2 Deploying the Fusion Apps Connector

The procedure to deploy the connector is divided across three stages namely preinstallation, installation, and postinstallation.

The following topics provide details on these stages:

2.1 Preinstallation

Preinstallation for the Fusion Apps connector involves performing a series of tasks on the target system.

Preinstallation involves the following tasks:
  1. Copy the external code files by creating a directory named FAPPS-RELEASE NUMBER under the OIM_HOME/server/ConnectorDefaultDirectory/targetsystems-lib/directory.

    For example, if you are using release 11.1.1.5.0 of this connector, then create a directory named FAAPPS-11.1.1.5.0 in the OIM_HOME/server/ConnectorDefaultDirectory/targetsystems-lib/directory.

  2. Install the Flat File Connector Release 11.1.1.5.0 from the FMW_HOME/connectors/flat_file directory.
    See Installation in Oracle Identity Manager Connector Guide for Flat File.
  3. Configure the Flat File Connector IT Resource. To do so:
    1. Ensure that you have been assigned an FA service account with the ORA_FND_IT_SECURITY_MANAGER_JOB role. This role is required for both FA Identity Service and FA User Request Service.
    2. Edit the Flat File Users IT resource.
    3. From the View IT Resource Details and Parameters window, for the schemaFile parameter, enter the absolute path of the Flat File schema file.

      Sample value: /scratch/shahas/flatfile/schema/FlatFileSchema.txt

  4. Update the Lookup.FlatFile.UM.Configuration lookup definition by setting the decode value as follows:

    • Set the decode value of the Recon Attribute Map code key to Lookup.FAUserRequestService.UM.ReconAttrMap.Trusted.

    • Set the decode value of the Recon Attribute Defaults code key to Lookup.FAUserRequestService.UM.ReconAttrMap.TrustedDefaults.

2.2 Installation

You must install the connector in Oracle Identity Manager. If necessary, you can also deploy the connector in a Connector Server.

The following topics provide details on installing the Fusion Apps connector:

2.2.1 Understanding Installation of the Fusion Apps Connector

You can run the connector code either locally in Oracle Identity Manager or remotely in a Connector Server.

Depending on where you want to run the connector code (bundle), the connector provides the following installation options:

  • Run the connector code locally in Oracle Identity Manager. In this scenario, you deploy the connector in Oracle Identity Manager. Deploying the connector in Oracle Identity Manager involves performing the procedures described in Running the Connector Installer and Configuring the IT Resource for the Target System.

  • Run the connector code remotely in a Connector Server. In this scenario, you deploy the connector in Oracle Identity Manager, and then, deploy the connector bundle in a Connector Server. See Using an Identity Connector Server in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for information about installing, configuring, and running the Connector Server, and then installing the connector in a Connector Server.

2.2.2 Running the Connector Installer

When you run the Connector Installer, it automatically copies the connector files to directories in Oracle Identity Manager, imports connector XML files, and compiles adapters used for provisioning.

To run the Connector Installer, perform the following procedure:

  1. Copy the contents of the connector installation media into the following directory:

    OIM_HOME/server/ConnectorDefaultDirectory

  2. Log in to Oracle Identity System Administration.
  3. In the left pane, under Provisioning Configuration, click Manage Connector.
  4. In the Manage Connector page, click Install.
  5. From the Connector List list, select Fusion Apps Connector RELEASE_NUMBER. This list displays the names and release numbers of connectors whose installation files you copy into the default connector installation directory: OIM_HOME/server/ConnectorDefaultDirectory. If you have copied the installation files into a different directory, then:

    1. In the Alternative Directory field, enter the full path and name of that directory.

    2. To repopulate the list of connectors in the Connector List list, click Refresh.

    3. From the Connector List list, select Fusion Apps Connector RELEASE_NUMBER.

  6. Click Load.
  7. To start the installation process, click Continue. In a sequence, the following tasks are automatically performed:

    1. Connector library configuration.

    2. Import of the connector XML files (by using the Deployment Manager).

    3. Adapter compilation.

    On successful completion of a task, a check mark is displayed for the task. If a task fails, then an X mark along with a message stating the reason for failure is displayed. If a task fails, then make the required correction and perform one of the following steps:

    1. Retry the installation by clicking Retry.

    2. Cancel the installation and begin the procedure from Step 3.

  8. If all three tasks of the connector installation process are successful, then a message indicating successful installation is displayed.
  9. Click Exit to close the installation page.

When you run the Connector Installer, it copies the connector files and external code files to destination directories on the Oracle Identity Manager host computer. These files are listed in Files and Directories on the Fusion Apps Connector Installation Media.

