The procedure to deploy the connector is divided across three stages namely preinstallation, installation, and postinstallation.
The following topics provide details on these stages:
Preinstallation for the Fusion Apps connector involves performing a series of tasks on the target system.
You must install the connector in Oracle Identity Manager. If necessary, you can also deploy the connector in a Connector Server.
The following topics provide details on installing the Fusion Apps connector:
You can run the connector code either locally in Oracle Identity Manager or remotely in a Connector Server.
Depending on where you want to run the connector code (bundle), the connector provides the following installation options:
Run the connector code locally in Oracle Identity Manager. In this scenario, you deploy the connector in Oracle Identity Manager. Deploying the connector in Oracle Identity Manager involves performing the procedures described in Running the Connector Installer and Configuring the IT Resource for the Target System.
Run the connector code remotely in a Connector Server. In this scenario, you deploy the connector in Oracle Identity Manager, and then, deploy the connector bundle in a Connector Server. See Using an Identity Connector Server in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for information about installing, configuring, and running the Connector Server, and then installing the connector in a Connector Server.
When you run the Connector Installer, it automatically copies the connector files to directories in Oracle Identity Manager, imports connector XML files, and compiles adapters used for provisioning.
To run the Connector Installer, perform the following procedure:
When you run the Connector Installer, it copies the connector files and external code files to destination directories on the Oracle Identity Manager host computer. These files are listed in Files and Directories on the Fusion Apps Connector Installation Media.
An IT resource for your target system is created after you install the connector. You configure this IT resource to let the connector connect Oracle Identity Manager with your target system.
This section provides information about the following topics:
An IT resource is composed of parameters that store connection and other generic information about a target system. Oracle Identity Manager uses this information to connect to a specific installation or instance of your target system.
IT Resource Parameters for FA User Request Service
IT Resource Parameters for FA Identity Service
Table 2-1 lists IT resource parameters for FA User Request Service and Table 2-2 lists IT resource parameters for FA Identity Service.
Table 2-1 IT Resource Parameters for FA User Request Service
Parameter | Description |
---|---|
host |
Host name or IP address of the computer hosting the target system. Sample value: |
port |
Port number at which the target system is listening. Sample value: |
userRequestServiceUri |
This parameter holds the uniform resource identifier for user request service API. Sample value:
/hcmCoreApi/atomservlet/user/userRequests |
userName |
This parameter is the user ID of the database user account that Oracle Identity Manager uses to connect to the target system. Sample value:
HCM_INTEGRATION_HCM |
password |
This parameter is the password of the database user account that Oracle Identity Manager uses to connect to the target system. |
proxyHost |
Name of the proxy host used to connect to an external target system. Sample value: |
proxyPassword |
Password of the proxy user ID of the target system user account that Oracle Identity Manager uses to connect to the target system. |
proxyPort |
Proxy port number. Sample value: |
proxyUsername |
This parameter is the user ID of the proxy that is used to connect to the target system. |
socketTimeout |
This parameter sets the default socket timeout in milliseconds which is the timeout period for data waiting. |
connectionTimeout |
This parameter sets the timeout until a connection is established. |
Configuration Lookup |
Name of the lookup definition that stores configuration information used during reconciliation and provisioning operations. Default value: |
sslEnabled |
Default value: False If the target system is SSL based, set the value of this parameter to 'true', else set to 'false'. After the value is set, perform the procedure mentioned in Configuring SSL for the Fusion Apps Connector in order to enable Oracle Identity Manager to setup SSL Handshake with the target system. |
Table 2-2 IT Resource Parameters for FA Identity Service
Parameter | Description |
---|---|
adminUser |
Enter the user ID of the target system user account that you create for connector operations. |
adminPassword |
Enter the password of the target system user account that you create for connector operations. |
userEndPoint |
This parameter holds the end point URL used to perform operations on users. Sample value: |
roleEndPoint |
This parameter holds the end point URL used to add or remove users to or from a Role. Sample value: |
userSchemaEndPoint |
This parameter holds the endpoint URL used to get the user schema. Sample value: |
Configuration Lookup |
Name of the lookup definition that stores configuration information used during reconciliation and provisioning operations. Default value: |
Connector Server Name |
This parameter holds the hostname of the machine where the connector server resides. |
proxyHost |
Name of the proxy host used to connect to an external target system. Sample value: |
proxyPassword |
Password of the proxy user ID of the target system user account that Oracle Identity Manager uses to connect to the target system. |
proxyPort |
Proxy port number. Sample value: |
proxyUsername |
This parameter is the user ID of the proxy that is used to connect to the target system. |
host |
Host name or IP address of the computer hosting the target system. Sample value: |
port |
Port number at which the target system is listening. Sample value: |
socketTimeout |
This parameter sets the default socket timeout in milliseconds which is the timeout period for data waiting. |
connectionTimeout |
This parameter sets the timeout until a connection is established. |
sslEnabled |
Default value: False If the target system is SSL based, set the value of this parameter to 'true', else set to 'false'. After the value is set, perform the procedure mentioned in Configuring SSL for the Fusion Apps Connector in order to enable Oracle Identity Manager to setup SSL Handshake with the target system. |
The IT resource for the target system contains connection information about the target system. Oracle Identity Manager uses this information during provisioning and reconciliation.
