Go to main content
|
|
You can extend the functionality of the connector to address your specific business requirements.
This chapter contains the following sections:
You can add new attributes such as Customer Id to the existing set of attributes. For this, you need to add new parameters to wrapper procedure and then update the reconciliation query to include the new attribute.
By default, the attributes listed in Table 3-3 are mapped for reconciliation and provisioning between Oracle Identity Manager and the target system. If required, you can map additional single-valued attributes for reconciliation and provisioning.
The following sections describe the procedures to be performed for adding new single-valued attributes:
The following is a summary of high-level steps to be performed to add a new attribute for reconciliation and provisioning:
You must extend the connector schema to include new attributes for reconciliation and provisioning. This section discusses the following topics:
You can extend the connector schema by adding new attributes to the get_schema() stored procedure in the OIM_FND_USER_TCA_PKG.pck wrapper package. Extending the connector schema requires you to understand the following concepts:
Attribute initialization
The following initialization statement reserves an internal array that holds attribute definitions of the connector schema:
attr.extend(
NUM
);
Here, NUM defines the size of the array that is to be initialized. The size of the array must always be greater than or equal to the number of attributes defined. For example, the initialization statement attr.extend(20);
reserves an internal array of 20 attributes for initialization.
Attribute definition
After initialization, you define the information for each attribute by adding a statement in the following format:
attr (ORD_NO) := attributeinfo(ATTR_NAME,ATTR_TYPE,CREATE_FLAG,UPDATE_FLAG,REQUIRED_FLAG,READ_FLAG);
In this format:
ORD_NO is the order of the attribute in the array. This is mandatory.
ATTR_NAME is the name of single-valued attribute.
ATTR_TYPE is the SQL datatype of the single-valued attribute.
CREATE_FLAG is a flag to represent whether the attribute is required during a create provisioning operation.
UPDATE_FLAG is a flag to represent whether the attribute can be updated.
REQUIRED_FLAG is a flag to represent whether the attribute is mandatory.
READ_FLAG is flag to represent whether the attribute can be read.
A value of 1
or 0
for each flag denotes True or False, respectively. For example, a value 1, 0, 1, 0
for the flags means that the attribute is a mandatory attribute and must be considered during create provisioning operations.
Attribute array extension
You can increase the array size post initialization by including the following statement:
attr.extend;
Each inclusion of this statement increments the array size by 1.
You must extend the connector schema by updating the DB wrapper package to include the new attribute for reconciliation and provisioning as follows:
Open any SQL client (for example, SQL Developer) and connect to the target system database using the apps user.
Open the body of the OIM_FND_USER_TCA_PKG.pck wrapper package.
Select the get_schema() stored procedure. The list of attributes defined in the stored procedure is displayed.
If the number of attributes defined exceeds the number of attributes initialized, then:
Add the following attribute initialization statement:
attr.extend;
Enter the definition for the new attribute that you want to add in the following format:
attr (ORD_NO) := attributeinfo(ATTR_NAME,ATTR_TYPE,CREATE_FLAG,UPDATE_FLAG,REQUIRED_FLAG,READ_FLAG);
For example, if you are adding a new attribute to hold the customer Id for a user account, then include the following statements:
attr.extend; attr (28) := attributeinfo('CUSTOMER_ID','varchar2',1,1,0,1);
In this example, a value of 1,1,0,1
for the flags means that the CUSTOMER_ID attribute is required during create provisioning operations, it can be updated and read.
If the number of attributes defined does not exceed the number of attributes initialized then add only the definition for the new attribute. For example, attr (28) := attributeinfo('CUSTOMER_ID','varchar2',1,1,0,1);
Re-compile the wrapper package.
You must update the connector artifacts to include the new single-valued attribute added in Extending the Connector SchemaUpdating connector artifacts involves performing the following procedures:
You must add the new single-valued attribute as a field on the process form as follows:
Update the resource object to add a reconciliation field corresponding to the new single-valued attribute created in Creating a Process Form Field as follows:
Customer Id.
Create a reconciliation field mapping for the single-valued attribute in the process definition as follows:
Add an entry for the attribute in the lookup definition for reconciliation attribute mapping as follows:
Add an entry for the attribute in the lookup definition for provisioning attribute mapping as follows:
Customer Id.
CUSTOMER_ID.
Create a reconciliation profile to copy all the changes made to the resource object (in the earlier section) into MDS:
Update the search.properties file to include the newly added single-valued attribute as follows:
In order to support the newly added attribute (Customer Id) during create and update provisioning operations, you must update the stored procedure that is invoked in the Procedures.properties file. To do so:
In a text editor, open the Procedures.properties file for editing.
Search for and determine the names of wrapper packages and stored procedures used for invoking the create person and update person provisioning operations. For example, OIM_FND_USER_TCA_PKG.CREATEUSER and OIM_FND_USER_TCA_PKG.UPDATEUSER are the wrapper packages and stored procedures used for the create user and update user provisioning operations.
