Go to main content
|
|
The procedure to deploy the connector can be divided across three stages namely preinstallation, installation, and postinstallation.
This chapter contains the following sections:
Preinstallation for the EBS UM connector involves performing a series of tasks on the target system.
Preinstallation information is divided across the following sections:
This preinstallation step involves creating a user account in the target system that can be used by the connector to perform connector operations.
Note:
You must have DBA privileges to run the scripts described in this section and grant the required permissions to the target system user account.
You must have Oracle Database Client installed on the computer on which you perform the procedure described in this section. The Oracle Database Client release must be the same as the database release. In addition, if Oracle Database Client is not installed on the database host computer, then the tnsnames.ora file on the Oracle Database Client host must contain an entry for the SID of the database.
Oracle Identity Manager requires a target system user account to access the target system during connector operations. You provide the credentials of this user account as part of Configuring the IT Resource for the Target System while creating an application.
To create a target system user account for connector operations:
From the installation media, copy the scripts directory to a temporary directory on either the target system host computer or a computer on which the Oracle Database Client has been installed.
On the computer where you copy the scripts directory, verify that there is a TNS entry in the tnsnames.ora file for the target system database.
Change to the directory containing the scripts directory and depending on the host platform, run either the Run_UM_DBScripts.sh or Run_UM_DBScripts.bat file. These files are present in the scripts directory of the installation media.
When you run the script, you are prompted for the following information:
Enter the ORACLE_HOME
Set a value for the ORACLE_HOME environment variable. This prompt is displayed only if the ORACLE_HOME environment variable has not been set on the computer on which you are running the script.
Enter the System User Name
Enter the login (user name) of a DBA account with the privileges to create and configure a new target system user.
Enter the name of the database
Enter the connection string or service name given in the tnsnames.ora file to connect to the target system database.
This connects you to the SQL*Plus client.
Enter password
Enter the password of the APPS user in the target system. The Type and Package are created, and then the connection to the database is disconnected.
Enter password
Enter the password of the dba user.
Enter New database Username to be created
Enter a user name for the target system account that you want to create.
Enter the New user password
Enter a password for the target system account that you want to create.
This installs all wrappers packages under the APPS schema, creates the new target system account, and then grants all the required privileges on the tables and packages.
Connecting with newly created database user
Enter the connection string or service name that you provided earlier.
The user account for connector operations is created.
This section lists the privileges that are granted to the user account created in Creating a Target System User Account for Connector Operations. The following privileges are granted to this account:
GRANT CREATE SYNONYM TO &USERNAME;
GRANT CONNECT, RESOURCE TO &USERNAME;
GRANT ALTER ANY PROCEDURE TO &USERNAME;
Execute permission granted to the following packages:
APPS.WF_LOCAL_SYNCH
APPS.FND_USER_PKG
APPS.FND_API
APPS.FND_GLOBAL
APPS.UMX_ACCESS_ROLES_PVT
APPS.FND_USER_RESP_GROUPS_API
Select privilege has been granted to the following tables:
APPS.FND_APPLICATION
APPS.FND_RESPONSIBILITY
APPS.FND_RESPONSIBILITY_TL
APPS.FND_USER_RESP_GROUPS_DIRECT
APPS.FND_APPLICATION_VL
APPS.FND_RESPONSIBILITY_VL
APPS.FND_SECURITY_GROUPS_VL
APPS.FND_USER_RESP_GROUPS_DIRECT
APPS.PER_ALL_PEOPLE_F
APPS.FND_APPLICATION_TL
APPS.WF_LOCAL_USER_ROLES
APPS.WF_USER_ROLES
APPS.WF_LOCAL_ROLES
SELECT, UPDATE privileges granted to the following tables:
APPS.FND_USER
APPS.HZ_PARTIES
APPS.HZ_PERSON_PROFILES
APPS.AP_SUPPLIERS
APPS.AP_SUPPLIER_CONTACTS
APPS.HZ_RELATIONSHIPS
APPS.UMX_ROLE_ASSIGNMENTS_V
Execute privileges granted to the following wrapper packages created in APPS schema:
APPS.OIM_FND_GLOBAL
APPS.OIM_FND_USER_TCA_PKG
APPS.WF_LOCAL_SYNCH
APPS.FND_OID_USERS
APPS.FND_OID_UTIL
In addition to the privileges granted above, the following synonyms are created or replaced:
SYNONYM FND_RESPONSIBILITY FOR APPS.FND_RESPONSIBILITY
SYNONYM FND_APPLICATION FOR APPS.FND_APPLICATION
SYNONYM FND_RESPONSIBILITY_VL FOR APPS.FND_RESPONSIBILITY_VL
SYNONYM FND_SECURITY_GROUPS_VL FOR APPS.FND_SECURITY_GROUPS_VL
SYNONYM FND_APPLICATION_VL FOR APPS.FND_APPLICATION_VL
SYNONYM FND_USER_RESP_GROUPS_DIRECT FOR APPS.FND_USER_RESP_GROUPS_DIRECT
SYNONYM FND_USER FOR APPS.FND_USER
SYNONYM FND_RESPONSIBILITY_TL FOR APPS.FND_RESPONSIBILITY_TL