2.2.3 Configuring the IT Resource for the Target System

An IT resource for your target system is created after you install the connector. You configure this IT resource to let the connector connect Oracle Identity Manager with your target system.

This section provides information about the following topics:

2.2.3.1 IT Resource Parameters

An IT resource is composed of parameters that store connection and other generic information about a target system. Oracle Identity Manager uses this information to connect to a specific installation or instance of your target system.

The list of IT resource parameters for this connector can be grouped into the following categories:

  • IT Resource Parameters for FA User Request Service

  • IT Resource Parameters for FA Identity Service

Table 2-1 lists IT resource parameters for FA User Request Service and Table 2-2 lists IT resource parameters for FA Identity Service.

Table 2-1 IT Resource Parameters for FA User Request Service

Parameter Description

host

Host name or IP address of the computer hosting the target system.

Sample value: myhost.example.com

port

Port number at which the target system is listening.

Sample value: 10619

userRequestServiceUri

This parameter holds the uniform resource identifier for user request service API.

Sample value: 
/hcmCoreApi/atomservlet/user/userRequests

userName

This parameter is the user ID of the database user account that Oracle Identity Manager uses to connect to the target system.

Sample value: 
HCM_INTEGRATION_HCM

password

This parameter is the password of the database user account that Oracle Identity Manager uses to connect to the target system.

proxyHost

Name of the proxy host used to connect to an external target system.

Sample value: proxy.fusionapps.com

proxyPassword

Password of the proxy user ID of the target system user account that Oracle Identity Manager uses to connect to the target system.

proxyPort

Proxy port number.

Sample value: 80

proxyUsername

This parameter is the user ID of the proxy that is used to connect to the target system.

socketTimeout

This parameter sets the default socket timeout in milliseconds which is the timeout period for data waiting.

connectionTimeout

This parameter sets the timeout until a connection is established.

Configuration Lookup

Name of the lookup definition that stores configuration information used during reconciliation and provisioning operations.

Default value: Lookup.FAUserRequestService.Configuration.Trusted

sslEnabled

Default value: False

If the target system is SSL based, set the value of this parameter to 'true', else set to 'false'. After the value is set, perform the procedure mentioned in Configuring SSL for the Fusion Apps Connector in order to enable Oracle Identity Manager to setup SSL Handshake with the target system.

Table 2-2 IT Resource Parameters for FA Identity Service

Parameter Description

adminUser

Enter the user ID of the target system user account that you create for connector operations.

adminPassword

Enter the password of the target system user account that you create for connector operations.

userEndPoint

This parameter holds the end point URL used to perform operations on users.

Sample value: /hcmCoreSetupApi/scim/Users

roleEndPoint

This parameter holds the end point URL used to add or remove users to or from a Role.

Sample value: /hcmCoreSetupApi/scim/Roles

userSchemaEndPoint

This parameter holds the endpoint URL used to get the user schema.

Sample value: /hcmCoreSetupApi/scim/Schemas/urn:scim:schemas:core:2.0:User

Configuration Lookup

Name of the lookup definition that stores configuration information used during reconciliation and provisioning operations.

Default value: Lookup.FAIdentityService.Configuration

Connector Server Name

This parameter holds the hostname of the machine where the connector server resides.

proxyHost

Name of the proxy host used to connect to an external target system.

Sample value: proxy.fusionapps.com

proxyPassword

Password of the proxy user ID of the target system user account that Oracle Identity Manager uses to connect to the target system.

proxyPort

Proxy port number.

Sample value: 80

proxyUsername

This parameter is the user ID of the proxy that is used to connect to the target system.

host

Host name or IP address of the computer hosting the target system.

Sample value: myhost.example.com

port

Port number at which the target system is listening.

Sample value: 10619

socketTimeout

This parameter sets the default socket timeout in milliseconds which is the timeout period for data waiting.

connectionTimeout

 This parameter sets the timeout until a connection is established.

sslEnabled

Default value: False

If the target system is SSL based, set the value of this parameter to 'true', else set to 'false'. After the value is set, perform the procedure mentioned in Configuring SSL for the Fusion Apps Connector in order to enable Oracle Identity Manager to setup SSL Handshake with the target system.

2.2.3.2 Specifying Values for the IT Resource Parameters

The IT resource for the target system contains connection information about the target system. Oracle Identity Manager uses this information during provisioning and reconciliation.

