Contents

List of Figures

List of Tables

Title and Copyright Information

Preface

• Audience
• Documentation Accessibility
• Related Documents
• Conventions

What's New in the Oracle Identity Manager Connector for PeopleSoft User Management?

• Software Updates
  • Software Updates in Release 11.1.1.6.0
  • Software Updates in Release 11.1.1.5.0
    • ICF Based Connector
    • Simplified PeopleSoft Listener Deployment
    • Support for Addition of Custom Attributes and ID Types
    • Support for Custom Component Interfaces
    • Support for Configuring the Connector for Multiple Target System Versions
    • Support for Segregation of Duties (SoD)
    • Support for Connection Pooling
    • New Lookup Definitions
    • Deployment Using Connector Server
    • Enhanced Logging
    • Resolved Issues
• Documentation-Specific Updates
  • Documentation-Specific Updates in Release 11.1.1.6.0
  • Documentation-Specific Updates in Release 11.1.1.5.0

About the Connector

• Introduction to the PeopleSoft User Management Connector
• Certified Components
• Determining the Version of PeopleTools and the Target System
• Usage Recommendation
• Certified Languages
• Connector Architecture
  • About the Connector Architecture
  • Reconciliation
    • Lookup Reconciliation
    • Full Reconciliation
    • Incremental Reconciliation
  • Provisioning
  • Deployment Options
• Features of the Connector
  • Full and Incremental Reconciliation
  • Support for Standard PeopleSoft Messages
  • Support for Resending Messages That Are Not Processed
  • Target Authentication
  • SoD Validation of Entitlement Provisioning
    • About SoD Validation of Entitlement Provisioning
    • SoD Validation Process
  • Validation and Transformation of Account Data
  • Connection Pooling
  • Adding New ID Types
  • Deleting User Accounts
  • Specifying Accounts to Be Excluded from Reconciliation and Provisioning Operations
  • Support for Multiple Versions of the Target System
  • Features Provided by the Identity Connector Framework
  • Support for the Connector Server
• Lookup Definitions Used During Connector Operations
  • Lookup Definitions Synchronized with the Target System
  • Preconfigured Lookup Definitions
    • Lookup.PSFT.Configuration
    • Lookup Definitions Used to Process USER_PROFILE Messages
      • Lookup.PSFT.Message.UserProfile.Configuration
      • Lookup.PSFT.UM.UserProfile.ReconAttrMap
      • Mapping Entries in the Lookup.PSFT.UM.UserProfile.ReconAttrMap Lookup Definition
      • Lookup.PSFT.UM.UserProfile.Recon
      • Mapping the Entries in the Lookup.PSFT.UM.UserProfile.Recon Lookup Definition
      • Lookup.PSFT.UM.UserProfile.UserStatus
      • Lookup.PSFT.UM.UserProfile.ChildTables
      • Lookup.PSFT.UM.UserProfile.Transformation
    • Lookup Definitions Used to Process DELETE_USER_PROFILE Messages
      • Lookup.PSFT.Message.DeleteUserProfile.Configuration
      • Lookup.PSFT.UM.DeleteUserProfile.AttributeMapping
      • Lookup.PSFT.UM.DeleteUserProfile.Recon
    • Other Lookup Definitions
      • Lookup.PSFT.UM.Prov.Configuration
      • Lookup.PSFT.UM.ProvAttrMap
      • Mappings in the Lookup.PSFT.UM.ProvAttrMap Lookup Definition
      • Lookup.PSFT.UM.ProvValidation
      • Lookup.PSFT.UM.ReconValidation
      • Lookup Definitions for Exclusion Lists
• Connector Objects Used During Reconciliation
  • User Attributes for Reconciliation
  • Reconciliation Rules
    • Overview of the Reconciliation Rule
    • Viewing the Reconciliation Rules in the Design Console
  • Reconciliation Action Rules
    • Overview of the Reconciliation Action Rules
    • Viewing the Reconciliation Action Rules in the Design Console
• Connector Objects Used During Provisioning
  • User Provisioning Functions
  • User Attributes for Provisioning
• Roadmap for Deploying and Using the Connector