SYNONYM FND_USER_RESP_GROUPS_DIRECT FOR APPS.FND_USER_RESP_GROUPS_DIRECT
SYNONYM PER_ALL_PEOPLE_F FOR APPS.PER_ALL_PEOPLE_F
SYNONYM FND_APPLICATION_TL FOR APPS.FND_APPLICATION_TL
SYNONYM WF_LOCAL_USER_ROLES FOR APPS.WF_LOCAL_USER_ROLES
SYNONYM WF_USER_ROLES FOR APPS.WF_USER_ROLES
SYNONYM WF_LOCAL_ROLES FOR APPS.WF_LOCAL_ROLES
SYNONYM FND_API FOR APPS.FND_API
SYNONYM FND_SECURITY_GROUPS FOR APPS.FND_SECURITY_GROUPS
SYNONYM FND_SECURITY_GROUPS_TL FOR APPS.FND_SECURITY_GROUPS_TL
SYNONYM HZ_PARTIES FOR APPS.HZ_PARTIES
SYNONYM HZ_PERSON_PROFILES FOR APPS.HZ_PERSON_PROFILES
SYNONYM FND_OID_USERS FOR APPS.FND_OID_USERS
SYNONYM FND_OID_UTIL FOR APPS.FND_OID_UTIL
SYNONYM UMX_ROLE_ASSIGNMENTS_V FOR APPS.UMX_ROLE_ASSIGNMENTS_V
SYNONYM WF_USER_ROLE_ASSIGNMENTS FOR APPS.WF_USER_ROLE_ASSIGNMENTS
SYNONYM AP_SUPPLIERS FOR APPS.AP_SUPPLIERS
SYNONYM AP_SUPPLIER_CONTACTS FOR APPS.AP_SUPPLIER_CONTACTS
SYNONYM HZ_RELATIONSHIPS FOR APPS.HZ_RELATIONSHIPS
SYNONYM ICX_USER_SEC_ATTR_PUB FOR APPS.ICX_USER_SEC_ATTR_PUB
This section discusses the JDBC URL and Connection Properties parameters. You apply the information in this section while configuring the IT resource for your target system. This procedure is discussed later in this guide.
The values that you specify for the JDBC URL and Connection Properties parameters depend on the security measures that you have implemented:
The following are the supported JDBC URL formats:
Multiple database instances support one service (Oracle RAC)
JDBC URL format:
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=
HOST1_NAME
.
DOMAIN
)(PORT=
PORT1_NUMBER
))(ADDRESS=(PROTOCOL=TCP)(HOST=
HOST2_NAME
.
DOMAIN
)(PORT=
PORT2_NUMBER
))(ADDRESS=(PROTOCOL=TCP)(HOST=
HOST3_NAME
.
DOMAIN
)(PORT=
PORT3_NUMBER
)) . . . (ADDRESS=(PROTOCOL=TCP)(HOST=
HOSTn_NAME
.DOMAIN)(PORT=
PORTn_NUMBER
))(CONNECT_DATA=(SERVICE_NAME=
ORACLE_DATABASE_SERVICE_NAME
)))
Sample value:
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST= host1.example.com)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST= host2.example.com)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST= host3.example.com)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST= host4.example.com)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME= srvce1)))
One database instance supports one service
JDBC URL format:
jdbc:oracle:thin:@
HOST_NAME
.
DOMAIN
:PORT_NUMBER:ORACLE_DATABASE_SERVICE_NAME
Sample value:
jdbc:oracle:thin:@host1.example:1521:srvce1
One database instance supports multiple services (for Oracle Database 10g and later)
JDBC URL format:
jdbc:oracle:thin:@//
HOST_NAME.DOMAIN:PORT_NUMBER/ORACLE_DATABASE_SERVICE_NAME
Sample value:
jdbc:oracle:thin:@host1.example.com:1521/srvce1
After you configure SSL communication, the database URL is recorded in the tnsnames.ora file. See Local Naming Parameters in the tnsnames.ora File in Oracle Database Net Services Reference for detailed information about the tnsnames.ora file.
The following are sample formats of the contents of the tnsnames.ora file. In these formats, DESCRIPTION
contains the connection descriptor, ADDRESS
contains the protocol address, and CONNECT_DATA
contains the database service identification information.
Sample Format 1:
NET_SERVICE_NAME= (DESCRIPTION= (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) (CONNECT_DATA= (SERVICE_NAME=SERVICE_NAME)))
Sample Format 2:
NET_SERVICE_NAME= (DESCRIPTION_LIST= (DESCRIPTION= (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) (CONNECT_DATA= (SERVICE_NAME=SERVICE_NAME))) (DESCRIPTION= (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) (CONNECT_DATA= (SERVICE_NAME=SERVICE_NAME))))
Sample Format 3:
NET_SERVICE_NAME= (DESCRIPTION= (ADDRESS_LIST= (LOAD_BALANCE=on) (FAILOVER=off) (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))) (ADDRESS_LIST= (LOAD_BALANCE=off) (FAILOVER=on) (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))) (CONNECT_DATA= (SERVICE_NAME=SERVICE_NAME)))
If you have configured only SSL communication and imported the certificate that you create on the target system host computer into the JVM certificate store of Oracle Identity Manager, then you must derive the value for the JDBC URL parameter from the value of NET_SERVICE_NAME
in the tnsnames.ora file. For example:
Note:
As shown in this example, you must include only the (ADDRESS=(PROTOCOL=TCPS)(HOST=
HOST_NAME
)(PORT=2484))
element because you are configuring SSL. You need not include other (ADDRESS=(
PROTOCOL_ADDRESS_INFORMATION
))
elements.
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCPS)(HOST=myhost)(PORT=2484)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=mysid)))
If both data encryption and integrity and SSL communication are configured, then specify a value for the JDBC URL parameter in the following manner:
Enter a comma-separated combination of the values for the JDBC URL parameter described in Only SSL Communication Is Configured. For example:
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCPS)(HOST=myhost)(PORT=2484)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=mysid)))
You must install the connector in Oracle Identity Manager. If necessary, you can also deploy the connector in a Connector Server.
