4 Extending the Functionality of the Connector

You can extend the functionality of the connector to address your specific business requirements.

Note:

From Oracle Identity Manager Release 11.1.2 onward, lookup queries are not supported. See Managing Lookups in Oracle Fusion Middleware Administering Oracle Identity Manager for information about managing lookups by using the Form Designer in the Oracle Identity Manager System Administration console.

This chapter contains the following sections:

4.1 Adding New Fields for Target Resource Reconciliation

By default, a few fields are mapped for reconciliation between Oracle Identity Manager and the target system. If required, you can map additional fields for reconciliation.

Note:

This section describes an optional procedure. Perform this procedure only if you want to add new single-valued fields for target resource reconciliation. Table C-1 lists the single-valued fields supported by Microsoft Exchange.

To add a new single-valued field for target resource reconciliation:

  1. Log in to the Oracle Identity Manager Design Console.

  2. Create a new version of the process form as follows:

    1. Expand Development Tools.

    2. Double-click Form Designer.

    3. Search for and open the UD_EXCHANGE process form.

    4. Click Create New Version.

      On the Create a new version dialog box, enter a new version in the Label field, and then click the save icon.

  3. Add the new field on the process form as follows:

    1. Click Add.

      A field is added to the list. Enter the details of the field.

      For example, if you are adding the CustomAttribute1 field, enter UD_EXCHANGE_CUSTOM1 in the Name field and then enter the rest of the details of this field.

    2. Click Save.

    3. To activate the newly created form, click Make Version Active.

      Figure 4-1 is a sample screenshot of the new version of process form.

      Figure 4-1 Adding a New Version of Process Form

      Description of Figure 4-1 follows
      Description of "Figure 4-1 Adding a New Version of Process Form"

  4. Add the new field to the list of reconciliation fields in the resource object as follows:

    1. Expand Resource Management.

    2. Double-click Resource Objects.

    3. Search for and open the Exchange User resource object.

    4. On the Object Reconciliation tab, click Add Field.

    5. In the Add Reconciliation Field dialog box, enter the details of this field.

      For example, enter CustomAttribute1 in the Field Name field and select String from the Field Type list.

      Later in this procedure, you will enter the field name as the Code Key value of the entry that you create in the Lookup.Exchange.UM.ReconAttrMap lookup definition.

    6. Click Create Reconciliation Profile.

      This copies changes made to the resource object into the MDS.

    7. Click Save.

      Figure 4-2 is a sample screenshot of the newly added reconciliation field.

      Figure 4-2 Adding a New Reconciliation Field

      Description of Figure 4-2 follows
      Description of "Figure 4-2 Adding a New Reconciliation Field"

  5. Create a reconciliation field mapping for the new field on the process form as follows:

    1. Expand Process Management.

    2. Double-click Process Definition.

    3. From the Process Definition table, select and open the Exchange User resource object.

    4. Click Reconciliation Field Mappings and then click Add Field Map.

    5. In the Field Name field, select the value for the field that you want to add.

      For example, select CustomAttribute1.

    6. In the Field Type field, select the type of the field that is prepopulated.

    7. Double-click the Process Data Field field.

      A list of process data columns is displayed. From the list, select the process data column corresponding to the process data field.

      For example, select CustomAttribute1 = UD_EXCHANGE_ CUSTOM1.

      Figure 4-3 is a sample screenshot of the newly added reconciliation field mapping.

      Figure 4-3 Adding a Reconciliation Field Mapping

      Description of Figure 4-3 follows
      Description of "Figure 4-3 Adding a Reconciliation Field Mapping"

    8. Click the save icon.

      Figure 4-4 is a sample screenshot of the reconciliation field mappings.

      Figure 4-4 Reconciliation Field Mappings

      Description of Figure 4-4 follows
      Description of "Figure 4-4 Reconciliation Field Mappings"

  6. Create an entry for the field in the lookup definition for reconciliation as follows:

    1. Expand Administration.

    2. Double-click Lookup Definition.

    3. Search for and open the Lookup.Exchange.UM.ReconAttrMap lookup definition.

    4. Click Add and enter the Code Key and Decode values for the field.

      The Code Key value must be the form field name. The Decode value must be the attribute name on the target system.

      For example, enter Custom Attribute 1 in the Code Key field and then enter CustomAttribute1 in the Decode field.

    5. Click the save icon.

      Figure 4-5 is a sample screenshot of the new entry added to the reconciliation lookup definition.

      Figure 4-5 Adding an Entry to Reconciliation Lookup

      Description of Figure 4-5 follows
      Description of "Figure 4-5 Adding an Entry to Reconciliation Lookup"

  7. On the Resource Objects form, click Create Reconciliation Profile.

    This copies changes made to the resource object into the MDS.

