3. Annexure A
This chapter deals with the following additional information with respect to the Oracle FLEXCUBE – Oracle Identity Manager Interface:
- Section 3.1, "Oracle Identity Manager Components"
- Section 3.2, "OIM Generic Technology Connector Configuration"
- Section 3.3, "SPML Request/Response Message Formats"
- Section 3.4, "Message Exchange Sequence for User Creation"
- Section 3.5, "Message Exchange Sequence for User Field Modification/ Set Password"
- Section 3.6, "Message Exchange Sequence for User Delete / Suspend / Resume"
3.1 Oracle Identity Manager Components
Oracle Identity Manager includes the following components:
- User Interfaces – for the user to define and administer the provisioning environment.
- Provisioning Manager – for maintaining provisioning details such as user profiles, access policies, business process workflows and business rules.
- Provisioning Server for the Provisioning Manager
- Adapter Factory – for integrating OIM with other managed systems and application
- Reconciliation Engine - ensures consistency between the provisioning done by OIM and the resources managed by OIM.
The following figure illustrates the various components of the Oracle Identity Manager system
3.2 OIM Generic Technology Connector Configuration
The following table lists the parameter fields and the corresponding sample values for OIM GTC.
Parameter Fields |
Sample Value |
Remarks |
Run-Time Parameters of the Shared Drive Reconciliation Transport Provider |
||
Staging Directory (Parent Identity Data) field |
<OIM_SERVER_HOME\GTC\RECON\STAGING> |
Full Path of the data file that contains data to be modified for the Oracle FLEXCUBE User in OIM |
Archiving Directory field |
<OIM_SERVER_HOME\GTC\RECON\ARCHIVE> |
Path to the folder where OIM keeps processed file after reconciliation |
File Prefix field |
SMOIMHOFF |
Prefix of the data file for reconciliation |
Specified Delimiter field |
, |
This (a comma) is only delimiter available with CSV format |
Tab Delimiter check box |
Check box not selected |
NA |
Fixed Column Width field |
NA |
|
Specified Delimiter field |
NA |
|
Unique Attribute (Parent Data) field |
NA |
|
Run-Time Parameter of the Web Services Provisioning Transport Provider |
||
Web Service URL field |
http://hostname:port/FCUBSProvisioningAdService/services/FCUBSProvisioningAdServiceSEI |
Web service URL of FCUBSProvisioning web service |
Run-Time Parameters of the SPML Provisioning Format Provider |
|
|
Target ID field |
Oracle FLEXCUBE |
Will be same as Destination field of FCUBS Header |
User Name (authentication) field |
NA |
|
User Password (authentication) field |
NA |
|
Design Parameters of the Shared Drive Reconciliation Transport Provider |
||
File Encoding field |
Cp1251 |
Canonical name for character set encoding for operating system with the English-language setting for the corresponding java.io API supported by OIM GTC |
Design Parameters of the Web Services Provisioning Transport Provider |
||
Web Service SOAP Action field |
http:// spmladapter.ws.oim.integration.fcubs.iflex.com /processRequest |
Will be same as defined in corresponding WSDL |
Design Parameters of the SPML Provisioning Format Provider |
||
WSSE Configured for SPML Web Service? check box |
Check box not selected |
There will be No support for WSSE |
Custom Authentication Credentials Namespace field |
http:// spmladapter.ws.oim.integration.fcubs.iflex.com |
Target Namespace value of corresponding WSDL |
Custom Authentication Header Element field |
OIMUser |
Tag name in Soap Header that will carry user information provided above |
Custom Element to Store User Name field |
OIMUserId |
Do |
Custom Element to Store Password field |
OIMUserPassword |
Do |
SPML Web Service Binding Style (DOCUMENT or RPC) field |
DOCUMENT |
Binding style of Corresponding web service |
SPML Web Service Complex Data Type field |
FCCProvisioningDocument |
Complex data type name defined in Corresponding WSDL |
SPML Web Service Operation Name field |
NA |
Operation name defined in Corresponding WSDL |
SPML Web Service Target Namespace field |
http:// spmladapter.ws.oim.integration.fcubs.iflex.com |
Target Namespace value of corresponding WSDL |
SPML Web Service Soap Message Body Prefix field |
|
NA |
ID Attribute for Child Dataset Holding Group Membership Information field |
|
NA |
Generic Design Parameters |
|
|
Target Date Format field |
yyyy-MM-dd |
Will be same as the Oracle FLEXCUBE Date Format |
Batch Size field |
All |
|
Stop Reconciliation Threshold field |
None |
|
Stop Threshold Minimum Records field |
None |
|
Source Date Format field |
yyyy-MM-dd |
Will be same as the Oracle FLEXCUBE Date Format |
Reconcile Deletion of Multi valued Attribute Data check box |
Check Box not selected |
As no child data is configured |
Reconciliation Type list |
Full |
Reconcile all accounts in Oracle FLEXCUBE that are given into staging data files into the Oracle Identity Manager |
3.3 SPML Request/Response Message Formats
This section contains the following topics:
- Section 3.3.1, "Add Request"
- Section 3.3.2, "Modify Request"
- Section 3.3.3, "Delete Suspend and Resume Requests"
- Section 3.3.4, "Set Password Request"
- Section 3.3.5, "Add and Modify Responses"
- Section 3.3.6, "Delete Suspend Resume and Set Password Responses"
3.3.1 Add Request
This request contains all the data about users. For a Oracle FLEXCUBE user creation, only mandatory fields will be sent in the request.
