3 Using the Connector

After you deploy the connector, you must configure it to meet your requirements. This chapter discusses the following connector configuration procedures:

• Summary of Steps to Use the Connector

• Seeding Roles into Oracle Identity Manager

• Verifying the Affiliation Status Code

• Verifying the Entries in Attribute Mapping Lookup Definitions

• Performing Full Reconciliation

• Performing Incremental Reconciliation

• Limited Reconciliation

• Resending Messages That Are Not Received by the PeopleSoft Listener

• Configuring Scheduled Jobs

3.1 Summary of Steps to Use the Connector

The following is a summary of the steps to use the connector for full reconciliation:

Note:

It is assumed that you have performed all the procedures described in the preceding chapter.

1. Generate a CSV file on the PeopleSoft Campus target system containing all the affiliation data.
2. Copy this file to a directory on the Oracle Identity Manager host computer.
3. Run the PeopleSoft Campus Role Creation scheduled job to seed the roles in Oracle Identity Manager corresponding to each unique affiliation.
4. Generate XML files for the SCC_CONSTITUENT_FULLSYNC message for all persons. See Generating XML Files for more information.
5. Copy these XML files to a directory on the Oracle Identity Manager host computer.
6. Configure the PeopleSoft Campus Trusted Full Reconciliation scheduled task for the SCC_CONSTITUENT_FULLSYNC message. The XML files are read by this scheduled task to generate reconciliation events. See Configuring the Scheduled Task for Person Data Reconciliation for more information.
7. Configure the PeopleSoft Campus Affiliation Effective Date Processor scheduled task. See Configuring the Scheduled Task for Processing Affiliation Effective Date for more information.
8. Configure the PeopleSoft Campus Role Creation scheduled task. This scheduled task reads the affiliation data from a CSV file and creates corresponding roles in Oracle Identity Manager. See Importing CSV File into Oracle Identity Manager to Create Roles for more information.

Change from full reconciliation to incremental reconciliation. See Performing Incremental Reconciliation for instructions.

3.2 Seeding Roles into Oracle Identity Manager

You must seed roles into Oracle Identity Manager corresponding to each unique affiliation in PeopleSoft Campus. This is done so that when a particular affiliation (a resource in Oracle Identity Manager) is assigned to a user, then if the affiliation is active, the corresponding role is assigned to the user.

This section contains the following procedures:

• Generating CSV File

• Importing CSV File into Oracle Identity Manager to Create Roles

3.2.1 Generating CSV File

To generate CSV file for all existing roles in the target system:

1. In PeopleSoft Internet Architecture, navigate to Reporting Tools, Query, and Query Manager.
2. Enter the query name as SCC_AFFILIATION_TYPE_CODES and click Search, as shown in the following screenshot.
   
3. Click HTML under the Run to HTML column.
4. In the new html page, click CSV Text File and save the CSV file, as shown in the following screenshot.
   

   You must copy this CSV file to a directory on the Oracle Identity Manager host computer.

3.2.2 Importing CSV File into Oracle Identity Manager to Create Roles

When you run the Connector Installer, the PeopleSoft Campus Role Creation scheduled task is automatically created in Oracle Identity Manager.

This scheduled task reads the affiliation data from a CSV file and creates corresponding roles in Oracle Identity Manager. You must enter the path of the CSV file generated in Generating CSV File as the value of the scheduled task attribute. The role names are in the following format:

PSFTCAMPUS~<INSTITUTION CODE>~<AFFILIATION CODE>

For example: PSFTCampus~PSUNV~STUDENT

Affiliation Ranks are stored as role description in the AFFILIATION RANK:<RANK VALUE> format. For example, Affiliation rank:0800.

Table 3-1 describes the attributes of this scheduled task.