  8. If you are using Oracle Identity Manager release 11.1.2.x or later, create a new UI form and attach it to the application instance to make this new attribute visible. See Creating a New UI Form and Updating an Existing Application Instance with a New Form for the procedures.

4.2 Adding New Multivalued Fields for Target Resource Reconciliation

By default, a few fields are mapped for reconciliation between Oracle Identity Manager and the target system. If required, you can map additional fields for reconciliation.

Note:

This section describes an optional procedure. Perform this procedure only if you want to add new multivalued fields for target resource reconciliation. Table C-2 and Table C-3 list the multivalued fields supported by Microsoft Exchange.

See Adding New Fields for Target Resource Reconciliation for sample screenshots of some of the following steps.

If you are using Oracle Identity Manager 11.1.2, see Defining Lookup Definition for Custom Multivalued Attributes in Oracle Identity Manager 11.1.2 for related procedure.

4.2.1 Adding New Multivalued Fields

You can add new multivalued fields by creating new fields on the process form and assigning child tables, adding these new fields to the resource object and creating reconciliation field mapping. Then, create an entry for this new field in the lookup definition for reconciliation.

To add a new multivalued field for target resource reconciliation:

  1. Log in to the Oracle Identity Manager Design Console.

  2. Create a new version of the process form as follows:

    1. Expand Development Tools.

    2. Double-click Form Designer.

    3. Create a new form, for example, UD_EX_CH1.

  3. Add the new field on the process form as follows:

    1. Click Add.

      A field is added to the list. Enter the details of the field.

      For example, if you are adding the AcceptMessagesOnlyFrom field, enter UD_EX_CH1_ACCEPT in the Name field and then enter the rest of the details of this field.

    2. Click Save.

    3. To activate the newly created form, click Make Version Active.

  4. Assign UD_EX_CH1 as a child table to the UD_EXCHANGE form as follows:

    1. Search for and open the UD_EXCHANGE process form.

    2. Click Create New Version.

      On the Create a new version dialog box, enter a new version in the Label field, and then click the save icon.

    3. Select the new version created from the Current Version dropdown.

    4. Click the Child Table(s) tab.

    5. Click Assign and select the newly created (active) version of the UD_EX_CH1 form.

    6. Click Make Version Active.

    7. Click the save icon.

  5. Add the new field to the list of reconciliation fields in the resource object as follows:

    1. Expand Resource Management.

    2. Double-click Resource Objects.

    3. Search for and open the Exchange User resource object.

    4. On the Object Reconciliation tab, click Add Field.

    5. In the Add Reconciliation Field dialog box, enter the details of this field.

      For example, enter MultiValuedForm in the Field Name field and select MultiValued Attribute from the Field Type list.

    6. Right-click MultiValuedForm [Multivalued] and select Define Property Fields.

    7. Enter the details of this field.

      For example, enter AcceptMessagesOnlyFrom in the Field Name field and select String from the Field Type list.

      Later in this procedure, you will enter the field name as the Code Key value of the entry that you create in the Lookup.Exchange.UM.ReconAttrMap lookup definition.

    8. Click Create Reconciliation Profile.

      This copies changes made to the resource object into the MDS.

    9. Click Save.

  6. Create a reconciliation field mapping for the new field on the process form as follows:

    1. Expand Process Management.

    2. Double-click Process Definition.

    3. From the Process Definition table, select and open the Exchange User resource object.

    4. Click Reconciliation Field Mappings.

    5. Right-click MultiValuedForm [MultiValued] and select Edit Table Map.

    6. Select Field Name and Table Name.

      For example, select MultiValuedForm as Field Name and UD_EX_CH1 as Table Name.

    7. Right-click MultiValuedForm [MultiValued] and select Define Property Field Map.

    8. Select Field Name and Process Data Field.

      For example, select AcceptMessagesOnlyFrom as Field Name and UD_EX_CH1_ACCEPT as Process Data Field.

    9. Select the Key Field for Reconciliation check box.

    10. Click the save icon.

  7. Create an entry for the field in the lookup definition for reconciliation as follows:

    1. Expand Administration.

    2. Double-click Lookup Definition.

    3. Search for and open the Lookup.Exchange.UM.ReconAttrMap lookup definition.

    4. Click Add and enter the Code Key and Decode values for the field.

      The Code Key value must be the reconciliation field name as entered in the resource object. The Decode value must be the attribute name on the target system.

