8 Managing Generic Connectors
Generic connectors are managed by using Oracle Identity System Administration. See Predefined Providers for Generic Technology Connectors in Developing and Customizing Applications for Oracle Identity Governance for information about generic technology connectors (GTC).
This chapter describes how to create and manage generic connectors in the following sections:
8.1 Creating Generic Technology Connectors
While creating a generic connector, you need to consider various connector design aspects, such as provider requirements and selections, address all prerequisites, configure reconciliation and provisioning, create a form, publish a form, and enable logs for the generic create operations.
The procedure to create a generic technology connector is composed of the following steps:
8.1.1 Determining Provider Requirements for Creating Generic Technology Connectors
In order to determine provider requirements, first you need to identify various provider-based building blocks. Then, you create data formats and transport mechanism. As a final step, you identify providers to create a generic connector.
The following providers can be used as the building blocks of the generic technology connectors you create:
-
Reconciliation Transport Provider
-
Reconciliation Format Provider
-
Provisioning Transport Provider
-
Provisioning Format Provider
-
Transformation Provider
-
Validation Provider
Based on your knowledge of the data formats and data transport mechanisms supported by the target system, identify the providers that must be included in the generic technology connector that you create. If the target system supports multiple data formats and data transport mechanisms, you must select a single combination of the transport and format providers discussed in the first chapter. You cannot include, for example, multiple reconciliation format providers in a single generic technology connector.
8.1.2 Selecting the Providers for Creating Generic Technology Connectors
Selection of providers includes identifying predefined providers. Create a custom provider only to address any special generic connector requirement.
Identify the predefined providers that can be used to meet your provider requirements. See Predefined Providers for Generic Technology Connectors in the Developing and Customizing Applications for Oracle Identity Governance for information about the predefined providers.
If all your provider requirements are addressed by the predefined providers, you need not create custom providers. You must create custom providers to address only the requirements that are not addressed by the predefined providers.
8.1.3 Addressing the Prerequisites for Creating Generic Technology Connectors
Prerequisites for creating generic technology connectors include testing connectivity with the target system, creating the user accounts to be used for creating the generic technology connector, and enabling cache for the GenericConnector and GenericConnectorProviders cache categories.
You must address the following prerequisites:
-
If you are creating the generic technology connector on a production server, enable the cache for the following cache categories:
-
GenericConnector
-
GenericConnectorProviders
-
-
Testing connectivity between the target system server and the Oracle Identity Manager server
You must take steps to ensure that connectivity can be established between the target system server and the Oracle Identity Manager server. For example, in a UNIX environment, you must enter the fully qualified host name of the Oracle Identity Manager server in the
/etc/hosts
file on the target system server. -
Creating the user account to be used for creating the generic technology connector
All users belonging to the
SYSTEM ADMINISTRATORS
group of Oracle Identity Manager can create generic technology connectors. Alternatively, members of a group to which you assign the required menu items and permissions can create generic technology connectors.The required menu items are as follows:
-
Create Generic Technology Connector menu item
-
Manage Generic Technology Connector menu item
The required permissions are as follows:
-
Form Designer (Allow Insert, Write Access, Delete Access)
-
Structure Utility. Additional Column (Allow Insert, Write Access, Delete Access)
-
Meta-Table Hierarchy (Allow Insert, Write Access, Delete Access)
If these permissions are not correctly assigned to the group, an error is thrown when the user clicks the Create button on the final Identity System Administration page for creating generic technology connectors.
-
Note:
In an Oracle Identity Manager deployment that is integrated with Access Manager (OAM), the OIMSignatureAuthenticator authentication provider is not configured by default. If you use Oracle Identity Manager 9.x connectors, such as GTC, or if your custom code uses signature-based OIMClient login, then you must enable the OIMSignatureAuthenticator authentication provider.
8.1.4 Creating the Connector Using Identity System Administration
Creating a new generic connector involves specifying parameter values, defining of datasets and mapping of datasets, along with defining of the forms.
To navigate to the first Identity System Administration page for creating a generic technology connector:
- Log in to Identity System Administration.
- Click Generic Connector under Provisioning Configuration.
- In the Manage Connectors page, click Create.
- Provide basic information about the generic technology connector that you want to create in the Provide Basic Information page. Follow procedure inProviding Basic Information for Generic Technology Connector.
- Enter values for all parameters in Specify Parameter Values Page. Follow procedure in, Specifying Parameter Values for the Providers.
- Define data sets and mappings between the fields of the data sets in Modify Connector Configuration Page. Follow procedure in, Modifying Connector Configuration.
- Specify form names for the process forms corresponding to the OIM - Account data set and its child data sets. Follow procedure in, Verifying Connector Form Names.
- Review information that you have provided up to this point for creating generic technology connectors. Follow procedure in, Verifying Connector Information.