Installation information is divided across the following sections:
Depending on where you want to run the connector code (bundle), the connector provides the following installation options:
Run the connector code locally in Oracle Identity Manager.
In this scenario, you deploy the connector in Oracle Identity Manager. Deploying the connector in Oracle Identity Manager involves performing the procedures described in Running the Connector Installer and Configuring the IT Resource for the Target System.
Run the connector code remotely in a Connector Server.
In this scenario, you deploy the connector in Oracle Identity Manager, and then, deploy the connector bundle in a Connector Server. See Using an Identity Connector Server in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for information about installing, configuring, and running the Connector Server, and then installing the connector in a Connector Server.
To run the Connector Installer:
Copy the contents of the connector installation media directory into the following directory:
OIM_HOME/server/ConnectorDefaultDirectory
Log in to Oracle Identity System Administration.
In the left pane, under System Management, click Manage Connector.
In the Manage Connector page, click Install.
From the Connector List drop-down list, select Oracle EBS UM Connector RELEASE_NUMBER. This list displays the names and release numbers of connectors whose installation files you copy into the default connector installation directory in Step 1.
If you have copied the installation files into a different directory, then:
In the Alternative Directory field, enter the full path and name of that directory.
To repopulate the list of connectors in the Connector List list, click Refresh.
From the Connector List drop-down list, select the connector that you want to install.
Click Load.
To start the installation process, click Continue.
The following tasks are performed, in sequence:
Configuration of connector libraries
Import of the connector XML files (by using the Deployment Manager)
Compilation of adapters
On successful completion of a task, a check mark is displayed for the task. If a task fails, then an X mark and a message stating the reason for failure is displayed. Depending on the reason for the failure, make the required correction and then perform one of the following steps:
Retry the installation by clicking Retry.
Cancel the installation and begin again from Step 1.
If all three tasks of the connector installation process are successful, then a message indicating successful installation is displayed. In addition, a list of steps that you must perform after the installation is displayed. These steps are as follows:
Ensuring that the prerequisites for using the connector are addressed
Note:
At this stage, run the Oracle Identity Manager PurgeCache utility to load the server cache with content from the connector resource bundle in order to view the list of prerequisites. See Clearing Content Related to Connector Resource Bundles from the Server Cache for information about running the PurgeCache utility.
There are no prerequisites for some predefined connectors.
Configuring the IT resource for the connector
The procedure to configure the IT resource is described later in this guide.
Configuring the scheduled jobs
The procedure to configure these scheduled jobs is described later in this guide.
The IT resource for the target system is created during connector installation. This IT resource contains connection information about the target system. Oracle Identity Manager uses this information during reconciliation and provisioning.
You must specify values for the parameters of the Oracle EBS UM IT resource as follows:
Postinstallation for the connector involves configuring Oracle Identity Manager, enabling logging to track information about all connector events, and configuring SSL. It also involves performing some optional configurations such as localizing the user interface.
Postinstallation steps are divided across the following sections:
This section discusses the following procedures:
Configuring the Oracle Applications Access Controls Governor to Act As the SoD Engine
Specifying a Value for the TopologyName IT Resource Parameter
Note:
The ALL USERS group has INSERT, UPDATE, and DELETE permissions on the UD_EBS_USER, UD_EBS_RESP, UD_EBS_RLS, UD_EBSH_USR, UD_EBSH_RSP, UD_EBST_RLS, UD_EBST_USR, UD_EBST_RSP, and UD_EBST_RLS process forms. This is required to enable the following process:
During SoD validation of an entitlement request, data first moves from a dummy object form to a dummy process form. From there, data is sent to the SoD engine for validation. If the request clears the SoD validation, then data is moved from the dummy process form to the actual process form. Because the data is moved to the actual process forms through APIs, the ALL USERS group must have INSERT, UPDATE, and DELETE permissions on the three process forms.
See Configuring Oracle Application Access Controls Governor in Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager for information about this procedure.
The TopologyName IT resource parameter holds the name of the combination of the following elements that you want to use for SoD validation of entitlement provisioning operations:
Oracle Identity Manager installation
Oracle Applications Access Controls Governor installation
Oracle E-Business Suite installation
The value that you specify for the TopologyName parameter must be the same as the value of the topologyName element in the SILConfig.xml file. If you are using default SIL registration, then specify sodoaacg
as the value of the topologyName parameter.
For more information about this element, see Using Segregation of Duties (SoD) in Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.
The following sections describe the procedures to disable and enable SoD:
Note:
The SoD feature is disabled by default. Perform the following procedure only if the SoD feature is currently enabled and you want to disable it.
Perform the following steps to disable SoD:
Log in to the System Administration console.
Set the XL.SoDCheckRequired system property to FALSE as follows:
In the left pane, under System Management, click System Configuration. The Advanced Administration is displayed with the System Configuration section in the System Management tab is active.
On the left pane, in the Search System Configuration field, enter XL.SoDCheckRequired
, which is the name of the system property as the search criterion.
In the search results table on the left pane, click the XL.SoDCheckRequired system property in the Property Name column.
On the System Property Detail page, in the Value field, enter FALSE
.
Click Save to save the changes made.
A message confirming that the system property has been modified is displayed.
Restart Oracle Identity Governance.
Perform the following steps to enable SoD:
Log in to the System Administration console.
Set the XL.SoDCheckRequired system property to TRUE as follows:
In the left pane, under System Management, click System Configuration. The Advanced Administration is displayed with the System Configuration section in the System Management tab is active.
On the left pane, in the Search System Configuration field, enter XL.SoDCheckRequired
, which is the name of the system property as the search criterion.