      For example, enter MultiValuedForm~AcceptMessagesOnlyFrom in the Code Key field. This value indicates that AcceptMessagesOnlyFrom is a field added to the child form represented by MultiValuedForm = UD_EX_CH1.

      Then, enter AcceptMessagesOnlyFrom in the Decode field.

    5. Click the save icon.

  8. On the Resource Objects form, click Create Reconciliation Profile.

    This copies changes made to the resource object into the MDS.

  9. If you are using Oracle Identity Manager release 11.1.2.x or later, create a new UI form and attach it to the application instance to make this new attribute visible. See Creating a New UI Form and Updating an Existing Application Instance with a New Form for the procedures.

4.2.2 Adding Secondary Email Addresses as Multivalued Fields

This is a sample procedure for adding secondary email addresses as multivalued fields for target resource reconciliation.

  1. Log in to Oracle Identity Manager Design Console.

  2. Create a new version of the process form as follows:

    1. Expand Development Tools.

    2. Double-click Form Designer.

    3. Create a new form by entering the following values:

      Table Name: UD_EX_PROXY

      Description: Exchange Proxy Address

    4. Click Save.

  3. Add the new field on the process form as follows:

    1. On the Additional Colums tab, Add.

    2. In the newly added row, enter the details of the field.

      For example, if you are adding the ProxyAddressForm field, enter UD_EX_PROXY_ADDRESS in the Name field and then enter the following details of this field:

      Variant Type: String

      Length: 129

      Field Label: Proxy Address

      Field Type: textField

      Order: 1

    3. Click Save.

    4. To activate the newly created form, click Make Version Active.

  4. Assign the UD_EX_PROXY form as a child table to the UD_EXCHANGE form as follows:

    1. Expand Development Tools.

    2. Double-click Form Designer.

    3. Search for and open the UD_EXCHANGE process form.

    4. Click Create New Version.

      In the Create a new version dialog box, enter a new version in the Label field, and then click the Save icon.

    5. Select the new version created from the Current Version drop-down list.

    6. On the Child Table(s) tab, click Assign and select the newly created (active) version of the UD_EX_PROXY form.

    7. Click Make Version Active.

    8. Click the Save icon.

  5. Add the new field to the list of reconciliation fields in the resource object as follows:

    1. Expand Resource Management.

    2. Double-click Resource Objects.

    3. Search for and open the Exchange User resource object.

    4. On the Object Reconciliation tab, click Add Field.

    5. In the Add Reconciliation Field dialog box, enter the details of this field.

      Enter MultiValuedForm in the Field Name field and select MultiValued Attribute from the Field Type list.

    6. Right-click MultiValuedForm [Multivalued] and select Define Property Fields.

    7. Enter the details of this field.

      Enter ProxyAddressForm in the Field Name field and select String from the Field Type list.

      Later in this procedure, you will enter the field name as the Code Key value of the entry that you create in the Lookup.Exchange.UM.ReconAttrMap lookup definition.

    8. Click Create Reconciliation Profile.

      This copies changes made to the resource object into the MDS.

    9. Click Save.

  6. Create a reconciliation field mapping for the new field on the process form as follows:

    1. Expand Process Management.

    2. Double-click Process Definition.

    3. From the Process Definition table, select and open the Exchange User resource object.

    4. Click Reconciliation Field Mappings.

    5. Right-click MultiValuedForm [MultiValued] and select Edit Table Map.

    6. Select Field Name and Table Name.

      Select MultiValuedForm as Field Name and UD_EX_PROXY as Table Name.

    7. Right-click MultiValuedForm [MultiValued] and select Define Property Field Map.

    8. Select Field Name and Process Data Field.

      Select ProxyAddressForm as Field Name and UD_EX_PROXY_ADDRESS as Process Data Field.

    9. Click the save icon.

  7. Create an entry for the field in the lookup definition for reconciliation as follows:

    1. Expand Administration.

    2. Double-click Lookup Definition.

    3. Search for and open the Lookup.Exchange.UM.ReconAttrMap lookup definition.

    4. Click Add and enter the Code Key and Decode values for the field.

      The Code Key value must be the reconciliation field name as entered in the resource object. The Decode value must be the attribute name on the target system.

      Enter MultiValuedForm~ProxyAddressForm in the Code Key field. This value indicates that ProxyAddressForm is a field added to the child form represented by MultiValuedForm = UD_EX_PROXY.

      Then, enter EmailAddresses in the Decode field.

    5. Click the save icon.

  8. On the Resource Objects form, click Create Reconciliation Profile.

    This copies changes made to the resource object into the MDS.

