17 Understanding the Oracle Provisioning Event Engine

The Oracle provisioning event engine sends events, depending on the operation performed on the user entries in back-end directory.

Topics:

17.1 What Are the Oracle Provisioning Events?

The Oracle provisioning event engine sends USER_ADD, USER_MODIFY and USER_DELETE events, depending on the operation performed on the user entries in back-end directory. Because the user will be represented by multiple entries containing base user and application-specific user information, applications can subscribe to all of the attributes in the event.

The user events are also sent when a base entry or application entry is updated. However, no events are sent when an application entry is deleted because when an administrator requests the deprovisioning of a user from an application, a USER_MODIFY event is sent to the application with a provisioning status of DEPROVISIONING_REQUIRED. Once the application acknowledges the event by returning a value of SUCCESS, the application entry is deleted by the Oracle Directory Integration Platform.

To receive notification of provisioning status changes, an application must subscribe to the orclUserApplnProvStatus;Application_Name attribute. For example, to subscribe to the provisioning status change for an application named CORP_EMAIL, an application must subscribe to the orclUserApplnProvStatus;CORP-EMAIL attribute.

17.2 Working with the Oracle Provisioning Event Engine

The Oracle provisioning event engine generates events from add, modify, and delete operations that are performed on well-defined objects in the back-end directory. The Oracle provisioning event engine uses object definitions and event generation rules to generate events. This event generation model is extensible because it enables you to define custom objects and event generation rules.

The Oracle provisioning event-engine, object definitions, and event generation rules are discussed in these topics:

17.2.1 Create Custom Event Object Definitions

The Oracle provisioning event-engine provides properties that you can use to identify objects for which events can be generated.

Table 17-1 lists the properties that you can use to identify objects for which events can be generated.

Table 17-1 Event Object Properties

Property Description

ObjectName

Assigns a unique name to identify the object

ObjectCriteria

Identifies the LDAP object class to use for identifying the object

MustAttributeCriteria

Provides any additional attributes that are required for identifying the object

OptionalAttributeCriteria

Provides any optional attributes that may be required for identifying the object

FilterAttributeCriteria

Lists the attributes that should not be sent during event propagation

Table 17-2 lists the predefined objects for which the Oracle provisioning event engine can generate events.

Table 17-2 Predefined Event Objects

Object Name Valid Object Class Values

Entry

*

User

orclUserV2, inetorgperson

Identity

orclUserV2, inetOrgPerson

Group

groupOfUniqueNames, orclGroup, orclPrivilegeGroup, groupOfNames

Subscription

orclServiceSubscriptionDetail

Subscriber

orclSubscriber

Note:

The metadata for event objects is stored in the following container: cn=Object Definitions, cn=Directory Integration Platform,cn=Products,cn=OracleContext

17.2.2 Define Custom Event Generation Rules

You specify event generation rules in XML format.

The DTD for event generation rules is as follows:

<?xml version='1.0' ?>
  <!DOCTYPE EventRuleSet [ 
    <!ELEMENT ChangeType (#PCDATA)> 
    <!ELEMENT Rule  (#PCDATA)> 
    <!ELEMENT EventName  (#PCDATA)> 
    <!ELEMENT ResEvent (Rule*, EventName)> 
    <!ELEMENT EventRule (ChangeType, ResEvent*)>
    <!ELEMENT EventRuleSet (EventRule*) >
  ]>

The element definitions in the preceding DTD are as follows:

  • The EventRuleSet root element identifies a set of event rules for an individual event object

  • The EventRuleSet root element contains a list of EventRule elements

  • Each EventRule element depends on the value assigned to the ChangeType element.

  • The ChangeType and Rule elements determine the event name to be propagated to an application

Table 17-3 lists the event definitions that are supported by the Oracle provisioning event engine.

Table 17-3 Supported Event Definitions

Object Name Change Type Rule Event Name

USER

Add

OrclApplnUserProvStatus=PENDING_UPGRADE

USER_ADD

USER

Add

OrclApplnUserProvStatus=PROVISIONING_REQUIRED

USER_ADD

USER

Modify

OrclApplnUserProvStatus= PENDING_UPGRADE

USER_ADD

USER

 

OrclApplnUserProvStatus=PROVISIONING_REQUIRED

USER_ADD

USER

 

OrclApplnUserProvStatus=PROVISIONING_FAILURE

USER_ADD

USER

 

OrclApplnUserProvStatus=DEPROVISIONING_REQUIRED

USER_MODIFY

USER

 

OrclApplnUserProvStatus=PROVISIONING_IN_PROGRESS

USER_MODIFY

USER

OrclApplnUserProvStatus=PROVISIONING_SUCCESSFUL

USER_MODIFY

USER

USER

Delete

OrclApplnUserProvStatus=PROVISIONING_IN_PROGRESS

USER_DELETE

USER

OrclApplnUserProvStatus=PROVISIONING_SUCCESSFUL

USER_DELETE

USER

OrclApplnUserProvStatus=DEPROVISIONING_REQUIRED

GROUP

Add

GROUP_ADD

GROUP

Modify

GROUP_MODIFY

GROUP

Delete

GROUP_DELETE

IDENTITY

Add

IDENTITY_ADD

IDENTITY

Modify

IDENTITY_MODIFY

IDENTITY

Delete

IDENTITY_DELETE

ENTRY

Add

ENTRY_ADD

IDENTITY

Modify

ENTRY_MODIFY

IDENTITY

Delete

ENTRY_DELETE

SUBSCRIPTION

Add

SUBSCRIPTION_ADD

SUBSCRIPTION

Modify

SUBSCRIPTION_MODIFY

SUBSCRIPTION

Delete

SUBSCRIPTION_DELETE

SUBSCRIBER

Add

SUBSCRIBER_ADD

SUBSCRIBER

Modify

SUBSCRIBER_MODIFY

SUBSCRIBER

Delete

SUBSCRIBER_DELETE

Note:

The metadata for supported event objects is stored in the following container: cn=Event Definitions, cn=Directory Integration Platform,cn=Products,cn=OracleContext.