.PSFT.Message.UserProfile.Configuration for information about this lookup definition. Check for the Transformation Lookup Definition parameter in this lookup definition. The Decode value specifies the name of the transformation lookup. In this example, the Decode value is Lookup.PSFT.UM.UserProfile.Transformation.

    3. Search for and open the Lookup.PSFT.UM.UserProfile.Transformation lookup definition.

    4. In the Code Key column, enter Currency Code. In the Decode column, enter com.transform.MyTransform.

      Here, the Code Key value specifies the column name of the field you want to validate. The Decode value is the complete package name of the Java class that has the transformation logic.

    5. Save the changes to the lookup definition.

    6. Search for and open the message-specific configuration lookup definition, in this example, the Lookup.PSFT.Message.UserProfile.Configuration lookup definition.

    7. Set the value of the Use Transformation entry to yes.

    8. Save the changes to the lookup definition.

  5. Remove the PeopleSoftOIMListener.ear file from the application server.

  6. Copy the transformation JAR file created is Step 2 to the following :

    PeoplSoftOIMListener.ear/PeoplSoftOIMListener.war/WEB-INF/lib

  7. Redeploy the PeopleSoftOIMListener.ear file on the application server. See Deploying the PeopleSoft Listener for the procedure.

4.9 Configuring Validation of Data During Provisioning

You can configure the validation of provisioned single-valued data according to your requirements. For example, you can validate the user ID provisioned to ensure that it does not contain the number sign (#).

For data that fails the validation check, the following message is displayed or recorded in the log file:

Value returned for field FIELD_NAME is false.

In this format, FIELD_NAME is the name of the field on which you perform validation.

To configure validation of data:

  1. Write code that implements the required validation logic in a Java class.

    See Also:

    The Javadocs shipped with the connector for more information about this interface

    You must create a class with the following signature:

    public boolean validate(HashMap arg0, HashMap arg1, String arg2)

    In this signature code:

    • arg0 contains primary table field values

    • arg1 contains child table field values

    • arg2 is the field on which validation needs to be done

    The following sample validation class checks whether the value in the user ID attribute contains the number sign (#):

    package com.validation;
    import java.util.HashMap;
    
    public class Validator {
        public boolean validate(HashMap hmUserDetails, HashMap hmEntitlementDetails, String sField) {
    
            /* You must write code to validate attributes. Parent
             * data values can be fetched by using hmUserDetails.get(field)
             * For child data values, loop through the
             * ArrayList/Vector fetched by hmEntitlementDetails.get("Child Table")
             * Depending on the outcome of the validation operation,
             * the code must return true or false.
             */
            /*
            * In this sample code, the value "false" is returned if the field
            * contains the number sign (#). Otherwise, the value "true" is
            * returned.
            */
            boolean valid = true;
            String sGivenName = (String) hmUserDetails.get(sField);
            for (int i = 0; i < sGivenName.length(); i++) {
                if (sGivenName.charAt(i) == '#') {
                    valid = false;
                    break;
                }
            }
            return valid;
        }
    } /* End */
    
  2. Create a JAR file to hold the Java class.

  3. Update the Lookup.PSFT.UM.Prov.Configuration lookup definition by performing the following steps:

    See Also:

    Lookup.PSFT.UM.Prov.Configuration for more information about the lookup

    1. Log in to the Design Console.

    2. Search for and open the Lookup.PSFT.UM.Prov.Configuration lookup definition.

    3. In the Code Key column, enter Provisioning Validation Lookup. In the Decode column, enter Lookup.PSFT.UM.ProvValidation.

    4. Save the changes to the lookup definition.

  4. Create a new lookup definition Lookup.PSFT.UM.ProvValidation and update the lookup by performing the following steps:

    See Also:

    Creating Lookups in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for detailed information about creating a new lookup definition

    1. In the Code Key column, enter User ID. In the Decode column, enter com.validation.Validator.

      Here, the Code Key value specifies the column name of the field you want to validate. The Decode value is the complete package name of the Java class that has the validation logic.

    2. Save the changes to the lookup definition.

  5. Run the Oracle Identity Manager Upload JARs utility to post the JAR file created in Step 2 to the Oracle Identity Manager database. This utility is copied into the following location when you install Oracle Identity Manager:

    Note:

    Before you use this utility, verify that the WL_HOME environment variable is set to the in which Oracle WebLogic Server is installed.

