3. Annexure A

This chapter deals with the following additional information with respect to the Oracle FLEXCUBE – Oracle Identity Manager Interface:

• Section 3.1, "Oracle Identity Manager Components"
• Section 3.2, "OIM Generic Technology Connector Configuration"
• Section 3.3, "SPML Request/Response Message Formats"
• Section 3.4, "Message Exchange Sequence for User Creation"
• Section 3.5, "Message Exchange Sequence for User Field Modification/ Set Password"
• Section 3.6, "Message Exchange Sequence for User Delete / Suspend / Resume"

3.1 Oracle Identity Manager Components

Oracle Identity Manager includes the following components:

• User Interfaces – for the user to define and administer the provisioning environment.
• Provisioning Manager – for maintaining provisioning details such as user profiles, access policies, business process workflows and business rules.
• Provisioning Server for the Provisioning Manager
• Adapter Factory – for integrating OIM with other managed systems and application
• Reconciliation Engine - ensures consistency between the provisioning done by OIM and the resources managed by OIM.

The following figure illustrates the various components of the Oracle Identity Manager system

3.2 OIM Generic Technology Connector Configuration

The following table lists the parameter fields and the corresponding sample values for OIM GTC.

	Parameter Fields		Sample Value		Remarks
			Run-Time Parameters of the Shared Drive Reconciliation Transport Provider
	Staging Direc­tory (Parent Identity Data) field		<OIM_SERVER_HOME\GTC\RECON\STAG­ING>		Full Path of the data file that con­tains data to be modified for the Oracle FLEX­CUBE User in OIM
	Archiving Direc­tory field		<OIM_­SERVER_HOME\GTC\RECON\ARCHIVE>		Path to the folder where OIM keeps processed file after reconcilia­tion
	File Prefix field		SMOIMHOFF		Prefix of the data file for reconcilia­tion
	Specified Delim­iter field		,		This (a comma) is only delimiter available with CSV format
	Tab Delimiter check box		Check box not selected		NA
	Fixed Column Width field		NA
	Specified Delim­iter field		NA
	Unique Attribute (Parent Data) field		NA
			Run-Time Parameter of the Web Services Provisioning Transport Provider
	Web Service URL field		http://hostname:port/FCUBSProvisioningAd­Service/services/FCUBSProvisioningAdSer­viceSEI		Web service URL of FCUBSProvi­sioning web ser­vice
	Run-Time Parameters of the SPML Provi­sioning Format Provider
	Target ID field		Oracle FLEXCUBE		Will be same as Destination field of FCUBS Header
	User Name (authentication) field		NA
	User Password (authentication) field		NA
			Design Parameters of the Shared Drive Reconciliation Transport Provider
	File Encoding field		Cp1251		Canonical name for character set encoding for oper­ating system with the English-lan­guage setting for the corresponding java.io API sup­ported by OIM GTC
			Design Parameters of the Web Services Provisioning Transport Provider
	Web Service SOAP Action field		http:// spmladapter.ws.oim.integra­tion.fcubs.iflex.com /processRequest		Will be same as defined in corre­sponding WSDL
			Design Parameters of the SPML Provisioning Format Provider
	WSSE Config­ured for SPML Web Service? check box		Check box not selected		There will be No support for WSSE
	Custom Authen­tication Creden­tials Namespace field		http:// spmladapter.ws.oim.integra­tion.fcubs.iflex.com		Target Name­space value of corresponding WSDL
	Custom Authen­tication Header Element field		OIMUser		Tag name in Soap Header that will carry user infor­mation provided above
	Custom Element to Store User Name field		OIMUserId		Do
	Custom Element to Store Pass­word field		OIMUserPassword		Do
	SPML Web Ser­vice Binding Style (DOCU­MENT or RPC) field		DOCUMENT		Binding style of Corresponding web service
	SPML Web Ser­vice Complex Data Type field		FCCProvisioningDocument		Complex data type name defined in Corresponding WSDL
	SPML Web Ser­vice Operation Name field		NA		Operation name defined in Corre­sponding WSDL
	SPML Web Ser­vice Target Namespace field		http:// spmladapter.ws.oim.integra­tion.fcubs.iflex.com		Target Name­space value of corresponding WSDL
	SPML Web Ser­vice Soap Mes­sage Body Prefix field				NA
	ID Attribute for Child Dataset Holding Group Membership Information field				NA
	Generic Design Parameters
	Target Date For­mat field		yyyy-MM-dd		Will be same as the Oracle FLEX­CUBE Date For­mat
	Batch Size field		All
	Stop Reconcilia­tion Threshold field		None
	Stop Threshold Minimum Records field		None
	Source Date Format field		yyyy-MM-dd		Will be same as the Oracle FLEX­CUBE Date For­mat
	Reconcile Dele­tion of Multi val­ued Attribute Data check box		Check Box not selected		As no child data is configured
	Reconciliation Type list		Full		Reconcile all accounts in Oracle FLEXCUBE that are given into staging data files into the Oracle Identity Manager