  9. If you are using Oracle Identity Manager release 11.1.2.x or later, create a new UI form and attach it to the application instance to make this new attribute visible. See Creating a New UI Form and Updating an Existing Application Instance with a New Form for the procedures.

4.2.3 Defining Lookup Definition for Custom Multivalued Attributes in Oracle Identity Manager 11.1.2

For every new custom multivalued attribute added in the connector on Oracle Identity Manager release 11.1.2.x or later, you must define a lookup definition to enable the attribute to be used as entitlements.

Note:

If custom multivalued attributes need to be handled as entitlements, then perform the following procedure. Otherwise, you can use child forms to directly to specify values for these attributes.

As there are no scheduled tasks to populate values into these lookup definitions, they need to be added manually. To do so:

  1. Add a custom multivalued attribute, such as AcceptMessagesOnlyFrom, as described earlier.
  2. Define a new lookup definition, such as Lookup.Exchange.AcceptMessages. Then, add some values manually. For example:

    Code Key: 23~CN=exch21 exch21L,OU=samarth,DC=extest,DC=com

    Decode Key: exchblr~CN=exch21 exch21L,OU=samarth,DC=extest,DC=com

  3. In the Form Designer, while adding the new child form, select the field type as LookupField instead of TextField.
  4. On the new form, click the Properties tab and click Add Property.

    Then, add the following values:

    Property Name = Lookup Code

    Property Value = "Lookup.Exchange.AcceptMessages"

  5. Click Add Property and add the following values:

    Property Name = Entitlement

    Property value = true

  6. Run the Entitlement List and Catalog Synchronization Jobs.

    You can now manage the new child form data from entitlements.

  7. Create a new UI form and attach it to the application instance to make this new attribute visible. See Creating a New UI Form and Updating an Existing Application Instance with a New Form for the procedures.

4.3 Adding New Fields for Provisioning

By default, a few fields are mapped for provisioning between Oracle Identity Manager and the target system. If required, you can map additional fields for provisioning.

Note:

This section describes an optional procedure. Perform this procedure only if you want to add new single-valued fields for provisioning. Table C-1 lists the single-valued fields supported by Microsoft Exchange.

See Adding New Fields for Target Resource Reconciliation for sample screenshots of some of the following steps.

To add a new single-valued field for provisioning:

  1. Log into Oracle Identity Manager Design Console.

  2. Create a new version of the process form:

    1. Expand Development Tools.

    2. Double-click Form Designer.

    3. Search for and open the UD_EXCHANGE process form.

    4. Click Create New Version.

      On the Create a new version dialog box, enter a new version in the Label field, and then click the save icon.

  3. Add the new field on the process form.

    If you have added the field on the process form by performing Step 3 of "Adding New Fields for Target Resource Reconciliation", then you need not add the field again. If you have not added the field, then:

    1. Click Add.

      A field is added to the list. Enter the details of the field.

      For example, if you are adding the CustomAttribute1 field, enter UD_EXCHANGE_CUSTOM1 in the Name field and then enter the rest of the details of this field.

    2. Click Save and then click Make Version Active.

  4. Create an entry for the field in the lookup definition for provisioning as follows:

    1. Expand Administration.

    2. Double-click Lookup Definition.

    3. Search for and open the Lookup.Exchange.UM.ProvAttrMap lookup definition.

    4. Click Add and enter the Code Key and Decode values for the field.

      The Code Key value must be the form field name. The Decode value must be the attribute name on the target system.

      For example, enter Custom Attribute 1 in the Code Key field and then enter CustomAttribute1 in the Decode field.

    5. Click the save icon.

  5. Create a process task to update the new field Custom Attribute 1 as follows:

    1. Expand Process Management.

    2. Double-click Process Definition and open the Exchange User process definition.

    3. In the process definition, add a new task for updating the field as follows:

      • Click Add and enter the task name, for example, Custom Attribute 1 Updated, and the task description.

      • In the Task Properties section, select the following fields:

        Conditional

        Allow Multiple Instances

      • Click on the Save icon.

        Figure 4-6 is a sample screenshot of the new process task.

        Figure 4-6 Adding a New Process Task

        Description of Figure 4-6 follows
        Description of "Figure 4-6 Adding a New Process Task"

    4. On the Integration tab, click Add, and then click Adapter.

    5. Select the adpExchangeUpdateUser adapter, click Save, and then click OK in the message that is displayed.

      Figure 4-7 is a sample screenshot of the selecting the adapter for the new process task.

