Go to main content
1/15
Contents
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
What's New in the Oracle Identity Manager Connector for PeopleSoft User Management?
Software Updates
Software Updates in Release 11.1.1.6.0
Software Updates in Release 11.1.1.5.0
ICF Based Connector
Simplified PeopleSoft Listener Deployment
Support for Addition of Custom Attributes and ID Types
Support for Custom Component Interfaces
Support for Configuring the Connector for Multiple Target System Versions
Support for Segregation of Duties (SoD)
Support for Connection Pooling
New Lookup Definitions
Deployment Using Connector Server
Enhanced Logging
Resolved Issues
Documentation-Specific Updates
Documentation-Specific Updates in Release 11.1.1.6.0
Documentation-Specific Updates in Release 11.1.1.5.0
1
About the Connector
1.1
Introduction to the PeopleSoft User Management Connector
1.2
Certified Components
1.3
Determining the Version of PeopleTools and the Target System
1.4
Usage Recommendation
1.5
Certified Languages
1.6
Connector Architecture
1.6.1
About the Connector Architecture
1.6.2
Reconciliation
1.6.2.1
Lookup Reconciliation
1.6.2.2
Full Reconciliation
1.6.2.3
Incremental Reconciliation
1.6.3
Provisioning
1.6.4
Deployment Options
1.7
Features of the Connector
1.7.1
Full and Incremental Reconciliation
1.7.2
Support for Standard PeopleSoft Messages
1.7.3
Support for Resending Messages That Are Not Processed
1.7.4
Target Authentication
1.7.5
SoD Validation of Entitlement Provisioning
1.7.5.1
About SoD Validation of Entitlement Provisioning
1.7.5.2
SoD Validation Process
1.7.6
Validation and Transformation of Account Data
1.7.7
Connection Pooling
1.7.8
Adding New ID Types
1.7.9
Deleting User Accounts
1.7.10
Specifying Accounts to Be Excluded from Reconciliation and Provisioning Operations
1.7.11
Support for Multiple Versions of the Target System
1.7.12
Features Provided by the Identity Connector Framework
1.7.13
Support for the Connector Server
1.8
Lookup Definitions Used During Connector Operations
1.8.1
Lookup Definitions Synchronized with the Target System
1.8.2
Preconfigured Lookup Definitions
1.8.2.1
Lookup.PSFT.Configuration
1.8.2.2
Lookup Definitions Used to Process USER_PROFILE Messages
1.8.2.2.1
Lookup.PSFT.Message.UserProfile.Configuration
1.8.2.2.2
Lookup.PSFT.UM.UserProfile.ReconAttrMap
1.8.2.2.3
Mapping Entries in the Lookup.PSFT.UM.UserProfile.ReconAttrMap Lookup Definition
1.8.2.2.4
Lookup.PSFT.UM.UserProfile.Recon
1.8.2.2.5
Mapping the Entries in the Lookup.PSFT.UM.UserProfile.Recon Lookup Definition
1.8.2.2.6
Lookup.PSFT.UM.UserProfile.UserStatus
1.8.2.2.7
Lookup.PSFT.UM.UserProfile.ChildTables
1.8.2.2.8
Lookup.PSFT.UM.UserProfile.Transformation
1.8.2.3
Lookup Definitions Used to Process DELETE_USER_PROFILE Messages
1.8.2.3.1
Lookup.PSFT.Message.DeleteUserProfile.Configuration
1.8.2.3.2
Lookup.PSFT.UM.DeleteUserProfile.AttributeMapping
1.8.2.3.3
Lookup.PSFT.UM.DeleteUserProfile.Recon
1.8.2.4
Other Lookup Definitions
1.8.2.4.1
Lookup.PSFT.UM.Prov.Configuration
1.8.2.4.2
Lookup.PSFT.UM.ProvAttrMap
1.8.2.4.3
Mappings in the Lookup.PSFT.UM.ProvAttrMap Lookup Definition
1.8.2.4.4
Lookup.PSFT.UM.ProvValidation
1.8.2.4.5
Lookup.PSFT.UM.ReconValidation
1.8.2.4.6
Lookup Definitions for Exclusion Lists
1.9
Connector Objects Used During Reconciliation
1.9.1
User Attributes for Reconciliation
1.9.2
Reconciliation Rules
1.9.2.1
Overview of the Reconciliation Rule
1.9.2.2
Viewing the Reconciliation Rules in the Design Console
1.9.3
Reconciliation Action Rules
1.9.3.1
Overview of the Reconciliation Action Rules
1.9.3.2
Viewing the Reconciliation Action Rules in the Design Console
1.10
Connector Objects Used During Provisioning
1.10.1
User Provisioning Functions
1.10.2
User Attributes for Provisioning
1.11
Roadmap for Deploying and Using the Connector
2
Deploying the Connector
2.1
Preinstallation
2.1.1
Preinstallation on Oracle Identity Manager
2.1.1.1
Files and Directories on the Installation Media
2.1.1.2
JDK Requirement for PeopleTools 8.53, PeopleTools 8.54, and PeopleTools 8.55
2.1.1.3
