Go to main content
|
|
Oracle Identity Manager automates access rights management, and the security of resources to various target systems. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with target applications. This guide discusses the connector that enables you to use JD Edwards EnterpriseOne either as a managed (target) resource or as an authoritative (trusted) source of identity data for Oracle Identity Manager.
Note:
In this guide, JD Edwards EnterpriseOne has been referred to as the target system.
In the account management (target resource) mode of the connector, information about users created or modified directly on the target system can be reconciled into Oracle Identity Manager. In addition, you can use Oracle Identity Manager to perform provisioning operations on the target system.
In the identity reconciliation (trusted source) configuration of the connector, users are created or modified only on the target system and information about these users is reconciled into Oracle Identity Manager.
This chapter contains the following sections:
Table 1-1 lists the certified components for this connector.
Table 1-1 Certified Components
Item | Requirement |
---|---|
Oracle Identity Governance or Oracle Identity Manager |
You can use one of the following releases of Oracle Identity Governance or Oracle Identity Manager:
|
Target system |
The target system can be any one of the following:
Note: If you are using JDE Tools 9.2.x, download and apply JDE Connector 11.1.1.6.0A Patch 27009976 as reconciliation operations may throw NullPointerException error. You can download the patch from the Patches and Updates page at: |
Connector Server |
11.1.1.5.0 |
Connector Server JDK |
JDK 1.6 update 18 or later, or JRockit JDK 1.6 update 17 or later Note: If you are using JD Edwards EnterpriseOne Tools 9.2 and Application 9.2, see JDK requirement for JD Edwards EnterprisesOne Tools 9.2 and Application 9.2 for information related to JDK requirement. |
Depending on the Oracle Identity Manager version that you are using, you must deploy and use one of the following connectors:
If you are using an Oracle Identity Manager release that is earlier than Oracle Identity Manager 11g Release 1 (11.1.1), then you must use the 9.0.4.x version of this connector.
If you are using Oracle Identity Manager 11g Release 1 (11.1.1.5.0) or later (such as Oracle Identity Manager 11g Release 1 (11.1.1.5.6) BP06), or Oracle Identity Manager 11g Release 2 (11.1.2) or later, or Oracle Identity Manager 11g Release 2 PS3 (11.1.2.3.0), then use the latest 11.1.1.x version of this connector.
If you are using JD Edwards EnterpriseOne Tools 8.96 and Application 8.12 as the target system, then you must use the 9.0.4.x version of this connector, irrespective of the Oracle Identity Manager release you are using.
The connector supports the following languages:
Arabic
Chinese (Simplified)
Chinese (Traditional)
Czech
Danish
Dutch
English (U.S.)
Finnish
French
German
Greek
Hebrew
Hungarian
Italian
Japanese
Korean
Norwegian
Polish
Portuguese
Portuguese (Brazilian)
Romanian
Russian
Slovak
Spanish
Swedish
Thai
Turkish
Figure 1–1 shows the connector integrating JD Edwards EnterpriseOne with Oracle Identity Manager.
The JD Edwards EnterpriseOne User Management connector is implemented by using the Identity Connector Framework (ICF). The ICF is a component that provides basic reconciliation and provisioning operations that are common to all Oracle Identity Manager connectors. In addition, ICF provides common features that developers would otherwise need to implement on their own, such as connection pooling, buffering, time outs, and filtering. The ICF is shipped along with Oracle Identity Manager. Therefore, you need not configure or modify the ICF.
The target system, JD Edwards EnterpriseOne, is based on a client-server architecture. The JD Edwards EnterpriseOne User Management connector leverages this architecture to perform connector operations by calling business functions (BSFNs) within the JD Edwards Enterprise server or connecting to the JD Edwards Database, as required.
For provisioning operations such as Create, Update, and Delete, and reconciliation operations such as Search, Oracle Identity Manager makes SPI calls to ICF. In other words, Oracle Identity Manager invokes the connector bundle.
During provisioning, adapters carry provisioning data submitted through the process form to the target system. The adapters establish a connection with the connector bundle which inturn establishes a connection with a BSFN (for performing the required provisioning operation) in the target system by using the Dynamic Java Connector.
After the adapters establish a connection with the target system, the required provisioning operation is performed and the response from the target system is returned to the adapters.
Note:
See Oracle Fusion Middleware Administering Oracle Identity Manager for more information about scheduled jobs.