In the search results table on the left pane, click the XL.SoDCheckRequired system property in the Property Name column.
On the System Property Detail page, in the Value field, enter TRUE
.
Click Save to save the changes made.
A message confirming that the system property has been modified is displayed.
Restart Oracle Identity Governance.
To secure communication between Oracle Database and Oracle Identity Governance, you can perform either one or both of the following procedures:
Note:
To perform the procedures described in this section, you must have the permissions required to modify the TNS listener configuration file.
See Data Encryption in Oracle Database Advanced Security Administrator's Guide for information about configuring data encryption and integrity.
You must create additional metadata such as a UI form and an application instance for the resource against which you want to perform reconciliation and provisioning operations. In addition, you must run entitlement and catalog synchronization jobs. These procedures are described in the following sections:
See Managing Sandboxes in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for instructions on creating and activating a sandbox.
See Managing Forms in Oracle Fusion Middleware Administering Oracle Identity Manager for instructions on creating a new UI form. While creating the UI form, ensure that you select the resource object corresponding to the EBS UM connector that you want to associate the form with.
Note:
While creating a new UI form, the form type should be Parent Form + Child Tables (Master/Detail).
Ensure that you select the Generate Entitlement Forms check box.
By default, an application instance named Oracle EBS UM Application Instance is automatically created after you install the connector. You must associate this application instance with the form created in Creating a New UI Form.
See Managing Application Instances in Oracle Fusion Middleware Administering Oracle Identity Manager for instructions on modifying an application instance.
After updating the application instance, you must publish it to an organization to make the application instance available for requesting and subsequent provisioning to users. However, as a best practice, perform the following procedure before publishing the application instance:
See Managing Organizations Associated With Application Instances in Oracle Fusion Middleware Administering Oracle Identity Manager for instructions on publishing an application instance to an organization.
Before you publish a sandbox, perform the following procedure as a best practice to validate all sandbox changes made till this stage as it is hard to revert changes once a sandbox is published:
To harvest entitlements and sync catalog:
For any changes you do in the Form Designer, you must create a new UI form and update the changes in an application instance. To update an existing application instance with a new form:
When you deploy the connector, the resource bundles are copied from the resources directory on the installation media into the Oracle Identity Manager database. Whenever you add a new resource bundle to the connectorResources directory or make a change in an existing resource bundle, you must clear content related to connector resource bundles from the server cache.
To clear content related to connector resource bundles from the server cache:
Oracle Identity Manager uses the Oracle Diagnostic Logging (ODL) logging service for recording all types of events pertaining to the connector.
The following topics provide detailed information about logging:
Oracle Identity Manager uses Oracle Java Diagnostic Logging (OJDL) for logging. OJDL is based on java.util.logger. To specify the type of event for which you want logging to take place, you can set the log level to one of the following:
SEVERE.intValue()+100
This level enables logging of information about fatal errors.
SEVERE
This level enables logging of information about errors that might allow Oracle Identity Manager to continue running.
WARNING
This level enables logging of information about potentially harmful situations.
INFO
This level enables logging of messages that highlight the progress of the application.
CONFIG
This level enables logging of information about fine-grained events that are useful for debugging.
FINE, FINER, FINEST
These levels enable logging of information about fine-grained events, where FINEST logs information about all events.
These log levels are mapped to ODL message type and level combinations as shown in Table 2-3.
Table 2-3 Log Levels and ODL Message Type:Level Combinations
Log Level | ODL Message Type:Level |
---|---|
SEVERE.intValue()+100 |
INCIDENT_ERROR:1 |
SEVERE |
ERROR:1 |
WARNING |
WARNING:1 |
INFO |
NOTIFICATION:1 |
CONFIG |
NOTIFICATION:16 |
FINE |
TRACE:1 |
FINER |
TRACE:16 |
FINEST |
TRACE:32 |
The configuration file for OJDL is logging.xml, which is located at the following path:
DOMAIN_HOME/config/fmwconfig/servers/OIM_SERVER/logging.xml
Here, DOMAIN_HOME and OIM_SERVER are the domain name and server name specified during the installation of Oracle Identity Manager.
To enable logging in Oracle WebLogic Server:
Edit the logging.xml file as follows:
Add the following blocks in the file:
<log_handler name="ebs-um-handler" level='[LOG_LEVEL]' class='oracle.core.ojdl.logging.ODLHandlerFactory'> <property name='logreader:' value='off'/> <property name='path' value='[FILE_NAME]'/> <property name='format' value='ODL-Text'/> <property name='useThreadName' value='true'/> <property name='locale' value='en'/> <property name='maxFileSize' value='5242880'/> <property name='maxLogSize' value='52428800'/> <property name='encoding' value='UTF-8'/> </log_handler>
<logger name='ORG.IDENTITYCONNECTORS.EBS' level='[LOG_LEVEL]' useParentHandlers='false'>
<handler name='ebs-um-handler'/>
<handler name='console-handler'/>
</logger>
Replace both occurrences of [LOG_LEVEL]
with the ODL message type and level combination that you require. Table 2-3 lists the supported message type and level combinations.
Similarly, replace [FILE_NAME]
with the full path and name of the log file in which you want log messages to be recorded.