JDK Requirement for PeopleTools 8.56 and PeopleTools 8.57
2.1.2
Preinstallation on the Target System
2.1.2.1
Importing a Project from Application Designer
2.1.2.2
Creating a Target System User Account for Connector Operations
2.1.2.2.1
Creating a Permission List
2.1.2.2.2
Creating a Role for a Limited Rights User
2.1.2.2.3
Assigning the Required Privileges to the Target System Account
2.1.3
Installing and Configuring the Connector Server
2.1.4
Running the Connector Server
2.1.4.1
Running the Connector Server on UNIX and Linux Systems
2.1.4.2
Running the Connector Server on Windows Systems
2.2
Installation
2.2.1
Installation Options
2.2.2
Installation on Oracle Identity Manager
2.2.2.1
Running the Connector Installer
2.2.2.2
Copying the Connector Files and External Code Files
2.2.2.3
Configuring the IT Resource
2.2.2.4
IT Resource Parameters
2.2.2.5
Determining the JOLT Listener Port
2.2.2.6
Configuring the Connector to Support Multiple Versions of the Target System
2.2.2.6.1
About Configuring a Connector to Support Multiple Versions of the Target System
2.2.2.6.2
Configuring the Connector to Support Multiple Versions of the Target System
2.2.2.7
Deploying the PeopleSoft Listener
2.2.2.7.1
Prerequisites for Deploying the PeopleSoft Listener
2.2.2.7.2
Deploying the PeopleSoft Listener on Oracle Identity Manager
2.2.2.7.3
Prerequisites for Deploying the PeopleSoft Listener on WebSphere Application Server
2.2.2.7.4
Deploying the PeopleSoft Listener on WebSphere Application Server
2.2.2.7.5
Importing Oracle Identity Manager CA Root Certificate for WebLogic Server
2.2.2.7.6
Importing Oracle Identity Manager CA Root Certificate for WebSphere Application Server
2.2.2.8
Removing the PeopleSoft Listener
2.2.2.8.1
Removing the PeopleSoft Listener on WebSphere Application Server
2.2.2.8.2
Removing the PeopleSoft Listener for WebLogic Server
2.2.3
Installation on the Target System
2.2.3.1
Configuring the Target System for Lookup Reconciliation
2.2.3.1.1
Creating the Application Engine Program If PeopleSoft Application Designer Project Is Not Imported
2.2.3.1.2
Creating the Application Engine Program If PeopleSoft Application Designer Project Is Imported
2.2.3.2
Configuring the Target System for Full Reconciliation
2.2.3.2.1
Displaying the EI Repository Folder
2.2.3.2.2
Activating the USER_PROFILE Messages
2.2.3.2.3
Activating the Full Data Publish Rule
2.2.3.2.4
About Configuring the PeopleSoft Integration Broker
2.2.3.2.5
Configuring the PeopleSoft Integration Broker Gateway
2.2.3.2.6
Creating the Remote Node
2.2.3.2.7
Activating the USER_PROFILE Service Operation
2.2.3.2.8
Verifying the Queue Status for the USER_PROFILE Service Operation
2.2.3.2.9
Setting Up the Security for the USER_PROFILE Service Operation
2.2.3.3
Configuring the Target System for Incremental Reconciliation
2.2.3.3.1
About Configuring the Target System for Incremental Reconciliation
2.2.3.3.2
Configuring PeopleSoft Integration Broker
2.2.3.3.3
Setting the CopyRowsetDelta Option
2.2.3.3.4
Configuring the USER_PROFILE Service Operation
2.2.3.3.5
Activating the DELETE_USER_PROFILE Service Operation
2.2.3.3.6
Verifying the Queue Status for the DELETE_USER_PROFILE Service Operation
2.2.3.3.7
Setting Up the Security for the DELETE_USER_PROFILE Service Operation
2.2.3.3.8
Defining the Routing for the DELETE_USER_PROFILE Service Operation
2.2.3.3.9
Preventing Transmission of Unwanted Fields During Incremental Reconciliation
2.2.3.3.10
Removing Unwanted Fields at Message Level
2.2.3.4
Configuring the Target System for Provisioning
2.2.3.5
Configuring Oracle Identity Manager Server as a Non-Proxy Host on PeopleSoft Server
2.3
Postinstallation
2.3.1
Configuring Oracle Identity Manager
2.3.1.1
Configuring Oracle Identity Manager 11.1.2 or Later
2.3.1.1.1
Creating and Activating a Sandbox
2.3.1.1.2
Creating a New UI Form
2.3.1.1.3
Creating an Application Instance
2.3.1.1.4
Publishing a Sandbox
2.3.1.1.5
Harvesting Entitlements and Sync Catalog
2.3.1.1.6
Updating an Existing Application Instance with a New Form
2.3.1.2
Enabling the Reset Password Option in Oracle Identity Manager 11.1.2.1.0 or Later
