Creating an Application By Using the EBS User Management Connector

2 Creating an Application By Using the EBS User Management Connector

Learn about onboarding applications using the connector and the prerequisites for doing so.

2.1 Process Flow for Creating an Application By Using the Connector

From Oracle Identity Governance release 12.2.1.3.0 onward, connector deployment is handled using the application onboarding capability of Identity Self Service.

Figure 2-1 is a flowchart depicting high-level steps for creating an application in Oracle Identity Governance by using the connector installation package.

Figure 2-1 Overall Flow of the Process for Creating an Application By Using the Connector

Description of "Figure 2-1 Overall Flow of the Process for Creating an Application By Using the Connector"

2.2 Prerequisites for Creating an Application By Using the Connector

Learn about the tasks that you must complete before you create the application.

2.2.1 Downloading the Connector Installation Package

You can obtain the installation package for your connector on the Oracle Technology Network (OTN) website.

To download the connector installation package:

Navigate to the OTN website at http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/connectors-101674.html.
Click OTN License Agreement and read the license agreement.
Select the Accept License Agreement option.
You must accept the license agreement before you can download the installation package.
Download and save the installation package to any directory on the computer hosting Oracle Identity Governance.
Extract the contents of the installation package to any directory on the computer hosting Oracle Identity Governance. This creates a directory named CONNECTOR_NAME-RELEASE_NUMBER.
Copy the CONNECTOR_NAME-RELEASE_NUMBER directory to the OIG_HOME/server/ConnectorDefaultDirectory directory.

2.2.2 Creating a Target System User Account for Connector Operations

This preinstallation step involves creating a user account in the target system that can be used by the connector to perform connector operations.

Note:

You must have DBA privileges to run the scripts described in this section and grant the required permissions to the target system user account.

You must have Oracle Database Client installed on the computer on which you perform the procedure described in this section. The Oracle Database Client release must be the same as the database release. In addition, if Oracle Database Client is not installed on the database host computer, then the tnsnames.ora file on the Oracle Database Client host must contain an entry for the SID of the database.

Oracle Identity Governance requires a target system user account to access the target system during connector operations. You provide the credentials of this user account as part of Basic Configuration Parameters while creating an application.

To create a target system user account for connector operations:

From the installation media, copy the scripts directory to a temporary directory on either the target system host computer or a computer on which the Oracle Database Client has been installed.
On the computer where you copy the scripts directory, verify that there is a TNS entry in the tnsnames.ora file for the target system database.
Change to the directory containing the scripts directory and depending on the host platform, run either the Run_UM_DBScripts.sh or Run_UM_DBScripts.bat file. These files are present in the scripts directory of the installation media.
When you run the script, you are prompted for the following information:
- Enter the ORACLE_HOME
  
  Set a value for the ORACLE_HOME environment variable. This prompt is displayed only if the ORACLE_HOME environment variable has not been set on the computer on which you are running the script.
- Enter the System User Name
  
  Enter the login (user name) of a DBA account with the privileges to create and configure a new target system user.
- Enter the name of the database
  
  Enter the connection string or service name given in the tnsnames.ora file to connect to the target system database.
  
  This connects you to the SQL*Plus client.
- Enter password
  
  Enter the password of the APPS user in the target system. The Type and Package are created, and then the connection to the database is disconnected.
- Enter password
  
  Enter the password of the dba user.
- Enter New database Username to be created
  
  Enter a user name for the target system account that you want to create.
- Enter the New user password
  
  Enter a password for the target system account that you want to create.
  
  This installs all wrappers packages under the APPS schema, creates the new target system account, and then grants all the required privileges on the tables and packages.
- Connecting with newly created database user
  
  Enter the connection string or service name that you provided earlier.
The user account for connector operations is created.

2.2.3 Determining Values for the JDBC URL and Connection Properties Parameters

This section discusses the JDBC URL and Connection Properties parameters. You apply the information in this section while configuring the IT resource for your target system. This procedure is discussed later in this guide.

The values that you specify for the JDBC URL and Connection Properties parameters depend on the security measures that you have implemented:

2.2.3.1 Supported JDBC URL Formats

The following are the supported JDBC URL formats:

Multiple database instances support one service (Oracle RAC)

JDBC URL format:

jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=HOST1_NAME.DOMAIN)(PORT=PORT1_NUMBER))(ADDRESS=(PROTOCOL=TCP)(HOST=HOST2_NAME.DOMAIN)(PORT=PORT2_NUMBER))(ADDRESS=(PROTOCOL=TCP)(HOST=HOST3_NAME.DOMAIN)(PORT=PORT3_NUMBER)) . . . (ADDRESS=(PROTOCOL=TCP)(HOST=HOSTn_NAME.DOMAIN)(PORT=PORTn_NUMBER))(CONNECT_DATA=(SERVICE_NAME=ORACLE_DATABASE_SERVICE_NAME)))