Update the stored procedures determined in the earlier step as follows:
Open any SQL client (for example, SQL Developer) and connect to the target system database using the apps user.
Open the wrapper package and add the newly added attribute (for example, Customer Id) to the create user and update user stored procedures. For example, open the OIM_FND_USER_TCA_PKG package and add the newly added attribute to the CreateUser and UpdateUser stored procedures.
The following screenshot highlights the stored procedures that must be updated in the OIM_FND_USER_TCA_PKG package to include the newly added attribute:
Select the CreateUser stored procedure and update the input parameters to include the newly added attribute.
The following screenshot highlights the newly added attribute (customer_id) in the CreateUser stored procedure:
Select the UpdateUser stored procedure and update the input parameters to include the newly added attribute.
The following screenshot highlights the newly added attribute (customer_id) in the UpdateUser stored procedure:
Open OIM_FND_USER_TCA_PKG Body and select the CreateUser stored procedure.
Update the CreateUser API call in the procedure with the newly added attribute.
The following screenshots that show the updated CreateUser API:
Repeat Steps 3.3.c through 3.3.f to update the UPDATEUSER stored procedure to include the newly added attribute.
Re-compile the wrapper package.
This completes the procedure to add a new single-valued attribute for reconciliation and provisioning.
You can add new multivalued attributes for reconciliation and provisioning.
By default, the attributes listed in Table 3-3 are mapped for reconciliation and provisioning between Oracle Identity Manager and the target system. If required, you can map additional multivalued attributes for reconciliation and provisioning. The following sections describe the procedures to be performed for adding new multivalued attributes. The Security Attributes multivalued attribute has been used as an example to illustrate these procedures.
The following a summary of high-level steps to be performed to add a new multivalued attribute for reconciliation and provisioning:
You must extend the connector schema to include a new multivalued attribute for reconciliation and provisioning. To do so:
You must extend the metadata of Oracle Identity Manager to include the new attribute added in Extending the Connector Schema. Extending Oracle Identity manager metadata involves performing the following procedures:
You must create lookup definitions for the new attribute, added in Extending the Connector Schema, as follows:
Update the parent process form of the newly added attribute as follows:
Add an entry for the new attribute in the lookup definition for reconciliation attribute mapping as follows:
Add an entry for the attribute in the lookup definition for provisioning attribute mapping as follows:
In the resource object, add the reconciliation field corresponding to the new attribute as follows:
Create a reconciliation field mapping for the newly added attribute in the process definition as follows:
Replicate all the changes made to the Form Designer of the Design Console to a new UI form as follows:
Note:
Perform the procedure described in this section for lookup schedule job that is used for any lookup attribute that can be a parent attribute or a child attribute.
You must create scheduled jobs for synchronizing values in the target system attributes (corresponding to the newly created multivalued field) with the lookup definitions created Creating Lookup Definitions. To do so:
You must update the connector bundle (org.identityconnectors.ebs-1.0.1115.jar) to include all the updates made in the earlier sections. To do so:
You can configure transformation of reconciled single-valued account data according to your requirements.
Note:
This section describes an optional procedure. Perform this procedure only if you want to configure transformation of data during reconciliation.
You can configure transformation of reconciled single-valued data according to your requirements. For example, you can use email to create a different value for the Email field in Oracle Identity Manager.
To configure transformation of data:
Write code that implements the required transformation logic in a Java class.
The following sample transformation class creates a value for the Email attribute by using values fetched from the EMAIL_ADDRESS column of the target system:
package oracle.iam.connectors.common.transform; import java.util.HashMap; public class TransformAttribute { /* Description:Abstract method for transforming the attributes param hmUserDetails<String,Object> HashMap containing parent data details param hmEntitlementDetails <String,Object> HashMap containing child data details */ public Object transform(HashMap hmUserDetails, HashMap hmEntitlementDetails,String sField) { /* * You must write code to transform the attributes. Parent data attribute values can be fetched by using hmUserDetails.get("Field Name"). *To fetch child data values, loop through the * ArrayList/Vector fetched by hmEntitlementDetails.get("Child Table") * Return the transformed attribute. */ String sEmail= "trans" + (String)hmUserDetails.get(sField); return sEmail; } }
Create a JAR file to hold the Java class.
Run the Oracle Identity Manager Upload JARs utility to post the JAR file to the Oracle Identity Manager database. This utility is copied into the following location when you install Oracle Identity Manager:
Note:
Before you use this utility, verify that the WL_HOME
environment variable is set to the directory in which Oracle WebLogic Server is installed.
For Microsoft Windows:
OIM_HOME/server/bin/UploadJars.bat
For UNIX:
OIM_HOME/server/bin/UploadJars.sh
When you run the utility, you are prompted to enter the login credentials of the Oracle Identity Manager administrator, URL of the Oracle Identity Manager host computer, context factory value, type of JAR file being uploaded, and the location from which the JAR file is to be uploaded. Specify 1 as the value of the JAR type.