2.3.1.3
Clearing Content Related to Connector Resource Bundles from the Server Cache
2.3.1.4
Enabling Logging
2.3.1.4.1
Log Levels and ODL Message Types
2.3.1.4.2
Logger Names
2.3.1.4.3
Enabling Logging in Oracle WebLogic Server
2.3.1.5
Setting Up the Lookup Definitions for Exclusion Lists
2.3.1.6
Setting Up the Lookup.PSFT.UM.UserProfile.UserStatus Lookup Definition
2.3.1.7
Setting Up the Lookup.PSFT.UM.DeleteUserProfile.AttributeMapping Lookup Definition for PeopleTools 8.52
2.3.1.8
Setting Up the Lookup.PSFT.Configuration Lookup Definition
2.3.1.8.1
About Setting Up the Lookup.PSFT.Configuration Lookup Definition
2.3.1.8.2
Setting the Code Key Value
2.3.1.9
Setting up the Lookup.PSFT.Configuration Lookup Definition for Connection Pooling
2.3.1.9.1
Connection Pooling Properties
2.3.1.9.2
Modifying the Connection Pooling Properties
2.3.1.10
Enabling Request-Based Provisioning
2.3.1.10.1
Copying Predefined Request Datasets
2.3.1.10.2
Importing Request Datasets into MDS
2.3.1.10.3
Enabling the Auto Save Form Feature
2.3.1.10.4
Running the PurgeCache Utility
2.3.1.11
Localizing Field Labels in UI Forms
2.3.2
Configuring SSL for Oracle Identity Manager
2.3.2.1
Configuring SSL on IBM WebSphere Application Server
2.3.2.1.1
Configuring SSL on IBM WebSphere Application Server with a Self-Signed Certificate
2.3.2.1.2
Configuring SSL on IBM WebSphere Application Server with a CA Certificate
2.3.2.1.3
Receiving a Signed Certificate Issued By a CA
2.3.2.2
Configuring SSL on Oracle WebLogic Server
2.3.2.2.1
Configuring SSL on Oracle WebLogic Server with a Signed Certificate
2.3.2.2.2
Configuring SSL on Oracle WebLogic Server with a CA Certificate
2.3.3
Configuring SoD on Oracle Identity Manager
2.3.3.1
Updating OAACG IT Resource Instance
2.3.3.2
The TopologyName IT Resource Parameter
2.3.3.3
Specifying a Value for the TopologyName IT Resource Parameter
2.3.3.4
Disabling SoD
2.3.3.5
Enabling SoD
2.3.4
Configuring the Target System
2.3.5
Creating the IT Resource for the Connector Server
2.3.5.1
Creating the IT Resource
2.3.5.2
IT Resource Parameters
2.4
Upgrading the Connector
2.4.1
Prerequisites for Upgrading the Connector
2.4.2
Upgrade the Connector from Release 11.1.1.5.0
2.4.3
Upgrade the Connector from Release 9.1.1.6
2.4.3.1
Running the Upgrade Wizard
2.4.3.2
Upgrading the Connector Files and External Code Files
2.4.3.3
Upgrading the Configurations
2.4.3.4
Upgrading the Customizations
2.4.3.5
Upgrading the PeopleSoft Listener
2.4.3.6
Migrating the Form Data
2.4.3.7
Updating the PeopleSoft Target System
2.4.3.8
Compiling the Adapters
3
Using the Connector
3.1
Summary of Steps to Use the Connector
3.2
Configuring the Scheduled Jobs for Lookup Field Synchronization
3.2.1
Scheduled Jobs for Lookup Field Reconciliation
3.2.2
Scheduled Job Attributes
3.3
Configuring Reconciliation
3.3.1
Performing Lookup Reconciliation
3.3.2
Performing Full Reconciliation
3.3.2.1
Generating XML Files
3.3.2.2
Importing XML Files into Oracle Identity Manager
3.3.2.2.1
Configuring the Scheduled Job for User Data Reconciliation
3.3.2.2.2
Attributes of the Scheduled Job for Reconciliation of User Data
3.3.3
Performing Incremental Reconciliation
3.3.4
Limited Reconciliation
3.3.4.1
About Limited Reconciliation
3.3.4.2
Configuring Limited Reconciliation
3.4
Resending Messages That Are Not Received by the PeopleSoft Listener
3.4.1
About Resending Messages
3.4.2
Resending Messages Manually
3.5
Performing Provisioning Operations in Oracle Identity Manager 11.1.1.x
3.5.1
Direct Provisioning on Oracle Identity Manager
3.5.1.1
Prerequisites
3.5.1.2
Performing Direct Provisioning
3.5.2
Request-Based Provisioning in Oracle Identity Manager
3.5.2.1
End User's Role in Request-Based Provisioning
3.5.2.2
Approver's Role in Request-Based Provisioning
3.5.3
Switching Between Request-Based Provisioning and Direct Provisioning
3.5.3.1
Switching From Request-Based Provisioning to Direct Provisioning
3.5.3.2
Switching From Direct Provisioning to Request-Based Provisioning
3.6
Performing Provisioning Operations in Oracle Identity Manager Release 11.1.2.
