2 Creating an Application By Using the Oracle Internet Directory Connector

Learn about onboarding applications using the connector and the prerequisites for doing so.

• Process Flow for Creating an Application By Using the Connector

• Prerequisites for Creating an Application By Using the Connector

• Creating an Application By Using the Connector

2.1 Process Flow for Creating an Application By Using the Connector

From Oracle Identity Governance release 12.2.1.3.0 onward, connector deployment is handled using the application onboarding capability of Identity Self Service.

Figure 2-1 is a flowchart depicting high-level steps for creating an application in Oracle Identity Governance by using the connector installation package.

Figure 2-1 Overall Flow of the Process for Creating an Application By Using the Connector

Description of "Figure 2-1 Overall Flow of the Process for Creating an Application By Using the Connector"

2.2 Prerequisites for Creating an Application By Using the Connector

Learn about the tasks that you must complete before you create the application.

• Downloading the Connector Installation Package

• Creating a Target System User Account for Connector Operations

• Configuring the Connector for LDAP Operation Timeouts

2.2.1 Downloading the Connector Installation Package

You can obtain the installation package for your connector on the Oracle Technology Network (OTN) website.

To download the connector installation package:

1. Navigate to the OTN website at http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/connectors-101674.html.
2. Click OTN License Agreement and read the license agreement.
3. Select the Accept License Agreement option.
   You must accept the license agreement before you can download the installation package.
4. Download and save the installation package to any directory on the computer hosting Oracle Identity Governance.
5. Extract the contents of the installation package to any directory on the computer hosting Oracle Identity Governance. This creates a directory named CONNECTOR_NAME-RELEASE_NUMBER.
6. Copy the CONNECTOR_NAME-RELEASE_NUMBER directory to the OIG_HOME/server/ConnectorDefaultDirectory directory.

2.2.2 Creating a Target System User Account for Connector Operations

The connector uses a target system account to connect to the target system during reconciliation and provisioning operations.

You must create a target system user account for performing the following functions.

• Create, modify, and delete entries related to the managed objects, including accounts, groups, roles (if supported), and organizational units (ou).

• Update passwords for users.

• Use paging controls that have been configured in the IT resource.

Depending on the target system, create the specific target system account for connector operations as follows:

• Create an admin user account on the ODSEE target system.

• Create an admin user account on the OUD target system.

• Create an admin user, admin group, and ACIs on the OID target system.

  To perform this task, you must be an administrator on the OID target system who is familiar with command-line utilities such as ldapsearch and ldapmodify. If you prefer, you can also use Oracle Directory Services Manager to perform these functions.

The detailed instructions for performing these preinstallation tasks are available in the product documentation of the target system.

2.2.3 Configuring the Connector for LDAP Operation Timeouts

When an LDAP request is made by a client to a server and the server does not respond, the client waits forever for the server to respond until the TCP connection times out. On the client-side, you encounter read timed out exceptions while performing lookup field synchronization such as OID Connector Group Lookup Reconciliation. To avoid encountering such an issue, you must configure read and connect timeouts for your JNDI/LDAP service provider.

Note:

This is an optional procedure and is applicable only if you are using an OID target system.

Perform this procedure if you want to configure timeouts for the LDAP operations.

To do so:

1. In a text editor, open the xml/OID-target-template.xml file located in the connector installation package.
2. In the <advanceConfigurations> section, add new entries for the readTimeout and connectTimeout parameters as follows:

   <advanceConfig name="readTimeout" value="ENTER_NUM_MILLISECONDS" helpText="This property represents an integer value that specifies the number of milliseconds after which the LDAP provider must abort attempts to read an LDAP operation." dataType="int" required="false"/>
   <advanceConfig name="connectTimeout" value="ENTER_NUM_MILLISECONDS" helpText="This property represents an integer value that specifies the number of milliseconds after which the connection between the LDAP server and client times out." dataType="int" required="false"/>

   In the preceding line, replace ENTER_NUM_MILLISECONDS with a relevant integer value that specifies the number of milliseconds for the relevant parameters.
3. Save and close the file.
4. Log in to Identity Self Service and create a new application for the newly added parameters to reflect in the Advanced Settings section.

2.3 Creating an Application By Using the Connector

You can onboard an application into Oracle Identity Governance from the connector package by creating a Target application or an Authoritative application. To do so, you must log in to Identity Self Service and then choose the Applications box on the Manage tab.

The following is the high-level procedure to create an application by using the connector:

Note:

For detailed information on each of the steps in this procedure, see Creating Applications of Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.

1. Create an application in Identity Self Service. The high-level steps are as follows:
   1. Log in to Identity Self Service either by using the System Administration account or an account with the ApplicationInstanceAdministrator admin role.
   2. Ensure that the Connector Package option is selected when creating an application.
   3. Update the basic configuration parameters to include connectivity-related information.
   4. If required, update the advanced setting parameters to update configuration entries related to connector operations.
   5. Review the default user account attribute mappings. If required, add new attributes or you can edit or delete existing attributes.
   6. Review the provisioning, reconciliation, organization, and catalog settings for your application and customize them if required. For example, you can customize the default correlation rules for your application if required.
   7. Review the details of the application and click Finish to submit the application details.
      The application is created in Oracle Identity Governance.
   8. When you are prompted whether you want to create a default request form, click Yes or No.
      If you click Yes, then the default form is automatically created and is attached with the newly created application. The default form is created with the same name as the application. The default form cannot be modified later. Therefore, if you want to customize it, click No to manually create a new form and attach it with your application.
2. Verify reconciliation and provisioning operations on the newly created application.

See Also:

• Configuring the Oracle Internet Directory Connector for OID or Configuring the Oracle Internet Directory Connector for OUD, ODSEE, and LDAPv3-Compliant Directory Server for details on basic configuration and advanced settings parameters, default user account attribute mappings, default correlation rules, and reconciliation jobs that are predefined for this connector

• Configuring Oracle Identity Governance for details on creating a new form and associating it with your application, if you chose not to create the default form