Sample Request
<addRequest returnData="identifier" targetID="FLEXCUBE">
<containerID ID="FLEXCUBEDB" targetID=" FLEXCUBE "/>
<data>
<dsml:attr name="objectclass">
<dsml:value>Users</dsml:value>
</dsml:attr>
<dsml:attr name="USERID">
<dsml:value>value</dsml:value>
</dsml:attr>
<dsml:attr name="USERNAME">
<dsml:value>value</dsml:value>
</dsml:attr>
<dsml:attr name="USERPASSWORDNAME">
<dsml:value>value</dsml:value>
</dsml:attr>
<dsml:attr name="USERLANGUAGENAME”>
<dsml:value>value</dsml:value>
</dsml:attr>
<dsml:attr name="TIMELEVEL">
<dsml:value>value</dsml:value>
</dsml:attr>
<dsml:attr name="HOMEBRANCH">
<dsml:value>value</dsml:value>
</dsml:attr>
<dsml:attr name="STARTDATE">
<dsml:value>value</dsml:value>
</dsml:attr>
<dsml:attr name="EXTUSERREF">
<dsml:value>value</dsml:value>
</dsml:attr>
</data>
</addRequest>
Field Tag |
Field Type |
Field Description |
Restrictions |
Remarks |
addRequest :: |
Element |
Start tag for create user request |
|
|
addRequest : targetID |
Attribute |
Defines the Target system id on which user is to be created |
String
|
This value will be defined as Oracle FLEXCUBE while configuring Generic connector in OIM. This will be provided as the destination tag value in the Header part of the Oracle FLEXCUBE Gateway request. |
addRequest : returnData |
Attribute |
Defines ReturnDataType |
Identifier
|
For identifier return data type, only PSO ID will be sent as the OIM response content. |
addRequest :: containerID |
Element |
|
|
|
addRequest :: containerID : ID |
Attribute |
The value of ID uniquely identifies an object within the namespace of the target specified by the “targetID” |
String |
This value will be defined as FLEXCUBEDB while configuration of Generic connector in OIM. |
addRequest :: containerID : targetID |
Attribute |
Defines the Target system id on which user is to be created |
string |
This value will be defined as Oracle FLEXCUBE while configuring GTC in OIM. |
addRequest :: data |
Element |
This Node contains the User details |
Extensible |
|
addRequest :: data :: dsml:attr : |
Element |
Contains user field as attribute |
|
|
addRequest :: data :: dsml:attr :: name= objectclass |
Attribute |
This defines the group to which user belongs.
