JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Identity Analytics System Integrator's Guide 11g Release 1
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Preface

1.  Integrating With Oracle Identity Manager, Preferred Method

2.  Integrating With Oracle Identity Manager, Deprecated Method

3.  Integrating With Oracle Waveset (Sun Identity Manager)

Overview

Integration Architecture

Integrating Oracle Identity Analytics With Oracle Waveset

To Configure Oracle Identity Analytics and Oracle Waveset to Work Together

Step 1: To Import the Oracle Waveset SPML Exchange File

Step 2: To Create a Oracle Identity Analytics User That Oracle Waveset Will use to Connect

Step 3: To Create an Oracle Waveset User That Oracle Identity Analytics Will use to Connect

Step 4: To Designate Oracle Waveset as the Provisioning Server

Step 5: To Configure Oracle Waveset to use Oracle Identity Analytics Web Services

Step 6: To Configure the User Deferred Task Scanner

Step 7: To Configure the User Form so That Oracle Identity Analytics can Authenticate Over SPML

Populating Oracle Identity Analytics With User Information From Oracle Waveset

Use Case 1: Importing Global Users From Oracle Waveset Into Oracle Identity Analytics

To Import Users From Oracle Waveset Into Oracle Identity Analytics

Use Case 2: Importing Resource Metadata From Oracle Waveset Into Oracle Identity Analytics

To Import Resource Metadata From Oracle Waveset Into Oracle Identity Analytics

Use Case 3: Importing Resources From Oracle Waveset Into Oracle Identity Analytics

To Import Resources From Oracle Waveset Into Oracle Identity Analytics

Use Case 4: Importing User Accounts From Oracle Waveset Into Oracle Identity Analytics

To Import Accounts From Oracle Waveset Into Oracle Identity Analytics

Use Case 5: Importing Roles From Oracle Waveset Into Oracle Identity Analytics

To Import Role From Oracle Waveset Into Oracle Identity Analytics

Populating Oracle Waveset With Roles Information From Oracle Identity Analytics

Use Case 1: Exporting Roles From Oracle Identity Analytics to Oracle Waveset

To Export Roles to Oracle Waveset

Understanding Closed Loop Compliance

To Configure Resources in Oracle Identity Analytics for Remediation

To Configure Certifications in Oracle Identity Analytics for Remediation

Oracle Waveset Sample Workflows

Oracle Identity Analytics Web Services

Troubleshooting

System Logs

4.  Integrating With Other Provisioning Servers

5.  Authenticating With LDAP

6.  Integrating With Intellitactics Security Manager

7.  Configuring Oracle Identity Analytics For Web Access Control

8.  Customizing The Oracle Identity Analytics User Interface

A.  Oracle Waveset Sample Workflows

Integrating Oracle Identity Analytics With Oracle Waveset

This section describes how to configure Oracle Identity Analytics and Oracle Waveset so that the two products can be used together.

To Configure Oracle Identity Analytics and Oracle Waveset to Work Together

Before You Begin -

  1. In Oracle Waveset, import the SPML Exchange File so that Oracle Waveset can receive (and respond to) SPML requests sent from Oracle Identity Analytics. The SPML Exchange File (rm_idm_init.xml) is supplied with Oracle Identity Analytics.

    See Step 1: To Import the Oracle Waveset SPML Exchange File for details.

  2. In Oracle Identity Analytics, create an Oracle Identity Analytics user that Oracle Waveset will use to connect to Oracle Identity Analytics using Web Services. See Step 2: To Create a Oracle Identity Analytics User That Oracle Waveset Will use to Connect for details.

  3. In Oracle Waveset, create an Oracle Waveset user that Oracle Identity Analytics will use to invoke SPML calls to Oracle Waveset. See Step 3: To Create an Oracle Waveset User That Oracle Identity Analytics Will use to Connect for details.

  4. In Oracle Identity Analytics, designate Oracle Waveset as the provisioning server.

    See Step 4: To Designate Oracle Waveset as the Provisioning Server for details.

  5. In Oracle Waveset, add Oracle Identity Analytics Web Services so that Oracle Waveset can send requests to (and receive responses from) Oracle Identity Analytics.

    See Step 5: To Configure Oracle Waveset to use Oracle Identity Analytics Web Services for details.