During reconciliation, a schedule task is run which calls the SearchOp operation of the connector bundle. The connector bundle establishes a connection with the database by using the JDBC driver and retrieves all records that match the reconciliation criteria. This result is then passed to Oracle Identity Manager.
The following are features of the connector:
You can use the connector to configure JD Edwards EnterpriseOne as either a target resource or trusted source of Oracle Identity Manager.
See Configuring Reconciliation for more information.
After you deploy the connector, you can perform full reconciliation to bring all existing user data from the target system to Oracle Identity Manager. After the first full reconciliation run, incremental reconciliation is automatically enabled. In incremental reconciliation, user accounts that have been added or modified since the last reconciliation run are fetched into Oracle Identity Manager.
You can perform a full reconciliation run at any time. See Performing Full Reconciliation for more information.
You can set a reconciliation filter as the value of the Filter attribute of the scheduled jobs. This filter specifies the subset of newly added and modified target system records that must be reconciled.
See Limited Reconciliation for more information.
If you want to add new attributes to the standard set of single-valued attributes for reconciliation and provisioning, then perform the procedures described in Extending the Functionality of the Connector.
You can reconcile data about user records that have been deleted on the target system that has been configured as a trusted source or target resource.
In target resource mode, if a user record is deleted on the target system, then the corresponding JDE User resource is revoked from the OIM User. In trusted source mode, if a user record is deleted on the target system, then the corresponding OIM User is deleted.
See Scheduled Job for Reconciliation of Deleted Users Records for more information about scheduled jobs used for reconciling data about deleted user records.
You can configure validation of account data that is brought into or sent from Oracle Identity Manager during reconciliation and provisioning. In addition, you can configure transformation of account data that is brought into Oracle Identity Manager during reconciliation. The following sections provide more information:
Connector Server is a component provided by ICF. By using one or more connector servers, the connector architecture permits your application to communicate with externally deployed bundles. In other words, a connector server enables remote execution of an Oracle Identity Manager connector.
A Java connector server is useful when you do not wish to execute a Java connector bundle in the same VM as your application. It can be beneficial to run a Java connector on a different host for performance improvements.
A connection pool is a cache of objects that represent physical connections to the target. Oracle Identity Manager connectors can use these connections to communicate with target systems. At run time, the application requests a connection from the pool. If a connection is available, then the connector uses it and then returns it to the pool. A connection returned to the pool can again be requested for and used by the connector for another operation. By enabling the reuse of connections, the connection pool helps reduce connection creation overheads like network latency, memory allocation, and authentication.
One connection pool is created for each IT resource. For example, if you have three IT resources for three installations of the target system, then three connection pools will be created, one for each target system installation.
Setting up the Lookup.JDE.Configuration Lookup Definition for Connection Pooling provides information about connection pooling.
Lookup definitions used during connector operations can be divided into the following categories:
During a provisioning operation, you use a lookup field on the process form to specify a single value from a set of values. For example, you use the Date Format lookup field to select a date format from the list of supported date formats. When you deploy the connector, lookup definitions corresponding to the lookup fields on the target system are automatically created in Oracle Identity Manager. Lookup field synchronization involves copying additions or changes made to the target system lookup fields into the lookup definitions in Oracle Identity Manager.
The following lookup definitions are populated with values fetched from the target system by the scheduled jobs for lookup field synchronization:
See Also:
Scheduled Job for Lookup Field Synchronization for information about these scheduled tasks
JDE Date Separation Character Lookup Reconciliation
JDE Date Format Lookup Reconciliation
JDE Decimal Format Characters Lookup Reconciliation
JDE Languages Lookup Reconciliation
JDE Localization Country Code Lookup Reconciliation
JDE Roles Lookup Reconciliation
JDE Time Format Lookup Reconciliation
JDE Universal Time Lookup Reconciliation
This section discusses the other lookup definitions that are created in Oracle Identity Manager when you deploy the connector. These lookup definitions are either prepopulated with values or values must be manually entered in them after the connector is deployed. The other lookup definitions are as follows:
The Lookup.JDE.Configuration lookup definition holds connector configuration entries that are used during target resource reconciliation and provisioning operations.
Table 1-2 lists the default entries in this lookup definition.