|
|
Not Used (Needed for compliance with SPML format) |
addRequest :: data :: dsml:attr : dsml:value |
Element |
Users |
|
This value will be defined as Users while configuration of GTC in OIM. |
addRequest :: data :: dsml:attr : |
Element |
Contains user field as attribute |
|
|
addRequest :: data :: dsml:attr :: name= USERID |
Attribute |
User identifier that is to be created in Oracle FLEXCUBE
|
|
This field is mapped as the USERID column of an Oracle FLEXCUBE User account. |
addRequest :: data :: dsml:attr : dsml:value |
Element |
User identifier value |
Date Type: String, Length:12 |
|
addRequest :: data :: dsml:attr : |
Element |
Contains user field as attribute |
|
|
addRequest :: data :: dsml:attr :: name= USERNAME |
Attribute |
User Name
|
|
This field is mapped as the USERNAME column of an Oracle FLEXCUBE User account. |
addRequest :: data :: dsml:attr : dsml:value |
Element |
value |
Date Type: String, Length:35 |
|
addRequest :: data :: dsml:attr : |
Element |
Contains user field as attribute |
|
|
addRequest :: data :: dsml:attr :: name= USERPASSWORD |
Attribute |
User Password
|
|
This field is mapped as the USERPASSWORD column of an Oracle FLEXCUBE User account. |
addRequest :: data :: dsml:attr : dsml:value |
Element |
value |
Date Type: String, Length:32 |
|
addRequest :: data :: dsml:attr : |
Element |
Contains user field as attribute |
|
|
addRequest :: data :: dsml:attr :: name= STARTDATE |
Attribute |
User Account Start Date
|
|
This field is mapped as the STARTDATE column of an Oracle FLEXCUBE User account. |
addRequest :: data :: dsml:attr : dsml:value |
Element |
value |
|
|
addRequest :: data :: dsml:attr : |
Element |
Contains user field as attribute |
|
|
addRequest :: data :: dsml:attr :: name= TIMELEVEL |
Attribute |
User Time Level
|
Data Type: String Length:1 |
This field is mapped as the TIMELEVEL column of an Oracle FLEXCUBE User account. |
addRequest :: data :: dsml:attr : dsml:value |
Element |
value |
|
|
addRequest :: data :: dsml:attr : |
Element |
Contains user field as attribute |
|
|
addRequest :: data :: dsml:attr :: name= HOMEBRANCH |
Attribute |
User Home Branch code
|
Data Type: String Length:3 |
This field is mapped as the HOMEBRANCH column of an Oracle FLEXCUBE User account. |
addRequest :: data :: dsml:attr : dsml:value |
Element |
value |
|
|
addRequest :: data :: dsml:attr : |
Element |
Contains user field as attribute |
|
|
addRequest :: data :: dsml:attr :: name= USERLANGUAGE |
Attribute |
User Language
|
|
This field is mapped as the USERLANGUAGE column of an Oracle FLEXCUBE User account. |
addRequest :: data :: dsml:attr : dsml:value |
Element |
value |
Data Type: String Length:3 |
|
addRequest :: data :: dsml:attr : |
Element |
Contains user field as attribute |
|
|
addRequest :: data :: dsml:attr :: name= EXTUSERREF |
Attribute |
EXTUSERREF
|
|
This field is mapped as the EXT_USER_REF Column of an Oracle FLEXCUBE User account. |
addRequest :: data :: dsml:attr : dsml:value |
Element |
value |
Data Type: String Length:20 |
|
3.3.2 Modify Request
A sample Modify request is given below:
<modifyRequest returnData="identifier">
<psoID ID="FLXUSER1" targetID=" FLEXCUBE">
</psoID>
<modification>
<dsml:modification name="<Field Name>" operation="replace">
<dsml:value>value</dsml:value>
</dsml:modification>
</modification>
</modifyRequest>
Field Tag |
Field Type |
Field Description |
Restrictions |
Remarks |
modifyRequest |
Element |
Start tag to modify field request |
|
|
modifyRequest : returnData |
Attribute |
Defines ReturnDataType |
Identifier |
For identifier return data type, only PSO ID will be sent as the OIM response content |
modifyRequet :: psoID |
Element |
Identifies user in the Oracle FLEXCUBE |
String |
This will be mapped with the User Id column of Oracle FLEXCUBE |
modifyRequest :: psoID : ID |
Attribute |
User Id Value |
Data Type: String Length: 12 |
This will be used to identify a user in Oracle FLEXCUBE |
modifyRequest :: psoID : targetID |
Attribute |
Defines the Target system id on which user field is to be modified |
string |
This value will be defined as Oracle FLEXCUBE while configuring GTC in OIM. This will be provided as destination tag value in Header part of the Oracle FLEXCUBE Gateway request. |
modifyRequest :: modification |
Element |
Parent tag for data to be modified |
|
|
modifyRequest :: modification :: dsml:modification: |
Element |
Contains data to be modified |
|
|
modifyRequest :: modification :: dsml:modification: name |
Attribute |
User field name that needs to be modified
|
|
This will be used to identify the column name in Oracle FLEXCUBE |
modifyRequest :: modification :: dsml:modification: operation |
Attribute |
Defines modification mode type |
Add/replace |
An Oracle FLEXCUBE Gateway modify request will be sent for the field |
modifyRequest :: modification :: dsml:modification: dsml:value |
Element |
Contains field value to be modified |
|
|
3.3.3 Delete Suspend and Resume Requests
The message format is same for suspend and resume request with their respective start tag.