      Figure 4-7 Selecting an Adapter for New Process Task

      Description of Figure 4-7 follows
      Description of "Figure 4-7 Selecting an Adapter for New Process Task"

    6. To map the adapter variables listed in this table, select the adapter, click Map, and then specify values similar to values in the following table:

      Variable Name Data Type Map To Qualifier Literal Value

      Adapter return value

      Object

      Response code

      NA

      NA

      attrFieldName

      String

      Literal

      String

      Custom Attribute 1

      itResourceFieldName

      String

      Literal

      String

      UD_EXCHANGE_SERVER

      objectType

      String

      Literal

      String

      User

      processInstanceKey

      Long

      Process Data

      Process Instance

      NA

      Figure 4-8 is a sample screenshot of the adapter variables for the new process task.

      Figure 4-8 Mapping Adapter Variables for New Process Task

      Description of Figure 4-8 follows
      Description of "Figure 4-8 Mapping Adapter Variables for New Process Task"

    7. On the Responses tab, click Add to add the following response codes:

      Code Name Description Status

      ERROR

      Error Occurred

      R

      UNKNOWN

      An unknown response was received

      R

      SUCCESS

      Operation Completed

      C

    8. Click the Save icon and then close the dialog box.

  6. If you are using Oracle Identity Manager release 11.1.2.x or later, create a new UI form and attach it to the application instance to make this new attribute visible. See Creating a New UI Form and Updating an Existing Application Instance with a New Form for the procedures.

4.4 Adding New Multivalued Fields for Provisioning

By default, a few fields are mapped for provisioning between Oracle Identity Manager and the target system. If required, you can map additional fields for provisioning.

Note:

This section describes an optional procedure. Perform this procedure only if you want to add new multivalued fields for provisioning. Table C-2 and Table C-3 list the multivalued fields supported by Microsoft Exchange.

See Adding New Fields for Target Resource Reconciliation and Adding New Fields for Provisioning for sample screenshots of some of the following steps.

If you are using Oracle Identity Manager 11.1.2, see Defining Lookup Definition for Custom Multivalued Attributes in Oracle Identity Manager 11.1.2 for related procedure.

To add a new multivalued field for provisioning:

  1. Log in to the Oracle Identity Manager Design Console.

  2. Create a new version of the process form as follows:

    1. Expand Development Tools.

    2. Double-click Form Designer.

    3. Create a new form, for example, UD_EX_CH1.

  3. Add the new field on the process form as follows:

    1. Click Add.

      A field is added to the list. Enter the details of the field.

      For example, if you are adding the AcceptMessagesOnlyFrom field, enter UD_EX_CH1_ACCEPT in the Name field and then enter the rest of the details of this field.

    2. Click Save.

    3. To activate the newly created form, click Make Version Active.

  4. Assign UD_EX_CH1 as a child table to the UD_EXCHANGE form as follows:

    1. Search for and open the UD_EXCHANGE process form.

    2. Click Create New Version.

      On the Create a new version dialog box, enter a new version in the Label field, and then click the save icon.

    3. Select the new version created from the Current Version dropdown.

    4. Click the Child Table(s) tab.

    5. Click Assign and select the newly created (active) version of the UD_EX_CH1 form.

    6. Click Make Version Active.

    7. Click the save icon.

  5. Create an entry for the field in the lookup definition for reconciliation as follows:

    1. Expand Administration.

    2. Double-click Lookup Definition.

    3. Search for and open the Lookup.Exchange.UM.ProvAttrMap lookup definition.

    4. Click Add and enter the Code Key and Decode values for the field.

      The Code Key value must be the form field name. The Decode value must be the attribute name on the target system.

      For example, enter UD_EX_CH1~AcceptMessagesOnlyFrom in the Code Key field. This value indicates that AcceptMessagesOnlyFrom is a field added to the child form represented by UD_EX_CH1.

      Then, enter AcceptMessagesOnlyFrom in the Decode field.

    5. Click the save icon.

  6. Create process tasks to perform insert, update, and delete operations for the newly created child form, UD_EX_CH1. You can create process tasks similar to the following existing tasks:

    • Distribution Group Insert

    • Distribution Group Update

    • Distribution Group Delete

    For example, to create a process task for insert operations:

    1. Expand Process Management.

    2. Double-click Process Definition and open the Exchange User process definition.

    3. In the process definition, add a new task for updating the field as follows:

      Click Add and enter the task name, for example, AcceptMessagesOnlyFrom Insert, and the task description.