The following blocks show sample values for [LOG_LEVEL]
and [FILE_NAME]
:
<log_handler name='ebs-um-handler' level='NOTIFICATION:1' class='oracle.core.ojdl.logging.ODLHandlerFactory'> <property name='logreader:' value='off'/> <property name='path' value='F:\MyMachine\middleware\user_projects\domains\base_domain1\servers\oim_server1\logs\oim_server1-diagnostic-1.log'/> <property name='format' value='ODL-Text'/> <property name='useThreadName' value='true'/> <property name='locale' value='en'/> <property name='maxFileSize' value='5242880'/> <property name='maxLogSize' value='52428800'/> <property name='encoding' value='UTF-8'/> </log_handler> <logger name='ORG.IDENTITYCONNECTORS.EBS' level='NOTIFICATION:1' useParentHandlers='false'> <handler name='ebs-um-handler'/> <handler name='console-handler'/> </logger>
With these sample values, when you use Oracle Identity Manager, all messages generated for this connector that are of a log level equal to or higher than the NOTIFICATION:1
level are recorded in the specified file.
Save and close the file.
Set the following environment variable to redirect the server logs to a file:
For Microsoft Windows:
set WLS_REDIRECT_LOG=FILENAME
For UNIX:
export WLS_REDIRECT_LOG=FILENAME
Replace FILENAME with the location and name of the file to which you want to redirect the output.
Restart the application server.
By default, this connector uses the ICF connection pooling. Table 2-4 lists the connection pooling properties, their description, and default values set in ICF:
Table 2-4 Connection Pooling Properties
Property | Description |
---|---|
Pool Max Idle |
Maximum number of idle objects in a pool. Default value: |
Pool Max Size |
Maximum number of connections that the pool can create. Default value: |
Pool Max Wait |
Maximum time, in milliseconds, the pool must wait for a free object to make itself available to be consumed for an operation. Default value: |
Pool Min Evict Idle Time |
Minimum time, in milliseconds, the connector must wait before evicting an idle object. Default value: |
Pool Min Idle |
Minimum number of idle objects in a pool. Default value: |
If you want to modify the connection pooling properties to use values that suit requirements in your environment, then:
Pool Max Idle.
Note:
Perform the procedure described in this section only if you want to configure the connector to work with a single sign-on solution during reconciliation and provisioning operations.
Before you perform this procedure, ensure that the connector for the LDAP-based repository of your single sign-on solution has been installed in your production environment.
Before performing this procedure, the EBS registration of OID needs to be of Type 4. This prevents EBS attempting to create the user in OID when an EBS UM account or user is provisioned by OIM. This is not required as LDAPSync or a Connector in OIM will have already created the user in OID. If EBS registration of OID has already been performed specifying a different type, then de-register and register again specifying provisioning type = 4.
You must perform the following steps to configure the connector for SSO:
Log in to the Design Console.
Modify the resource object as follows:
Expand Resource Management, and then double-click Resource Object.
In the Name field, enter Oracle EBS User Management
and then click Search.
On the Depends On tab, click Assign.
Select the resource object corresponding to your SSO target (for example, OID User), and then click OK.
Click the Save icon.
Modify the Update SSO Attributes process task to assign an event handler as follows:
Expand Process Management, and then double-click Process Definition.
Search for and open the Oracle EBS UM User process definition.
On the Tasks tab, double-click the Update SSO Attributes process task.
In the Editing Task: Update SSO Attributes dialog box, on the Integration tab, click Add.
The Handler Selection dialog box is displayed.
In the Handler Type region, select the System option, and then select the CopyProcessFormData event handler from the Handler Name region.
Click the Save icon.
In the confirmation dialog box that is displayed, click OK.
The CopyProcessFormData event handler is assigned to the process task.
Modify the Create EBS User process task to assign a generated task as follows:
On the Tasks tab of the Oracle EBS UM User process definition, double-click the Create EBS User process task.
The Editing Task: Create EBS User dialog box is displayed.
On the Responses tab, select the response code SUCCESS.
From the Tasks to Generate region, click Assign.
In the dialog box that is displayed, move the Update SSO Attributes task name from the right column to the left, and then click OK.
The Update SSO Attributes task is assigned to the process task.
Click the Save icon and close the Editing Task: Create EBS User dialog box.
Ensure that the lookup definition corresponding to the LDAP server that you are using exists and contains the right entries. For example, if you are using OID, then ensure the Lookup.Objects.OID User.Oracle EBS User Management.CopyAttributesMap exists and contains the following entry:
Code Key: orclGuid
Decode: SSO GUID
See Preconfigured Lookup Definitions for a list of lookup definitions corresponding to your LDAP server.
Modify the Oracle EBS UM Application Instance as follows:
Log in to the System Administration console.
Create and activate a Sandbox. See Managing Sandboxes in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for instructions on creating and activating a sandbox
Modify the Oracle EBS UM Application Instance to specify the application instance of your SSO target (for example, OID) as a parent instance. See Modifying Application Instance Attributes in Oracle Fusion Middleware Administering Oracle Identity Manager for instructions on modifying an application instance.
Publish the sandbox. See Publishing a Sandbox in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for instructions on publishing a sandbox.
To localize field label that you add to in UI forms:
Log in to Oracle Enterprise Manager.
In the left pane, expand Application Deployments and then select oracle.iam.console.identity.sysadmin.ear.
In the right pane, from the Application Deployment list, select MDS Configuration.
On the MDS Configuration page, click Export and save the archive to the local computer.