Table 1-2 Entries in the Lookup.JDE.Configuration Lookup Definition
Code Key | Decode | Description |
---|---|---|
Bundle Name |
org.identityconnectors.jde |
This entry holds the name of the connector bundle package. Do not modify this entry. |
Bundle Version |
1.0.1115 |
This entry holds the version of the connector bundle class. Do not modify this entry. |
Connector Name |
org.identityconnectors.jde.JDEConnector |
This entry holds the name of the connector class. Do not modify this entry. |
preferredLanguage |
E |
This entry holds the preferred language in which the target system is installed and used internally by the connector to fetch appropriate lookup values based on the value of the field. Depending on the language that you want to set, the decode value of this entry can be one of the following:
|
User Configuration Lookup |
Lookup.JDE.UM.Configuration |
This entry holds the name of the lookup definition that contains user-specific configuration properties. Do not modify this entry. |
The Lookup.JDE.Configuration.Trusted lookup definition holds connector configuration entries that are used during trusted source reconciliation.
Table 1-3 lists the default entries in this lookup definition.
Table 1-3 Entries in the Lookup.JDE.Configuration.Trusted Lookup Definition
Code Key | Decode | Description |
---|---|---|
Bundle Name |
org.identityconnectors.jde |
This entry holds the name of the connector bundle package. Do not modify this entry. |
Bundle Version |
1.0.1115 |
This entry holds the version of the connector bundle class. Do not modify this entry. |
Connector Name |
org.identityconnectors.jde.JDEConnector |
This entry holds the name of the connector class. Do not modify this entry. |
User Configuration Lookup |
Lookup.JDE.UM.Configuration.Trusted |
This entry holds the name of the lookup definition that contains user-specific configuration properties. Do not modify this entry. |
The Lookup.JDE.UM.Configuration lookup definition holds configuration entries that are specific to the user object type. This lookup definition is used during user management operations when your target system is configured as a target resource.
Table 1-4 lists the default entries in this lookup definition.
Table 1-4 Entries in the Lookup.JDE.UM.Configuration Lookup Definition
Code Key | Decode | Description |
---|---|---|
Provisioning Attribute Map |
Lookup.JDE.UM.ProvAttrMap |
This entry holds the name of the lookup definition that maps process form fields and target system attributes. See Lookup.JDE.UM.ProvAttrMap for more information about this lookup definition. |
Recon Attribute Map |
Lookup.JDE.UM.ReconAttrMap |
This entry holds the name of the lookup definition that maps resource object fields and target system attributes. See Lookup.JDE.UM.ReconAttrMap for more information about this lookup definition. |
The Lookup.JDE.UM.Configuration.Trusted lookup definition holds configuration entries that are specific to the user object type. This lookup definition is used during user management operations when your target system is configured as a trusted source.
Table 1-5 lists the default entries in this lookup definition.
Table 1-5 Entries in the Lookup.JDE.UM.Configuration.Trusted Lookup Definition
Code Key | Decode | Description |
---|---|---|
Recon Attribute Defaults |
Lookup.JDE.UM.ReconDefaults.Trusted |
This entry holds the name of the lookup definition that maps reconciliation fields and their default values. See Lookup.JDE.UM.ReconDefaults.Trusted for more information about this lookup definition. |
Recon Attribute Map |
Lookup.JDE.UM.ReconAttrMap.Trusted |
This entry holds the name of the lookup definition that maps resource object fields and target system attributes. See Lookup.JDE.UM.ReconAttrMap.Trusted for more information about this lookup definition. |
The Lookup.JDE.UM.ProvAttrMap lookup definition holds mappings between process form fields and target system attributes. This lookup definitions is used during provisioning. This lookup definition is preconfigured. Table 1-11 lists the default entries.
You can add entries in this lookup definitions if you want to map new target system attributes for provisioning. See Extending the Functionality of the Connector for more information.
The Lookup.JDE.UM.ReconAttrMap lookup definition holds mappings between resource object fields and target system attributes. This lookup definition is used during reconciliation. This lookup definition is preconfigured. Table 1-8 lists the default entries.
You can add entries in this lookup definitions if you want to map new target system attributes for reconciliation. See Extending the Functionality of the Connector for more information.
The Lookup.JDE.UM.ReconAttrMap.Trusted lookup definition holds mappings between resource object fields and target system attributes. This lookup definitions is used during trusted source user reconciliation runs. This lookup definition is preconfigured. Table 1-12 lists the default entries.
You can add entries in this lookup definitions if you want to map new target system attributes for reconciliation. See Extending the Functionality of the Connector for more information.
The Lookup.JDE.UM.ReconDefaults.Trusted lookup definition holds mappings between reconciliation fields and their default values. This lookup definition is used when there is a mandatory field on the OIM User form, but no corresponding field in the target system from which values can be fetched during trusted source reconciliation.