The Fusion Apps IT resource is automatically created when you run the Connector Installer. You must specify values for the parameters of the IT resource. To specify values:

  1. Log in to Oracle Identity System Administration.
  2. In the left pane, under Configuration, click IT Resource.
  3. In the IT Resource Name field on the Manage IT Resource page, enter FA Identity Service or FA User Request Service and then click Search.
  4. Click Edit for the IT resource.
  5. From the list at the top of the page, select Details and Parameters.
  6. Specify values for the parameters of the Fusion Apps IT Resource. IT Resource Parameters describes each parameter.
  7. To save the values, click Update.

2.3 Postinstallation

Postinstallation for the Fusion Apps connector involves configuring Oracle Identity Manager, enabling logging to track information about all connector events, and configuring SSL. It also involves performing some optional configurations such as localizing the user interface.

The postinstallation steps are divided across the following sections:

2.3.1 Configuring Resource Object Dependency

To configure resource object dependency, perform the following procedure:

See Also:

If you are using the non LDAP Sync topology, install the required enterprise directory and configure the resource object dependency. If you are using any other topologies, do not perform the procedure mentioned here.
  1. Log in to the Design Console.
  2. Expand Resource Management, and then double-click Resource Objects.
  3. In the Object Definition region, search for and specify FA User in the Name field.
  4. Select the Depends On tab, and click Assign. A list of resource objects of the already installed connectors are displayed.
  5. To configure and add the resource object, specify and double-click the resource object of the installed enterprise directory.
  6. Click Save.

2.3.2 Configuring Oracle Identity Manager

You must create an UI form and an application instance for the resource against which you want to perform reconciliation and provisioning operations. In addition, you must run entitlement and catalog synchronization jobs.

These procedures are described in the following sections:

2.3.2.1 Creating and Activating a Sandbox

You must create and activate a sandbox to begin using the customization and form management features. You can then publish the sandbox to make the customizations available to other users.

See Creating a Sandbox and Activating and Deactivating a Sandbox in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager.

2.3.2.2 Creating a New UI Form

See Creating Forms By Using the Form  in Oracle Fusion Middleware Administering Oracle Identity Manager for instructions on creating a new UI form. While creating the UI form, ensure that you select the resource object corresponding to the Fusion Apps connector that you want to associate the form with. In addition, select the Generate Entitlement Forms check box.

2.3.2.3 Creating an Application Instance

Perform the following steps to create and application instance:

  1. In the left pane of the System Administration console, under Configuration, click Application Instances. The Application Instances page is displayed.
  2. From the Actions menu, select Create. Alternatively, click Create on the toolbar. The Create Application Instance page is displayed.
  3. Specify values for the following fields:

    • Name: The name of the application instance.

    • Display Name: The display name of the application instance.

    • Description: A description of the application instance.

    • Resource Object: The resource object name. Click the search icon next to this field to search for and select the FA User.

    • IT Resource Instance: The IT resource instance name. Click the search icon next to this field to search for and select the name.

    • Form: Select the form name (created in Creating a New UI Form).

  4. Click Save. The application instance is created.
  5. Publish the application instance to an organization to make the application instance available for requesting and subsequent provisioning to users. See Publishing an Application Instance to Organizations in Oracle Fusion Middleware Administering Oracle Identity Manager.

2.3.2.4 Upgrading User Form in Oracle Identity Manager

This connector creates a new OIM user attribute (UDF) FA User GUID. Although this user attribute (UDF) is added to a new User Form version, the User Form from the old version is only used for all operations. To use the latest form version which contains the GUID field, you must customize the associated pages on the interface to upgrade to the latest User Form and add the custom form fields. To do so, perform the following procedure:
  1. Log in to Oracle Identity System Administration.
  2. From the Upgrade region, click Upgrade User Form. The FA User GUID UDF is listed.
  3. Click Upgrade.

2.3.2.5 Publishing a Sandbox

Before publishing a sandbox, perform the following procedure as a best practice to validate all sandbox changes made till this stage as it is difficult to revert the changes after a sandbox is published:
  1. In Identity System Administration, deactivate the sandbox.
  2. Log out of Identity System Administration.
  3. Log in to Identity Self Service using the xelsysadm user credentials and then activate the sandbox that you deactivated in Step 1.
  4. In the Catalog, ensure that the Fusion Apps application instance form appears with correct fields.
  5. Publish the sandbox. See Publishing a Sandbox in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager.

2.3.2.6 Harvesting Entitlements and Sync Catalog

To harvest entitlements and sync catalog:
  1. Run the scheduled jobs for lookup field synchronization listed in Scheduled Job for Lookup Field Synchronization for Fusion Apps Connector.
  2. Run the Entitlement List scheduled job to populate the Entitlement Assignment schema from the child process form table.
  3. Run the Catalog Synchronization Job scheduled job.

