Contents

List of Figures

List of Tables

Title and Copyright Information

Preface

• Audience
• Documentation Accessibility
• Related Documents
• Conventions

What's New in the Oracle Identity Manager Connector for PeopleSoft User Management?

• Software Updates
  • Software Updates in Release 11.1.1.6.0
  • Software Updates in Release 11.1.1.5.0
    • ICF Based Connector
    • Simplified PeopleSoft Listener Deployment
    • Support for Addition of Custom Attributes and ID Types
    • Support for Custom Component Interfaces
    • Support for Configuring the Connector for Multiple Target System Versions
    • Support for Segregation of Duties (SoD)
    • Support for Connection Pooling
    • New Lookup Definitions
    • Deployment Using Connector Server
    • Enhanced Logging
    • Resolved Issues
• Documentation-Specific Updates
  • Documentation-Specific Updates in Release 11.1.1.6.0
  • Documentation-Specific Updates in Release 11.1.1.5.0

1 About the Connector

• 1.1 Introduction to the PeopleSoft User Management Connector
• 1.2 Certified Components
• 1.3 Determining the Version of PeopleTools and the Target System
• 1.4 Usage Recommendation
• 1.5 Certified Languages
• 1.6 Connector Architecture
  • 1.6.1 About the Connector Architecture
  • 1.6.2 Reconciliation
    • 1.6.2.1 Lookup Reconciliation
    • 1.6.2.2 Full Reconciliation
    • 1.6.2.3 Incremental Reconciliation
  • 1.6.3 Provisioning
  • 1.6.4 Deployment Options
• 1.7 Features of the Connector
  • 1.7.1 Full and Incremental Reconciliation
  • 1.7.2 Support for Standard PeopleSoft Messages
  • 1.7.3 Support for Resending Messages That Are Not Processed
  • 1.7.4 Target Authentication
  • 1.7.5 SoD Validation of Entitlement Provisioning
    • 1.7.5.1 About SoD Validation of Entitlement Provisioning
    • 1.7.5.2 SoD Validation Process
  • 1.7.6 Validation and Transformation of Account Data
  • 1.7.7 Connection Pooling
  • 1.7.8 Adding New ID Types
  • 1.7.9 Deleting User Accounts
  • 1.7.10 Specifying Accounts to Be Excluded from Reconciliation and Provisioning Operations
  • 1.7.11 Support for Multiple Versions of the Target System
  • 1.7.12 Features Provided by the Identity Connector Framework
  • 1.7.13 Support for the Connector Server
• 1.8 Lookup Definitions Used During Connector Operations
  • 1.8.1 Lookup Definitions Synchronized with the Target System
  • 1.8.2 Preconfigured Lookup Definitions
    • 1.8.2.1 Lookup.PSFT.Configuration
    • 1.8.2.2 Lookup Definitions Used to Process USER_PROFILE Messages
      • 1.8.2.2.1 Lookup.PSFT.Message.UserProfile.Configuration
      • 1.8.2.2.2 Lookup.PSFT.UM.UserProfile.ReconAttrMap
      • 1.8.2.2.3 Mapping Entries in the Lookup.PSFT.UM.UserProfile.ReconAttrMap Lookup Definition
      • 1.8.2.2.4 Lookup.PSFT.UM.UserProfile.Recon
      • 1.8.2.2.5 Mapping the Entries in the Lookup.PSFT.UM.UserProfile.Recon Lookup Definition
      • 1.8.2.2.6 Lookup.PSFT.UM.UserProfile.UserStatus
      • 1.8.2.2.7 Lookup.PSFT.UM.UserProfile.ChildTables
      • 1.8.2.2.8 Lookup.PSFT.UM.UserProfile.Transformation
    • 1.8.2.3 Lookup Definitions Used to Process DELETE_USER_PROFILE Messages
      • 1.8.2.3.1 Lookup.PSFT.Message.DeleteUserProfile.Configuration
      • 1.8.2.3.2 Lookup.PSFT.UM.DeleteUserProfile.AttributeMapping
      • 1.8.2.3.3 Lookup.PSFT.UM.DeleteUserProfile.Recon
    • 1.8.2.4 Other Lookup Definitions
      • 1.8.2.4.1 Lookup.PSFT.UM.Prov.Configuration
      • 1.8.2.4.2 Lookup.PSFT.UM.ProvAttrMap
      • 1.8.2.4.3 Mappings in the Lookup.PSFT.UM.ProvAttrMap Lookup Definition
      • 1.8.2.4.4 Lookup.PSFT.UM.ProvValidation
      • 1.8.2.4.5 Lookup.PSFT.UM.ReconValidation
      • 1.8.2.4.6 Lookup Definitions for Exclusion Lists
• 1.9 Connector Objects Used During Reconciliation
  • 1.9.1 User Attributes for Reconciliation
  • 1.9.2 Reconciliation Rules
    • 1.9.2.1 Overview of the Reconciliation Rule
    • 1.9.2.2 Viewing the Reconciliation Rules in the Design Console
  • 1.9.3 Reconciliation Action Rules
    • 1.9.3.1 Overview of the Reconciliation Action Rules
    • 1.9.3.2 Viewing the Reconciliation Action Rules in the Design Console
• 1.10 Connector Objects Used During Provisioning
  • 1.10.1 User Provisioning Functions
  • 1.10.2 User Attributes for Provisioning
• 1.11 Roadmap for Deploying and Using the Connector

