Skip Navigation Links | |
Exit Print View | |
![]() |
Oracle Identity Analytics System Integrator's Guide 11g Release 1 |
1. Integrating With Oracle Identity Manager, Preferred Method
2. Integrating With Oracle Identity Manager, Deprecated Method
3. Integrating With Oracle Waveset (Sun Identity Manager)
Integrating Oracle Identity Analytics With Oracle Waveset
To Configure Oracle Identity Analytics and Oracle Waveset to Work Together
Step 1: To Import the Oracle Waveset SPML Exchange File
Step 2: To Create a Oracle Identity Analytics User That Oracle Waveset Will use to Connect
Step 3: To Create an Oracle Waveset User That Oracle Identity Analytics Will use to Connect
Step 4: To Designate Oracle Waveset as the Provisioning Server
Step 5: To Configure Oracle Waveset to use Oracle Identity Analytics Web Services
Step 6: To Configure the User Deferred Task Scanner
Step 7: To Configure the User Form so That Oracle Identity Analytics can Authenticate Over SPML
Populating Oracle Identity Analytics With User Information From Oracle Waveset
Use Case 1: Importing Global Users From Oracle Waveset Into Oracle Identity Analytics
To Import Users From Oracle Waveset Into Oracle Identity Analytics
Use Case 2: Importing Resource Metadata From Oracle Waveset Into Oracle Identity Analytics
To Import Resource Metadata From Oracle Waveset Into Oracle Identity Analytics
Use Case 3: Importing Resources From Oracle Waveset Into Oracle Identity Analytics
To Import Resources From Oracle Waveset Into Oracle Identity Analytics
Use Case 4: Importing User Accounts From Oracle Waveset Into Oracle Identity Analytics
To Import Accounts From Oracle Waveset Into Oracle Identity Analytics
Use Case 5: Importing Roles From Oracle Waveset Into Oracle Identity Analytics
To Import Role From Oracle Waveset Into Oracle Identity Analytics
Populating Oracle Waveset With Roles Information From Oracle Identity Analytics
Use Case 1: Exporting Roles From Oracle Identity Analytics to Oracle Waveset
To Export Roles to Oracle Waveset
Understanding Closed Loop Compliance
To Configure Resources in Oracle Identity Analytics for Remediation
To Configure Certifications in Oracle Identity Analytics for Remediation
Oracle Waveset Sample Workflows
Oracle Identity Analytics Web Services
4. Integrating With Other Provisioning Servers
6. Integrating With Intellitactics Security Manager
7. Configuring Oracle Identity Analytics For Web Access Control
This section describes how to configure Oracle Identity Analytics and Oracle Waveset so that the two products can be used together.
Before You Begin -
At least version 8.1.1 of Oracle Waveset and at least version 11gR1 of Oracle Identity Analytics are required.
Install and configure Oracle Waveset with the Oracle Waveset Gateway.
In a production environment, deploy Oracle Waveset and Oracle Identity Analytic on separate application servers.
If you are running Oracle Waveset on the WebLogic application server, install the Metro libraries in the Waveset WEB-INF/lib directory. For details, see Oracle Waveset Installation 8.1.1, "Installing Waveset on WebLogic," "Step 5: Install the Metro Libraries."
In Oracle Waveset, import the SPML Exchange File so that Oracle Waveset can receive (and respond to) SPML requests sent from Oracle Identity Analytics. The SPML Exchange File (rm_idm_init.xml) is supplied with Oracle Identity Analytics.
See Step 1: To Import the Oracle Waveset SPML Exchange File for details.
In Oracle Identity Analytics, create an Oracle Identity Analytics user that Oracle Waveset will use to connect to Oracle Identity Analytics using Web Services. See Step 2: To Create a Oracle Identity Analytics User That Oracle Waveset Will use to Connect for details.
In Oracle Waveset, create an Oracle Waveset user that Oracle Identity Analytics will use to invoke SPML calls to Oracle Waveset. See Step 3: To Create an Oracle Waveset User That Oracle Identity Analytics Will use to Connect for details.