3.3 SPML Request/Response Message Formats

This section contains the following topics:

• Section 3.3.1, "Add Request"
• Section 3.3.2, "Modify Request"
• Section 3.3.3, "Delete Suspend and Resume Requests"
• Section 3.3.4, "Set Password Request"
• Section 3.3.5, "Add and Modify Responses"
• Section 3.3.6, "Delete Suspend Resume and Set Password Responses"

3.3.1 Add Request

This request contains all the data about users. For a Oracle FLEXCUBE user creation, only mandatory fields will be sent in the request.

Sample Request

<addRequest returnData="identifier" targetID="FLEXCUBE">

<containerID ID="FLEXCUBEDB" targetID=" FLEXCUBE "/>

<data>

<dsml:attr name="objectclass">

<dsml:value>Users</dsml:value>

</dsml:attr>

<dsml:attr name="USERID">

<dsml:value>value</dsml:value>

</dsml:attr>

<dsml:attr name="USERNAME">

<dsml:value>value</dsml:value>

</dsml:attr>

<dsml:attr name="USERPASSWORDNAME">

<dsml:value>value</dsml:value>

</dsml:attr>

<dsml:attr name="USERLANGUAGENAME”>

<dsml:value>value</dsml:value>

</dsml:attr>

<dsml:attr name="TIMELEVEL">

<dsml:value>value</dsml:value>

</dsml:attr>

<dsml:attr name="HOMEBRANCH">

<dsml:value>value</dsml:value>

</dsml:attr>

<dsml:attr name="STARTDATE">

<dsml:value>value</dsml:value>

</dsml:attr>

<dsml:attr name="EXTUSERREF">

<dsml:value>value</dsml:value>

</dsml:attr>

</data>

</addRequest>

	Field Tag		Field Type		Field Description		Restrictions		Remarks
	addRequest ::		Ele­ment		Start tag for create user request
	addRequest : targetID		Attrib­ute		Defines the Target system id on which user is to be cre­ated		String		This value will be defined as Oracle FLEX­CUBE while configuring Generic connec­tor in OIM. This will be provided as the destina­tion tag value in the Header part of the Oracle FLEXCUBE Gateway request.
	addRequest :returnData		Attrib­ute		Defines ReturnDa­taType		Identifier		For identifier return data type, only PSO ID will be sent as the OIM response content.
	addRequest ::containerID		Ele­ment		Identifies an object that exists on the target
	addRequest ::containerID :ID		Attrib­ute		The value of ID uniquely identifies an object within the namespace of the target specified by the “targetID”		String		This value will be defined as FLEXCUBEDB while configura­tion of Generic connector in OIM.
	addRequest ::containerID :targetID		Attrib­ute		Defines the Target system id on which user is to be cre­ated		string		This value will be defined as Oracle FLEX­CUBE while configuring GTC in OIM.
	addRequest ::data		Ele­ment		This Node contains the User details		Extensible
	addRequest ::data ::dsml:attr :		Ele­ment		Contains user field as attribute
	addRequest ::data ::dsml:attr::name=objectclass		Attrib­ute		This defines the group to which user belongs.				Not Used (Needed for compliance with SPML format)
	addRequest ::data ::dsml:attr:dsml:value		Ele­ment		Users				This value will be defined as Users while con­figuration of GTC in OIM.
	addRequest ::data ::dsml:attr:		Ele­ment		Contains user field as attribute
	addRequest ::data ::dsml:attr::name=USERID		Attrib­ute		User identifier that is to be created in Oracle FLEXCUBE				This field is mapped as the USERID col­umn of an Ora­cle FLEXCUBE User account.
	addRequest ::data ::dsml:attr:dsml:value		Ele­ment		User identifier value		Date Type: String,Length:12
	addRequest ::data ::dsml:attr:		Ele­ment		Contains user field as attribute
	addRequest ::data ::dsml:attr::name=USERNAME		Attrib­ute		User Name					This field is mapped as the USERNAME column of an Oracle FLEX­CUBE User account.
	addRequest ::data ::dsml:attr:dsml:value		Ele­ment		value		Date Type: String, Length:35
	addRequest ::data ::dsml:attr:		Ele­ment		Contains user field as attribute
	addRequest ::data::dsml:attr::name USER­PASSWORD		Attrib­ute		User Password				This field is mapped as the USERPASS­WORD column of an Oracle FLEXCUBE User account.
	addRequest ::data::dsml:attr:dsml:value		Ele­ment		value		Date Type: String,Length:32
	addRequest ::data ::dsml:attr :		Ele­ment		Contains user field as attribute
	addRequest ::data ::dsml:attr ::name=START­DATE		Attrib­ute		User Account Start Date				This field is mapped as the STARTDATE column of an Oracle FLEX­CUBE User account.
	addRequest ::data ::dsml:attr :dsml:value		Ele­ment		value
	addRequest ::data ::dsml:attr:		Ele­ment		Contains user field as attribute
	addRequest ::data ::dsml:attr ::name=TIME­LEVEL		Attrib­ute		User Time Level		Data Type: String­Length:1		This field is mapped as the TIMELEVEL col­umn of an Ora­cle FLEXCUBE User account.
	addRequest ::data ::dsml:attr :dsml:value		Ele­ment		value
	addRequest ::data ::dsml:attr:		Ele­ment		Contains user field as attribute
	addRequest ::data ::dsml:attr ::name=HOME­BRANCH		Attrib­ute		User Home Branch code		Data Type: String­Length:3		This field is mapped as the HOME­BRANCH col­umn of an Oracle FLEX­CUBE User account.
	addRequest ::data ::dsml:attr :dsml:value		Ele­ment		value
	addRequest ::data ::dsml:attr:		Ele­ment		Contains user field as attribute
	addRequest ::data ::dsml:attr ::name=USER­LANGUAGE		Attrib­ute		User Language				This field is mapped as the USERLAN­GUAGE column of an Oracle FLEXCUBE User account.
	addRequest ::data ::dsml:attr :dsml:value		Ele­ment		value		Data Type: String­Length:3
	addRequest ::data ::dsml:attr:		Ele­ment		Contains user field as attribute
	addRequest ::data ::dsml:attr :name=EXTUSERREF		Attrib­ute		EXTUSERREF				This field is mapped as the EXT_US­ER_REF Col­umn of an Oracle FLEX­CUBE User account.
	addRequest ::data ::dsml:attr :dsml:value		Ele­ment		value		Data Type: String­Length:20

