2 Creating an Application By Using the EBS User Management Connector
Learn about onboarding applications using the connector and the prerequisites for doing so.
2.1 Process Flow for Creating an Application By Using the Connector
From Oracle Identity Governance release 12.2.1.3.0 onward, connector deployment is handled using the application onboarding capability of Identity Self Service.
Figure 2-1 is a flowchart depicting high-level steps for creating an application in Oracle Identity Governance by using the connector installation package.
Figure 2-1 Overall Flow of the Process for Creating an Application By Using the Connector
![Description of Figure 2-1 follows Description of Figure 2-1 follows](img/aob_highlevel_flow.png)
Description of "Figure 2-1 Overall Flow of the Process for Creating an Application By Using the Connector"
2.2 Prerequisites for Creating an Application By Using the Connector
Learn about the tasks that you must complete before you create the application.
2.2.1 Downloading the Connector Installation Package
You can obtain the installation package for your connector on the Oracle Technology Network (OTN) website.
2.2.2 Creating a Target System User Account for Connector Operations
This preinstallation step involves creating a user account in the target system that can be used by the connector to perform connector operations.
Note:
You must have DBA privileges to run the scripts described in this section and grant the required permissions to the target system user account.
You must have Oracle Database Client installed on the computer on which you perform the procedure described in this section. The Oracle Database Client release must be the same as the database release. In addition, if Oracle Database Client is not installed on the database host computer, then the tnsnames.ora file on the Oracle Database Client host must contain an entry for the SID of the database.
Oracle Identity Governance requires a target system user account to access the target system during connector operations. You provide the credentials of this user account as part of Basic Configuration Parameters while creating an application.
To create a target system user account for connector operations:
-
From the installation media, copy the scripts directory to a temporary directory on either the target system host computer or a computer on which the Oracle Database Client has been installed.
-
On the computer where you copy the scripts directory, verify that there is a TNS entry in the tnsnames.ora file for the target system database.
-
Change to the directory containing the scripts directory and depending on the host platform, run either the Run_UM_DBScripts.sh or Run_UM_DBScripts.bat file. These files are present in the scripts directory of the installation media.
-
When you run the script, you are prompted for the following information:
-
Enter the ORACLE_HOME
Set a value for the ORACLE_HOME environment variable. This prompt is displayed only if the ORACLE_HOME environment variable has not been set on the computer on which you are running the script.
-
Enter the System User Name
Enter the login (user name) of a DBA account with the privileges to create and configure a new target system user.
-
Enter the name of the database
Enter the connection string or service name given in the tnsnames.ora file to connect to the target system database.
This connects you to the SQL*Plus client.
-
Enter password
Enter the password of the APPS user in the target system. The Type and Package are created, and then the connection to the database is disconnected.
-
Enter password
Enter the password of the dba user.
-
Enter New database Username to be created
Enter a user name for the target system account that you want to create.
-
Enter the New user password
Enter a password for the target system account that you want to create.
This installs all wrappers packages under the APPS schema, creates the new target system account, and then grants all the required privileges on the tables and packages.
-
Connecting with newly created database user
Enter the connection string or service name that you provided earlier.
The user account for connector operations is created.
-
2.2.3 Determining Values for the JDBC URL and Connection Properties Parameters
This section discusses the JDBC URL and Connection Properties parameters. You apply the information in this section while configuring the IT resource for your target system. This procedure is discussed later in this guide.
The values that you specify for the JDBC URL and Connection Properties parameters depend on the security measures that you have implemented:
2.2.3.1 Supported JDBC URL Formats
The following are the supported JDBC URL formats:
-
Multiple database instances support one service (Oracle RAC)
JDBC URL format:
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=
HOST1_NAME
.
DOMAIN
)(PORT=
PORT1_NUMBER
))(ADDRESS=(PROTOCOL=TCP)(HOST=
HOST2_NAME
.
DOMAIN
)(PORT=
PORT2_NUMBER
))(ADDRESS=(PROTOCOL=TCP)(HOST=
HOST3_NAME
.