In Oracle Identity Analytics, designate Oracle Waveset as the provisioning server.
See Step 4: To Designate Oracle Waveset as the Provisioning Server for details.
In Oracle Waveset, add Oracle Identity Analytics Web Services so that Oracle Waveset can send requests to (and receive responses from) Oracle Identity Analytics.
See Step 5: To Configure Oracle Waveset to use Oracle Identity Analytics Web Services for details.
In Oracle Waveset, configure the User Deferred Task Scanner. This step is required so that real-time Separation of Duties (SoD) processing will work properly.
See Step 6: To Configure the User Deferred Task Scanner for details.
In Oracle Waveset, configure the User Form so that Oracle Identity Analytics can authenticate over SPML.
See Step 7: To Configure the User Form so That Oracle Identity Analytics can Authenticate Over SPML for details.
Configure Oracle Identity Analytics for closed loop remediation. For details, see Understanding Closed Loop Compliance.
Copy the rm_idm_init.xml file, which is located in the Oracle Identity Analytics conf/spml directory, to the Oracle Waveset server.
Log in to Oracle Waveset.
Choose Configure > Import Exchange File.
Click Browse and navigate to the rm_idm_init.xml file.
Click Import.
The exchange file import status is displayed on the Admin Console.
Restart the Oracle Waveset application server.
Log in to Oracle Identity Analytics.
Create a user that Oracle Waveset can use to connect to Oracle Identity Analytics using Oracle Identity Analytics Web Services.
For help creating an Oracle Identity Analytics user, see the Oracle Identity Analytics 11gR1 Business Administrator's Guide, "Oracle Identity Analytics Access Control" chapter, To Create, Update, and Delete an Oracle Identity Analytics User task.
Assign the user the SRMAdmin system role.
Save the user.
Log in to Oracle Waveset.
Create a user that Oracle Identity Analytics can use to invoke SPML calls to Oracle Waveset.
For help creating an Oracle Waveset user, see the Oracle Waveset Business Administrator's Guide, "Administration" chapter, To Create an Administrator task.
If you are using Oracle Waveset 8.1.1, assign the user the "Identity Analytics Admin" admin role, and skip to step c.
Otherwise, in at least version 8.1.1 of Oracle Waveset, assign the user the following capabilities:
Create User
Deprovision User
Update User
Unlink User
Unassign User
Rename User
Enable User
Disable User
View User
Role Administrator
Assign the user control of the Top organization.
Assign the user the Empty Form as its User Form.
Save the user.
Log in to Oracle Identity Analytics.
Choose Administration > Configuration.
Click Provisioning Servers.
Click New Provisioning Server Connection.
The New Provisioning Server Connection wizard asks you to choose the type of provisioning server connection to create.
From the Type of Provisioning Server Connection drop-down menu, select Sun and click Next.
Complete the form:
Connection Name - Type a new connection name for Oracle Waveset. This connection name is used during the import process instead of the host name and port.
SPML URL - Format the SPML URL as follows: http:// IdentityManagerApplicationServerName:PortNumber/idm/servlet/rpcrouter2
For example: http://localhost:8080/idm/servlet/rpcrouter2
Username - Type a user name that Oracle Identity Analytics will use to connect to Oracle Waveset. You should have created a special Oracle Waveset user account for this purpose in step 3. Do not use the configurator account.
Password - Type the password that Oracle Identity Analytics will use to connect to Oracle Waveset.
Test Connection - Click to test whether the connection was successfully established between Oracle Waveset and Oracle Identity Analytics. This will help you in troubleshooting connection issues.
Role Consumer - Select this box to export roles and role content from Oracle Identity Analytics to Oracle Waveset on a real-time basis. Oracle recommends that you select this option.
Role Update Schedule - Choose to schedule when to send updates back to Oracle Waveset.
Now - Updates roles in Oracle Waveset as soon as they are updated in Oracle Identity Analytics.