Table 3-1 Attributes of the PeopleSoft Campus Role Creation Scheduled Task

Attribute	Description
File Path	Enter the path of the CSV file on the Oracle Identity Manager host computer. Sample value: /usr/data/sample.csv

3.3 Verifying the Affiliation Status Code

This section contains the following topics:

• About Affiliation Status

• Verifying the Affiliation Status Code on PeopleSoft Campus

3.3.1 About Affiliation Status

In PeopleSoft Campus, the Affiliations have a field called Affiliation Status. This connector reconciles the value of this field. You can also add your own status codes in PeopleSoft Campus. The status of the Affiliation Resource in Oracle Identity Manager (Enabled or Disabled) depends on the value of this field.

The following screenshot displays a sample Affiliation Status in PeopleSoft Campus:

3.3.2 Verifying the Affiliation Status Code on PeopleSoft Campus

To verify the Affiliation Status code on PeopleSoft Campus that corresponds to Enabled status in Oracle Identity Manager, perform the following procedure:

1. Check the status code value that is passed in the SCC_CONSTITUENT_SYNC or SCC_CONSTITUENT_FULLSYNC message when the Affiliation is made Active in PeopleSoft Campus.

   In the following example, the Affiliation Status code is ACT. If this code has been customized in the target system, then the value may be different.

   
2. In the Oracle Identity Manager Design Console, open the PSFTStatusEvaluator adapter.
   
3. On the Variable List tab, double-click statusEnabledVal.

   As shown in the following screenshot, ensure that the Literal Value field contains the same value as in the XML message, which is ACT.

   

   If the status codes on the target system are changed, then you must update the code for the Active status in the Literal Value field of this adapter. Then, recompile the adapter.

3.4 Verifying the Entries in Attribute Mapping Lookup Definitions

Ensure that Decode entries of the Lookup.PSFT.Campus.SccConstituentFullSync.AttributeMapping lookup definition are based on the message structure shown in Message Structure.

If the message structure received from the target system is different from this message structure (if the node names in the XML files are different), then the Decode entries in the lookup definition need to be updated as per the modified message structure.

Similarly, if the message structure sent to PeopleSoft listener is different from the message structure shown in Message Structure, then change the Decode entries in the Lookup.PSFT.Campus.SccConstituentSync.AttributeMapping lookup definition as per the modified message structure.

3.5 Performing Full Reconciliation

Full reconciliation involves reconciling all existing person records from the target system into Oracle Identity Manager. After you deploy the connector, you must first perform full reconciliation.

The following sections discuss the procedures involved in full reconciliation:

• Generating XML Files

• Importing XML Files into Oracle Identity Manager

3.5.1 Generating XML Files

You must generate XML files for all existing persons in the target system.

Note:

Before performing the procedure to generate XML files, you must ensure that you have configured the SCC_CONSTITUENT_FULLSYNC messages. See Installation on the Target System for more information.

To generate XML files for full reconciliation, run the SCC_CONSTITUENT_FULLSYNC message as follows:

1. In PeopleSoft Internet Architecture, expand Enterprise Components, Integration Definitions, Initiate Processes, and then click Full Data Publish.
2. Click the Add a New Value tab.
3. In the Run Control ID field, enter a value and then click ADD.
4. In the Process Request region, provide the following values:

   Request ID: Enter a request ID.

   Description: Enter a description for the process request.

   Process Frequency: Select Always.

   Message Name: Select SCC_CONSTITUENT_FULLSYNC.

5. Click Save to save the configuration.
6. Click Run.

   The Process Scheduler Request page appears.

7. From the Server Name list, select the appropriate server.
8. Select Full Table Data Publish process list, and click OK.
9. Click Process Monitor to verify the status of EOP_PUBLISHT Application Engine. The Run Status is Success if the transaction is successfully completed.

   On successful completion of the transaction, XML files for the SCC_CONSTITUENT_FULLSYNC message are generated at a location that you specified in the FilePath property while creating the OIM_FILE_NODE node for PeopleSoft Web Server. See Configuring the PeopleSoft Integration Broker section for more information.

   Copy these XML files to a directory on the Oracle Identity Manager host computer. Ensure that the permissions for these XML files are sufficiently restrictive. By default, the permissions are set to 644. You can set them to 640.