See Also:

Predefined Scheduled Tasks in Oracle Fusion Middleware Administering Oracle Identity Manager for a description of the Entitlement List and Catalog Synchronization Job scheduled jobs

2.3.2.7 Updating an Existing Application Instance with a New Form

For any changes you do in the Form Designer, you must create a new UI form and update the changes in an application instance. To update an existing application instance with a new form:

  1. Create a sandbox and activate it .See Creating a Sandbox and Activating and Deactivating a Sandbox in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager.
  2. Create a new UI form for the resource.See Creating Forms By Using the Form Designer in Oracle Fusion Middleware Administering Oracle Identity Manager.
  3. Open the existing application instance.
  4. In the Form field, select the new UI form that you created.
  5. Save the application instance.
  6. Publish the sandbox. See Publishing a Sandbox in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager.

2.3.2.8 Updating an Application Instance

You can update the application instance created for Fusion Apps by performing the procedure mentioned in Creating an Application Instance with the differences described in this section.

In Step 3 of the procedure, you must specify the following values:

  • Name: FusionApps User

  • Display Name: Fusion Apps User

  • Description: Application instance for FusionApps

  • Resource Object: FA User

  • IT Resource Instance: FA Identity Service

  • Form: Click on the drop-down list and select the form that you created for FA

In addition to the above parameters, you must provide a value for the Parent AppInstance parameter. To do so, you must click the search icon in the field and select the app instance created for the enterprise directory.

2.3.3 Updating Access Policies

Depending on the use case, update corresponding access policies.

Based on the use case that you are using, perform one of the procedures discussed in this section:

2.3.3.1 FA Source of Truth - Cloud or On-Premise Use Case

If you are using the FA Source of Truth - Cloud or On-Premise use case, perform the following procedure:
  1. Log in to Oracle Identity System Administration.
  2. In the System Administration Console, click Access Policies under the Policies menu. The Manage Access Policies page is displayed.
  3. Click Search Access Policies.
  4. Enter FA Access Policy For FA User in the search field.
  5. To view the details of this Access Policy, click on the search result. The Access Policy Details page is displayed.
  6. To edit the Fusion Apps resource FA User, click the Edit link corresponding to the resource. A set of fields are displayed.
  7. For all mandatory fields, you must provide values. Each mandatory field is marked by a asterisk (*) wildcard character. For example, you must enter FA identity service as the value for the mandatory field, Service Instance.
  8. Add resources to be provisioned by this access policy corresponding to installed enterprise directory. To do so, click Change.
  9. Click the Edit link to edit the newly added resource and provide values for all mandatory fields.
  10. Click Save.
  11. Click Exit.

2.3.3.2 HRMS or IDM Source of Truth - FA on Cloud or On-Premise Use Case

If you are using the HRMS or IDM Source of Truth - FA on Cloud or On-Premise use case, perform the following procedure:
  1. Repeat steps 1 through 10 of FA Source of Truth - Cloud or On-Premise Use Case with the following difference:

    While performing Step 4, instead of entering FA Access Policy For FA User, enter FA Access Policy For External User.

  2. To update the user membership rule of the role FA Role for External User, navigate to the Manage region and select Roles.
  3. Click FA Role for External User, and select Members.
  4. Select the Edit link to edit the rule.
  5. Click Save and then Exit.

2.3.3.3 FA and External HRMS Source of Truth - FA on Cloud or On-Premise Use Case

If you are using the FA and External HRMS Source of Truth - FA on Cloud or On-Premise use case, perform the following procedure:
  1. Repeat steps 1 through 11 of FA Source of Truth - Cloud or On-Premise Use Case.
  2. Reopen the Manage Access Policies page and click Search Access Policies.
  3. Enter FA Access Policy For External User in the search field.
  4. Repeat steps 5 through 11 of FA Source of Truth - Cloud or On-Premise Use Case.
  5. To update the user membership rule of the role "FA Role for External User", navigate to the Manage region and select Roles.
  6. Click FA Role for External User, and select Members.
  7. Select the Edit link to edit the rule.
  8. Click Save and then Exit.

2.3.3.4 FA Source of Truth With LDAP Sync - FA on Cloud or On-Premise Use Case

If you are using the FA Source of Truth With LDAP Sync - FA on Cloud or On-Premise use case, perform the following procedure:
  1. Repeat steps 1 through 7 of FA Source of Truth - Cloud or On-Premise Use Case.
  2. Click Save and then Exit.