    • For Microsoft Windows:

      OIM_HOME/server/bin/UploadJars.bat

    • For UNIX:

      OIM_HOME/server/bin/UploadJars.sh

    When you run the utility, you are prompted to enter the login credentials of the Oracle Identity Manager administrator, URL of the Oracle Identity Manager host computer, context factory value, type of JAR file being uploaded, and the location from which the JAR file is to be uploaded. Specify 1 as the value of the JAR type.

  6. Run the PurgeCache utility to purge the Oracle Identity Manager cache.

    See Clearing Content Related to Connector Resource Bundles from the Server Cache for more information about the PurgeCache utility.

4.10 Modifying Field Lengths on the Process Form

You might want to modify the lengths of the fields (attributes) on the process form. For example, if you use a Japanese locale, then you might want to increase the lengths of the process form fields to accommodate multibyte data from the target system.

To modify the length of a field on the OIM User form:

  1. Log in to the Design Console.
  2. Expand Administration, and double-click User Defined Field Definition.
  3. Search for and open the Users form.
  4. Modify the length of the required field.
  5. Click the Save icon.

4.11 Configuring the Connector for Multiple Installations of the Target System

You can configure the connector for multiple installations of the target system by creating copies of the connector objects, such as the IT resource, process form, process definition, and resource object.

This section contains the following topics:

4.11.1 About Configuring the Connector for Multiple Installations of the Target System

You might want to configure the connector for multiple installations of the target system. The following example illustrates this requirement:

The London and New York offices of Example Multinational Inc. have their own installations of the target system. The company has recently installed Oracle Identity Manager, and wants to configure Oracle Identity Manager to link all the installations of the target system.

The company has a trusted (authoritative) source of identity data for Oracle Identity Manager, for example PSFT_TRST. The company uses the PeopleSoft Employee Reconciliation connector to reconcile person records, which in turn creates OIM Users.

The company now needs to provision resources on two different target systems, PSFT_LDN and PSFT_NY for London and New York offices, respectively, using the PeopleSoft User Management connector.

The resources in the London office have five mandatory fields to be provisioned. But, the New York office has an additional field to provision, for example the Social Security Number (SSN). In this scenario, you must create a clone of the User Management connector to provision PSFT_LDN and PSFT_NY target systems. The connector for the PSFT_NY target system has an additional SSN field to provision.

Figure 4-1 shows the architecture for multiple installations of the target system in Example Multinational Inc.

Figure 4-1 Architecture for Multiple Installations of the Target System

Description of Figure 4-1 follows
Description of "Figure 4-1 Architecture for Multiple Installations of the Target System"

To meet the requirement posed by such a scenario, you can create copies of connector objects, such as the IT resource, process form, process definition, and resource object.

The decision to create a copy of a connector object is based on a requirement. For example, an IT resource can hold connection information for one target system installation. Therefore, it is mandatory to create a copy of the IT resource for each target system installation.

With some other connector objects, you do not need to create copies at all. For example, a single attribute-mapping lookup definition can be used for all installations of the target system.

All connector objects are linked. For example, a scheduled task holds the name of the IT resource. Similarly, the IT resource holds the name of the common configuration lookup definition, which is Lookup.PSFT.Configuration. If you create a copy of an object, then you must specify the name of the copy in other connector object. Table 4-1 lists the association between connector objects whose copies can be created and the other objects that reference these objects. When you create a copy of an object, use this information to change the associations of that object with other objects.

4.11.2 Connector Objects and Their Associations

Table 4-1 lists the association between connector objects whose copies can be created and the other objects that reference these objects. When you create a copy of an object, use this information to change the associations of that object with other objects.

Table 4-1 Connector Objects and Their Associations

Connector Object Name Referenced By Description

IT Resource

PSFT User

  • Scheduled Task: PeopleSoft User Management Target Reconciliation

  • Resource Object: Peoplesoft User

You need to create a copy of IT Resource with a different name.