3.3.2 Modify Request

A sample Modify request is given below:

<modifyRequest returnData="identifier">

<psoID ID="FLXUSER1" targetID=" FLEXCUBE">

</psoID>

<modification>

<dsml:modification name="<Field Name>" operation="replace">

<dsml:value>value</dsml:value>

</dsml:modification>

</modification>

</modifyRequest>

	Field Tag		Field Type		Field Description		Restrictions		Remarks
	modifyRequest		Ele­ment		Start tag to mod­ify field request
	modifyRequest :	returnData		Attrib­ute		Defines Return­DataType		Identifier		For identifier return data type, only PSO ID will be sent as the OIM response content
	modifyRequet ::psoID		Ele­ment		Identifies user in the Oracle FLEX­CUBE		String		This will be mapped with the User Id col­umn of Oracle FLEX­CUBE
	modifyRequest ::psoID :ID		Attrib­ute		User Id Value		Data Type: String­Length: 12		This will be used to identify a user in Ora­cle FLEXCUBE
	modifyRequest ::psoID :tar­getID		Attrib­ute		Defines the Target system id on which user field is to be modified		string		This value will be defined as Oracle FLEXCUBE while con­figuring GTC in OIM. This will be provided as destination tag value in Header part of the Oracle FLEX­CUBE Gateway request.
	modifyRequest ::modification		Ele­ment		Parent tag for data to be modi­fied
	modifyRequest ::modification ::dsml:modifica­tion:		Ele­ment		Contains data to be modified
	modifyRequest ::modification ::dsml:modifica­tion:name		Attrib­ute		User field name that needs to be modified				This will be used to identify the column name in Oracle FLEX­CUBE
	modifyRe­quest::modifica­tion::dsml:modification:opera­tion		Attrib­ute		Defines modifica­tion mode type		Add/replace		An Oracle FLEXCUBE Gateway modify request will be sent for the field
	modifyRequest ::modification ::dsml:modifica­tion:dsml:value		Ele­ment		Contains field value to be modi­fied

3.3.3 Delete Suspend and Resume Requests

The message format is same for suspend and resume request with their respective start tag.