Create a lookup definition for transformation and add an entry to it as follows:
Log in to the Design Console.
Expand Administration, and then double-click Lookup Definition.
In the Code field, enter Lookup.Oracle EBS UM.UM.ReconTransformation
as the name of the lookup definition.
Select the Lookup Type option.
On the Lookup Code Information tab, click Add.
A new row is added.
In the Code Key column, enter the name of the resource object field into which you want to store the transformed value. For example: Email.
In the Decode column, enter the name of the class that implements the transformation logic. For example, oracle.iam.connectors.common.transform.TransformAttribute.
Save the changes to the lookup definition.
Add an entry in the Lookup.Oracle EBS UM.UM.Configuration lookup definition to enable transformation as follows:
Expand Administration, and then double-click Lookup Definition.
Search for and open the Lookup.Oracle EBS UM.UM.Configuration lookup definition.
Create an entry that holds the name of the lookup definition used for transformation as follows:
Code Key: Recon Transformation Lookup
Decode: Lookup.Oracle EBS UM.UM.ReconTransformation
Save the changes to the lookup definition.
You can configure validation of reconciled and provisioned single-valued data according to your requirements.
For example, you can validate data fetched from the Email attribute to ensure that it does not contain the number sign (#). In addition, you can validate data entered in the First Name field on the process form so that the number sign (#) is not sent to the target system during provisioning operations.
For data that fails the validation check, the following message is displayed or recorded in the log file:
oracle.iam.connectors.icfcommon.recon.SearchReconTask : handle : Recon event skipped, validation failed [Validation failed for attribute: [FIELD_NAME]]
To configure validation of data:
Write code that implements the required validation logic in a Java class.
The following sample validation class checks if the value in the Email attribute contains the number sign (#):
package com.validate; import java.util.*; public class MyValidation { public boolean validate(HashMap hmUserDetails, HashMap hmEntitlementDetails, String field) { /* * You must write code to validate attributes. Parent * data values can be fetched by using hmUserDetails.get(field) * For child data values, loop through the * ArrayList/Vector fetched by hmEntitlementDetails.get("Child Table") * Depending on the outcome of the validation operation, * the code must return true or false. */ /* * In this sample code, the value "false" is returned if the field * contains the number sign (#). Otherwise, the value "true" is * returned. */ boolean valid=true; String sEmail=(String) hmUserDetails.get(field); for(int i=0;i<sEmail.length();i++){ if (sEmail.charAt(i) == '#'){ valid=false; break; } } return valid; } }
Create a JAR file to hold the Java class.
Run the Oracle Identity Manager Upload JARs utility to post the JAR file to the Oracle Identity Manager database. This utility is copied into the following location when you install Oracle Identity Manager:
Note:
Before you use this utility, verify that the WL_HOME
environment variable is set to the directory in which Oracle WebLogic Server is installed.
For Microsoft Windows:
OIM_HOME/server/bin/UploadJars.bat
For UNIX:
OIM_HOME/server/bin/UploadJars.sh
When you run the utility, you are prompted to enter the login credentials of the Oracle Identity Manager administrator, URL of the Oracle Identity Manager host computer, context factory value, type of JAR file being uploaded, and the location from which the JAR file is to be uploaded. Specify 1 as the value of the JAR type.
If you created the Java class for validating a process form field for reconciliation, then:
Log in to the Design Console.
Expand Administration, and then double-click Lookup Definition.
In the Code field, enter Lookup.Oracle EBS UM.UM.ReconValidation
as the name of the lookup definition.
Select the Lookup Type option.
On the Lookup Code Information tab, click Add.
A new row is added.
In the Code Key column, enter the resource object field name. For example, Email.
In the Decode column, enter the class name. For example, com.validate.MyValidation.
Save the changes to the lookup definition.
Search for and open the Lookup.Oracle EBS UM.UM.Configuration lookup definition.
Create an entry with the following values:
Code Key: Recon Validation Lookup
Decode: Lookup.Oracle EBS UM.UM.ReconValidation
Save the changes to the lookup definition.
If you created the Java class for validating a process form field for provisioning, then:
Log in to the Design Console.
Expand Administration, and then double-click Lookup Definition.
In the Code field, enter Lookup.Oracle EBS UM.UM.ProvValidation
as the name of the lookup definition.
Select the Lookup Type option.
On the Lookup Code Information tab, click Add.
A new row is added.
In the Code Key column, enter the process form field name. In the Decode column, enter the class name.
Save the changes to the lookup definition.
Search for and open the Lookup.Oracle EBS UM.UM.Configuration lookup definition.
Create an entry with the following values:
Code Key: Provisioning Validation Lookup
Decode: Lookup.Oracle EBS UM.UM.ProvValidation
Save the changes to the lookup definition.