2 Deploying the Connector

• 2.1 Preinstallation
  • 2.1.1 Preinstallation on Oracle Identity Manager
    • 2.1.1.1 Files and Directories on the Installation Media
    • 2.1.1.2 JDK Requirement for PeopleTools 8.53, PeopleTools 8.54, and PeopleTools 8.55
    • 2.1.1.3 JDK Requirement for PeopleTools 8.56 and PeopleTools 8.57
  • 2.1.2 Preinstallation on the Target System
    • 2.1.2.1 Importing a Project from Application Designer
    • 2.1.2.2 Creating a Target System User Account for Connector Operations
      • 2.1.2.2.1 Creating a Permission List
      • 2.1.2.2.2 Creating a Role for a Limited Rights User
      • 2.1.2.2.3 Assigning the Required Privileges to the Target System Account
  • 2.1.3 Installing and Configuring the Connector Server
  • 2.1.4 Running the Connector Server
    • 2.1.4.1 Running the Connector Server on UNIX and Linux Systems
    • 2.1.4.2 Running the Connector Server on Windows Systems
• 2.2 Installation
  • 2.2.1 Installation Options
  • 2.2.2 Installation on Oracle Identity Manager
    • 2.2.2.1 Running the Connector Installer
    • 2.2.2.2 Copying the Connector Files and External Code Files
    • 2.2.2.3 Configuring the IT Resource
    • 2.2.2.4 IT Resource Parameters
    • 2.2.2.5 Determining the JOLT Listener Port
    • 2.2.2.6 Configuring the Connector to Support Multiple Versions of the Target System
      • 2.2.2.6.1 About Configuring a Connector to Support Multiple Versions of the Target System
      • 2.2.2.6.2 Configuring the Connector to Support Multiple Versions of the Target System
    • 2.2.2.7 Deploying the PeopleSoft Listener
      • 2.2.2.7.1 Prerequisites for Deploying the PeopleSoft Listener
      • 2.2.2.7.2 Deploying the PeopleSoft Listener on Oracle Identity Manager
      • 2.2.2.7.3 Prerequisites for Deploying the PeopleSoft Listener on WebSphere Application Server
      • 2.2.2.7.4 Deploying the PeopleSoft Listener on WebSphere Application Server
      • 2.2.2.7.5 Importing Oracle Identity Manager CA Root Certificate for WebLogic Server
      • 2.2.2.7.6 Importing Oracle Identity Manager CA Root Certificate for WebSphere Application Server
    • 2.2.2.8 Removing the PeopleSoft Listener
      • 2.2.2.8.1 Removing the PeopleSoft Listener on WebSphere Application Server
      • 2.2.2.8.2 Removing the PeopleSoft Listener for WebLogic Server
  • 2.2.3 Installation on the Target System
    • 2.2.3.1 Configuring the Target System for Lookup Reconciliation
      • 2.2.3.1.1 Creating the Application Engine Program If PeopleSoft Application Designer Project Is Not Imported
      • 2.2.3.1.2 Creating the Application Engine Program If PeopleSoft Application Designer Project Is Imported
    • 2.2.3.2 Configuring the Target System for Full Reconciliation
      • 2.2.3.2.1 Displaying the EI Repository Folder
      • 2.2.3.2.2 Activating the USER_PROFILE Messages
      • 2.2.3.2.3 Activating the Full Data Publish Rule
      • 2.2.3.2.4 About Configuring the PeopleSoft Integration Broker
      • 2.2.3.2.5 Configuring the PeopleSoft Integration Broker Gateway
      • 2.2.3.2.6 Creating the Remote Node
      • 2.2.3.2.7 Activating the USER_PROFILE Service Operation
      • 2.2.3.2.8 Verifying the Queue Status for the USER_PROFILE Service Operation
      • 2.2.3.2.9 Setting Up the Security for the USER_PROFILE Service Operation
    • 2.2.3.3 Configuring the Target System for Incremental Reconciliation
      • 2.2.3.3.1 About Configuring the Target System for Incremental Reconciliation
      • 2.2.3.3.2 Configuring PeopleSoft Integration Broker
      • 2.2.3.3.3 Setting the CopyRowsetDelta Option
      • 2.2.3.3.4 Configuring the USER_PROFILE Service Operation
      • 2.2.3.3.5 Activating the DELETE_USER_PROFILE Service Operation
      • 2.2.3.3.6 Verifying the Queue Status for the DELETE_USER_PROFILE Service Operation
      • 2.2.3.3.7 Setting Up the Security for the DELETE_USER_PROFILE Service Operation