The Fusion Apps IT resource is automatically created when you run the Connector Installer. You must specify values for the parameters of the IT resource. To specify values:
Postinstallation for the Fusion Apps connector involves configuring Oracle Identity Manager, enabling logging to track information about all connector events, and configuring SSL. It also involves performing some optional configurations such as localizing the user interface.
The postinstallation steps are divided across the following sections:
To configure resource object dependency, perform the following procedure:
See Also:
If you are using the non LDAP Sync topology, install the required enterprise directory and configure the resource object dependency. If you are using any other topologies, do not perform the procedure mentioned here.FA User
in the Name field.You must create an UI form and an application instance for the resource against which you want to perform reconciliation and provisioning operations. In addition, you must run entitlement and catalog synchronization jobs.
These procedures are described in the following sections:
You must create and activate a sandbox to begin using the customization and form management features. You can then publish the sandbox to make the customizations available to other users.
See Creating a Sandbox and Activating and Deactivating a Sandbox in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager.
Perform the following steps to create and application instance:
See Also:
Predefined Scheduled Tasks in Oracle Fusion Middleware Administering Oracle Identity Manager for a description of the Entitlement List and Catalog Synchronization Job scheduled jobs
For any changes you do in the Form Designer, you must create a new UI form and update the changes in an application instance. To update an existing application instance with a new form:
You can update the application instance created for Fusion Apps by performing the procedure mentioned in Creating an Application Instance with the differences described in this section.
In Step 3 of the procedure, you must specify the following values:
Name: FusionApps User
Display Name: Fusion Apps User
Description: Application instance for FusionApps
Resource Object: FA User
IT Resource Instance: FA Identity Service
Form: Click on the drop-down list and select the form that you created for FA
In addition to the above parameters, you must provide a value for the Parent AppInstance parameter. To do so, you must click the search icon in the field and select the app instance created for the enterprise directory.
Depending on the use case, update corresponding access policies.
Based on the use case that you are using, perform one of the procedures discussed in this section:
HRMS or IDM Source of Truth - FA on Cloud or On-Premise Use Case
FA and External HRMS Source of Truth - FA on Cloud or On-Premise Use Case
FA Source of Truth With LDAP Sync - FA on Cloud or On-Premise Use Case
External HRMS Source of Truth With LDAP Sync - FA on Cloud or On-Premise Use Case
FA and External HRMS Source of Truth With LDAP Sync - FA on Cloud or On-Premise Use Case
FA Access Policy For External User
in the search field.To update process tasks, you must first create a new task for the process definition form of the enterprise directory being used.
Note:
Perform the steps mentioned in this section only if Oracle Identity Manager is in non LDAP Sync mode.You must update the process definition for the installed enterprise directory. To do so, perform the following procedure:
Log in to the Design Console.
Expand Process Management, and then double-click Process Definition.
Open the process definition for the installed enterprise directory.
Select the Tasks tab.
In the Task Name field, enter the name of the process task. Add new process task ‘Update SSO Attributes’ to ‘LDAP User process definition.
From the Integration tab select UpdateDepProcessFormData system adapter.
From the Toolbar of the Creating New Task window, click Save.
Select the following check boxes:
Conditional
Allow Multiple Instances
Allow Cancellation While Pending
Click Save and then Exit.
Add this newly created task to the SUCCESS response of tasks responsible for email id update.
Click Save and then Exit.
When you deploy the connector, the resource bundles are copied from the resources directory on the installation media into the Oracle Identity Manager database. Whenever you add a new resource bundle to the connectorResources directory or make a change in an existing resource bundle, you must clear content related to connector resource bundles from the server cache.
You can localize UI form field labels by using the resource bundle corresponding to the language you want to use. Resource bundles are available in the connector installation media.
To propogate SSO email ID, perform the following procedure:
Oracle Identity Manager uses Oracle Diagnostic Logging (ODL) logging service for recording all types of events pertaining to the connector.
The following topics provide detailed information about logging:
When you enable logging, Oracle Identity Manager automatically stores in a log file information about events that occur during the course of provisioning and reconciliation operations.
ODL is the principle logging service used by Oracle Identity Manager and is based on java.util.Logger. To specify the type of event for which you want logging to take place, you can set the log level to one of the following:
SEVERE.intValue()+100
This level enables logging of information about fatal errors.
SEVERE
This level enables logging of information about errors that might allow Oracle Identity Manager to continue running.
WARNING
This level enables logging of information about potentially harmful situations.
INFO
This level enables logging of messages that highlight the progress of the application.
CONFIG
This level enables logging of information about fine-grained events that are useful for debugging.
FINE, FINER, FINEST
These levels enable logging of information about fine-grained events, where FINEST logs information about all events.
Table 2-3 Log Levels and ODL Message Type:Level Combinations
Java Level | ODL Message Type:Level |
---|---|
SEVERE.intValue()+100 |
INCIDENT_ERROR:1 |
SEVERE |
ERROR:1 |
WARNING |
WARNING:1 |
INFO |
NOTIFICATION:1 |
CONFIG |
NOTIFICATION:16 |
FINE |
TRACE:1 |
FINER |
TRACE16 |
FINEST |
TRACE32 |
The configuration file for OJDL is logging.xml is located at the following path: DOMAIN_HOME/config/fmwconfig/servers/OIM_SERVER/logging.xml
Here, DOMAIN_HOME and OIM_SEVER are the domain and server names specified during the installation of Oracle Identity Manager.