Later- Schedules the update of roles to take place on a daily, weekly, or monthly basis, or just one time, and schedules the time and date for the update task to start.
Oracle Waveset needs to be configured to use Oracle Identity Analytics Web Services. Oracle Waveset uses Oracle Identity Analytics web service calls to both send requests to Oracle Identity Analytics, and receive responses. To configure Oracle Identity Analytics Web Services, use the Oracle Waveset resource wizard.
Log in to Oracle Waveset.
Choose the Resources tab and verify that the List Resources subtab is selected.
Locate the Resource Type Actions drop-down list and select New Resource.
The New Resource page opens.
Select the Oracle Identity Analytics (Sun Role Manager) Web Services resource type from the drop-down list, and click New. (If this resource type is not listed, you need to enable it. See "Managing the Resources List" in the "Roles and Resources" chapter in the Oracle Waveset Business Administrator's Guide for details.)
The Resource Wizard Welcome Page opens.
Click Next to begin configuring the Oracle Identity Analytics (Role Manager) Web Services resource.
The Create Oracle Identity Analytics (Sun Role Manager) Web Services Resource Wizard / Resource Parameters page opens.
Complete the form:
Web Service Base URI - Type the Uniform Resource Identifier (URI) for your Oracle Identity Analytics installation as follows:
http:// server-nameport-number /rbacx
where server-name is the IP address or alias of the server on which Oracle Identity Analytics is running, and port-number is the port number of the application server that is listening to Oracle Identity Analytics calls.
User - Type the user name that Oracle Waveset will use to connect to Oracle Identity Analytics. You should have created a special Oracle Identity Analytics user account for this purpose in step 2. Do not use the rbacxadmin account.
Password - Type the password that Oracle Waveset will use to connect to Oracle Identity Analytics.
Oracle Identity Analytics Version - Type the version number of Oracle Identity Analytics that Oracle Waveset is connecting to.
Is SRM Configured - Type true to enable Oracle Waveset to use Oracle Identity Analytics Web Services.
Test Configuration - Click to test the connection to Oracle Identity Analytics Web Services.
Note - Upon completing the wizard, additional form fields are unlocked. These fields include the following:
Process Check Policy Results Rule - Value should be Sun Role Manager:Process Policy Result
Check Policy Compliance Violation Form - Value should be Sun Role Manager Compliance Violation Form
Check Policy Status Rule - Value should be Sun Role Manager:Risk Analysis Status
Compliance Violation Owners Rule - Value should be Sun Role Manager:Compliance Violation Owners
Click Next.
The Create Oracle Identity Analytics (Sun Role Manager) Web Services Resource Wizard / Account Attributes page opens.
Verify that the account attribute mappings on this page are correct and click Next.
The Create Oracle Identity Analytics (Sun Role Manager) Web Services Resource Wizard / Identity Template page opens.
Verify that the attribute value in the Identity Template box is correct and click Save.
The User Deferred Task Scanner in Oracle Waveset needs to be configured for a delay of one minute so that SoD processing will work properly. The scanner picks up SoD information after it has been retrieved from Oracle Identity Analytics using Oracle Identity Analytics (Sun Role Manager) web services.
Log in to Oracle Waveset.
Choose Server Tasks > Manage Schedule.
Click User Deferred Task Scanner to edit the task.
The Edit Task Schedule page opens.
Change the value in the Repeat Every box to a value of 1 Minutes.
Click Save.
Within Identity Manger, the User Form of the user that Oracle Identity Analytics authenticates as over SPML needs to be set to "Empty Form."
Log in to Oracle Waveset.
Choose the Accounts tab and verify that the List Accounts subtab is selected.
Click the user that you created in Step 3: To Create an Oracle Waveset User That Oracle Identity Analytics Will use to Connect.
The Edit User page opens.
Click the Security tab.
From the User Form drop-down box, select Empty Form.
Click Save.
Oracle Identity Analytics and Oracle Waveset are now configured to work together. To configure closed loop remediation, see Understanding Closed Loop Compliance.