Note:

After you have performed this procedure, remove the permission list created in Setting Up the Security for the SCC_CONSTITUENT_FULLSYNC Service Operation. This is for security purposes.

3.5.2 Importing XML Files into Oracle Identity Manager

This section contains the following topics:

• Configuring the Scheduled Task for Person Data Reconciliation

• Configuring the Scheduled Task for Processing Affiliation Effective Date

See Configuring Scheduled Jobs for instructions on running a scheduled task.

3.5.2.1 Configuring the Scheduled Task for Person Data Reconciliation

When you run the Connector Installer, the PeopleSoft Campus Trusted Full Reconciliation scheduled task is automatically created in Oracle Identity Manager.

To perform a full reconciliation run, you must configure the scheduled task to reconcile all person data into Oracle Identity Manager depending on the values that you specified in the scheduled task attributes. Table 3-2 describes the attributes of this scheduled task.

The PeopleSoft Campus Trusted Full Reconciliation scheduled task is used to transfer XML file data from the file to the parser. The parser then converts this data into reconciliation events.

Table 3-2 Attributes of the PeopleSoft Campus Trusted Full Reconciliation Scheduled Task

Attribute	Description
Archive Mode	Enter yes if you want XML files used during full reconciliation to be archived. After archival the file is deleted from the original location. If no, the XML file is not archived.
Archive Path	Enter the full path and name of the directory in which you want XML files used during full reconciliation to be archived. You must enter a value for the Archive Path attribute only if you specify yes as the value for the Archive Mode attribute. Sample value: /usr/archive
File Path	Enter the path of the directory on the Oracle Identity Manager host computer into which you copy the file containing XML data. Sample value: /usr/data
IT Resource Name	Enter the name of the IT resource that you create by performing the procedure described in Configuring the IT Resource. Default value: PSFT Campus
Message Name	Use this attribute to specify the name of the delivered message used for full reconciliation. Sample value: SCC_CONSTITUENT_FULLSYNC Note: This value must match the entry in the Lookup.PSFT.Campus.Configuration lookup definition, as it is used to determine the class name of the message handler.
Task Name	This attribute holds the name of the scheduled task. Value: PeopleSoft Campus Trusted Full Reconciliation

3.5.2.2 Configuring the Scheduled Task for Processing Affiliation Effective Date

When you run the Connector Installer, the PeopleSoft Campus Affiliation Effective Date Processor scheduled task is automatically created in Oracle Identity Manager.

This scheduled task searches for all the disabled affiliation resources and evaluates if the current date is between affiliation start date and end date. If it does and if the affiliation is active, then the task enables the resource. This triggers the affiliation-role assignment to the user. Table 3-3 describes the attributes of this scheduled task.

Table 3-3 Attributes of the PeopleSoft Campus Affiliation Effective Date Processor Scheduled Task

Attribute	Description
End Date Field	Enter the affiliation end date. Default value: UD_AFFLN_END_DATE
Resource Object Name	Enter the name of the resource object. Default value: Affiliation
Start Date Field	Enter the affiliation start date. Default value: UD_AFFLN_ST_DATE
Status Field	Enter the status of the affiliation date. Default value: UD_AFFLN_EFFDT_STATUS
Task Name	This attribute holds the name of the scheduled task. Value: PeopleSoft Campus Affiliation Effective Date Processor

3.6 Performing Incremental Reconciliation

You do not require additional configuration for incremental reconciliation.

It is assumed that you have deployed the PeopleSoft listener as described in Deploying the PeopleSoft Listener.

3.7 Limited Reconciliation

This section contains the following topics:

• About Limited Reconciliation

• Configuring Limited Reconciliation

3.7.1 About Limited Reconciliation

By default, all target system records that are added or modified after the last reconciliation run are reconciled during the current incremental reconciliation run. For full reconciliation, all target system records are fetched into Oracle Identity Manager.