      • 2.2.3.3.8 Defining the Routing for the DELETE_USER_PROFILE Service Operation
      • 2.2.3.3.9 Preventing Transmission of Unwanted Fields During Incremental Reconciliation
      • 2.2.3.3.10 Removing Unwanted Fields at Message Level
    • 2.2.3.4 Configuring the Target System for Provisioning
    • 2.2.3.5 Configuring Oracle Identity Manager Server as a Non-Proxy Host on PeopleSoft Server
• 2.3 Postinstallation
  • 2.3.1 Configuring Oracle Identity Manager
    • 2.3.1.1 Configuring Oracle Identity Manager 11.1.2 or Later
      • 2.3.1.1.1 Creating and Activating a Sandbox
      • 2.3.1.1.2 Creating a New UI Form
      • 2.3.1.1.3 Creating an Application Instance
      • 2.3.1.1.4 Publishing a Sandbox
      • 2.3.1.1.5 Harvesting Entitlements and Sync Catalog
      • 2.3.1.1.6 Updating an Existing Application Instance with a New Form
    • 2.3.1.2 Enabling the Reset Password Option in Oracle Identity Manager 11.1.2.1.0 or Later
    • 2.3.1.3 Clearing Content Related to Connector Resource Bundles from the Server Cache
    • 2.3.1.4 Enabling Logging
      • 2.3.1.4.1 Log Levels and ODL Message Types
      • 2.3.1.4.2 Logger Names
      • 2.3.1.4.3 Enabling Logging in Oracle WebLogic Server
    • 2.3.1.5 Setting Up the Lookup Definitions for Exclusion Lists
    • 2.3.1.6 Setting Up the Lookup.PSFT.UM.UserProfile.UserStatus Lookup Definition
    • 2.3.1.7 Setting Up the Lookup.PSFT.UM.DeleteUserProfile.AttributeMapping Lookup Definition for PeopleTools 8.52
    • 2.3.1.8 Setting Up the Lookup.PSFT.Configuration Lookup Definition
      • 2.3.1.8.1 About Setting Up the Lookup.PSFT.Configuration Lookup Definition
      • 2.3.1.8.2 Setting the Code Key Value
    • 2.3.1.9 Setting up the Lookup.PSFT.Configuration Lookup Definition for Connection Pooling
      • 2.3.1.9.1 Connection Pooling Properties
      • 2.3.1.9.2 Modifying the Connection Pooling Properties
    • 2.3.1.10 Enabling Request-Based Provisioning
      • 2.3.1.10.1 Copying Predefined Request Datasets
      • 2.3.1.10.2 Importing Request Datasets into MDS
      • 2.3.1.10.3 Enabling the Auto Save Form Feature
      • 2.3.1.10.4 Running the PurgeCache Utility
    • 2.3.1.11 Localizing Field Labels in UI Forms
  • 2.3.2 Configuring SSL for Oracle Identity Manager
    • 2.3.2.1 Configuring SSL on IBM WebSphere Application Server
      • 2.3.2.1.1 Configuring SSL on IBM WebSphere Application Server with a Self-Signed Certificate
      • 2.3.2.1.2 Configuring SSL on IBM WebSphere Application Server with a CA Certificate
      • 2.3.2.1.3 Receiving a Signed Certificate Issued By a CA
    • 2.3.2.2 Configuring SSL on Oracle WebLogic Server
      • 2.3.2.2.1 Configuring SSL on Oracle WebLogic Server with a Signed Certificate
      • 2.3.2.2.2 Configuring SSL on Oracle WebLogic Server with a CA Certificate
  • 2.3.3 Configuring SoD on Oracle Identity Manager
    • 2.3.3.1 Updating OAACG IT Resource Instance
    • 2.3.3.2 The TopologyName IT Resource Parameter
    • 2.3.3.3 Specifying a Value for the TopologyName IT Resource Parameter
    • 2.3.3.4 Disabling SoD
    • 2.3.3.5 Enabling SoD
  • 2.3.4 Configuring the Target System
  • 2.3.5 Creating the IT Resource for the Connector Server
    • 2.3.5.1 Creating the IT Resource
    • 2.3.5.2 IT Resource Parameters
• 2.4 Upgrading the Connector
  • 2.4.1 Prerequisites for Upgrading the Connector
  • 2.4.2 Upgrade the Connector from Release 11.1.1.5.0
  • 2.4.3 Upgrade the Connector from Release 9.1.1.6
    • 2.4.3.1 Running the Upgrade Wizard
    • 2.4.3.2 Upgrading the Connector Files and External Code Files
    • 2.4.3.3 Upgrading the Configurations
    • 2.4.3.4 Upgrading the Customizations
    • 2.4.3.5 Upgrading the PeopleSoft Listener
    • 2.4.3.6 Migrating the Form Data
    • 2.4.3.7 Updating the PeopleSoft Target System
    • 2.4.3.8 Compiling the Adapters