Sample Request

<deleteRequest>

<psoID ID="<User Identitfier>" targetID=" FLEXCUBE">

</psoID>

</deleteRequest>

	Field Tag		Field Type		Field Description		Restrictions		Remarks
	deleteReq­uest::		Ele­ment		Start tag
	deleteReq­uest::psoID		Ele­ment		Identifies the user in Oracle FLEXCUBE		String		This will be mapped with the User Id column of Ora­cle FLEXCUBE
	deleteReq­uest::psoID :ID		Attrib­ute		User Id Value		Data Type: String­Length: 12		This will be used to identify a user in Oracle FLEX­CUBE
	deleteReq­uest::psoID :targetID		Attrib­ute		Defines the Tar­get system id on which user field is to be modified		string		This value will be defined as Oracle FLEXCUBE while configuring GTC in OIM. This will be provided as destination tag value in Header part of the Oracle FLEXCUBE Gateway request.

3.3.4 Set Password Request

The following is a sample Set Password Request.

<setPasswordRequest xmlns="urn:oasis:names:tc:SPML:2:0:password">

<psoID ID="<User Identitfier>" />

<password>password2</password>

</setPasswordRequest>

	Field Tag		Field Type		Field Description		Restrictions		Remarks
	setPasswordRe­quest ::		Element		Start tag
	setPasswordRe­quest ::psoID		Element		Identifies a user in Oracle FLEXCUBE		String		This will be mapped with the User Id col­umn of Oracle FLEXCUBE
	setPasswordRe­quest ::psoID :ID		Attribute		User Id Value		Data Type: String­Length: 12		This will be used to identify a user in Ora­cle FLEXCUBE
	setPasswordRe­quest ::password		Element		Contains the password to be set		Data Type: String­Length: 32		This will be mapped with the user_pass­word column of Oracle FLEX­CUBE .

3.3.5 Add and Modify Responses

The Add and Modify messages have the same format is same except for their respective start tags.

Sample for successful response

< addResponse status="success">

< pso>

< psoID ID="<USER ID>" />

</pso>

</addResponse>

Sample for unsuccessful response

< addResponse status="failure" error="alreadyExists">

< errorMessage>

exception=tcDuplicateUserException;errorMessage=User already exists

</ errorMessage>

</ addResponse>

	Field Tag		Field Type		Field Description		Restrictions		Remarks
	addRe­sponse :		Ele­ment		Root Tag
	addRe­sponse :sta­tus		Attrib­ute		Defines the status of request		success, failure		This will be used to convey the success or failure of the request to OIM.
	addRe­sponse ::error		Attrib­ute		Defines the error code		malformedRequest, unsupportedOperation, unsupportedIdentifier­Type noSuchIdentifier, customError,unsupporte­dExecutionMode,invalid­Containment, noSuchRequest,unsup­portedSelection­Type,resultSetTooLarge,unsupportedProfile,inva­lidIdentifier, alreadyEx­ists, containerNotEmpty		In case of failure status appropri­ate SPML code will be decided and sent to the OIM
	addRe­sponse ::errorMes­sage		Ele­ment		Contains the error descrip­tion				In case of failure status this will contain the description of error code.
	addRe­sponse ::pso		Ele­ment		Identifies user in Ora­cle FLEX­CUBE		String
	addRe­sponse ::pso:psoID		Attrib­ute		User Id Value		Data Type: String­Length: 12		This will be same as sent in request to iden­tify user in OIM.

3.3.6 Delete Suspend Resume and Set Password Responses

Message format is the same for suspend and resume responses except for their respective start tags.

Sample for successful response

<deleteResponse status="success"/>

Sample for unsuccessful response

< deleteResponse status="failure" error=" noSuchIdentifier ">

< errorMessage>

exception= tcDuplicateUserException;errorMessage=User not found

</ errorMessage>

</ deleteResponse >

	Field Tag		Field Type		Field Description		Restrictions		Remarks
	deleteRe­sponse :		Ele­ment		Root Tag
	deleteRe­sponse :status		Attrib­ute		Defines the status of request		success, failure		This will be used to convey the success or failure of the request to OIM
	deleteRe­sponse ::error		Attrib­ute		Defines the error code­Note: Appli­cable when status is fail­ure		malformedRequest, unsupportedOpera­tion,unsupportedIdentifi­erType, noSuchIdentifiercustom­Error,unsupportedExecu­tionMode,invalidContainment,noSuchRe­quest,unsupportedSelec­tionType,resultSetTooLarge,unsupportedPro­file,invalidIdenti­fier,alreadyExists,containerNotEmpty		In case of fail­ure status appropriate SPML code will be decided and sent to the OIM
	deleteRe­sponse ::errorMes­sage		Ele­ment		Contains the error description				In case of fail­ure status this will contain the description of error code.

3.4 Message Exchange Sequence for User Creation

The following diagram illustrates the messages exchange sequence during user creation.

3.5 Message Exchange Sequence for User Field Modifica­tion/ Set Password

The following diagram illustrates the messages exchange sequence during user field modification and set password.

3.6 Message Exchange Sequence for User Delete / Sus­pend / Resume