Resource Object

Peoplesoft User

Message-specific configuration lookup definitions:

  • Lookup.PSFT.Message.UserProfile.Configuration

  • Lookup.PSFT.Message.DeleteUserProfile.Configuration

It is optional to create a copy of a resource object. If you are reconciling the same set of attributes from the other target system, then you need not create a new resource object.

Note: Create copies of this resource object only if there are differences in attributes between two installations of the target system.

Process Definition

Peoplesoft User Management

NA

It is optional to create a copy of a process definition. If you are reconciling or provisioning the same set of attributes, then you need not create a copy of this connector object.

Note: Create copies of this process definition only if there are differences in attributes between two installations of the target system.

Process Form

UD_PSFT_BAS

NA

It is optional to create a copy of the process form. If you are provisioning different sets of attributes, then you need to create a copy of this connector object.

Common Configuration Lookup Definition

Lookup.PSFT.Configuration

Message-specific configuration lookup definitions:

  • Lookup.PSFT.Message.UserProfile.Configuration

  • Lookup.PSFT.Message.DeleteUserProfile.Configuration

It is optional to create a copy of the common configuration lookup definition.

Note: Create copies of this lookup definition only if there are differences in attributes between two installations of the target system.

Message-specific Configuration Lookup Definition

  • Lookup.PSFT.Message.UserProfile.Configuration

  • Lookup.PSFT.Message.DeleteUserProfile.Configuration

Attribute mapping lookup definitions:

  • Lookup.PSFT.UM.UserProfile.ReconAttrMap

  • Lookup.PSFT.UM.DeleteUserProfile.AttributeMapping

It is optional to create a copy of the message-specific lookup definitions.

Note: Create copies of this lookup definition only if there are differences in attributes between two installations of the target system.

Attribute Mapping Lookup Definition

  • Lookup.PSFT.UM.ProvAttrMap

  • Lookup.PSFT.UM.DeleteUserProfile.AttributeMapping

NA

This lookup definition holds the information of the attributes reconciled from the XML message file from the target system.

Note: Create copies of this lookup definition only if there are differences in attributes between two installations of the target system.

Recon Map Lookup Definition

  • Lookup.PSFT.UM.UserProfile.Recon

NA

This lookup definition maps the resource object field with the data reconciled from the message.

Note: Create copies of this lookup definition only if there are differences in attributes between two installations of the target system.

4.11.3 Creating Copies of the Connector Objects

To create copies of the connector objects:

  1. Create a copy of the IT resource. See Configuring the IT Resource for information about this IT resource.

    You can enable dependent lookups if you want to view data in the lookup fields of the process form for the selected IT resource. Enabling the Dependent Lookup Fields Feature describes the procedure to configure the dependent lookups.

  2. Create a copy of the Peoplesoft User resource object.
  3. Create copy of the USER_PROFILE message-specific configuration lookup.
  4. Create a copy of the Lookup.PSFT.Configuration lookup definition. See Lookup.PSFT.Configuration for information about this lookup definition.
  5. Create a copy of the message-specific attribute mapping and the Recon lookup definition, for example, Lookup.PSFT.UM.UserProfile.ReconAttrMap and the Lookup.PSFT.UM.UserProfile.Recon for the USER_PROFILE message.
  6. Create a copy of the PeopleSoft User Management Target Reconciliation scheduled task. See Configuring the Scheduled Job for User Data Reconciliation for information about this scheduled task.

To reconcile data from a particular target system installation, specify the name of the IT resource for that target system installation as the value of the ITResource scheduled task attribute.

4.12 Enabling the Dependent Lookup Fields Feature

When you perform a provisioning operation, lookup fields on the Administrative and User Console allow you to select values from lists. Some of these lookup fields are populated with values copied from the target system.

In earlier releases of the connector, if you had multiple installations of the target system, then entries in the lookup field were linked to the target system installation from which the entries were copied. This allowed you to select lookup field values that were specific to the target system installation on which the provisioning operation was to be performed.