x
3.7
Configuring Scheduled Jobs
3.8
Provisioning Operations Performed in an SoD-Enabled Environment
3.8.1
Overview of the Provisioning Process in an SoD-Enabled Environment
3.8.2
Direct Provisioning in an SoD-Enabled Environment
3.8.3
Request-Based Provisioning in an SoD-Enabled Environment
3.8.3.1
End-User's Role in Request-Based Provisioning
3.8.3.2
Approver's Role in Request-Based Provisioning
4
Extending the Functionality of the Connector
4.1
Adding New Attributes for Provisioning
4.1.1
Verifying the Attribute Definition in PeopleSoft Component Interface
4.1.2
Adding the Attribute to the PeopleSoft Component Interface Map Definition
4.1.3
Configuring the Attribute in Oracle Identity Manager
4.1.3.1
Adding a New Column in the Process Form
4.1.3.2
Creating a New Lookup Definition
4.1.3.3
Associating the New Lookup With the Worklist User Process Form
4.1.3.4
Adding a Mapping for the New Attribute
4.1.3.5
Updating the Request Dataset
4.2
Enabling Update on a New Attribute for Provisioning
4.3
Adding New Attributes for Reconciliation
4.4
Adding New ID Types for Provisioning
4.4.1
About Adding New ID Types for Provisioning
4.4.2
Adding a New ID Type for Provisioning
4.5
Enabling Update on a New ID Type for Provisioning
4.6
Adding New ID Types for Reconciliation
4.7
Configuring Validation of Data During Reconciliation
4.8
Configuring Transformation of Data During Reconciliation
4.9
Configuring Validation of Data During Provisioning
4.10
Modifying Field Lengths on the Process Form
4.11
Configuring the Connector for Multiple Installations of the Target System
4.11.1
About Configuring the Connector for Multiple Installations of the Target System
4.11.2
Connector Objects and Their Associations
4.11.3
Creating Copies of the Connector Objects
4.12
Enabling the Dependent Lookup Fields Feature
4.12.1
Updating the UD_PSFT_BAS Form
4.12.1.1
Creating a New Version of the UD_PSFT_BAS Form
4.12.1.2
Adding Properties for the Primary Permission List Lookup Field
4.12.1.3
Adding Properties for the Lookup Query
4.12.2
Updating the UD_PS_EMAIL Form
4.12.3
Updating the UD_PSROLES Form
4.13
Connector Component Interfaces for the PeopleSoft User Management
4.13.1
Creating Component Interface Map Definitions
4.13.1.1
Component Interface Definition
4.13.1.2
Default Component Interfaces Supported
4.13.1.2.1
USER_PROFILE Component Interface
4.13.1.2.2
DELETE_USER_PROFILE Component Interface
4.13.2
Customizing PeopleSoft Component Interface Resource Objects
5
Testing and Troubleshooting
5.1
Testing Reconciliation
5.2
Testing Provisioning
5.2.1
About Testing Provisioning
5.2.2
Running the Testing Utility for Provisioning
5.2.3
Properties of the config.properties File
5.3
Troubleshooting
6
Known Issues and Workarounds
6.1
Oracle Identity Manager Issues
6.1.1
Unable To Update All ID Type Attributes In a Single Process Form Update
A
Determining the Root Audit Action Details
A.1
The PSCAMA Subnode
A.2
The AUDIT_ACTN Subnode
A.3
The Root Audit Action
B
Setting Up SSL on Oracle WebLogic Server
B.1
Generating Signed Public Encryption Key and Certificate Signing Request
B.2
Submitting CSRs to CAs for Signing
B.3
Downloading the Root Certificate
B.4
Importing a Server-Side Public Key into a Keystore
B.5
Generating and Importing Public Keys
B.6
Configuring the Oracle WebLogic Server to Use the Keystore
B.7
Adding Root Certificate
B.8
Configuring the Peoplesoft Certificates
C
Changing Default Message Versions
C.1
Activating a Message Version
C.2
Deactivating a Message Version
Scripting on this page enhances content navigation, but does not change the content in any way.