DOMAIN
)(PORT=
PORT3_NUMBER
)) . . . (ADDRESS=(PROTOCOL=TCP)(HOST=
HOSTn_NAME
.DOMAIN)(PORT=
PORTn_NUMBER
))(CONNECT_DATA=(SERVICE_NAME=
ORACLE_DATABASE_SERVICE_NAME
)))
Sample value:
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST= host1.example.com)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST= host2.example.com)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST= host3.example.com)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST= host4.example.com)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME= srvce1)))
-
One database instance supports one service
JDBC URL format:
jdbc:oracle:thin:@
HOST_NAME
.
DOMAIN
:PORT_NUMBER:ORACLE_DATABASE_SERVICE_NAME
Sample value:
jdbc:oracle:thin:@host1.example:1521:srvce1
-
One database instance supports multiple services (for Oracle Database 10g and later)
JDBC URL format:
jdbc:oracle:thin:@//
HOST_NAME.DOMAIN:PORT_NUMBER/ORACLE_DATABASE_SERVICE_NAME
Sample value:
jdbc:oracle:thin:@host1.example.com:1521/srvce1
2.2.3.2 Only SSL Communication Is Configured
After you configure SSL communication, the database URL is recorded in the tnsnames.ora file. See Local Naming Parameters in the tnsnames.ora File in Oracle Database Net Services Reference for detailed information about the tnsnames.ora file.
The following are sample formats of the contents of the tnsnames.ora file. In these formats, DESCRIPTION
contains the connection descriptor, ADDRESS
contains the protocol address, and CONNECT_DATA
contains the database service identification information.
Sample Format 1:
NET_SERVICE_NAME= (DESCRIPTION= (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) (CONNECT_DATA= (SERVICE_NAME=SERVICE_NAME)))
Sample Format 2:
NET_SERVICE_NAME= (DESCRIPTION_LIST= (DESCRIPTION= (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) (CONNECT_DATA= (SERVICE_NAME=SERVICE_NAME))) (DESCRIPTION= (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) (CONNECT_DATA= (SERVICE_NAME=SERVICE_NAME))))
Sample Format 3:
NET_SERVICE_NAME= (DESCRIPTION= (ADDRESS_LIST= (LOAD_BALANCE=on) (FAILOVER=off) (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))) (ADDRESS_LIST= (LOAD_BALANCE=off) (FAILOVER=on) (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))) (CONNECT_DATA= (SERVICE_NAME=SERVICE_NAME)))
If you have configured only SSL communication and imported the certificate that you create on the target system host computer into the JVM certificate store of Oracle Identity Manager, then you must derive the value for the JDBC URL parameter from the value of NET_SERVICE_NAME
in the tnsnames.ora file. For example:
Note:
As shown in this example, you must include only the (ADDRESS=(PROTOCOL=TCPS)(HOST=
HOST_NAME
)(PORT=2484))
element because you are configuring SSL. You need not include other (ADDRESS=(
PROTOCOL_ADDRESS_INFORMATION
))
elements.
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCPS)(HOST=myhost)(PORT=2484)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=mysid)))
2.2.3.3 Both Data Encryption and Integrity and SSL Communication Are Configured
If both data encryption and integrity and SSL communication are configured, then specify a value for the JDBC URL parameter in the following manner:
Enter a comma-separated combination of the values for the JDBC URL parameter described in Only SSL Communication Is Configured. For example:
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCPS)(HOST=myhost)(PORT=2484)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=mysid)))
2.3 Creating an Application By Using the Connector
You can onboard an application into Oracle Identity Governance from the connector package by creating a target application. To do so, you must log in to Identity Self Service and then choose the Applications box on the Manage tab.
Note:
For detailed information on each of the steps in this procedure, see Creating Applications of Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.
- Create an application in Identity Self Service. The high-level steps are as follows:
- Verify reconciliation and provisioning operations on the newly created application.
See Also:
-
Configuring the EBS User Management Connector for details on basic configuration and advanced settings parameters, default user account attribute mappings, default correlation rules, and reconciliation jobs that are predefined for this connector
-
Configuring Oracle Identity Governance for details on creating a new form and associating it with your application, if you chose not to create the default form