You can enable this feature after you deploy the Oracle Identity Manager. To enable the Dependent Lookup Fields feature, perform the following procedures:

Note:

To provision a resource, you enter the required values in the process form with at least one lookup value selected, for example, Currency Code and then click Continue. But, if you click the Back button now, the description of the Code Key on the process form changes to the Decode value. If you proceed with provisioning now, the following exception is thrown:

Column data length is too long

4.12.1 Updating the UD_PSFT_BAS Form

This section describes how to update the UD_PSFT_BAS form. It contains the following topics:

4.12.1.1 Creating a New Version of the UD_PSFT_BAS Form

To create a new version of the UD_PSFT_BAS form:

  1. On Oracle Identity Manager Design Console, expand Development Tools and double-click Form Designer.
  2. Search for and open the UD_PSFT_BAS form.
  3. Click Create New Version, enter a new version number, and then save the version.

4.12.1.2 Adding Properties for the Primary Permission List Lookup Field

To add properties for the Primary Permission List lookup field:

  1. From the Current Version list, select the version that you created.

  2. Open the Properties tab.

  3. Add properties for the Primary Permission List lookup field as follows:

    1. Select the Lookup Code= Name of Lookup Definition property, and then click Delete Property.

      For example:

      Lookup Code = Lookup.PSFT.UM.PermissionList

    2. Select Primary Permission List, and then click Add Property.

    3. In the Add Property dialog box:

      From the Property Name list, select Lookup Column Name.

      In the Property Value field, enter lkv_encoded.

      Click the Save icon, and then close the dialog box.

    4. Select Primary Permission List, and then click Add Property.

    5. In the Add Property dialog box:

      From the Property Name list, select Column Names.

      In the Property Value field, enter lkv_encoded.

      Click the Save icon, and then close the dialog box.

    6. Select Primary Permission List, and then click Add Property.

    7. In the Add Property dialog box:

      From the Property Name list, select Column Widths.

      In the Property Value field, enter 234.

    8. Select Primary Permission List, and then click Add Property.

    9. In the Add Property dialog box:

      From the Property Name list, select Column Captions.

      In the Property Value field, enter lkv_decoded.

      Click the Save icon, and then close the dialog box.

    10. Select Primary Permission List, and then click Add Property.

    11. In the Add Property dialog box:

      From the Property Name list, select Lookup Query.

      In the Property Value field, enter the following if Oracle Identity Manager is running on Oracle:

      SELECT lkv_encoded,lkv_decoded FROM lkv lkv,lku lku WHERE lkv.lku_key = lku.lku_key AND lku_type_string_key = 'Lookup.PSFT.UM.PermissionList' AND lkv_encoded like CONCAT('$Form data.UD_PSFT_BAS_SERVER$','~%')
      

      In the Property Value field, enter the following if Oracle Identity Manager is running on Microsoft SQL Server:

      SELECT lkv_encoded,lkv_decoded FROM lkv lkv,lku lku WHERE lkv.lku_key = lku.lku_key AND lku_type_string_key = 'Lookup.PSFT.UM.PermissionList' AND lkv_encoded like '$Formdata.UD_PSFT_BAS_SERVER$' + '~%'
      
    12. Click the Save icon, and then close the dialog box.

4.12.1.3 Adding Properties for the Lookup Query

To add properties for the lookup query:

  1. Perform Steps 6a through 6j in Adding Properties for the Primary Permission List Lookup Field. Add the properties that you added for the Primary Permission List field on the UD_PSFT_BAS form.
  2. When you perform Step 6.k, enter values in the Property Value field for the lookup query specified in Table 4-2 for the respective field, such as Language Code, Currency Code, Row Security Permission List, Process Profile Permission List, and Navigator Home Permission List.

    Table 4-2 lists the lookup queries.

    Table 4-2 Queries for Lookup Fields

    Field Name Oracle Database Version of the Query Microsoft SQL Server Version of the Query

    Field Name (UD_PSFT_BAS)

       

    Language Code

    SELECT lkv_encoded,lkv_decoded FROM lkv lkv,lku lku WHERE lkv.lku_key = lku.lku_key AND lku_type_string_key = 'Lookup.PSFT.UM.LanguageCode' AND lkv_encoded like CONCAT('$Form data.UD_PSFT_BAS_SERVER$', '~%')

    SELECT lkv_encoded,lkv_decoded FROM lkv lkv,lku lku WHERE lkv.lku_key = lku.lku_key AND lku_type_string_key ='Lookup.PSFT.UM.LanguageCode' AND lkv_encoded like '$Formdata.UD_PSFT_BAS_SERVER$' + '~%'