Sample Request
<deleteRequest>
<psoID ID="<User Identitfier>" targetID=" FLEXCUBE">
</psoID>
</deleteRequest>
Field Tag |
Field Type |
Field Description |
Restrictions |
Remarks |
deleteRequest:: |
Element |
Start tag |
|
|
deleteRequest:: psoID |
Element |
Identifies the user in Oracle FLEXCUBE |
String |
This will be mapped with the User Id column of Oracle FLEXCUBE |
deleteRequest:: psoID : ID |
Attribute |
User Id Value |
Data Type: String Length: 12 |
This will be used to identify a user in Oracle FLEXCUBE |
deleteRequest:: psoID : targetID |
Attribute |
Defines the Target system id on which user field is to be modified |
string |
This value will be defined as Oracle FLEXCUBE while configuring GTC in OIM. This will be provided as destination tag value in Header part of the Oracle FLEXCUBE Gateway request. |
3.3.4 Set Password Request
The following is a sample Set Password Request.
<setPasswordRequest xmlns="urn:oasis:names:tc:SPML:2:0:password">
<psoID ID="<User Identitfier>" />
<password>password2</password>
</setPasswordRequest>
Field Tag |
Field Type |
Field Description |
Restrictions |
Remarks |
setPasswordRequest :: |
Element |
Start tag |
|
|
setPasswordRequest :: psoID |
Element |
Identifies a user in Oracle FLEXCUBE |
String |
This will be mapped with the User Id column of Oracle FLEXCUBE |
setPasswordRequest :: psoID : ID |
Attribute |
User Id Value |
Data Type: String Length: 12 |
This will be used to identify a user in Oracle FLEXCUBE |
setPasswordRequest :: password |
Element |
Contains the password to be set |
Data Type: String Length: 32 |
This will be mapped with the user_password column of Oracle FLEXCUBE . |
3.3.5 Add and Modify Responses
The Add and Modify messages have the same format is same except for their respective start tags.
Sample for successful response
< addResponse status="success">
< pso>
< psoID ID="<USER ID>" />
</pso>
</addResponse>
Sample for unsuccessful response
< addResponse status="failure" error="alreadyExists">
< errorMessage>
exception=tcDuplicateUserException;errorMessage=User already exists
</ errorMessage>
</ addResponse>
Field Tag |
Field Type |
Field Description |
Restrictions |
Remarks |
addResponse : |
Element |
Root Tag |
|
|
addResponse : status |
Attribute |
Defines the status of request |
success failure |
This will be used to convey the success or failure of the request to OIM. |
addResponse :: error |
Attribute |
Defines the error code
|
malformedRequest unsupportedOperation unsupportedIdentifierType noSuchIdentifier customError unsupportedExecutionMode invalidContainment noSuchRequest unsupportedSelectionType resultSetTooLarge unsupportedProfile invalidIdentifier alreadyExists containerNotEmpty |
In case of failure status appropriate SPML code will be decided and sent to the OIM |
addResponse :: errorMessage |
Element |
Contains the error description |
|
In case of failure status this will contain the description of error code. |
addResponse :: pso |
Element |
Identifies user in Oracle FLEXCUBE |
String |
|
addResponse :: pso: psoID |
Attribute |
User Id Value |
Data Type: String Length: 12 |
This will be same as sent in request to identify user in OIM. |
3.3.6 Delete Suspend Resume and Set Password Responses
Message format is the same for suspend and resume responses except for their respective start tags.
Sample for successful response
<deleteResponse status="success"/>
Sample for unsuccessful response
< deleteResponse status="failure" error=" noSuchIdentifier ">
< errorMessage>
exception= tcDuplicateUserException;errorMessage=User not found
</ errorMessage>
</ deleteResponse >
Field Tag |
Field Type |
Field Description |
Restrictions |
Remarks |
deleteResponse : |
Element |
Root Tag |
|
|
deleteResponse : status |
Attribute |
Defines the status of request |
success failure |
This will be used to convey the success or failure of the request to OIM |
deleteResponse :: error |
Attribute |
Defines the error code
Note: Applicable when status is failure |
malformedRequest unsupportedOperation unsupportedIdentifierType noSuchIdentifier customError unsupportedExecutionMode invalidContainment noSuchRequest unsupportedSelectionType resultSetTooLarge unsupportedProfile invalidIdentifier alreadyExists containerNotEmpty |
In case of failure status appropriate SPML code will be decided and sent to the OIM |
deleteResponse :: errorMessage |
Element |
Contains the error description |
|
In case of failure status this will contain the description of error code. |
3.4 Message Exchange Sequence for User Creation
The following diagram illustrates the messages exchange sequence during user creation.
3.5 Message Exchange Sequence for User Field Modification/ Set Password
The following diagram illustrates the messages exchange sequence during user field modification and set password.
3.6 Message Exchange Sequence for User Delete / Suspend / Resume
