This chapter discusses the following optional procedures:
Note:
From Oracle Identity Manager Release 11.1.2 onward, lookup queries are not supported. See Managing Lookups in Oracle Fusion Middleware Administering Oracle Identity Manager for information about managing lookups by using the Form Designer in the Oracle Identity Manager System Administration console.
You can modify the default field mappings between Oracle Identity Manager and the PeopleSoft Campus target system. For full reconciliation, see Lookup.PSFT.Campus.SccConstituentFullSync.AttributeMapping lookup definition which holds the default attribute mappings. For incremental reconciliation, see Lookup.PSFT.Campus.SccConstituentSync.AttributeMapping lookup definition which holds the default attribute mappings. If required, you can add user attributes to these predefined attribute mappings.
This section contains the following topics:
To add a new user attribute for reconciliation:
In the Oracle Identity Manager Design Console, make the required changes as follows:
Create a new user-defined field. For the procedure to create a user-defined field, see "Creating a User-Defined Field".
Add a reconciliation field corresponding to the new attribute in the PeopleSoft Campus resource object. For example, you can add the National ID
reconciliation field.
Modify the PeopleSoft Campus Person process definition to include the mapping between the newly added field and the corresponding reconciliation field. For the example described earlier, the mapping is as follows:
National ID = National ID
On the Object Reconciliation tab, click Create Reconciliation Profile. This copies changes made to the resource object into the MDS.
Add the new attribute in the message-specific attribute mapping lookup definition. For example, the Lookup.PSFT.Campus.SccConstituentSync.AttributeMapping lookup definition for the SCC_CONSTITUENT_FULLSYNC message.
The following is the format of the values stored in this table:
Code Key | Decode |
---|---|
AttributeName |
|
For example:
Code Key: National ID
Decode: NATIONAL_ID~SCC_PER_NID_I
In this example, National ID
is the reconciliation field and its equivalent target system field is NATIONAL_ID.
Add the new attribute in the Resource Object attribute reconciliation lookup definition. For example, the Lookup.PSFT.Campus.SccConstituentSync.Recon lookup for the SCC_CONSTITUENT_FULLSYNC message.
The following is the format of the values stored in this table:
Code Key | Decode |
---|---|
RO Attribute |
|
For example:
Code Key: National ID
Decode: National ID
In this example, RO Attribute refers to the resource object attribute name added in the preceding steps. The decode value is the code key value in the message-specific attribute mapping lookup definition.
Add the new attribute in the Custom Query lookup definition. See Setting Up the Lookup.PSFT.Campus.CustomQuery Lookup Definition for more information.
This section contains the following topics:
Standard reconciliation involves the reconciliation of predefined user and affiliation attributes. If required, you can add new affiliation attributes to the list of attributes that are reconciled.
The attribute that you want to reconcile should be part of the SCC_CONSTITUENT_SYNC or SCC_CONSTITUENT_FULLSYNC message. For example, consider the XML message shown in the following screenshot. For the Affiliation Rank attribute, the node name is SCC_AFL_RANK and the parent node name is SCC_AFL_PERSON. These two values will be added to the attribute mapping lookup definitions.
To add the new field to the list of reconciliation fields in the resource object:
To create a reconciliation field mapping for the new field on the process form:
Create an entry for the field in the lookup definition for attribute mapping as follows:
Create an entry for the field in the lookup definition for reconciliation as follows:
Create an entry for the field in the configuration lookup definition as follows:
Affiliations in PeopleSoft Campus are defined as the relationship between an individual and an institution. However, there is no concept of Primary Affiliations in PeopleSoft Campus. There is no cross-institution or cross-campus attribute that would inherently define a "primary" affiliation for an individual who is affiliated with multiple institutions in a multi-institution PeopleSoft Campus Solutions deployment.
In some cases, Affiliations are deployed in a manner that would benefit from an ability to identify a primary affiliation. Ranks for affiliations can be used to reflect hierarchy amongst the different affiliations.
For example, consider an institution called BIG University with BIGUNV as the Institution Code. The following table shows a sample list of Affiliation Codes and their ranks:
Affiliation Code | Affiliation Description | Ranking |
---|---|---|
EMPFULL |
Employee Full Time |
9999 |
STDNTFULL |
Student Full Time |
8888 |
STDNTPART |
Student Part Time |
7777 |
Roles are created in Oracle Identity Manager that correspond to each unique PeopleSoft Campus Affiliations. The Ranks of the affiliations are stored in the role descriptions in Oracle Identity Manager.
Oracle Identity Manager users would have an active role for each active affiliation. For implementing primary affiliations, the connector can be extended to add a task that reads the role names (the affiliation and the institution codes) and the role descriptions (the affiliation ranks). Then, the affiliation with the highest rank can be picked as the primary affiliation.
For the previous example, the following table indicates sample role names and descriptions in Oracle Identity Manager:
Role Name | Role Description |
---|---|
PSFTCampus~BIGUNV~EMPFULL |
Affiliation rank :9999 |
PSFTCampus~BIGUNV~STDNTFULL |
Affiliation rank :8888 |
PSFTCampus~BIGUNV~STDNTPART |
Affiliation rank :7777 |
The following screenshot shows another example of roles and ranks for supporting primary affiliations:
You might want to modify the lengths of the fields (attributes) on the OIM User form. For example, if you use the Japanese locale, then you might want to increase the lengths of OIM User form fields to accommodate multibyte data from the target system.
If you want to modify the length of a field on the OIM User form, then:
You can configure validation of reconciled single-valued data according to your requirements. For example, you can validate data fetched from the First Name attribute to ensure that it does not contain the number sign (#). In addition, you can validate data entered in the First Name field on the user form so that the number sign (#) is not sent to Oracle Identity Manager during reconciliation operations.