Sample value:

jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST= host1.example.com)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST= host2.example.com)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST= host3.example.com)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST= host4.example.com)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME= srvce1)))
One database instance supports one service

JDBC URL format:

jdbc:oracle:thin:@HOST_NAME.DOMAIN:PORT_NUMBER:ORACLE_DATABASE_SERVICE_NAME

Sample value:

jdbc:oracle:thin:@host1.example:1521:srvce1
One database instance supports multiple services (for Oracle Database 10g and later)

JDBC URL format:

jdbc:oracle:thin:@//HOST_NAME.DOMAIN:PORT_NUMBER/ORACLE_DATABASE_SERVICE_NAME

Sample value:

jdbc:oracle:thin:@host1.example.com:1521/srvce1

2.2.3.2 Only SSL Communication Is Configured

After you configure SSL communication, the database URL is recorded in the tnsnames.ora file. See Local Naming Parameters in the tnsnames.ora File in Oracle Database Net Services Reference for detailed information about the tnsnames.ora file.

The following are sample formats of the contents of the tnsnames.ora file. In these formats, DESCRIPTION contains the connection descriptor, ADDRESS contains the protocol address, and CONNECT_DATA contains the database service identification information.

Sample Format 1:

NET_SERVICE_NAME=
 (DESCRIPTION=
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
   (CONNECT_DATA= 
     (SERVICE_NAME=SERVICE_NAME)))

Sample Format 2:

NET_SERVICE_NAME= 
 (DESCRIPTION_LIST=
  (DESCRIPTION= 
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
   (CONNECT_DATA= 
     (SERVICE_NAME=SERVICE_NAME)))
  (DESCRIPTION= 
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
   (CONNECT_DATA= 
     (SERVICE_NAME=SERVICE_NAME))))

Sample Format 3:

NET_SERVICE_NAME= 
 (DESCRIPTION= 
  (ADDRESS_LIST= 
   (LOAD_BALANCE=on)
   (FAILOVER=off)
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)))
  (ADDRESS_LIST= 
   (LOAD_BALANCE=off)
   (FAILOVER=on)
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
   (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)))
  (CONNECT_DATA=
   (SERVICE_NAME=SERVICE_NAME)))

If you have configured only SSL communication and imported the certificate that you create on the target system host computer into the JVM certificate store of Oracle Identity Manager, then you must derive the value for the JDBC URL parameter from the value of NET_SERVICE_NAME in the tnsnames.ora file. For example:

Note:

As shown in this example, you must include only the (ADDRESS=(PROTOCOL=TCPS)(HOST=HOST_NAME)(PORT=2484)) element because you are configuring SSL. You need not include other (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) elements.

jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCPS)(HOST=myhost)(PORT=2484)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=mysid)))

2.2.3.3 Both Data Encryption and Integrity and SSL Communication Are Configured

If both data encryption and integrity and SSL communication are configured, then specify a value for the JDBC URL parameter in the following manner:

Enter a comma-separated combination of the values for the JDBC URL parameter described in Only SSL Communication Is Configured. For example:

jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCPS)(HOST=myhost)(PORT=2484)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=mysid)))

2.3 Creating an Application By Using the Connector

You can onboard an application into Oracle Identity Governance from the connector package by creating a target application. To do so, you must log in to Identity Self Service and then choose the Applications box on the Manage tab.

The following is the high-level procedure to create an application by using the connector:

Note:

For detailed information on each of the steps in this procedure, see Creating Applications of Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.

Create an application in Identity Self Service. The high-level steps are as follows:
1. Log in to Identity Self Service either by using the System Administration account or an account with the ApplicationInstanceAdministrator admin role.
2. Ensure that the Connector Package option is selected when creating an application.
3. Update the basic configuration parameters to include connectivity-related information.
4. If required, update the advanced setting parameters to update configuration entries related to connector operations.
5. Review the default user account attribute mappings. If required, add new attributes or you can edit or delete existing attributes.
6. Review the provisioning, reconciliation, organization, and catalog settings for your application and customize them if required. For example, you can customize the default correlation rules for your application if required.
7. Review the details of the application and click Finish to submit the application details.
  The application is created in Oracle Identity Governance.
8. When you are prompted whether you want to create a default request form, click Yes or No.
  If you click Yes, then the default form is automatically created and is attached with the newly created application. The default form is created with the same name as the application. The default form cannot be modified later. Therefore, if you want to customize it, click No to manually create a new form and attach it with your application.
Verify reconciliation and provisioning operations on the newly created application.