2.3.3.5 External HRMS Source of Truth With LDAP Sync - FA on Cloud or On-Premise Use Case

If you are using the External HRMS Source of Truth With LDAP Sync - FA on Cloud or On-Premise use case, perform the following procedure:
  1. Repeat steps 1 through 7 of FA Source of Truth - Cloud or On-Premise Use Case with the following difference:

    While performing Step 4, instead of entering FA Access Policy For FA User, enter FA Access Policy For External User.

  2. To update the user membership rule of the role FA Role for External User, navigate to the Manage region and select Roles.
  3. Click FA Role for External User, and select Members.
  4. Select the Edit link to edit the rule.
  5. Click Save and then Exit.

2.3.3.6 FA and External HRMS Source of Truth With LDAP Sync - FA on Cloud or On-Premise Use Case

If you are using the FA and External HRMS Source of Truth With LDAP Sync - FA on Cloud or On-Premise use case, perform the following procedure:
  1. Repeat steps 1 through 7 of FA Source of Truth - Cloud or On-Premise Use Case.
  2. Click Save and then Exit.
  3. Reopen the Manage Access Policies page and click Search Access Policies.
  4. Enter FA Access Policy For External User in the search field.
  5. Repeat steps 5 through 11 of FA Source of Truth - Cloud or On-Premise Use Case.
  6. To update the user membership rule of the role FA Role for External User, navigate to the Manage region and select Roles.
  7. Click FA Role for External User, and select Members.
  8. Select the Edit link to edit the rule.
  9. Click Save and then Exit.

2.3.4 Process Task Updates

To update process tasks, you must first create a new task for the process definition form of the enterprise directory being used.

To do so, perform the following procedure:

Note:

Perform the steps mentioned in this section only if Oracle Identity Manager is in non LDAP Sync mode.
  1. Log in to the Design Console.
  2. Expand Process Management, and then double-click Process Definition.
  3. Open the process definition for FA User.
  4. Select the Tasks tab.
  5. Click Add. The Creating New Task dialog box is displayed.
  6. Add new process task ‘Update SSO Attributes’ to FA user process definition.
  7. In the Task Name field, enter the name of the process task.
  8. From the Integration tab select CopyProcessFormData system adapter.
  9. Create Response SUCCESS as status C
  10. From the Toolbar of the Creating New Task window, click Save.
  11. Select the following check boxes:

    • Conditional

    • Allow Multiple Instances

    • Allow Cancellation While Pending

  12. Click Save and then Exit.
  13. Call the “Email ID updated” process task to the list of task to generate in SUCCESS.
  14. Add this newly created task to the SUCCESS response of tasks Create FA Account and Link FA Account.
  15. Click Save and then Exit.

You must update the process definition for the installed enterprise directory. To do so, perform the following procedure:

  1. Log in to the Design Console.

  2. Expand Process Management, and then double-click Process Definition.

  3. Open the process definition for the installed enterprise directory.

  4. Select the Tasks tab.

  5. In the Task Name field, enter the name of the process task. Add new process task ‘Update SSO Attributes’ to ‘LDAP User process definition.

  6. From the Integration tab select UpdateDepProcessFormData system adapter.

  7. From the Toolbar of the Creating New Task window, click Save.

  8. Select the following check boxes:

    • Conditional

    • Allow Multiple Instances

    • Allow Cancellation While Pending

  9. Click Save and then Exit.

  10. Add this newly created task to the SUCCESS response of tasks responsible for email id update.

  11. Click Save and then Exit.

2.3.5 Clearing Content Related to Connector Resource Bundles from the Server Cache

When you deploy the connector, the resource bundles are copied from the resources directory on the installation media into the Oracle Identity Manager database. Whenever you add a new resource bundle to the connectorResources directory or make a change in an existing resource bundle, you must clear content related to connector resource bundles from the server cache.

To clear content related to connector resource bundles from the server cache:
  1. In a command window, switch to the OIM_HOME/server/bin directory.
  2. Enter one of the following commands:

    • On Microsoft Windows: PurgeCache.bat All

    • On UNIX: PurgeCache.sh All

    Note:

    You can use the PurgeCache utility to purge the cache for any content category. Run PurgeCache.bat CATEGORY_NAME on Microsoft Windows or PurgeCache.sh CATEGORY_NAME on UNIX. The CATEGORY_NAME argument represents the name of the content category that must be purged.