    4. In the Task Properties section, select the following:

      • Conditional

      • Allow cancellation while Pending

      • Allow Multiple Instances

      • UD_EX_CH1, to add the child table from the Child Table list

      • Insert, to add the data from the Trigger Type list

    5. On the Integration tab, click Add, and then click Adapter.

    6. Select the adpEXCHANGEADDCHILDTABLEVALUES adapter, click Save, and then click OK in the message that is displayed.

    7. To map the adapter variables listed in this table, select the adapter, click Map, and then specify values similar to values in the following table:

      Variable Name Data Type Map To Qualifier Literal Value

      Adapter return value

      Object

      Response code

      NA

      NA

      childPrimaryKey

      Long

      Process Data

      Child Primary Key

      Exchange User Distribution Group Form

      childTableName

      String

      Literal

      String

      UD_EX_CH1

      objectType

      String

      Literal

      String

      User

      itResourceFieldName

      String

      Literal

      String

      UD_EXCHANGE_SERVER

      processInstanceKey

      Long

      Process Data

      Process Instance

      NA

    8. On the Responses tab, click Add to add the following response codes:

      Code Name Description Status

      CONFIGURATION_ERROR

      Connector configuration is wrong

      R

      CONNECTION_FAILED

      Cannot connect to the resource

      R

      CONNECTOR_EXCEPTION

      Child table insertion failed

      R

      ERROR

      Error occurred

      R

      OBJECT_ALREADY_EXISTS

      Object with the same ID already exists

      R

      UNKNOWN

      An unknown response was received

      R

      UNKNOWN_UID

      Object does not exist

      R

      VALIDATION_FAILED

      Custom data validation failed

      R

      SUCCESS

      Operation completed

      C

    9. Click the Save icon and then close the dialog box.

  7. If you are using Oracle Identity Manager release 11.1.2.x or later, create a new UI form and attach it to the application instance to make this new attribute visible. See Creating a New UI Form and Updating an Existing Application Instance with a New Form for the procedures.

The following is a sample procedure for adding secondary email addresses as multivalued fields for provisioning:

  1. Log in to Oracle Identity Manager Design Console.

  2. Create a new version of the process form as follows:

    1. Expand Development Tools.

    2. Double-click Form Designer.

    3. Create a new form by entering the following values:

      Table Name: UD_EX_PROXY

      Description: Exchange proxy addresses

    4. Click Save.

  3. Add the new field on the process form as follows:

    1. On the Additional Colums tab, Add.

    2. In the newly added row, enter the details of the field.

      For example, if you are adding the ProxyAddressForm field, enter UD_EX_PROXY in the Name field and then enter the following details of this field:

      Variant Type: String

      Length: 129

      Field Label: Proxy Address

      Field Type: textField

      Order: 1

    3. Click Save.

    4. To activate the newly created form, click Make Version Active.

  4. Assign the UD_EX_PROXY form as a child table to the UD_EXCHANGE form as follows:

    1. Expand Development Tools.

    2. Double-click Form Designer.

    3. Search for and open the UD_EXCHANGE process form.

    4. Click Create New Version.

      In the Create a new version dialog box, enter a new version in the Label field, and then click the Save icon.

    5. Select the new version created from the Current Version drop-down list.

    6. On the Child Table(s) tab, click Assign and select the newly created (active) version of the UD_EX_PROXY form.

    7. Click Make Version Active.

    8. Click the Save icon.

  5. Create an entry for the field in the lookup definition for provisioning as follows:

    1. Expand Administration.

    2. Double-click Lookup Definition.

    3. Search for and open the Lookup.Exchange.UM.ProvAttrMap lookup definition.

    4. Click Add and enter the Code Key and Decode values for the field.

      The Code Key format is UD_EX_PROXY~Proxy Address. The Decode value is taken from Table C-3 of Exchange Connector Guide.

      Code Key: UD_EX_PROXY~Proxy Address

      Decode: EmailAddresses

    5. Click the Save icon.

  6. Create process tasks to perform insert, update, and delete provisioning operations for the newly created child form, UD_EX_PROXY as follows:

    Note:

    The steps in this section must be performed 3 times for the following insert, update, and delete provisioning operations:

    • Add task: Proxy Address Insert

    • Add task: Proxy Address Update

    • Add task: Proxy Address Delete

    1. Expand Process Management.

    2. Double-click Process Definition.

    3. Search for and open the Exchange User process definition.

    4. On the tasks tab, click Add to add the Proxy Address Insert task for an insert provisioning operation.

      A Creating New Task dialog box opens.

    5. Click the General tab, and enter the following values:

      Task Name: Proxy Address Insert

      Description: Add a new Exchange proxy address value

    6. In the Task Properties section, perform the following steps:

      • Select the following options:

        Conditional

        Allow cancellation while Pending

        Allow Multiple Instances

      • From the Child Table list, select UD_EX_PROXY.

      • From the Trigger Type list, select Insert.