    Currency Code

    SELECT lkv_encoded,lkv_decoded FROM lkv lkv,lku lku WHERE lkv.lku_key = lku.lku_key AND lku_type_string_key = 'Lookup.PSFT.UM.CurrencyCode' AND lkv_encoded like CONCAT('$Form data.UD_PSFT_BAS_SERVER$', '~%')

    SELECT lkv_encoded,lkv_decoded FROM lkv lkv,lku lku WHERE lkv.lku_key = lku.lku_key AND lku_type_string_key = 'Lookup.PSFT.UM.CurrencyCode' AND lkv_encoded like'$Formdata.UD_PSFT_BAS_SERVER$' + '~%'

    Primary Permission List

    SELECT lkv_encoded,lkv_decoded FROM lkv lkv,lku lku WHERE lkv.lku_key = lku.lku_key AND lku_type_string_key ='Lookup.PSFT.UM.PermissionList' AND lkv_encoded like CONCAT('$Form data.UD_PSFT_BAS_SERVER$', '~%')

    SELECT lkv_encoded,lkv_decoded FROM lkv lkv,lku lku WHERE lkv.lku_key = lku.lku_key AND lku_type_string_key = 'Lookup.PSFT.UM.PermissionList' AND lkv_encoded like'$Formdata.UD_PSFT_BAS_SERVER$' + '~%'

    Row Security Permission List

    SELECT lkv_encoded,lkv_decoded FROM lkv lkv,lku lku WHERE lkv.lku_key = lku.lku_key AND lku_type_string_key ='Lookup.PSFT.UM.PermissionList' AND lkv_encoded like CONCAT('$Form data.UD_PSFT_BAS_SERVER$', '~%')

    SELECT lkv_encoded,lkv_decoded FROM lkv lkv,lku lku WHERE lkv.lku_key = lku.lku_key AND lku_type_string_key = 'Lookup.PSFT.UM.PermissionList' AND lkv_encoded like'$Formdata.UD_PSFT_BAS_SERVER$' + '~%'

    Process Profile Permission List

    SELECT lkv_encoded,lkv_decoded FROM lkv lkv,lku lku WHERE lkv.lku_key = lku.lku_key AND lku_type_string_key = 'Lookup.PSFT.UM.PermissionList' AND lkv_encoded like CONCAT('$Form data.UD_PSFT_BAS_SERVER$', '~%'

    SELECT lkv_encoded,lkv_decoded FROM lkv lkv,lku lku WHERE lkv.lku_key = lku.lku_key AND lku_type_string_key = 'Lookup.PSFT.UM.PermissionList' AND lkv_encoded like'$Formdata.UD_PSFT_BAS_SERVER$' + '~%'

    Navigator Home Permission List

    SELECT lkv_encoded,lkv_decoded FROM lkv lkv,lku lku WHERE lkv.lku_key = lku.lku_key AND lku_type_string_key = 'Lookup.PSFT.UM.PermissionList' AND lkv_encoded like CONCAT('$Form data.UD_PSFT_BAS_SERVER$', '~%')

    SELECT lkv_encoded,lkv_decoded FROM lkv lkv,lku lku WHERE lkv.lku_key = lku.lku_key AND lku_type_string_key = 'Lookup.PSFT.UM.PermissionList' AND lkv_encoded like'$Formdata.UD_PSFT_BAS_SERVER$' + '~%'

  3. Click the Save icon to save the changes to the form.
  4. Click Make Version Active.

4.12.2 Updating the UD_PS_EMAIL Form

The procedure that you perform to update the UD_PS_EMAIL form is almost the same as the procedure described in Updating the UD_PSFT_BAS Form:

  1. On the Design Console, expand Development Tools and double-click Form Designer.

  2. Search for and open the UD_PS_EMAIL form.

  3. Click Create New Version, enter a new version number, and then save the version.

  4. From the Current Version list, select the version that you created.

  5. Open the Properties tab.

  6. Add properties for the Email Type lookup field as follows:

    1. When you perform Step 6b of the procedure described in Updating the UD_PSFT_BAS Form, select Email Type instead of Primary Permission List.