3 Using the Connector

• 3.1 Summary of Steps to Use the Connector
• 3.2 Configuring the Scheduled Jobs for Lookup Field Synchronization
  • 3.2.1 Scheduled Jobs for Lookup Field Reconciliation
  • 3.2.2 Scheduled Job Attributes
• 3.3 Configuring Reconciliation
  • 3.3.1 Performing Lookup Reconciliation
  • 3.3.2 Performing Full Reconciliation
    • 3.3.2.1 Generating XML Files
    • 3.3.2.2 Importing XML Files into Oracle Identity Manager
      • 3.3.2.2.1 Configuring the Scheduled Job for User Data Reconciliation
      • 3.3.2.2.2 Attributes of the Scheduled Job for Reconciliation of User Data
  • 3.3.3 Performing Incremental Reconciliation
  • 3.3.4 Limited Reconciliation
    • 3.3.4.1 About Limited Reconciliation
    • 3.3.4.2 Configuring Limited Reconciliation
• 3.4 Resending Messages That Are Not Received by the PeopleSoft Listener
  • 3.4.1 About Resending Messages
  • 3.4.2 Resending Messages Manually
• 3.5 Performing Provisioning Operations in Oracle Identity Manager 11.1.1.x
  • 3.5.1 Direct Provisioning on Oracle Identity Manager
    • 3.5.1.1 Prerequisites
    • 3.5.1.2 Performing Direct Provisioning
  • 3.5.2 Request-Based Provisioning in Oracle Identity Manager
    • 3.5.2.1 End User's Role in Request-Based Provisioning
    • 3.5.2.2 Approver's Role in Request-Based Provisioning
  • 3.5.3 Switching Between Request-Based Provisioning and Direct Provisioning
    • 3.5.3.1 Switching From Request-Based Provisioning to Direct Provisioning
    • 3.5.3.2 Switching From Direct Provisioning to Request-Based Provisioning
• 3.6 Performing Provisioning Operations in Oracle Identity Manager Release 11.1.2.x
• 3.7 Configuring Scheduled Jobs
• 3.8 Provisioning Operations Performed in an SoD-Enabled Environment
  • 3.8.1 Overview of the Provisioning Process in an SoD-Enabled Environment
  • 3.8.2 Direct Provisioning in an SoD-Enabled Environment
  • 3.8.3 Request-Based Provisioning in an SoD-Enabled Environment
    • 3.8.3.1 End-User's Role in Request-Based Provisioning
    • 3.8.3.2 Approver's Role in Request-Based Provisioning