    When prompted, enter the user name and password of an account belonging to the SYSTEM ADMINISTRATORS group. In addition, you are prompted to enter the service URL in the following format:

    t3://OIM_HOST_NAME:OIM_PORT_NUMBER

    In this format:

    • Replace OIM_HOST_NAME with the host name or IP address of the Oracle Identity Manager host computer.

    • Replace OIM_PORT_NUMBER with the port on which Oracle Identity Manager is listening.

2.3.6 Localizing Field Labels in UI Forms

You can localize UI form field labels by using the resource bundle corresponding to the language you want to use. Resource bundles are available in the connector installation media.

To localize a field label that is added to the UI forms:
  1. Log in to Oracle Enterprise Manager.
  2. In the left pane, expand Application Deployments and then select oracle.iam.console.identity.sysadmin.ear.
  3. In the right pane, from the Application Deployment list, select MDS Configuration.
  4. On the MDS Configuration page, click Export and save the archive to the local computer.
  5. Extract the contents of the archive, and open the following file in a text editor: SAVED_LOCATION\xliffBundles\oracle\iam\ui\runtime\BizEditorBundle_en_US.xlf
  6. Edit the BizEditorBundle_en_US.xlf file in the following manner:

    1. Search for the following text:

      <file source-language="en" original="/xliffBundles/oracle/iam/ui/runtime/BizEditorBundle_en_US" datatype="x-oracle-adf">

    2. Replace with the following text:

      <file source-language="en" target-language="LANG_CODE" original="/xliffBundles/oracle/iam/ui/runtime/BizEditorBundle_en_US" datatype="x-oracle-adf">
      In this text, replace LANG_CODE with the code of the language that you want to localize the form field labels. The following is a sample value for localizing the form field labels in Japanese: 
      <file source-language="en" target-language="ja" original="/xliffBundles/oracle/iam/ui/runtime/BizEditorBundle_en_US" datatype="x-oracle-adf">

    3. Search for the application instance code. This procedure shows a sample edit for Fusion Apps application instance. The original code is:

      <trans-unit id="${adfBundle['oracle.adf.businesseditor.model.util.BaseRuntimeResourceBundle']['persdef.sessiondef.oracle.iam.ui.runtime.form.model.user.entity.userEO.UD_Fusion Apps_LOGIN__c_description']}">
<source>Login</source>
<target/>
</trans-unit>
<trans-unit id="sessiondef.oracle.iam.ui.runtime.form.model.Fusion AppsForm.entity.Fusion AppsFormEO.UD_Fusion Apps_LOGIN__c_LABEL">
<source>Login</source>
<target/>
</trans-unit>
    4. Open the resource file from the connector package, for example Fusion Apps_ja.properties, and get the value of the attribute from the file, for example, 
      global.udf.UD_Fusion Apps_LOGIN=\u30ED\u30B0\u30A4\u30F3

    5. Replace the original code shown in Step 6.c with the following:

      <trans-unit id="${adfBundle['oracle.adf.businesseditor.model.util.BaseRuntimeResourceBundle']['persdef.sessiondef.oracle.iam.ui.runtime.form.model.user.entity.userEO.UD_Fusion Apps_LOGIN__c_description']}">
<source>Login</source>
<target>\u30ED\u30B0\u30A4\u30F3</target>
</trans-unit>
<trans-unit id="sessiondef.oracle.iam.ui.runtime.form.model.Fusion AppsForm.entity.Fusion AppsFormEO.UD_Fusion Apps_LOGIN__c_LABEL">
<source>Login</source>
<target>\u30ED\u30B0\u30A4\u30F3</target>
</trans-unit>

    6. Repeat Steps 6.a through 6.d for all attributes of the process form.

    7. Save the file as BizEditorBundle_LANG_CODE.xlf. In this file name, replace LANG_CODE with the code of the language to which you are localizing. Sample file name: BizEditorBundle_ja.xlf.

  7. Repackage the ZIP file and import it into MDS.

    See Also:

    Deploying and Undeploying Customizations in Developing and Customizing Applications for Oracle Identity Manager for more information about exporting and importing metadata files.
  8. Log out of and log in to Oracle Identity Manager.

2.3.7 SSO Email ID propagation for FA Source of Truth with LDAP Sync

To propogate SSO email ID, perform the following procedure:

  1. Create a new adapter by performing the following steps:
    1. Log in to the Design Console.
    2. Expand Development Tools, and then double-click Adapter Factory.
    3. Create a new adapter by entering the following values:

      • In the Adapter Name field, enter CopySSOEmailToProcessForm.

      • Double-click the Adapter Type lookup field. The Lookup window is displayed, displaying the five types of Oracle Identity Manager adapters.

      • Select Process Task. Click OK.