Table 1-6 lists the default entries in this lookup definition.
Table 1-6 Entries in the Lookup.JDE.UM.ReconDefaults.Trusted Lookup Definition
Code Key | Decode |
---|---|
Employee Type |
Full-Time |
Organization |
Xellerate Users |
User Type |
End-User |
You add entries to this lookup definition in the following format, if required:
Code Key: Name of the reconciliation field of the JDE User resource object
Decode: Corresponding default value to be displayed
For example, assume a field named Preferred Language is a mandatory field on the OIM User form. Suppose the target system contains no field that stores information about the preferred language of communication for a user account. During reconciliation, no value for the Preferred Language field is fetched from the target system. However, as the Preferred Language field cannot be left empty, you must specify a value for this field. Therefore, create an entry in this lookup definition with the Code Key value set to Preferred Language and Decode value set to English. This implies that the value of the Preferred Language field on the OIM User form displays English for all user accounts reconciled from the target system.
The Lookup.JDE.FastPathCreate lookup definition maps possible values for the Fast Path Create attribute of the target system with the corresponding values to be displayed in the Fast Path Create field of the OIM User form.
Table 1-7 lists the default entries in this lookup definition.
Table 1-7 Entries in the Lookup.JDE.FastPathCreate Lookup Definition
Code Key | Decode |
---|---|
N |
No |
Y |
Yes |
Target resource reconciliation involves fetching data about newly created or modified accounts on the target system and using this data to add or modify resources assigned to OIM Users.
The JDE User Target Reconciliation scheduled job is used to initiate a target resource reconciliation run. This scheduled job is discussed in Scheduled Jobs for Reconciliation of User Records.
See Also:
Managing Reconciliation in Oracle Fusion Middleware Administering Oracle Identity Manager for conceptual information about reconciliation
The following sections provide information about connector objects used during target resource reconciliation:
The Lookup.JDE.UM.ReconAttrMap lookup definition maps resource object fields and target system attributes. This lookup definition is used for performing target resource user reconciliation runs.
In this lookup definition, entries are in the following format:
Code Key: Reconciliation field of the resource object
Decode: Name of the target system attribute, prefixed with the table name. The following is the format in which you must enter the Decode value:
TABLE_NAME.ATTR_NAME
In this format, TABLE_NAME is the name of the table in the target system database in which the attribute is present. ATTR_NAME is the name of the attribute in the target system.
Table 1-8 provides information about user attribute mappings for target resource reconciliation.
Table 1-8 User Attributes for Target Resource Reconciliation
Resource Object Field | Target System Field |
---|---|
Date Format[LOOKUP] |
F00921.FRMT |
Date Separation Character[LOOKUP] |
F00921.DSEP |
Decimal Format Character[LOOKUP] |
F00921.DECF |
Fast Path Create |
F0092.FSTP |
Language[LOOKUP] |
F00921.LNGP |
Localization Country Code[LOOKUP] |
F00921.CTR |
ReturnValue |
__UID__ |
Roles~Effective Date[DATE] |
roles~JDERole~F95921.EFFDATE |
Roles~Expiration Date[DATE] |
roles~JDERole~F95921.EXPIRDATE |
Roles~Include in ALL |
roles~JDERole~F95921.FUROLE1 |
Roles~Role[LOOKUP] |
roles~JDERole~F95921.FRROLE |
Status |
__ENABLE__ |
Time Format[LOOKUP] |
F00921.TIMEFORM |
Universal Time[LOOKUP] |
F00921.UTCTIME |
User ID |
__NAME__ |
This section contains the following topics:
About Reconciliation Rule for Target Resource Reconciliation
Viewing the Reconciliation Rule for Target Resource Reconciliation
See Also:
Creating Reconciliation Metadata in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for generic information about reconciliation matching and action rules
The following is the process-matching rule:
Rule name: JDE Target Recon Rule
Rule element: User Login Equals UserID
In this rule:
User Login is the User ID attribute on the OIM User form.
User ID is the User ID field of JD Edwards.
This section contains the following topics:
Table 1-9 lists the action rules for target resource reconciliation.
Table 1-9 Action Rules for Target Resource Reconciliation
Rule Condition | Action |
---|---|
One Entity Match Found |
Establish Link |
One Process Match Found |
Establish Link |
Note:
No action is performed for rule conditions that are not predefined for this connector. You can define your own action rule for such rule conditions. For information about modifying or creating reconciliation action rules, see Setting a Reconciliation Action Rule in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager.
