B Lookup Definitions Used During Connector Operations

Lookup definitions used during reconciliation and provisioning are either preconfigured or can be synchronized with the target system.

This section discusses the following categories of lookup definitions:

• Predefined Lookup Definitions
• Lookup Definitions Synchronized with the Target System

B.1 Predefined Lookup Definitions

Preconfigured lookup definitions are the other lookup definitions that are created in Oracle Identity Manager when you deploy the connector. These lookup definitions are either prepopulated with values or values must be manually entered in them after the connector is deployed.

The other lookup definitions are as follows:

• Lookup.RESOURCE.Configuration
• Lookup.RESOURCE.UM.Configuration
• Lookup.RESOURCE.UM.ReconAttrMap
• Lookup.RESOURCE.UM.ProvAttrMap
• Lookup.RESOURCE.UM.ReconAttrMap.Defaults

Note:

RESOURCE has been used as a place holder text for IT resource name. Therefore, replace all instances of RESOURCE in this guide with the value that you specified for the itResourceName entry in the GenericRestConfiguration.groovy file. See About the dateAttributeList, entitlementAttributeList, lookupAttributeList, and alias Entries of the Groovy File for more information about entries in the GenericRestConfiguration.groovy file.

B.1.1 Lookup.RESOURCE.Configuration

The Lookup.RESOURCE.Configuration lookup definition holds connector configuration entries that are used during reconciliation (both trusted source and target resource) and provisioning operations. Table B-1 lists the entries in this lookup definition.

Table B-1 Entries in the Lookup.RESOURCE.Configuration Lookup Definition

Code Key	Decode	Description
Bundle Name	org.identityconnectors.genericrest	This entry holds the name of the connector bundle package. Do not modify this entry.
Bundle Version	1.0.11150	This entry holds the version of the connector bundle class. Do not modify this entry.
Connector Name	org.identityconnectors.genericrest.GenericRESTConnector	This entry holds the name of the connector class. Do not modify this entry.
User Configuration Lookup	Lookup.RESOURCE.UM.Configuration	This entry holds the name of the lookup definition that contains configuration information specific to the user object type.

B.1.2 Lookup.RESOURCE.UM.Configuration

The Lookup.RESOURCE.UM.Configuration lookup definition contains entries specific to the user object type. This lookup definition is preconfigured. Table B-2 lists the default entries in this lookup definition when you have configured your target system as a target resource.

Table B-2 Entries in the Lookup.RESOURCE.UM.Configuration Lookup Definition for a Target Resource Configuration

Code Key	Decode
Provisioning Attribute Map	Lookup.RESOURCE.UM.ProvAttrMap
Recon Attribute Map	Lookup.RESOURCE.UM.ReconAttrMap

Table B-3 lists the default entries in this lookup definition when you have configured your target system as a trusted source.

Table B-3 Entries in the Lookup.RESOURCE.UM.Configuration Lookup Definition for a Trusted Source Configuration

Code Key	Decode
Recon Attribute Map	Lookup.RESOURCE.UM.ReconAttrMap
Recon Attribute Defaults	Lookup.RESOURCE.UM.ReconAttrMap.Defaults

B.1.3 Lookup.RESOURCE.UM.ReconAttrMap

The Lookup.RESOURCE.UM.ReconAttrMap lookup definition holds mappings between resource object fields and target system attributes.

Depending on whether you have configured your connector for the target resource mode or trusted source mode, this lookup definition is used during target resource or trusted source user reconciliation runs, respectively.

If you have configured the connector for target resource mode:

The following is the format of the Code Key and Decode values in this lookup definition:

For single-valued attributes:

• Code Key: Reconciliation attribute of the resource object against which target resource user reconciliation runs must be performed

• Decode: Corresponding target system attribute name

For multivalued attributes:

• Code Key: RO_ATTR_NAME~ATTR_NAME[LOOKUP]

  In this format:

  • RO_ATTR_NAME specifies the reconciliation field for the child table.

  • ATTR_NAME is the name of the multivalued attribute.

  • [LOOKUP] is a keyword that is appended to the code key value if the child data is picked from a lookup or declared as an entitlement.

• Decode: Corresponding target system attribute name

  EMBED_OBJ_NAME~RELATION_TABLE_NAME~ATTR_NAME

  In this format:

  • EMBED_OBJ_NAME is the name of the object (for example, an account's address) on the target system that is embedded in another object.

  • RELATION_TABLE_NAME is the name of child table in the target system.

  • ATTR_NAME is the name of the column in the child table corresponding to the multivalued attribute in the Code Key column.

If you have configured your connector for trusted source mode:

The following is the format of the Code Key and Decode values in this lookup definition:

• Code Key: Reconciliation attribute of the resource object against which trusted source user reconciliation runs must be performed

• Decode: Corresponding target system attribute name

The entries in this lookup definition depend on the data available in the target system. The entries of this lookup definition are populated based on the values specified for the alias entry in the GenericRestConfiguration.groovy file. See About the dateAttributeList, entitlementAttributeList, lookupAttributeList, and alias Entries of the Groovy File for more information about the alias entry.

B.1.4 Lookup.RESOURCE.UM.ProvAttrMap

The Lookup.RESOURCE.UM.ProvAttrMap lookup definition holds mappings between process form fields and target system attribute names. This lookup definition is used for performing provisioning operations.