    7. Click Save.

    8. On the Integration tab, click Add.

    9. From the Handler Selection dialog box that is displayed, click Adapter.

      A list of adapters which can be assigned to the process task is displayed in the Handler Name region.

    10. Select the adpEXCHANGEADDCHILDTABLEVALUES adapter to configure the Proxy Address Insert provisioning operation.

    11. Click Save.

    12. In the message that is displayed, click OK and close the dialog box.

    13. To map the adapter variables listed in this table, select the adapter, click Map, and then specify values similar to values in the following table:

      Variable Name Data Type Map To Qualifier Literal Value

      Adapter return value

      Object

      Response Code

      NA

      NA

      childPrimaryKey

      Long

      Process Data

      Child primary Key

      Exchange Proxy Address

      childTableName

      String

      Literal

      String

      UD_EX_PROXY

      objectType

      String

      Literal

      String

      User

      itResourceFieldName

      String

      Literal

      String

      UD_EXCHANGE_SERVER

      processInstanceKey

      Long

      Process Data

      Process Instance

      NA

    14. On the Responses tab, click Add to add the following response codes:

      Note:

      The values specified in the following table are the same for Insert, Update, and Delete process tasks.

      Code Name Description Status

      CONFIGURATION_ERROR

      Connector configuration is wrong

      R

      CONNECTION_FAILED

      Cannot connect to the resource

      R

      CONNECTOR_EXCEPTION

      Child table insertion failed

      R

      ERROR

      Error occurred

      R

      OBJECT_ALREADY_EXISTS

      Object with the same ID already exists

      R

      UNKNOWN

      An unknown response was received

      R

      UNKNOWN_UID

      Object does not exist

      R

      VALIDATION_FAILED

      Custom data validation failed

      R

      SUCESS

      Operation complete

      C

    15. Click Save and close the Creating New Task dialog box.

    16. In the process definition, to add the Proxy Address Update task for an update provisioning operation, perform Steps 6.d through 6.k with the following differences:

      • While performing Step 6.d, in the Creating New Task dialog box, enter the following values:

        Task Name: Proxy Address Update

        Description: Update an existing Exchange proxy address value

      • While performing Step 6.e, in the Task Properties section, from the Trigger Type list, select Update instead of Insert.

      • While performing Step 6.h, in the Handler Name region, select the adpEXCHANGEUPDATECHILDTABLEVALUES adapter instead of the adpEXCHANGEADDCHILDTABLEVALUES adapter.

    17. In the process definition, to add the Proxy Address Delete task for a delete provisioning operation, perform Steps 6.d through 6.k with the following differences:

      • While performing Step 6.d, in the Creating New Task dialog box, enter the following values:

        Task Name: Proxy Address Delete

        Description: Delete an Exchange proxy address value

      • While performing Step 6.e, in the Task Properties section, from the Trigger Type list, select Delete instead of Insert.

      • While performing Step 6.h, in the Handler Name region, select the adpEXCHANGEREMOVECHILDTABLEVALUES adapter instead of the adpEXCHANGEADDCHILDTABLEVALUES adapter.

  7. Create a new UI form for the Exchange User resource and attach it to the application instance to make the new Proxy Address field visible in the request form as follows:

    1. Create a sandbox and activate it as described in Creating and Activating a Sandbox.

    2. Create a new UI form for the Exchange User resource as described in Creating a New UI Form.

      While creating a new UI form, select Exchange User for the Resource Type field, and enter ExchangeUser2 in the Form Name field.

    3. Open the existing application instance.

    4. In the Form field, select the new UI form that you created.

    5. Save the application instance.

    6. Publish the sandbox as described in Publishing a Sandbox.

4.5 Configuring Validation of Data During Reconciliation and Provisioning

You can configure validation of reconciled and provisioned single-valued data according to your requirements. For example, you can validate data fetched from the First Name attribute to ensure that it does not contain the number sign (#). In addition, you can validate data entered in the First Name field on the process form so that the number sign (#) is not sent to the target system during provisioning operations.

To configure validation of data:

  1. Write code that implements the required validation logic in a Java class with a fully qualified domain name (FQDN), such as org.identityconnectors.exchange.extension.ExchangeValidator.