  6. In Oracle Waveset, configure the User Deferred Task Scanner. This step is required so that real-time Separation of Duties (SoD) processing will work properly.

    See Step 6: To Configure the User Deferred Task Scanner for details.

  7. In Oracle Waveset, configure the User Form so that Oracle Identity Analytics can authenticate over SPML.

    See Step 7: To Configure the User Form so That Oracle Identity Analytics can Authenticate Over SPML for details.

  8. Configure Oracle Identity Analytics for closed loop remediation. For details, see Understanding Closed Loop Compliance.

Step 1: To Import the Oracle Waveset SPML Exchange File

  1. Copy the rm_idm_init.xml file, which is located in the Oracle Identity Analytics conf/spml directory, to the Oracle Waveset server.

  2. Log in to Oracle Waveset.

  3. Choose Configure > Import Exchange File.

  4. Click Browse and navigate to the rm_idm_init.xml file.

  5. Click Import.

    The exchange file import status is displayed on the Admin Console.

  6. Restart the Oracle Waveset application server.

Step 2: To Create a Oracle Identity Analytics User That Oracle Waveset Will use to Connect

  1. Log in to Oracle Identity Analytics.

  2. Create a user that Oracle Waveset can use to connect to Oracle Identity Analytics using Oracle Identity Analytics Web Services.

    For help creating an Oracle Identity Analytics user, see the Oracle Identity Analytics 11gR1 Business Administrator's Guide, "Oracle Identity Analytics Access Control" chapter, To Create, Update, and Delete an Oracle Identity Analytics User task.

    1. Assign the user the SRMAdmin system role.

    2. Save the user.

Step 3: To Create an Oracle Waveset User That Oracle Identity Analytics Will use to Connect

  1. Log in to Oracle Waveset.

  2. Create a user that Oracle Identity Analytics can use to invoke SPML calls to Oracle Waveset.

    For help creating an Oracle Waveset user, see the Oracle Waveset Business Administrator's Guide, "Administration" chapter, To Create an Administrator task.

    1. If you are using Oracle Waveset 8.1.1, assign the user the "Identity Analytics Admin" admin role, and skip to step c.

      Otherwise, in at least version 8.1.1 of Oracle Waveset, assign the user the following capabilities:

      • Create User

      • Deprovision User

      • Update User

      • Unlink User

      • Unassign User

      • Rename User

      • Enable User

      • Disable User

      • View User

      • Role Administrator

    2. Assign the user control of the Top organization.

    3. Assign the user the Empty Form as its User Form.

    4. Save the user.

Step 4: To Designate Oracle Waveset as the Provisioning Server

  1. Log in to Oracle Identity Analytics.

  2. Choose Administration > Configuration.

  3. Click Provisioning Servers.

  4. Click New Provisioning Server Connection.

    The New Provisioning Server Connection wizard asks you to choose the type of provisioning server connection to create.

  5. From the Type of Provisioning Server Connection drop-down menu, select Sun and click Next.

  6. Complete the form:

    • Connection Name - Type a new connection name for Oracle Waveset. This connection name is used during the import process instead of the host name and port.

    • SPML URL - Format the SPML URL as follows: http:// IdentityManagerApplicationServerName:PortNumber/idm/servlet/rpcrouter2

      For example: http://localhost:8080/idm/servlet/rpcrouter2

    • Username - Type a user name that Oracle Identity Analytics will use to connect to Oracle Waveset. You should have created a special Oracle Waveset user account for this purpose in step 3. Do not use the configurator account.

    • Password - Type the password that Oracle Identity Analytics will use to connect to Oracle Waveset.

    • Test Connection - Click to test whether the connection was successfully established between Oracle Waveset and Oracle Identity Analytics. This will help you in troubleshooting connection issues.

    • Role Consumer - Select this box to export roles and role content from Oracle Identity Analytics to Oracle Waveset on a real-time basis. Oracle recommends that you select this option.

    • Role Update Schedule - Choose to schedule when to send updates back to Oracle Waveset.

      • Now - Updates roles in Oracle Waveset as soon as they are updated in Oracle Identity Analytics.

      • Later- Schedules the update of roles to take place on a daily, weekly, or monthly basis, or just one time, and schedules the time and date for the update task to start.