    2. Perform Steps 6c through 6j. Add the properties that you added for the Email Type field on the UD_PS_EMAIL form.

    3. When you perform Step 6k, enter the following in the Property Value field for the lookup query:

      For Oracle:

      SELECT lkv_encoded,lkv_decoded FROM lkv lkv,lku lku WHERE lkv.lku_key = lku.lku_key AND lku_type_string_key = 'Lookup.PSFT.UM.EmailType' AND  lkv_encoded like CONCAT('$Form data.UD_PSFT_BAS_SERVER$',   '~%')
      

      For Microsoft SQL Server:

      SELECT lkv_encoded,lkv_decoded FROM lkv lkv,lku lku WHERE lkv.lku_key=lku.lku_key AND lku_type_string_key='Lookup.PSFT.UM.EmailType'AND lkv_encoded like'$Formdata.UD_PSFT_BAS_SERVER$' + '~%'
      
  7. Click the Save icon to save the changes to the form.

  8. Click Make Version Active.

4.12.3 Updating the UD_PSROLES Form

The procedure that you perform to update the UD_PSROLES form is almost the same as the procedure described in Updating the UD_PSFT_BAS Form:

  1. On the Design Console, expand Development Tools and double-click Form Designer.

  2. Search for and open the UD_PSROLES form.

  3. Click Create New Version, enter a new version number, and then save the version.

  4. From the Current Version list, select the version that you created.

  5. Open the Properties tab.

  6. Add properties for the Role Name lookup field as follows:

    1. When you perform Step 6b of the procedure described in Updating the UD_PSFT_BAS Form, select Role Name instead of Primary Permission List.

    2. Perform Steps 6c through 6j. Add the properties that you added for the Role Name field on the UD_PSROLES form.

    3. When you perform Step 6k, enter the following in the Property Value field for the lookup query:

      For Oracle:

      SELECT lkv_encoded,lkv_decoded FROM lkv lkv,lku lku WHERE lkv.lku_key = lku.lku_key AND lku_type_string_key = 'Lookup.PSFT.UM.Roles' AND  lkv_encoded like CONCAT('$Form data.UD_PSFT_BAS_SERVER$',   '~%')
      

      For Microsoft SQL Server:

      SELECT lkv_encoded,lkv_decoded FROM lkv lkv,lku lku WHERE lkv.lku_key=lku.lku_key ANDlku_type_string_key='Lookup.PSFT.UM.Roles' AND lkv_encoded like'$Formdata.UD_PSFT_BAS_SERVER$' + '~%'
      
  7. Click the Save icon to save the changes to the form.

  8. Click Make Version Active.

4.13 Connector Component Interfaces for the PeopleSoft User Management

The PeopleSoft User Management connector performs user provisioning by invoking methods and setting properties on PeopleSoft Component -Interfaces. Component interface definitions are assigned in the PeopleSoft Component Interface configuration objects. You can modify the definitions by editing a copy of the PeopleSoftComponentInterfaces.xml file located in the xml of the connector package. This XML file is mapped to the xmlMapping entry in the Lookup.PSFT.Configuration lookup definition.

This section includes the following information about configuring and implementing component interfaces with the PeopleSoft User Management connector:

4.13.1 Creating Component Interface Map Definitions

The component interface map contains the list of component interfaces available to the connector. The interfaces object contains a list of component interfaces. If you have a custom component interface, you must define your own component interface definition in the map. Edit the PeopleSoft Component Interfaces Configuration object and add your definition as an additional Object into the <List> element under the <Attribute name='interfaces'> element.

This section contains the following topics:

4.13.1.1 Component Interface Definition

Each available component interface has its own definition. Key elements of a component interface definition include:

  • name. The label of a component interface. It often matches the value of the componentInterface attribute, but this is not a requirement. The value will be displayed in the drop-down menu on the connector's Resource Parameters page.

  • componentInterface attribute. The name of the component interface, as defined in PeopleSoft.

  • getKey attribute. The name of the component interface property that is set when performing a PeopleSoft GET operation. If getKey is not defined, then the key attribute is used instead.

  • findKey attribute. The name of the component interface property that is set when performing a PeopleSoft FIND operation. If findKey is not defined, then the key attribute is used instead.