    This validation class must implement the validate method. The following sample validation class checks if the value in the First Name attribute contains the number sign (#):

    package com.validationexample;

import java.util.HashMap;
 
public class MyValidator {
    public boolean validate(HashMap hmUserDetails, HashMap hmEntitlementDetails, String sField) throws ConnectorException {
 
        /* You must write code to validate attributes. Parent
                 * data values can be fetched by using hmUserDetails.get(field)
                 * For child data values, loop through the
                 * ArrayList/Vector fetched by hmEntitlementDetails.get("Child Table")
                 * Depending on the outcome of the validation operation,
                 * the code must return true or false.
                 */
        /*
        * In this sample code, the value "false" is returned if the field
        * contains the number sign (#). Otherwise, the value "true" is
        * returned.
        */
        boolean valid = true;
        String sFirstName = (String) hmUserDetails.get(sField);
        for (int i = 0; i < sFirstName.length(); i++) {
            if (sFirstName.charAt(i) == '#') {
                valid = false;
                break;
            }
        }
        return valid;
 
    }
}
  2. Log in to the Design Console.
  3. Search for and open one of the following lookup definitions (or create a new lookup):

    • To configure validation of data for reconciliation:

      Lookup.Exchange.UM.ReconValidation

    • To configure validation of data for provisioning:

      Lookup.Exchange.UM.ProvValidation

    Note:

    If you cannot find these lookup definitions, create new lookup definitions.

  4. In the Code Key column, enter the resource object field name that you want to validate. For example, SimpleDisplayName.
  5. In the Decode column, enter the class name. For example, org.identityconnectors.exchange.extension.ExchangeValidator.
  6. Save the changes to the lookup definition.
  7. Search for and open the Lookup.Exchange.UM.Configuration lookup definition.
  8. In the Code Key column, enter one of the following entries:

    • To configure validation of data for reconciliation:

      Recon Validation Lookup

    • To configure validation of data for provisioning:

      Provisioning Validation Lookup

  9. In the Decode column, enter one of the following entries (or enter the name of the lookup you created in step 3):

    • To configure validation of data for reconciliation:

      Lookup.Exchange.UM.ReconValidation

    • To configure validation of data for provisioning:

      Lookup.Exchange.UM.ProvValidation

  10. Save the changes to the lookup definition.
  11. Create a JAR with the class and upload it to the Oracle Identity Manager database using the UpdateJars utility.
  12. Run the PurgeCache utility to clear content related to request datasets from the server cache.
  13. Perform reconciliation or provisioning to verify validation for the field, for example, SimpleDisplayName.

4.6 Configuring Transformation of Data During User Reconciliation

You can configure transformation of reconciled single-valued user data according to your requirements. For example, you can use First Name and Last Name values to create a value for the Full Name field in Oracle Identity Manager.

To configure transformation of single-valued user data fetched during reconciliation:

  1. Write code that implements the required transformation logic in a Java class with a fully qualified domain name (FQDN), such as org.identityconnectors.exchange.extension.ExchangeTransfomation.

    This transformation class must implement the transform method. The following sample transformation class creates a value for the Full Name attribute by using values fetched from the First Name and Last Name attributes of the target system:

    package com.transformationexample;

import java.util.HashMap;
 
 
public class MyTransformer {
    public Object transform(HashMap hmUserDetails, HashMap hmEntitlementDetails, String sField) throws ConnectorException {
        /*
        * You must write code to transform the attributes.
        * Parent data attribute values can be fetched by
        * using hmUserDetails.get("Field Name").
        * To fetch child data values, loop through the
        * ArrayList/Vector fetched by hmEntitlementDetails.get("Child          Table")
        * Return the transformed attribute.
        */
        String sFirstName = (String) hmUserDetails.get("First Name");
        String sLastName = (String) hmUserDetails.get("Last Name");
        return sFirstName + "." + sLastName;
 
    }
}
  2. Log in to the Design Console.
  3. Search for and open the Lookup.Exchange.UM.ReconTransformation (or create another custom name) lookup definition.

    Note:

    If you cannot find the Lookup.Exchange.UM.ReconTransformation lookup definition, create a new lookup definition.

  4. In the Code Key column, enter the resource object field name you want to transform. For example, SimpleDisplayName.
  5. In the Decode column, enter the class name. For example, org.identityconnectors.exchange.extension.ExchangeTransfomation.
  6. Save the changes to the lookup definition.
  7. Search for and open the Lookup.Exchange.UM.Configuration lookup definition.
  8. In the Code Key column, enter Recon Transformation Lookup.
  9. In the Decode column, enter Lookup.Exchange.UM.ReconTransformation or enter the name of the lookup you created in step 3.
  10. Save the changes to the lookup definition.
  11. Create a JAR with the class and upload it to the Oracle Identity Manager database using the UpdateJars utility.
  12. Run the PurgeCache utility to clear content related to request datasets from the server cache.
  13. Perform reconciliation to verify transformation of the field, for example, SimpleDisplayName.