      • In the Description field, enter Copy FA User Email to Process Task.

    4. Click the Save icon and close the dialog box.
    5. On the Variables List tab, add the inputVariable variable as follows:

      1. Click Add.

      2. In the Add a Variable dialog box, enter the following values:

        • Variable Name: inputVariable

        • Type: String

        • Map To: Resolve at runtime

      3. Within the Description text area, you can enter explanatory information about the adapter variable.

    6. Click Save and close the dialog box.
    7. On the Adapter Task tab, perform the following steps:

      1. Click Add. The Adapter Task Selection window is displayed.

      2. Select the Logic Task option.

      3. From the display area, select SET VARIABLE, and click Continue. The Add Set Variable Task Parameters window is displayed.

      4. From the Variable Name list, select the adapter variable that has a value you want to reassign—for example, Adapter return value.

      5. From the Operand Type list, select the type and qualifier of operand as follows:

        • Operand Type: Variable

        • Operand Qualifier: inputVariable

    8. Click Save. To compile the adapter, click Build. The text in the Compile Status field changes from Recompile to OK.
  2. Create a new process task for the process definition FA User be performing the following steps:
    1. Log in to the Design Console.
    2. Expand Process Management, and then double-click Process Definition.
    3. Open the process definition for FA User and select the Tasks tab.
    4. Click Add. The Creating New Task dialog box is displayed.
    5. Enter the following values for the below variables:

      • In the Task Name field, enter CopyEmailToProcessForm.

      • Select the following check boxes:

        • Conditional

        • Allow Cancellation while Pending

        • Allow Multiple Instances

      • Click Save.

      • In the Integration tab, enter values by performing the following procedure:

        • Click Add.

        • In the field named Handler Type, select Adapter.

        • From the drop-down list item, select adpCopySSOEmailToProcessForm and click Save.

        • Double click on the mapping for Adapter return value option.

        • To perform the mapping process, map Map To with Process Data and Qualifier with Email.

        • Click Save and Exit.

        • Double click on the mapping for inputValue option.

        • To perform the mapping process, map Map To with User Definition and Qualifier with Email.

        • Click Save and Exit.

      • Click Save and then Exit.

  3. Add this newly created task to the SUCCESS response of tasks Create FA Account and Link FA Account by performing the following steps:
    1. Open the window for the Create FA Account task. Click the Responses tab and select the SUCCESS response.
    2. Click Assign and assign the task name CopyEmailToProcessForm.
    3. Click Save.
    4. Perform Steps 3.a through 3.c with the following changes:

      • Open the window for the Link FA Account task instead of Create FA Account task.

      • In step 3.b, assign the task name as CopyEmailToProcessForm for the Link FA Account task instead of Create FA Account task.

  4. Remove the Email field from the Pre-Populate form in the UD_FAUSER table by performing the following steps:
    1. Expand Development Tools, and then click Form Designer.
    2. Click the search icon next to this field to search for and select the table name UD_FAUSER.
    3. Select the Pre-populate tab and click Create new version.
    4. Remove the email field and click Make version active.
    5. Click Save and Exit.

2.3.8 Managing Logging for the Fusion Apps Connector

Oracle Identity Manager uses Oracle Diagnostic Logging (ODL) logging service for recording all types of events pertaining to the connector.

The following topics provide detailed information about logging:

2.3.8.1 Understanding Log Levels

When you enable logging, Oracle Identity Manager automatically stores in a log file information about events that occur during the course of provisioning and reconciliation operations.

ODL is the principle logging service used by Oracle Identity Manager and is based on java.util.Logger. To specify the type of event for which you want logging to take place, you can set the log level to one of the following:

  • SEVERE.intValue()+100

    This level enables logging of information about fatal errors.

  • SEVERE

    This level enables logging of information about errors that might allow Oracle Identity Manager to continue running.

  • WARNING

    This level enables logging of information about potentially harmful situations.

  • INFO

    This level enables logging of messages that highlight the progress of the application.

  • CONFIG

    This level enables logging of information about fine-grained events that are useful for debugging.

  • FINE, FINER, FINEST

    These levels enable logging of information about fine-grained events, where FINEST logs information about all events.

These message types are mapped to ODL message type and level combinations as shown in Table 2-3.