Extract the contents of the archive, and open the following files in a text editor:
For Oracle Identity Manager 11g Release 2 PS2 (11.1.2.2.0):
SAVED_LOCATION\xliffBundles\oracle\iam\ui\runtime\BizEditorBundle_en.xlf
For releases prior to Oracle Identity Manager 11g Release 2 PS2 (11.1.2.2.0):
SAVED_LOCATION\xliffBundles\oracle\iam\ui\runtime\BizEditorBundle.xlf
Edit the BizEditorBundle.xlf file in the following manner:
Search for the following text:
<file source-language="en" original="/xliffBundles/oracle/iam/ui/runtime/BizEditorBundle.xlf" datatype="x-oracle-adf">
Replace with the following text:
<file source-language="en" target-language="LANG_CODE"
original="/xliffBundles/oracle/iam/ui/runtime/BizEditorBundle.xlf"
datatype="x-oracle-adf">
In this text, replace LANG_CODE with the code of the language that you want to localize the form field labels. The following is a sample value for localizing the form field labels in Japanese:
<file source-language="en" target-language="ja" original="/xliffBundles/oracle/iam/ui/runtime/BizEditorBundle.xlf" datatype="x-oracle-adf">
Search for the application instance code. This procedure shows a sample edit for Oracle E-Business Suite application instance. The original code is:
<trans-unit id="${adfBundle['oracle.adf.businesseditor.model.util.BaseRuntimeResourceBundle']['persdef.sessiondef.oracle.iam.ui.runtime.form.model.user.entity.userEO.UD_EBS_UM_USRNAME__c_description']}"> <source>User Name</source> <target/> </trans-unit> <trans-unit id="sessiondef.oracle.iam.ui.runtime.form.model.EBSUMForm11.entity.EBSUMForm11EO.UD_EBS_UM_USRNAME__c_LABEL"> <source>User Name</source> <target/> </trans-unit>
Depending on the connector you are using, open the resource file (for example, EBS-UM.properties) from the connector package, and get the value of the attribute from the file, for example, global.udf.UD_EBS_UM_USER_NAME=\u4567d.
Replace the original code shown in Step 6.c with the following:
<trans-unit id="${adfBundle['oracle.adf.businesseditor.model.util.BaseRuntimeResourceBundle']['persdef.sessiondef.oracle.iam.ui.runtime.form.model.user.entity.userEO.UD_EBS_UM_USRNAME__c_description']}"> <source>User Name</source> <target>\u4567d</target> </trans-unit> <trans-unit id="sessiondef.oracle.iam.ui.runtime.form.model.EBSUMForm11.entity.EBSUMForm11EO.UD_EBS_UM_USRNAME__c_LABEL"> <source>User Name</source> <target>\u4567d</target> </trans-unit>
Repeat Steps 6.a through 6.d for all attributes of the process form.
Save the file as BizEditorBundle_LANG_CODE.xlf. In this file name, replace LANG_CODE with the code of the language to which you are localizing.
Sample file name: BizEditorBundle_ja.xlf.
Repackage the ZIP file and import it into MDS.
See Also:
Deploying and Undeploying Customizations in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager, for more information about exporting and importing metadata files
Log out of and log in to Oracle Identity Manager.
If you have already deployed an earlier release of this connector, then upgrade the connector to the current release 11.1.1.5.0. The following sections discuss the procedure to upgrade the connector:
Note:
Upgrade of the EBS UM connector from Oracle EBS UM TCA connector and the plain Oracle EBS UM connector release 9.1.0.7.x to 11.1.1.5.0 is supported.
Before you perform the upgrade procedure, it is strongly recommended that you create a backup of the Oracle Identity Manager database. Refer to the database documentation for information about creating a backup.
As a best practice, first perform the upgrade procedure in a test environment.
Perform the following preupgrade steps:
Perform a reconciliation run to fetch all latest updates to Oracle Identity Manager.
Define the source connector (an earlier release of the connector that must be upgraded) in Oracle Identity Manager. You define the source connector to update the Deployment Manager XML file with all customization changes made to the connector. See Managing Connector Lifecycle in Oracle Fusion Middleware Administering Oracle Identity Manager for more information.
If required, create the connector XML file for a clone of the source connector.
If you are using Oracle Identity Manager release 11.1.2.x, then:
Log in to the Design Console.
Expand Development Tools and then double-click Form Designer.
Create a new version for all child forms in your environment. For example, create a new version for the UD_EBS_RESP child form. This is the child form for Responsibilities.
Open the child form version.
On the Properties tab, except for the Entitlement and OIAParentAttribute properties, delete all the existing properties. In other words, delete all lookup query properties currently associated with the form fields such as Responsibility Name.
For each column name, add the Lookup Code property and set its property value to the corresponding lookup definition name. For example, for the Application Name column, add the Lookup Code property and then set its value to Lookup.EBS.Responsibility.
Repeat Step 4.f for the remaining columns. The following table lists the column names and the corresponding lookup definitions:
Column | Lookup Definition |
---|---|
Application Name |
Lookup.EBS.Application |
Security Group Name |
Lookup.EBS.SecurityGroup |
Role Name |
Lookup.EBS.UMX.Roles |
Make version active.
Create UI form.
Disable all the scheduled jobs by stopping the scheduler service.
Depending on the environment in which you are upgrading the connector, perform one of the following steps:
Staging Environment
Perform the upgrade procedure by using the wizard mode.
Production Environment
Perform the upgrade procedure by using the silent mode.
See Managing Connector Lifecycle in Oracle Fusion Middleware Administering Oracle Identity Manager for detailed information about the wizard and silent modes.
Perform the following procedure:
Download the latest version of this connector from Oracle Technology Network and extract its contents to any directory on the computer hosting Oracle Identity Manager.
Run the Upload JARs utility to post the latest version of the connector bundle JAR file (org.identityconnectors.ebs-1.0.1115.jar) from the /bundle directory of the installation media to the Oracle Identity Manager database.