You configure segment filtering to specify the attributes whose values you want to fetch into Oracle Identity Manager. Similarly, you can configure limited reconciliation to specify the subset of target system records that must be fetched into Oracle Identity Manager.

You configure limited reconciliation by specifying a query condition as the value of the Custom Query attribute in the message-specific configuration lookup.

You must use the following format to specify a value for the Custom Query attribute:

RESOURCE_OBJECT_ATTRIBUTE_NAME=VALUE

For example, suppose you specify the following as the value of the Custom Query attribute:

Last Name=Doe

With this query condition, only records for persons whose last name is Doe are considered for reconciliation.

You can add multiple query conditions by using the ampersand (&) as the AND operator and the vertical bar (|) as the OR operator. For example, the following query condition is used to limit reconciliation to records of those persons whose first name is John and last name is Doe:

First Name=John  & Last Name=Doe

You can limit reconciliation to the records of those persons whose first name is either John or their User ID is 219786 using the following query:

First Name=John | User ID=219786

3.7.2 Configuring Limited Reconciliation

To configure limited reconciliation:

1. Ensure that the OIM User attribute to use in the query exists in the Lookup.PSFT.Campus.CustomQuery lookup definition. This lookup definition maps the resource object attributes with OIM User form fields.

   See Also:

   Lookup.PSFT.Campus.CustomQuery for a listing of the default contents of this lookup definition

   You must add a new row in this lookup definition whenever you add a new UDF in the process form. See Setting Up the Lookup.PSFT.Campus.CustomQuery Lookup Definition for adding an entry in this lookup definition and Adding New Affiliation Attributes for Reconciliation for adding a UDF.

2. Create the query condition. Apply the following guidelines when you create the query condition:

   • Use only the equal sign (=), the ampersand (&), and the vertical bar (|) in the query condition. Do not include any other special characters in the query condition. Any other character that is included is treated as part of the value that you specify.

   • Add a space before and after the ampersand and vertical bar used in the query condition. For example:

     First Name=John & Last Name=Doe

     This is to help the system distinguish between ampersands and vertical bars used in the query and the same characters included as part of attribute values specified in the query condition.

   • You must not include unnecessary blank spaces between operators and values in the query condition.

     A query condition with spaces separating values and operators would yield different results as compared to a query condition that does not contain spaces between values and operators. For example, the output of the following query conditions would be different:

     First Name=John & Last Name=Doe

     First Name= John & Last Name= Doe

     In the second query condition, the reconciliation engine would look for first name and last name values that contain a space at the start.

   • Ensure that attribute names that you use in the query condition are in the same case (uppercase or lowercase) as the case of values in the Lookup.PSFT.Campus.CustomQuery lookup definitions. For example, the following query condition would fail:

     fiRst Name = John

3. Configure the message-specific configuration lookup with the query condition as the value of the Custom Query attribute. For example, to specify the query condition for the SCC_CONSTITUENT_FULLSYNC message, search and open the Lookup.PSFT.Message.SccConstituentFullSync.Configuration lookup. Specify the query condition in the Decode column of the Custom Query attribute.

3.8 Resending Messages That Are Not Received by the PeopleSoft Listener

The messages are generated and sent to Oracle Identity Manager regardless of whether the WAR file is running or not. Reconciliation events are not created for the messages that are sent to Oracle Identity Manager while the WAR file is unavailable. To ensure that all the messages generated on the target system reach Oracle Identity Manager, perform the following procedure:

• Sending Messages Manually

• Resending Messages Manually in Error or TimeOut Status

3.8.1 Sending Messages Manually

If Oracle Identity Manager is not running when a message is published, then the message is added to a queue. You can check the status of the message in the queue in the Message Instance tab. This tab lists all the published messages in queue. When you check the details of a specific message, the status is listed as Timeout or Error.

To publish a message in the queue to Oracle Identity Manager, resubmit the message when Oracle Identity Manager is running.