Deploying the Connector

• Preinstallation
  • Preinstallation on Oracle Identity Manager
    • Files and Directories on the Installation Media
    • JDK Requirement for PeopleTools 8.53, PeopleTools 8.54, and PeopleTools 8.55
    • JDK Requirement for PeopleTools 8.56 and PeopleTools 8.57
  • Preinstallation on the Target System
    • Importing a Project from Application Designer
    • Creating a Target System User Account for Connector Operations
      • Creating a Permission List
      • Creating a Role for a Limited Rights User
      • Assigning the Required Privileges to the Target System Account
  • Installing and Configuring the Connector Server
  • Running the Connector Server
    • Running the Connector Server on UNIX and Linux Systems
    • Running the Connector Server on Windows Systems
• Installation
  • Installation Options
  • Installation on Oracle Identity Manager
    • Running the Connector Installer
    • Copying the Connector Files and External Code Files
    • Configuring the IT Resource
    • IT Resource Parameters
    • Determining the JOLT Listener Port
    • Configuring the Connector to Support Multiple Versions of the Target System
      • About Configuring a Connector to Support Multiple Versions of the Target System
      • Configuring the Connector to Support Multiple Versions of the Target System
    • Deploying the PeopleSoft Listener
      • Prerequisites for Deploying the PeopleSoft Listener
      • Deploying the PeopleSoft Listener on Oracle Identity Manager
      • Prerequisites for Deploying the PeopleSoft Listener on WebSphere Application Server
      • Deploying the PeopleSoft Listener on WebSphere Application Server
      • Importing Oracle Identity Manager CA Root Certificate for WebLogic Server
      • Importing Oracle Identity Manager CA Root Certificate for WebSphere Application Server
    • Removing the PeopleSoft Listener
      • Removing the PeopleSoft Listener on WebSphere Application Server
      • Removing the PeopleSoft Listener for WebLogic Server
  • Installation on the Target System
    • Configuring the Target System for Lookup Reconciliation
      • Creating the Application Engine Program If PeopleSoft Application Designer Project Is Not Imported
      • Creating the Application Engine Program If PeopleSoft Application Designer Project Is Imported
    • Configuring the Target System for Full Reconciliation
      • Displaying the EI Repository Folder
      • Activating the USER_PROFILE Messages
      • Activating the Full Data Publish Rule
      • About Configuring the PeopleSoft Integration Broker
      • Configuring the PeopleSoft Integration Broker Gateway
      • Creating the Remote Node
      • Activating the USER_PROFILE Service Operation
      • Verifying the Queue Status for the USER_PROFILE Service Operation
      • Setting Up the Security for the USER_PROFILE Service Operation
    • Configuring the Target System for Incremental Reconciliation
      • About Configuring the Target System for Incremental Reconciliation
      • Configuring PeopleSoft Integration Broker
      • Setting the CopyRowsetDelta Option
      • Configuring the USER_PROFILE Service Operation
      • Activating the DELETE_USER_PROFILE Service Operation
      • Verifying the Queue Status for the DELETE_USER_PROFILE Service Operation
      • Setting Up the Security for the DELETE_USER_PROFILE Service Operation
      • Defining the Routing for the DELETE_USER_PROFILE Service Operation
      • Preventing Transmission of Unwanted Fields During Incremental Reconciliation
      • Removing Unwanted Fields at Message Level
    • Configuring the Target System for Provisioning
    • Configuring Oracle Identity Manager Server as a Non-Proxy Host on PeopleSoft Server
• Postinstallation
  • Configuring Oracle Identity Manager
    • Configuring Oracle Identity Manager 11.1.2 or Later
      • Creating and Activating a Sandbox
      • Creating a New UI Form
      • Creating an Application Instance
      • Publishing a Sandbox
      • Harvesting Entitlements and Sync Catalog
      • Updating an Existing Application Instance with a New Form
    • Enabling the Reset Password Option in Oracle Identity Manager 11.1.2.1.0 or Later
    • Clearing Content Related to Connector Resource Bundles from the Server Cache
    • Enabling Logging
      • Log Levels and ODL Message Types
      • Logger Names
      • Enabling Logging in Oracle WebLogic Server
    • Setting Up the Lookup Definitions for Exclusion Lists
    • Setting Up the Lookup.PSFT.UM.UserProfile.UserStatus Lookup Definition
    • Setting Up the Lookup.PSFT.UM.DeleteUserProfile.AttributeMapping Lookup Definition for PeopleTools 8.52
    • Setting Up the Lookup.PSFT.Configuration Lookup Definition
      • About Setting Up the Lookup.PSFT.Configuration Lookup Definition
      • Setting the Code Key Value
    • Setting up the Lookup.PSFT.Configuration Lookup Definition for Connection Pooling
      • Connection Pooling Properties
      • Modifying the Connection Pooling Properties
    • Enabling Request-Based Provisioning
      • Copying Predefined Request Datasets
      • Importing Request Datasets into MDS
      • Enabling the Auto Save Form Feature
      • Running the PurgeCache Utility
    • Localizing Field Labels in UI Forms
  • Configuring SSL for Oracle Identity Manager
    • Configuring SSL on IBM WebSphere Application Server
      • Configuring SSL on IBM WebSphere Application Server with a Self-Signed Certificate
      • Configuring SSL on IBM WebSphere Application Server with a CA Certificate
      • Receiving a Signed Certificate Issued By a CA
    • Configuring SSL on Oracle WebLogic Server
      • Configuring SSL on Oracle WebLogic Server with a Signed Certificate
      • Configuring SSL on Oracle WebLogic Server with a CA Certificate
  • Configuring SoD on Oracle Identity Manager
    • Updating OAACG IT Resource Instance
    • The TopologyName IT Resource Parameter
    • Specifying a Value for the TopologyName IT Resource Parameter
    • Disabling SoD
    • Enabling SoD
  • Configuring the Target System
  • Creating the IT Resource for the Connector Server
    • Creating the IT Resource
    • IT Resource Parameters
• Upgrading the Connector
  • Prerequisites for Upgrading the Connector
  • Upgrade the Connector from Release 11.1.1.5.0
  • Upgrade the Connector from Release 9.1.1.6
    • Running the Upgrade Wizard
    • Upgrading the Connector Files and External Code Files
    • Upgrading the Configurations
    • Upgrading the Customizations
    • Upgrading the PeopleSoft Listener
    • Migrating the Form Data
    • Updating the PeopleSoft Target System
    • Compiling the Adapters