4 Extending the Functionality of the Connector

• 4.1 Adding New Attributes for Provisioning
  • 4.1.1 Verifying the Attribute Definition in PeopleSoft Component Interface
  • 4.1.2 Adding the Attribute to the PeopleSoft Component Interface Map Definition
  • 4.1.3 Configuring the Attribute in Oracle Identity Manager
    • 4.1.3.1 Adding a New Column in the Process Form
    • 4.1.3.2 Creating a New Lookup Definition
    • 4.1.3.3 Associating the New Lookup With the Worklist User Process Form
    • 4.1.3.4 Adding a Mapping for the New Attribute
    • 4.1.3.5 Updating the Request Dataset
• 4.2 Enabling Update on a New Attribute for Provisioning
• 4.3 Adding New Attributes for Reconciliation
• 4.4 Adding New ID Types for Provisioning
  • 4.4.1 About Adding New ID Types for Provisioning
  • 4.4.2 Adding a New ID Type for Provisioning
• 4.5 Enabling Update on a New ID Type for Provisioning
• 4.6 Adding New ID Types for Reconciliation
• 4.7 Configuring Validation of Data During Reconciliation
• 4.8 Configuring Transformation of Data During Reconciliation
• 4.9 Configuring Validation of Data During Provisioning
• 4.10 Modifying Field Lengths on the Process Form
• 4.11 Configuring the Connector for Multiple Installations of the Target System
  • 4.11.1 About Configuring the Connector for Multiple Installations of the Target System
  • 4.11.2 Connector Objects and Their Associations
  • 4.11.3 Creating Copies of the Connector Objects
• 4.12 Enabling the Dependent Lookup Fields Feature
  • 4.12.1 Updating the UD_PSFT_BAS Form
    • 4.12.1.1 Creating a New Version of the UD_PSFT_BAS Form
    • 4.12.1.2 Adding Properties for the Primary Permission List Lookup Field
    • 4.12.1.3 Adding Properties for the Lookup Query
  • 4.12.2 Updating the UD_PS_EMAIL Form
  • 4.12.3 Updating the UD_PSROLES Form
• 4.13 Connector Component Interfaces for the PeopleSoft User Management
  • 4.13.1 Creating Component Interface Map Definitions
    • 4.13.1.1 Component Interface Definition
    • 4.13.1.2 Default Component Interfaces Supported
      • 4.13.1.2.1 USER_PROFILE Component Interface
      • 4.13.1.2.2 DELETE_USER_PROFILE Component Interface
  • 4.13.2 Customizing PeopleSoft Component Interface Resource Objects

5 Testing and Troubleshooting

• 5.1 Testing Reconciliation
• 5.2 Testing Provisioning
  • 5.2.1 About Testing Provisioning
  • 5.2.2 Running the Testing Utility for Provisioning
  • 5.2.3 Properties of the config.properties File
• 5.3 Troubleshooting

6 Known Issues and Workarounds

• 6.1 Oracle Identity Manager Issues
  • 6.1.1 Unable To Update All ID Type Attributes In a Single Process Form Update

A Determining the Root Audit Action Details

• A.1 The PSCAMA Subnode
• A.2 The AUDIT_ACTN Subnode
• A.3 The Root Audit Action

B Setting Up SSL on Oracle WebLogic Server

• B.1 Generating Signed Public Encryption Key and Certificate Signing Request
• B.2 Submitting CSRs to CAs for Signing
• B.3 Downloading the Root Certificate
• B.4 Importing a Server-Side Public Key into a Keystore
• B.5 Generating and Importing Public Keys
• B.6 Configuring the Oracle WebLogic Server to Use the Keystore
• B.7 Adding Root Certificate
• B.8 Configuring the Peoplesoft Certificates

C Changing Default Message Versions

• C.1 Activating a Message Version
• C.2 Deactivating a Message Version