Provisioning involves creating or modifying user data on the target system through Oracle Identity Manager.
See Also:
Managing Provisioning Tasks in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Manager for conceptual information about provisioning
This section discusses the following topics:
Table 1-10 lists the provisioning functions that are supported by the connector. The Adapter column gives the name of the adapter that is used when the function is performed.
Table 1-10 Provisioning Functions
Function | Adapter |
---|---|
Create User |
adpJDEUSERCREATE |
Update User |
adpJDEUPDATEUSER |
Enable User |
adpJDEENABLEUSER |
Disable User |
adpJDEDISABLEUSER |
Delete User |
adpJDEUSERDELETE |
Add User Role |
adpJDEADDROLETOUSER |
Update User Role |
adpJDEUPDATEROLE |
Remove User Role |
adpJDEREMOVEUSERROLE |
Update a multiple attributes (for example, Date Format, Time Format, and Localization) together |
adpJDEMULTIUPDATE |
The Lookup.JDE.UM.ProvAttrMap lookup definition maps process form fields with target system attributes. This lookup definition is used for performing user provisioning operations.
Table 1-11 lists the user identity fields of the target system for which you can specify or modify values during provisioning operations.
Table 1-11 Entries in the Lookup.JDE.UM.ProvAttrMap lookup definition
Process Form Field | Target System Field |
---|---|
Date Format[LOOKUP] |
szDateformat |
Date Separation Character[LOOKUP] |
cDateSeparator |
Decimal Format Character[LOOKUP] |
cDecimalFormat |
Fast Path Create |
cFastPathCreate |
Language[LOOKUP] |
szLanguagePreference |
Localization Country Code[LOOKUP] |
szCountry |
Password |
__PASSWORD__ |
ReturnValue |
__UID__ |
Time Format[LOOKUP] |
szTimeFormat |
UD_JDEROL~Effective Date[DATE] |
roles~JDERole~jdEffectiveDate |
UD_JDEROL~Expiration Date[DATE] |
roles~JDERole~jdExpirationDate |
UD_JDEROL~Include in *ALL |
roles~JDERole~cIncludedInALL |
UD_JDEROL~Role[LOOKUP] |
roles~JDERole~szRole |
Universal Time[LOOKUP] |
szUniversalTime |
User ID |
__NAME__ |
Trusted source reconciliation involves fetching data about newly created or modified accounts on the target system and using that data to create or update OIM Users.
See Also:
Trusted Source Reconciliation in Oracle Fusion Middleware Administering Oracle Identity Manager for conceptual information about trusted source reconciliation
The following sections provide information about connector objects used during trusted source reconciliation:
The Lookup.JDE.UM.ReconAttrMap.Trusted lookup definition maps user fields of the OIM User form with corresponding field names in the target system. This lookup definition is used for performing trusted source reconciliation runs.
Table 1-12 lists user attributes for trusted source reconciliation.
Table 1-12 Entries in the Lookup.JDE.UM.ReconAttrMap.Trusted Lookup Definition
OIM User Form Field | Target System Field |
---|---|
Last Name |
__NAME__ |
Status[TRUSTED] |
__ENABLE__ |
User ID |
__NAME__ |
This section contains the following topics:
See Also:
Managing Reconciliation in Oracle Fusion Middleware Administering Oracle Identity Manager for generic information about reconciliation matching and action rules
The following is the process matching rule:
Rule name: JDE Trusted Recon Rule
Rule element: User Login Equals User ID
In this rule element:
User Login is the User ID field on the OIM User form.
User ID is the User field of JD Edwards.
This section contains the following topics:
Table 1-13 lists the action rules for target resource reconciliation.
Table 1-13 Action Rules for Trusted Source Reconciliation
Rule Condition | Action |
---|---|
No Matches Found |
Create User |
One Entity Match Found |
Establish Link |
One Process Match Found |
Establish Link |
Note:
No action is performed for rule conditions that are not predefined for this connector. You can define your own action rule for such rule conditions. See Setting a Reconciliation Action Rule in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for information about modifying or creating reconciliation action rules.
The following is the organization of information in the rest of this guide:
Deploying the Connector describes procedures that you must perform on Oracle Identity Manager and the target system during each stage of connector deployment.
Using the Connector describes guidelines on using the connector and the procedure to configure reconciliation runs and perform provisioning operations.
Extending the Functionality of the Connector describes procedures that you can perform if you want to extend the functionality of the connector.
Known Issues and Limitations lists known issues and limitation associated with this release of the connector.