For Microsoft Windows:
OIM_HOME/server/bin/UploadJars.bat
For UNIX:
OIM_HOME/server/bin/UploadJars.sh
When you run the utility, you are prompted to enter the login credentials of the Oracle Identity Manager administrator, URL of the Oracle Identity Manager host computer, context factory value, type of JAR file being uploaded (specify the JAR type as ICFBundle, option 4
), and the location from which the JAR file is to be uploaded.
Run the Form Version Control (FVC) utility to manage data changes on a form after an upgrade operation. To do so:
In a text editor, open the fvc.properties file located in the OIM_DC_HOME directory and include the following entries:
ResourceObject;Oracle EBS User Management FormName;UD_EBST_USR FromVersion;SPECIFY_THE_VERSION_OF_FORM_THAT_WAS_IN_THE_ACTIVE_STATUS_BEFORE_THE_UPGRADE ToVersion;SPECIFY_THE_VERSION_OF_FORM_THAT_IS_IN_THE_ACTIVE_STATUS_AFTER_THE_UPGRADE
Run the FVC utility. This utility is copied into the following directory when you install the design console:
For Microsoft Windows:
OIM_DC_HOME/fvcutil.bat
For UNIX:
OIM_DC_HOME/fvcutil.sh
When you run this utility, you are prompted to enter the login credentials of the Oracle Identity Manager administrator, and the logger level and log file location.
See Also:
Using the Form Version Control Utility in Oracle Fusion Middleware Administering Oracle Identity Manager for detailed information about the FVC utility
Run the Post Upgrade Script as follows:
Connect to the Oracle Identity Manager database by using the OIM User credentials.
If you are upgrading the Oracle EBS UM TCA connector, then run the PostUpgradeScript_TCAEBSUM.sql script located in the OIM_HOME/server/ConnectorDefaultDirectory/EBSUM_PCKG/upgrade directory.
If you are upgrading the plain EBS UM connector, then run the PostUpgradeScript_PlainEBSUM.sql script located in the OIM_HOME/server/ConnectorDefaultDirectory/EBSUM_PCKG/upgrade directory.
Configure the upgraded IT resource of the source connector. See Configuring the IT Resource for the Target System for information about configuring the IT resource.
Change the literal value for child forms as follows:
Log in to the Design Console.
Expand Process Management, and then double-click Process Definition.
Search for and open the Oracle EBS UM User process definition.
On the Tasks tab, double-click the Add User Responsibility process task.
The Editing Task: Add User Responsibility dialog box is displayed.
On the Integration tab, double-click the childTableName adapter variable.
The Edit Mapping for Variable dialog box is displayed.
UD_EBST_RSP.
UD_EBS_RSP.
Click the Save icon and close the dialog box.
Repeat Steps 6.d through 6.g for the Update User Responsibility and Remove User Responsibility process tasks.
UD_EBST_RLS
:
UD_EBS_RLS
:
Change the name of the child form in the Lookup.Oracle EBS UM.UM.ProvAttrMap lookup definition as follows:
Expand Administration, and then double-click Lookup Definition.
Search for and open the Lookup.Oracle EBS UM.UM.ProvAttrMap lookup definition.
UD_EBST_RSP.
For example, replace the UD_UM_RESP~Application Name[LOOKUP] entry with UD_EBST_RSP~Application Name[LOOKUP].
Similarly, search for all entries beginning with UD_UM_ROLE and replace it with UD_EBST_RLS.
For example, replace the UD_UM_ROLE~Role Start Date[DATE] entry with UD_EBST_RLS~Role Start Date[DATE].
UD_EBS_RSP.
For example, replace the UD_UM_RESP~Application Name[LOOKUP] entry with UD_EBS_RESP~Application Name[LOOKUP].
Similarly, search for all entries beginning with UD_UM_ROLE and replace it with UD_EBS_RLS.
For example, replace the UD_UM_ROLE~Role Start Date[DATE] entry with UD_EBS_RLS~Role Start Date[DATE].
Click the Save icon.
Modify the UD_EBS_UM Updated process task to set itResourceFieldName adapter variable as follows:
Expand Process Management, and then double-click Process Definition.
Search for and open the Oracle EBS UM User process definition.
On the Tasks tab, double-click the UD_EBS_UM Updated process task.
The Editing Task: UD_EBS_UM Updated dialog box is displayed.
Click the Save icon and close the dialog box.
Click the Save icon of the task and close the task.
Click the Save icon of the process definition.
Expand Development Tools, and then double-click Form Designer.
Search for and open the UD_EBST_USR form.
Create a new version (for example, v_11.1.1.5.0_1) of the form and save it.
Select the newly created form version.
On the Pre-Populate tab, select the row containing the old prepopulate adapter EBSPrePopFirstName, and then click Delete.
Click OK in the Alert dialog box to confirm that you want to proceed with deleting the prepopulate adapter.
Repeat Steps 9.e and 9.f to delete the EBSPrePopLastName prepopulate adapter associated with the Party Last Name form field.
Click the Save icon and then Click Make Version Active.
Expand Development Tools, and then double-click Form Designer.
Search for and open the UD_EBS_USR form.
Create a new version (for example, v_11.1.1.5.0_1) of the form and save it.
Select the newly created form version.
On the Pre-Populate tab, select the row containing the old prepopulate adapter EBSPrePopSystemDate, and then click Delete.
Click OK in the Alert dialog box to confirm that you want to proceed with deleting the prepopulate adapter.
Click the Save icon and then Click Make Version Active.
Update the localization properties. To do so, you must update the resource bundle of a user locale with new names of the process form attributes for proper translations after upgrading the connector. You can modify the properties file of your locale in the resources directory of the connector bundle.