For data that fails the validation check, the following message is displayed or recorded in the log file:
Value returned for field
FIELD_NAME
is false.
To configure validation of data, perform the following steps:
To implement the validation logic in a Java class:
Run the Oracle Identity Manager Upload JARs utility to post the JAR file created in Implementing the Validation Logic in a Java Class to the Oracle Identity Manager database. This utility is copied into the following location when you install Oracle Identity Manager:
Note:
Before you use this utility, verify that the WL_HOME
environment variable is set to the directory in which Oracle WebLogic Server is installed.
For Microsoft Windows:
OIM_HOME/server/bin/UploadJars.bat
For UNIX:
OIM_HOME/server/bin/UploadJars.sh
When you run the utility, you are prompted to enter the login credentials of the Oracle Identity Manager administrator, URL of the Oracle Identity Manager host computer, context factory value, type of JAR file being uploaded, and the location from which the JAR file is to be uploaded. Specify 1 as the value of the JAR type.
If you created the Java class for validating a process form field for reconciliation, then:
You can configure the transformation of reconciled single-valued data according to your requirements. For example, you can use the First Name value to prefix 'Mr.' to the First Name field in Oracle Identity Manager.
To configure the transformation of data, perform the following steps:
To implement the transformation logic in a Java class:
Run the Oracle Identity Manager Upload JARs utility to post the JAR file created in Implementing the Transformation Logic in a Java Class to the Oracle Identity Manager database. This utility is copied into the following location when you install Oracle Identity Manager:
Note:
Before you use this utility, verify that the WL_HOME
environment variable is set to the directory in which Oracle WebLogic Server is installed.
For Microsoft Windows:
OIM_HOME/server/bin/UploadJars.bat
For UNIX:
OIM_HOME/server/bin/UploadJars.sh
When you run the utility, you are prompted to enter the login credentials of the Oracle Identity Manager administrator, URL of the Oracle Identity Manager host computer, context factory value, type of JAR file being uploaded, and the location from which the JAR file is to be uploaded. Specify 1 as the value of the JAR type.
If you created the Java class for validating a process form field for reconciliation, then:
You configure limited reconciliation by specifying a query condition as the value of the Custom Query attribute in the message-specific configuration lookup. See Lookup.PSFT.Campus.CustomQuery for more information about this lookup definition.
You must ensure that the OIM User attribute to use in the query exists in the Lookup.PSFT.Campus.CustomQuery lookup definition. You must add a row in this lookup definition whenever you add a UDF in the user form.
To add a new UDF to this lookup definition:
This section contains the following topics:
You might want to configure the connector for multiple installations of the target system. The following example illustrates this requirement:
The London and New York offices of Example Multinational Inc. have their own installations of the target system. The company has recently installed Oracle Identity Manager, and they want to configure Oracle Identity Manager to link all the installations of the target system.
To meet the requirement posed by such a scenario, you can create copies of connector objects, such as the IT resource and resource object.
The decision to create a copy of a connector object is based on a requirement. For example, an IT resource can hold connection information for one target system installation. Therefore, it is mandatory to create a copy of the IT resource for each target system installation.
With some other connector objects, you do not need to create copies at all. For example, a single attribute-mapping lookup definition can be used for all installations of the target system.
Note:
A single listener is sufficient for multiple installations of the target system. You can configure the nodes to point to the same listener with different IT resource names.
All connector objects are linked. For example, a scheduled task holds the name of the IT resource. Similarly, the IT resource holds the name of the common configuration lookup definition, which is Lookup.PSFT.Campus.Configuration. If you create a copy of an object, then you must specify the name of the copy in other connector object. Table 4-1 lists association between connector objects whose copies can be created and the other objects that reference these objects. When you create a copy of an object, use this information to change the associations of that object with other objects.
Table 4-1 Connector Objects and Their Associations
Connector Object | Name | Referenced By | Description |
---|---|---|---|
IT Resource |
PSFT Campus |
|
You need to create a copy of IT Resource with a different name. |
Resource Object |
PeopleSoft Campus |
Message-specific configuration lookup definitions:
|
It is optional to create a copy of a resource object. If you are reconciling the same set of attributes from the other target system, then you need not create a new resource object. Note: Create copies of this resource object only if there are differences in attributes between the two installations of the target system. |
Common Configuration Lookup Definition |
Lookup.PSFT.Campus.Configuration |
Message-specific configuration lookup definitions:
|
It is optional to create a copy of the common configuration lookup definition. Note: Create copies of this lookup definition only if there are differences in attributes between the two installations of the target system. |
Message-specific Configuration Lookup Definition |
Lookup definitions:
|
Attribute mapping lookup definitions:
|
It is optional to create a copy of the message-specific lookup definitions. Note: Create copies of this lookup definition only if there are differences in attributes between the two installations of the target system. |
Attribute Mapping Lookup Definition |
Lookup definitions:
|
NA |
This lookup definition holds the information of the attributes reconciled from the XML message file from the target system. Note: Create copies of this lookup definition only if there are differences in attributes between the two installations of the target system. |
Recon Map Lookup Definition |
Lookup.PSFT.Campus.SccConstituentSync.Recon |
NA |
This lookup definition maps the resource object field with the data reconciled from the message. Note: Create copies of this lookup definition only if there are differences in attributes between the two installations of the target system. |
To create copies of the connector objects:
Note:
See Cloning Connectors in Oracle Fusion Middleware Administering Oracle Identity Manager for detailed information about the steps in this procedure.
To reconcile data from a particular target system installation, specify the name of the IT resource for that target system installation as the value of the ITResource
scheduled task attribute.