Table 2-3 Log Levels and ODL Message Type:Level Combinations

Java Level ODL Message Type:Level

SEVERE.intValue()+100

INCIDENT_ERROR:1

SEVERE

ERROR:1

WARNING

WARNING:1

INFO

NOTIFICATION:1

CONFIG

NOTIFICATION:16

FINE

TRACE:1

FINER

TRACE16

FINEST

TRACE32

The configuration file for OJDL is logging.xml is located at the following path: DOMAIN_HOME/config/fmwconfig/servers/OIM_SERVER/logging.xml

Here, DOMAIN_HOME and OIM_SEVER are the domain and server names specified during the installation of Oracle Identity Manager.

2.3.8.2 Enabling Logging

To enable logging in Oracle WebLogic Server:

  1. Edit the logging.xml file as follows:

    1. Add the following blocks in the file:

      <log_handler name='fusionapps-handler' level='[LOG_LEVEL]' class='oracle.core.ojdl.logging.ODLHandlerFactory'>
<property name='logreader:' value='off'/>
<property name='path' value='[FILE_NAME]'/>
<property name='format' value='ODL-Text'/>
<property name='useThreadName' value='true'/>
<property name='locale' value='en'/>
<property name='maxFileSize' value='5242880'/>
<property name='maxLogSize' value='52428800'/>
<property name='encoding' value='UTF-8'/>
</log_handler>

<logger name="ORG.IDENTITYCONNECTORS.FAUSERREQUESTSERVICE" level="[LOG_LEVEL]" useParentHandlers="false">
<handler name="fusionapps-handler"/>
<handler name="console-handler"/>
</logger><logger name="ORG.IDENTITYCONNECTORS.FAIDENTITYSERVICE" level="[LOG_LEVEL]" useParentHandlers="false">
<handler name="fusionapps-handler"/>
<handler name="console-handler"/>
</logger>
    2. Replace both occurrences of [LOG_LEVEL] with the ODL message type and level combination that you require. Table 2-3 lists the supported message type and level combinations. Similarly, replace [FILE_NAME] with the full path and name of the log file in which you want log messages to be recorded. The following blocks show sample values for [LOG_LEVEL] and [FILE_NAME]: 
      <log_handler name='fusionapps-handler' level='TRACE:32' class='oracle.core.ojdl.logging.ODLHandlerFactory'>
<property name='logreader:' value='off'/>
<property name='path' value=/scratch/RSA/Logs/arimitra/fa.log>
<property name='format' value='ODL-Text'/>
<property name='useThreadName' value='true'/>
<property name='locale' value='en'/>
<property name='maxFileSize' value='5242880'/>
<property name='maxLogSize' value='52428800'/>
<property name='encoding' value='UTF-8'/>
</log_handler> 

<logger name="ORG.IDENTITYCONNECTORS.FAUSERREQUESTSERVICE" level="TRACE:32" useParentHandlers="false">
<handler name="fusionapps-handler"/>
<handler name="console-handler"/>
</logger>
<logger name="ORG.IDENTITYCONNECTORS.FAIDENTITYSERVICE" level="TRACE:32" useParentHandlers="false">
<handler name="fusionapps-handler"/>
<handler name="console-handler"/>
</logger>

    With these sample values, when you use Oracle Identity Manager, all messages generated for this connector that are of a log level equal to or higher than the TRACE:32 level are recorded in the specified file.

  2. Save and close the file.
  3. Set the following environment variable to redirect the server logs to a file:
    • For Microsoft Windows: 
      set WLS_REDIRECT_LOG=FILENAME
    • For UNIX: 
      export WLS_REDIRECT_LOG=FILENAME

    Replace FILENAME with the location and name of the file to which you want to redirect the output.

  4. Restart the application server.

2.3.9 Configuring SSL for the Fusion Apps Connector

Configure SSL to secure data communication between Oracle Identity Manager and the target system.

  1. Obtain the SSL certificate by obtaining the public key certificate of the target system.
  2. Copy the public key certificate of the target system to the computer hosting Oracle Identity Manager.
  3. Run the following keytool command to import the public key certificate into the identity key store in Oracle Identity Manager:
    keytool -import -keystore WEBLOGIC_HOME/server/lib/DemoTrust.jks -file CERT_FILE_NAME -storepass PASSWORD

    In this command:

    • CERT_FILE_NAME is the full path and name of the certificate file

    • PASSWORD is the password of the keystore.

    The following is a sample value for this command:

    keytool -import -keystore WEBLOGIC_HOME/server/lib/DemoTrust.jks -file /home/target.cert -storepass DemoTrustKeyStorePassPhrase

    Note:

    Change the parameter values passed to the keytool command according to your requirements. Ensure that there is no line break in the keytool arguments.

2.4 Upgrading the Connector

This is the first release of the Oracle Identity Manager connector for Fusion Apps. Therefore, the connector cannot be upgraded.