Step 5: To Configure Oracle Waveset to use Oracle Identity Analytics Web Services

Oracle Waveset needs to be configured to use Oracle Identity Analytics Web Services. Oracle Waveset uses Oracle Identity Analytics web service calls to both send requests to Oracle Identity Analytics, and receive responses. To configure Oracle Identity Analytics Web Services, use the Oracle Waveset resource wizard.

  1. Log in to Oracle Waveset.

  2. Choose the Resources tab and verify that the List Resources subtab is selected.

  3. Locate the Resource Type Actions drop-down list and select New Resource.

    The New Resource page opens.

  4. Select the Oracle Identity Analytics (Sun Role Manager) Web Services resource type from the drop-down list, and click New. (If this resource type is not listed, you need to enable it. See "Managing the Resources List" in the "Roles and Resources" chapter in the Oracle Waveset Business Administrator's Guide for details.)

    The Resource Wizard Welcome Page opens.

  5. Click Next to begin configuring the Oracle Identity Analytics (Role Manager) Web Services resource.

    The Create Oracle Identity Analytics (Sun Role Manager) Web Services Resource Wizard / Resource Parameters page opens.

  6. Complete the form:

    • Web Service Base URI - Type the Uniform Resource Identifier (URI) for your Oracle Identity Analytics installation as follows:

      http:// server-nameport-number /rbacx

      where server-name is the IP address or alias of the server on which Oracle Identity Analytics is running, and port-number is the port number of the application server that is listening to Oracle Identity Analytics calls.

    • User - Type the user name that Oracle Waveset will use to connect to Oracle Identity Analytics. You should have created a special Oracle Identity Analytics user account for this purpose in step 2. Do not use the rbacxadmin account.

    • Password - Type the password that Oracle Waveset will use to connect to Oracle Identity Analytics.

    • Oracle Identity Analytics Version - Type the version number of Oracle Identity Analytics that Oracle Waveset is connecting to.

    • Is SRM Configured - Type true to enable Oracle Waveset to use Oracle Identity Analytics Web Services.

    • Test Configuration - Click to test the connection to Oracle Identity Analytics Web Services.

      Note - Upon completing the wizard, additional form fields are unlocked. These fields include the following:

    • Process Check Policy Results Rule - Value should be Sun Role Manager:Process Policy Result

    • Check Policy Compliance Violation Form - Value should be Sun Role Manager Compliance Violation Form

    • Check Policy Status Rule - Value should be Sun Role Manager:Risk Analysis Status

    • Compliance Violation Owners Rule - Value should be Sun Role Manager:Compliance Violation Owners

  7. Click Next.

    The Create Oracle Identity Analytics (Sun Role Manager) Web Services Resource Wizard / Account Attributes page opens.

  8. Verify that the account attribute mappings on this page are correct and click Next.

    The Create Oracle Identity Analytics (Sun Role Manager) Web Services Resource Wizard / Identity Template page opens.

  9. Verify that the attribute value in the Identity Template box is correct and click Save.

Step 6: To Configure the User Deferred Task Scanner

The User Deferred Task Scanner in Oracle Waveset needs to be configured for a delay of one minute so that SoD processing will work properly. The scanner picks up SoD information after it has been retrieved from Oracle Identity Analytics using Oracle Identity Analytics (Sun Role Manager) web services.

  1. Log in to Oracle Waveset.

  2. Choose Server Tasks > Manage Schedule.

  3. Click User Deferred Task Scanner to edit the task.

    The Edit Task Schedule page opens.

  4. Change the value in the Repeat Every box to a value of 1 Minutes.

  5. Click Save.

Step 7: To Configure the User Form so That Oracle Identity Analytics can Authenticate Over SPML

Within Identity Manger, the User Form of the user that Oracle Identity Analytics authenticates as over SPML needs to be set to "Empty Form."

  1. Log in to Oracle Waveset.

  2. Choose the Accounts tab and verify that the List Accounts subtab is selected.

  3. Click the user that you created in Step 3: To Create an Oracle Waveset User That Oracle Identity Analytics Will use to Connect.

    The Edit User page opens.

  4. Click the Security tab.

  5. From the User Form drop-down box, select Empty Form.

  6. Click Save.

Oracle Identity Analytics and Oracle Waveset are now configured to work together. To configure closed loop remediation, see Understanding Closed Loop Compliance.

Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next