The following is the format of the Code Key and Decode values in this lookup definition:

• Code Key: Name of the label on the process form

• Decode: Corresponding target system attribute name

For entries corresponding to child form fields, the following is the format of the Code Key and Decode values:

• Code Key: CHILD_FORM_NAME~FIELD_NAME

  In this format:

  • CHILD_FORM_ NAME specifies the name of the child form.

  • FIELD_NAME specifies the name of the label on the child form.

• Decode: Combination of the following elements separated by the tilde (~) character:

  EMBED_OBJ_NAME~RELATION_TABLE_NAME~COL_NAME

  In this format:

  • EMBED_OBJ_NAME is the name of the object (for example, an account's address) on the target system that is embedded in another object.

  • COL_NAME is the name of the column in the child table corresponding to the child form specified in the Code Key column.

  • RELATION_TABLE_NAME is the name of child table in the target system.

The entries in this lookup definition depend on the data available in the target system. The values in the lookup definition are populated based on the value specified for the alias entry in the GenericRestConfiguration.groovy file. See About the dateAttributeList, entitlementAttributeList, lookupAttributeList, and alias Entries of the Groovy File for more information about the alias entry.

B.1.5 Lookup.RESOURCE.UM.ReconAttrMap.Defaults

The Lookup.RESOURCE.UM.ReconAttrMap.Defaults lookup definition holds default values of the mandatory fields on the OIM User form that are not mapped with the target system attributes. This lookup definition is created only if you have configured the connector for the trusted source mode.

The Lookup.RESOURCE.UM.ReconAttrMap.Defaults lookup definition is used when there is a mandatory field on the OIM User form, but no corresponding attribute in the target system from which values can be fetched during trusted source reconciliation runs. In addition, this lookup definition is used if the mandatory field on the OIM User form has a corresponding column that is empty or contains null values.

The following is the format of the Code Key and Decode values in this lookup definition:

• Code Key: Name of the user field in Identity Self Service.

• Decode: Corresponding default value to be displayed.

For example, the Role field is a mandatory field on the OIM User form. Suppose the target system contains no attribute that stores information about the role for a user account. During reconciliation, no value for the Role field is fetched from the target system. However, as the Role field cannot be left empty, you must specify a value for this field. Therefore, the Decode value of the Role Code Key has been set to Full-Time. This implies that the value of the Role field on the OIM User form displays Full-Time for all user accounts reconciled from the target system.

Table B-4 lists the default entries in this lookup definition.

Table B-4 Entries in the Lookup.RESOURCE.UM.ReconAttrMap.Defaults Lookup Definition

Code Key	Decode
Role	Full-Time
Organization Name	Xellerate Users
Xellerate Type	End-User

B.2 Lookup Definitions Synchronized with the Target System

During a provisioning operation, you use a lookup field on the process form to specify a single value from a set of values. For example, you may want to select a role from a lookup field (displaying a set of roles) to specify the role being assigned to the user.

While configuring the GenericRestConfiguration.groovy file, if you specified a value for the lookupAttributeList entry, then the connector creates a lookup definition for every target system attribute specified in this entry and then associates it with the corresponding lookup field on the OIM User process form. The connector creates a lookup definition named in the following format:

Lookup.${IT_RES_NAME}.${FIELD_NAME}

In this format, the connector replaces:

• IT_RES_NAME with the value of the itResourceDefName entry in the GenericRestConfiguration.groovy file.

• FIELD_NAME with the name of the field for which the lookup field is created.

Lookup field synchronization involves copying additions or changes made to the target system attributes (listed in the lookupAttributeList entry) into corresponding lookup definitions (used as an input source for lookup fields) in Oracle Identity Manager. This is achieved by running scheduled jobs for lookup field synchronization.

The following example illustrates the list of lookup definitions created for a given lookupAttributeList value:

Suppose the value of the itResourceDefName entry is GenRest. If the value of the lookupAttributeList entry is ['Roles', 'Groups'], then the connector creates the following lookup definitions:

• Lookup.GenRest.Roles

• Lookup.GenRest.Groups

After you perform lookup field synchronization, data in the lookup definition is stored in the following format:

• Code Key value: IT_RESOURCE_KEY~LOOKUP_FIELD_ID

  In this format:

  • IT_RESOURCE_KEY is the numeric code assigned to each IT resource in Oracle Identity Manager.

  • LOOKUP_FIELD_ID is the target system code assigned to each lookup field entry. This value is populated based on the target system attribute name specified in the Code Key attribute of the scheduled job for lookup field synchronization.

  Sample value: 1~SA

• Decode value: IT_RESOURCE_NAME~LOOKUP_FIELD_ID

  In this format:

  • IT_RESOURCE_NAME is the name of the IT resource in Oracle Identity Manager.

  • LOOKUP_FIELD_ID is the target system code assigned to each lookup field entry. This value is populated based on the target system attribute name specified in the Decode attribute of the scheduled job for lookup field synchronization.

  Sample value: GenRest~SYS_ADMIN

  See Also::

  Scheduled Job for Lookup Field Synchronization for information about the attributes of the scheduled job for lookup field synchronization