8.1.5 Configuring Reconciliation
After successfully creating a generic connector, the next step is to configure reconciliation. Skip the configuration reconciliation step if you have selected only the provisioning option while creating a connector.
A reconciliation scheduled task is created automatically when you create the generic technology connector. To configure and run this scheduled task, follow the instructions in Managing the Scheduler.
Note:
The name of the scheduled task is in the following format:
GTC_Name
_GTC
For example, if the name of the generic technology connector is WebConn
, the name of the scheduled task is WebConn_GTC
.
8.1.6 Configuring Provisioning
Configure provisioning if you have selected the provisioning configuration option while creating the connector. Skip this step if you have selected only the Reconciliation option on the Step 1: Provide Basic Information page.
A process definition is one of the objects that are automatically created when you create a generic technology connector. The name of the process definition is in the following format:
GTC_name
_GTC
For example, if the name of the generic technology connector is WebConn
, the name of the process definition is WebConn_GTC
.
The process tasks that constitute this process definition can be divided into two types:
-
System-defined process tasks
System-defined process tasks are included by default in all newly created process definitions.
-
Provisioning-specific process tasks
Provisioning-specific process tasks are included in the process definition of a generic technology connector only if you select the Provisioning option on the Step 1: Provide Basic Information page, regardless of whether or not you select the Reconciliation option.
The following are provisioning-specific process tasks:
-
Create User
-
Delete User
-
Enable User
-
Disable User
-
Updated Field_Name (this task is created for each field of the OIM - Account data set, except the
ID
field) -
For mappings created between fields of the OIM - User data set and the provisioning staging data set, the following process tasks are created:
-
Change User_data_set_field_name
-
Edit Provisioning_Staging_field_name
For example, suppose you create a mapping between the Last Name field of the OIM - User data set and the LName field of the provisioning staging data set. The following process tasks are automatically created along with the rest of the provisioning-specific process tasks:
-
Change Last Name
-
Edit LName
-
In addition, the following provisioning-specific process tasks are created for each child data set of the OIM - Account data set:
-
Child Table Child_Form_Name row Inserted
-
Child Table Child_Form_Name row Updated
-
Child Table Child_Form_Name row Deleted
All provisioning-specific process tasks have the following default assignments:
-
Target Type:
Group User With Highest Priority
-
Group:
SYSTEM ADMINISTRATORS
-
User:
XELSYSADM
If required, you can modify these default assignments by following the instructions given in Modifying Process Tasks in the Developing and Customizing Applications for Oracle Identity Governance.
8.1.7 Creating the Form and Publishing the Application Instance
You need to create a form and publish the application instance when both provisioning and reconciliation options are selected in the Step 1: Basic Information page.
To create the form and publish the application instance:
- Create a form specific to the GTC resource object.
- Attach the form to the GTC application instance.
- Publish the GTC application instance to the required organizations.
Note:
To view a provisioned account in the new UI, the process form should have a field for IT resource. The value for this IT resource field should be populated during a reconciliation run.
8.1.8 Enabling Log for the Generic Technology Connector
Logging in Oracle Identity Manager generally involves log collection and storage, error reporting, and alerts generation.
This is an optional step. Perform the procedure discussed in this section only if you want to enable logging for the generic technology connector.
See Configuring Log Services for Oracle Identity Governance for information about enabling logging in Oracle Identity Manager.
8.2 Using Identity System Administration to Create the Connector
Creation of a generic connector includes various steps, such as basic information, defining of parameter values, verifying form names, and verifying connector information.
To navigate to the first Identity System Administration page for creating a generic technology connector, login to Identity System Administration, and click Generic Connector under Provisioning Configuration. In the Manage Connectors page, click Create.
From this point onward, page-wise instructions are provided in the following sections:
8.2.1 Providing Basic Information for Generic Technology Connector
The first step of the connector creation process involves collection of basic information. The Transport provider list and the Format Provider List, provide options for reconciliation and provisioning operations.
To provide basic information about the generic technology connector that you want to create, use this page as follows:
Table 8-1 lists sample entries for the GUI elements on the Step 1: Provide Basic Information page.
Table 8-1 Sample Entries for the Step 1: Provide Basic Information Page
Label on the Step 1: Provide Basic Information Page | Sample Value or Action | Reference Information |
---|---|---|
Name field |
MyGTC2 |
NA |
Reconciliation check box |
Check box selected |
NA |
Transport Provider list |
Shared Drive |
shared drive reconciliation transport provider |
Format Provider list |
CSV |
CSV Reconciliation format provider |
Provisioning check box |
Check box selected |
NA |
Transport Provider list |
Web Services |
Web Services provisioning transport provider |
Format Provider list |
SPML |
SPML provisioning format provider |
8.2.2 Specifying Parameter Values for the Providers
The provider parameters are divided into two categories, Run-time parameters and Design parameters.
Use this page to specify values for the parameters of the providers that you select in Providing Basic Information for Generic Technology Connector.