  • createKey attribute. The name of the component interface property that is set when performing a PeopleSoft CREATE operation. If createKey is not defined, then key attribute is used instead.

  • key attribute. Deprecated. Use getKey, findKey, or createKey instead.

  • properties attribute. A list of properties that can be read or set from the PeopleSoft component interface.

Each Object in the properties list must have the following attribute:

  • name. The name of the property. This must match exactly with the name of a property exposed by the PeopleSoft component interface identified by the componentInterface property. The names of the properties are candidates to be listed as resource user attributes on the Account Attributes page.

    If this a collection property, then you must define additional attributes. A collection property defines its key property and its own nested set of simple and/or complex properties:

    isCollection attribute. If the property is a collection, then set this to true.

    key attribute. If the property is a collection, set this to the name of the property that uniquely identifies each item of the collection.

    properties attribute. The list of properties that can be read/set for each item of the collection. To support arbitrary complexity, each member of this list is an Object with the same allowed attributes as the parent. That is, it can contain its own name, isCollection, key, and properties attributes.

  • disableRule attribute. An Object that defines the logic to compute and set the user disable state.

    This attribute contains the following attributes:

    property attribute. The property to check. The value must be listed in the properties attribute for the componentInterface object.

    trueValue attribute. A value that indicates the user is disabled.

    falseValue attribute. A value that indicates the user is enabled.

  • supportedObjectTypes attribute. A list of supported resource object types. Each object defines a set of features.

    features attribute. A list supported features. Possible feature types include view, get, list, find, create, saveas, update, rename, and delete.

4.13.1.2 Default Component Interfaces Supported

The default Component Interface configuration object defines the following interfaces:

4.13.1.2.1 USER_PROFILE Component Interface

The default USER_PROFLE component interface definition is used to perform create, read, and update actions. The key and findKey attributes are set to UserID, because the USER_PROFILE component interface assigns the UserID field for the GETKEYS and FINDKEYS keys.

The default definition for the USER_PROFILE component interface does not define all of the possible properties. It has been simplified to include those used in the sample user form. If you need to add more resource user attributes to the Account Attributes page, then the component interface definition must be updated first. A resource user attribute cannot be added to that page unless it is listed in the component interface definition.

Most properties are defined in USER_PROFILE are simple objects. However, the IDTypes and Roles objects are collections and can have multiple values. IDTypes contains a collection of its own, Attributes. These objects must include the isCollection attribute, the key name for the collection, and at least one property.

4.13.1.2.2 DELETE_USER_PROFILE Component Interface

The DELETE_USER_PROFILE component interface definition is used to delete user profile definitions. The OPRID key determines which user profile is to be deleted. Since the component interface does not have properties, none are listed in the definition.

4.13.2 Customizing PeopleSoft Component Interface Resource Objects

The PeopleSoft Component Interface map definition file can be edited so that resource objects can be managed. Use a text editor to add an ObjectType element to the definition file. For example, to add support for the Role resource object, add an ObjectType element similar to the following example:

<ObjectTypes>
<ObjectType name='Role' icon='role'>
   <ObjectFeatures>
      <ObjectFeature name='find'/>
   </ObjectFeatures>
   <ObjectAttributes idAttr='ROLENAME' displayNameAttr='ROLENAME' descriptionAttr='DESCR'>
      <ObjectAttribute name='ROLENAME' type='string'/>
      <ObjectAttribute name='DESCR' type='string'/>
      <ObjectAttribute name='ROLESTATUS' type='string'/>
   </ObjectAttributes>
</ObjectType>
</ObjectTypes>

The ObjectType name (for example, Role) must match the name of one of the objects in the supportedObjectTypes list of exactly one component interface definition. Each ObjectFeature (for example, find) must have a corresponding feature in the features list in that same supportedObjectTypes. The matched component interface is used to perform the resource feature. If there are multiple matches, the first one found will be used.

The following example is part of the component interface definition for the ROLE_MAINT component interface in the component interface map. Note that the Object name Role is found and that an item in the features list is named find.

<Attribute name='supportedObjectTypes' >
   <List>
      <Object name='Role'>
         <Attribute name='features' >
            <List>
               <Object name='find' />
               <Object name='get' />
            </List>
         </Attribute>
      </Object>
   </List>
</Attribute>