Using the Connector

• Summary of Steps to Use the Connector
• Configuring the Scheduled Jobs for Lookup Field Synchronization
  • Scheduled Jobs for Lookup Field Reconciliation
  • Scheduled Job Attributes
• Configuring Reconciliation
  • Performing Lookup Reconciliation
  • Performing Full Reconciliation
    • Generating XML Files
    • Importing XML Files into Oracle Identity Manager
      • Configuring the Scheduled Job for User Data Reconciliation
      • Attributes of the Scheduled Job for Reconciliation of User Data
  • Performing Incremental Reconciliation
  • Limited Reconciliation
    • About Limited Reconciliation
    • Configuring Limited Reconciliation
• Resending Messages That Are Not Received by the PeopleSoft Listener
  • About Resending Messages
  • Resending Messages Manually
• Performing Provisioning Operations in Oracle Identity Manager 11.1.1.x
  • Direct Provisioning on Oracle Identity Manager
    • Prerequisites
    • Performing Direct Provisioning
  • Request-Based Provisioning in Oracle Identity Manager
    • End User's Role in Request-Based Provisioning
    • Approver's Role in Request-Based Provisioning
  • Switching Between Request-Based Provisioning and Direct Provisioning
    • Switching From Request-Based Provisioning to Direct Provisioning
    • Switching From Direct Provisioning to Request-Based Provisioning
• Performing Provisioning Operations in Oracle Identity Manager Release 11.1.2.x
• Configuring Scheduled Jobs
• Provisioning Operations Performed in an SoD-Enabled Environment
  • Overview of the Provisioning Process in an SoD-Enabled Environment
  • Direct Provisioning in an SoD-Enabled Environment
  • Request-Based Provisioning in an SoD-Enabled Environment
    • End-User's Role in Request-Based Provisioning
    • Approver's Role in Request-Based Provisioning

Extending the Functionality of the Connector

• Adding New Attributes for Provisioning
  • Verifying the Attribute Definition in PeopleSoft Component Interface
  • Adding the Attribute to the PeopleSoft Component Interface Map Definition
  • Configuring the Attribute in Oracle Identity Manager
    • Adding a New Column in the Process Form
    • Creating a New Lookup Definition
    • Associating the New Lookup With the Worklist User Process Form
    • Adding a Mapping for the New Attribute
    • Updating the Request Dataset
• Enabling Update on a New Attribute for Provisioning
• Adding New Attributes for Reconciliation
• Adding New ID Types for Provisioning
  • About Adding New ID Types for Provisioning
  • Adding a New ID Type for Provisioning
• Enabling Update on a New ID Type for Provisioning
• Adding New ID Types for Reconciliation
• Configuring Validation of Data During Reconciliation
• Configuring Transformation of Data During Reconciliation
• Configuring Validation of Data During Provisioning
• Modifying Field Lengths on the Process Form
• Configuring the Connector for Multiple Installations of the Target System
  • About Configuring the Connector for Multiple Installations of the Target System
  • Connector Objects and Their Associations
  • Creating Copies of the Connector Objects
• Enabling the Dependent Lookup Fields Feature
  • Updating the UD_PSFT_BAS Form
    • Creating a New Version of the UD_PSFT_BAS Form
    • Adding Properties for the Primary Permission List Lookup Field
    • Adding Properties for the Lookup Query
  • Updating the UD_PS_EMAIL Form
  • Updating the UD_PSROLES Form
• Connector Component Interfaces for the PeopleSoft User Management
  • Creating Component Interface Map Definitions
    • Component Interface Definition
    • Default Component Interfaces Supported
      • USER_PROFILE Component Interface
      • DELETE_USER_PROFILE Component Interface
  • Customizing PeopleSoft Component Interface Resource Objects

Testing and Troubleshooting

• Testing Reconciliation
• Testing Provisioning
  • About Testing Provisioning
  • Running the Testing Utility for Provisioning
  • Properties of the config.properties File
• Troubleshooting

Known Issues and Workarounds

• Oracle Identity Manager Issues
  • Unable To Update All ID Type Attributes In a Single Process Form Update

Determining the Root Audit Action Details

• The PSCAMA Subnode
• The AUDIT_ACTN Subnode
• The Root Audit Action

Setting Up SSL on Oracle WebLogic Server

• Generating Signed Public Encryption Key and Certificate Signing Request
• Submitting CSRs to CAs for Signing
• Downloading the Root Certificate
• Importing a Server-Side Public Key into a Keystore
• Generating and Importing Public Keys
• Configuring the Oracle WebLogic Server to Use the Keystore
• Adding Root Certificate
• Configuring the Peoplesoft Certificates

Changing Default Message Versions

• Activating a Message Version
• Deactivating a Message Version