If the status of the message is New or Started and it does not change to Timeout or Done, then you must restart the PeopleSoft application server after you restart Oracle Identity Manager.

Note:

PeopleSoft supports this functionality for a limited rights user created in Creating a Role for a Limited Rights User. But, you can specify persons who have rights to perform this task based on the security policy of your organization.

3.8.2 Resending Messages Manually in Error or TimeOut Status

To manually resend messages in Error or TimeOut status:

1. In PeopleSoft Internet Architecture, expand PeopleTools, Integration Broker, Service Operations Monitor, Monitoring, and then click Asynchronous Services.
2. From the Group By list, select Service Operation or Queue to view the number of messages in Error, TimeOut, Done, and so on.
   

   The number is in the form of a link, which when clicked displays the details of the message.

3. Click the link pertaining to the message to be resent, for example, the link under the Error or the TimeOut column.
4. Click the Details link of the message to be resent. A new window appears.
5. Click the Error Messages link to check the error description.
6. Click Resubmit after you have resolved the issue.

3.9 Configuring Scheduled Jobs

This section describes the procedure to configure scheduled jobs. It contains the following topics:

• Configurable Scheduled Tasks

• Configuring a Scheduled Task

3.9.1 Configurable Scheduled Tasks

The following scheduled tasks can be configured:

• PeopleSoft Campus Role Creation

  See Importing CSV File into Oracle Identity Manager to Create Roles for information about the attributes of this task.

• PeopleSoft Campus Trusted Full Reconciliation

  See Configuring the Scheduled Task for Person Data Reconciliation for information about the attributes of this task.

• PeopleSoft Campus Affiliation Effective Date Processor

  See Configuring the Scheduled Task for Processing Affiliation Effective Date for information about the attributes of this task.

3.9.2 Configuring a Scheduled Task

To configure a scheduled task:

1. Depending on the Oracle Identity Manager release you are using, perform one of the following steps:

   • For Oracle Identity Manager release 11.1.1:

     1. Log in to the Administrative and User Console.

     2. On the Welcome to Oracle Identity Manager Self Service page, click Advanced in the upper-right corner of the page.

   • For Oracle Identity Manager release 11.1.2.x:

     1. Log in to Oracle Identity System Administration.

     2. In the left pane, under System Management, click Scheduler.

2. Search for and open the scheduled job as follows:

   1. If you are using Oracle Identity Manager release 11.1.1, then on the Welcome to Oracle Identity Manager Advanced Administration page, in the System Management region, click Search Scheduled Jobs.

   2. In the Search field, enter the name of the scheduled job as the search criterion. Alternatively, you can click Advanced Search and specify the search criterion.

   3. In the search results table on the left pane, click the scheduled job in the Job Name column.

3. Modify the details of the scheduled task. To do so:

   • On the Job Details tab, you can modify the following parameters:

     - Retries: Enter an integer value in this field. This number represents the number of times the scheduler tries to start the job before assigning the Stopped status to the job.

     - Schedule Type: Depending on the frequency at which you want the job to run, select the appropriate schedule type.

     Note:

     See Creating Jobs in Oracle Fusion Middleware Administering Oracle Identity Manager for detailed information about schedule tasks.

     In addition to modifying the job details, you can enable or disable a job.

4. Specify values for the attributes of the scheduled task. To do so:

   • On the Job Details tab, under the Parameters section, specify values for the attributes of the scheduled task.

   Note:

   • Attribute values are predefined in the connector XML that is imported during the installation of the connector. Specify values only for the attributes to change.

   • If you want to stop a scheduled task while it is running, the process is terminated only after the complete processing of the file that is being run. For instance, you want to reconcile data from five XML files. But, if you stop the scheduled task when it is reconciling data from the third file, then the reconciliation will stop only after processing the third file completely.

5. After specifying the attributes, click Apply to save the changes.

   Note:

   The Stop Execution option is not available in the Administrative and User Console. If you want to stop a task, then click Stop Execution on the Task Scheduler form of the Design Console.