For example, the process form (UD_EBS_UM) attributes are referenced in the Japanese properties file, EBS-UM_ja.properties, as global.udf.UD_EBS_UM_PARTY_FNAME. During upgrade, the process form name is changed to old form name UD_EBST_USR (in case of EBS UM TCA upgrade) or UD_EBS_USER (in case of EBS Plain UM upgrade) to global.udf.UD_EBS_UM_PARTY_FNAME. Therefore, you must add the process form attributes to global.udf.UD_EBS_UM_PARTY_FNAME.
Restart Oracle Identity Manager. Alternatively, you can purge the cache for the changes to reflect in Oracle Identity Manager. See Purging Cache in Oracle Fusion Middleware Administering Oracle Identity Manager for more information about the PurgeCache utility.
Replicate all the changes made to the Form Designer of the Design Console to a new UI form as follows:
Log in to Oracle Identity System Administration.
Create and active a sandbox. See Creating and Activating a Sandbox for more information.
Create a new UI form to view the upgraded fields. See Creating a New UI Form for more information about creating a UI form.
Associate the newly created UI form with the application instance of your target system. To do so, open the existing application instance for your resource, from the Form field, select the form (created in Step 12.c), and then save the application instance.
Publish the sandbox. See Publishing a Sandbox for more information.
After upgrading the connector, you can perform either full reconciliation or incremental reconciliation. This ensures that records created or modified since the last reconciliation run (the one that you performed in Preupgrade Steps) are fetched into Oracle Identity Manager. From the next reconciliation run onward, the reconciliation engine automatically enters a value for the Latest Token attribute.
Before you perform lookup field synchronization, ensure to remove all preupgrade entries from the lookup definitions Oracle Identity Manager. After upgrade these values must be synchronized with the lookup fields in the target system.
See Performing Full and Incremental Reconciliation for more information about performing full or incremental reconciliation.
You can clone this connector by setting new names for some of the objects that comprise the connector. The outcome of the process is a new connector XML file. Most of the connector objects, such as Resource Object, Process Definition, Process Form, IT Resource Type Definition, IT Resource Instances, Lookup Definitions, Adapters, Reconciliation Rules and so on in the new connector XML file have new names.
Note:
Managing Connector Lifecycle in Oracle Fusion Middleware Administering Oracle Identity Manager for detailed information about cloning connectors and the postcloning steps.
After a copy of the connector is created by setting new names for connector objects, some objects might contain the details of the old connector objects. Therefore, you must modify the following Oracle Identity Manager objects to replace the base connector artifacts or attribute references with the corresponding cloned artifacts or attributes:
IT Resource
The cloned connector has its own set of IT resources. You must configure both the cloned connector IT resources and ensure you use the configuration lookup definition of the cloned connector.
Scheduled Job
The values of the Resource Object Name and IT Resource scheduled job attributes in the cloned connector refer to the values of the base connector. Therefore, these values (values of the Resource Object Name and IT resource scheduled job attributes that refer to the base connector) must be replaced with the new cloned connector artifacts.
Lookup Definition
The cloned lookup definition (for example, Lookup.Oracle EBS UMClone.UM.ProvAttrMap) corresponding to the Lookup.Oracle EBS UM.UM.ProvAttrMap lookup definition has Code Key entries related to child form fields that still map to the old child form fields. You must change the values of these Code Key entries so that they map to the cloned child form fields.
For example, consider UD_UM_ROL1 and UD_UM_RES1 to be the cloned child forms of the UD_UM_ROLE and UD_UM_RESP child forms respectively. After cloning, the Lookup.Oracle EBS UMClone.UM.ProvAttrMap lookup definition contains Code Key entries that correspond to the fields of the old child form UD_UM_ROLE and UD_UM_RESP respectively. To ensure that the Code Key entries point to the fields of the cloned child form (UD_UM_ROL1 and UD_UM_RES1), specify the following values in the corresponding Code Key columns:
UD_UM_ROL1~Application Name[LOOKUP]
UD_UM_ROL1~Role Expiration Date[DATE]
UD_UM_ROL1~Role Name[LOOKUP]
UD_UM_ROL1~Role Start Date[DATE]
UD_UM_RES1~Application Name[LOOKUP]
UD_UM_RES1~Responsibility Description
UD_UM_RES1~Responsibility End Date[DATE]
UD_UM_RES1~Responsibility Name[LOOKUP]
UD_UM_RES1~Responsibility Start Date[DATE]
UD_UM_RES1~Security Group[LOOKUP]
Process Tasks
You must change the literal value of the childTableName adapter variable from UD_UM_ROLE and UD_UM_RESP to the cloned form names UD_UM_ROL1 anUD_UM_RES1, respectively in the following process tasks:
Add User Responsibility Process Task
Add User Role Process Task
Update User Responsibility Process Task
Update User Role Process Task
Remove User Responsibility Process Task
Remove User Role Process Task
You must change the literal value of the parent form from UD_EBS_UM to the cloned form name UD_EBS_U1 in the UD_EBS_UM Updated in the Bulk adapter process task.
Localization Properties
You must update the resource bundle of a user locale with new names of the process form attributes for proper translations after cloning the connector. You can modify the properties file of your locale in the resources directory of the connector bundle.
For example, the process form (UD_EBS_UM) attributes are referenced in the Japanese properties file, EBS-UM_ja.properties, as global.udf.UD_EBS_UM_PARTY_FNAME. During cloning, if you change the process form name from UD_EBS_UMCLONED to global.udf.UD_EBS_UMCLONED _PARTY_FNAME, then you must add the process form attributes to global.udf.UD_EBS_UM_PARTY_FNAME.
Replicate changes made to the form designer to a new UI form
To do so, perform the procedure described in Postupgrade Steps.