Note:
In this guide, a target system that exposes webservice endpoint has been referred to as the target system. ACME Webservice is used as a sample target system to discuss the configurations and the connector objects.
The following are the prerequisites for configuring the SOA composite with the connector webservice client and the target webservice:
Knowledge of webservices, WSDLs, SOA composite, and BPEL Process components
The WSDL should be well-defined for the target webservice, exposing the schema details and the operations.
Oracle JDeveloper 11g (11.1.1.9.0) with SOA Composite Editor extension, for configuring and wiring SOA composite with the connector
Note:
Ensure the version of JDeveloper you are using is compatible with the SOA server. You can download JDeveloper from:
http://www.oracle.com/technetwork/developer-tools/jdev/downloads/jdeveloper111190-2538883.html
In addition, ensure to use the compatible version of Connector Server JDK while using Oracle JDeveloper 11g (11.1.1.9.0).
For information about downloading and installing the SOA Composite Editor extension, visit:
http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/156082.xml#oracle.sca.modeler
XSL Transformations, for payload conversions
The complexity of the wiring depends on the target webservice. For example, Amazon webservice expects every SOAP request to be signed and the signature would change for every request. This signature has to be computed as part of the composite.
The connector package contains a set of templates and a build utility. The build utility is a script that generates Oracle Identity Manager artifacts specific to the target webservice from the set of templates. It also generates SOA composite project that you can use to wire the connector client webservice against the target webservice.
Note:
You can build a connector specific to different target webservices using the build utility. Cloning of this connector is not supported.
To build the connector:
The connector uses SOA to connect to the target webservice and perform operations on them. The variables in the SOA composite must be mapped to the variables on the target system.
After building the connector as per Building the Connector Bundle, you can open the generated SOA composite project in JDeveloper to wire the templates against the target webservice. After completing the wiring of the SOA composite, you can configure SOA WebSecurity policies in the composite.xml file for authentication by including the specific policy and binding properties.
Note:
As a best practice, you can configure how errors and faults are handled for each operation. See Handling Faults for more information.
This section describes the following procedures:
Deploy your target on SOA server.
After performing the procedure described in Configuring the Partner Link, you can configure the create operation in the SOA composite as follows:
See Also:
Adding Custom Attributes for Provisioning in SOA Composite for information about adding custom attributes for the Create operation
Service Provisioning Markup Language (SPML) is an XML-based framework based on the concepts of Directory Service Markup Language (DSML) for exchanging user, resource, and service provisioning information between cooperating organizations.
This section discusses the following topics:
Before configuring the create operation for SPML:
After performing the procedure described in Configuring the Partner Link, you can configure the delete operation in the SOA composite using the following procedure. The UID of the user to be deleted will be the input from Oracle Identity Manager to the SOA composite. This input has to be mapped to the Unique Id of the user to be deleted in the target webservice.
Learn how to configure the update operation in the SOA composite.
This section discusses the following topics:
Before configuring the update operation in the SOA composite:
As a prerequisite, configure the update operation and create the transformation XSL file as described in Configuring the Update Operation. Consider the target variable Status that can have a value of Active or Inactive.
To configure the enable or disable operation for provisioning in the SOA composite:
The search branch is invoked when a trusted source or target resource user reconciliation scheduled job is run from Oracle Identity Manager. This operation will fetch a list of users and their attributes from the target webservice. The list is converted to a list of userSearchRecords that are returned to Oracle Identity Manager.
See Also:
Adding Custom Attributes for Reconciliation in SOA Composite for information about adding custom attributes for the Search operation
Mapping Timestamp Attribute for information about converting timestamp attribute to long type, which is the type used in the connector
This section discusses the following topics:
After performing the procedure described in Configuring the Partner Link, you can configure the search operation as follows:
Note:
If your target system version has complex multivalued attributes, perform the procedure mentioned in Reconciliation of Complex Child Forms With Multiple Attributes.
You can map simple child table values in the SOA Composite. To do so, in the search transform, perform the following mapping for the child table values:
Add a "for each" loop for the child table value and map the child table value to the "values" attribute in the multivaluedAttribute.
For example, in this case, "Group" is the child table, and each group is mapped to the "values" element in the multivaluedAttribute.
This mapping will have the following values:
<multivaluedAttributes> <name> <xsl:text disable-output-escaping="no">Group</xsl:text> </name> <xsl:for-each select="tns:Groups/group"> <values> <xsl:value-of select="."/> </values> </xsl:for-each> </multivaluedAttributes>
As a prerequisite, configure the search operation and create the transformation XSL file as described in Configuring the Search Operation. Consider the target variable Status that can have a value of Active or Inactive.
To configure the enable or disable operation for reconciliation in the SOA composite:
The lookup search branch is invoked when the webservice connector lookup scheduled job is run from Oracle Identity Manager. The lookup search operation accepts objectClass
as input that is passed as scheduled task parameter and returns a list of lookupEntries,
which is a list of name, value pair. The list of names and values in the output will be set as the Decode and Code Key values of the lookup definition respectively.
After performing the procedure described in Configuring the Partner Link, you can configure the lookup search operation as follows:
This section describes how to configure password reset operations from the SOA composite. After the mappings are configured, a custom outbound policy will be attached to decrypt the password fields. Sensitive fields that are sent from Oracle Identity Manager are encrypted. The outbound policy also ensures that the password fields do not appear in clear text in the SOAP payloads in Enterprise Manager.
After performing the procedure described in Configuring the Partner Link, you can configure the reset password operation as follows:
Learn about fault handing and how to configure it in the SOA composite.
This section discusses the following topics:
Fault handling is an important aspect of configuring the SOA composite. In the case of any faults and errors, a correct response must be provided to the connector and to Oracle Identity Manager from the target webservice. This should be configured at the SOA composite level as the remote fault thrown by the target webservice operation has to be mapped against the corresponding connector-specific faults.
The following table lists the faults defined in the connector webservice (WebserviceConnectorService) WSDL:
Fault | Description | Operations that can throw this fault |
---|---|---|
AlreadyExistsException |
An account already exists in the target webservice. |
Create |
UnknownUidException |
The passed unique ID is invalid or does not exist in the target webservice. |
All operations except Create |
ConnectionBrokenException |
The target webservice endpoint is not reachable. |
All operations |
ConnectorException |
Any other fault. |
All operations |
To configure fault handling in the SOA composite for the Create operation:
See Also:
Handling Faults with Catch Blocks for information about handling faults for the target webservice operations that throw faults instead of sending responses