This section contains the following topics:
8.2.2.1 Run-Time Parameters for the Provider
See Also:
Predefined Providers for Generic Technology Connectors in the Developing and Customizing Applications for Oracle Identity Governance for detailed information about the run-time parameters of predefined providers that you select on the Step 1: Provide Basic Information page
Run-time parameters are input variables of the providers that you select on the previous page. A run-time parameter represents a value that is not constrained by the design of the provider. For example, the location of the directories containing the data files that you want to reconcile is a run-time parameter.
8.2.2.2 Design Parameters for the Provider
This section describes about the design parameters for the provider in the following topics:
8.2.2.2.1 About Design Parameters for the Provider
The parameters listed in this section are either design parameters of providers or reconciliation-specific parameters that are common to all generic technology connectors. A design parameter represents a value or set of values that is defined as part of the provider design.
See Also:
Predefined Providers for Generic Technology Connectors in Developing and Customizing Applications for Oracle Identity Governance for detailed information about the design parameters of predefined providers that you select in the Providing Basic Information for Generic Technology Connector.
For example, the format of data files that can be parsed by a format provider is a design parameter for that provider. While designing the provider, you define the set of formats the provider can parse. In this page, you specify the particular format (from the set of supported formats) that an instance of the format provider must parse.
8.2.2.2.2 Reconciliation Specific Design Parameters for the Provider
The following are reconciliation-specific design parameters:
Note:
If you do not select the Reconciliation option on the previous page, these reconciliation-specific design parameters are not displayed on this page.
-
Batch Size
Use this parameter to specify a batch size for the reconciliation run. By using this parameter, you can break into batches the total number of records that the reconciliation engine fetches from the target system during each reconciliation run.
The default value of this parameter is
All
. -
Stop Reconciliation Threshold
During reconciliation, data from the reconciliation format provider is accepted as input by the validation provider. Some of the reconciliation data records may not clear the validation checks. You can use the Stop Reconciliation Threshold parameter to automatically stop reconciliation if the percentage of records that fail the validation checks to the total number of reconciliation records processed exceeds the specified value.
The following example illustrates how this parameter works:
Suppose you specify 20 as the value of the Stop Reconciliation Threshold parameter. This means that you want reconciliation to stop if the percentage of failed records to the total number of records processed becomes equal to or greater than 20. Suppose the second and eighth records fail the validation checks. At this stage, the number of failed records is 2 and the total number of records processed is 8. The percentage of failed records is 25, which is greater than the specified threshold of 20. Therefore, reconciliation is stopped after the eighth record is processed.
Note:
-
The Stop Reconciliation Threshold parameter is used during reconciliation only if you select validation Providers on the Step 3: Modify Connector Configuration page.
-
If reconciliation is stopped because the actual percentage of failed records exceeds the specified percentage, the records that have already been reconciled into Oracle Identity Manager are not removed.
The default value of this parameter is
None
. This default value specifies that during a reconciliation run, you want all the target system records to be processed, regardless of the number of records that fail the checks. -
-
Stop Threshold Minimum Records
If you use the Stop Reconciliation Threshold parameter, there may be a problem if invalid records are encountered right at the beginning of the reconciliation run. For example, suppose you specify 40 as the value of the Stop Reconciliation Threshold parameter. When reconciliation starts, suppose the first record fails the validation checks. At this stage, the percentage of failed records to total records processed is 100. Therefore, reconciliation would stop immediately after the first record is processed.
To avoid such situations, you can use the Stop Threshold Minimum Records parameter in conjunction with the Stop Reconciliation Threshold parameter. The Stop Threshold Minimum Records parameter specifies the number of records that must be processed by the validation provider before the Stop Reconciliation Threshold validation is enabled.
The following example illustrates how this parameter works:
Suppose you specify the following values:
Stop Reconciliation Threshold: 20
Stop Threshold Minimum Records: 80
With these values, from the eighty-first record onward, the Stop Reconciliation Threshold validation is enabled. In other words, after the eightieth record is processed, if any record fails the validation check, the reconciliation engine calculates the percentage of failed records to total records processed.
The default value of this parameter is
None
.Note:
-
The Stop Threshold Minimum Records parameter is used during reconciliation only if you select validation Providers on the Step 3: Modify Connector Configuration page.
-
You must specify a value for the Stop Threshold Minimum Records parameter if you specify a value for the Stop Reconciliation Threshold parameter.
-
-
Reconciliation Type
Use this parameter to specify whether you want the reconciliation engine to perform incremental or full reconciliation.
Note:
The outcome of both full and incremental reconciliation is the same: target system records that are created or updated after the last reconciliation run are reconciled into Oracle Identity Manager.
In incremental reconciliation, only target system records that are newly added or modified after the last reconciliation run are brought to Oracle Identity Manager. Reconciliation events are created for each of these records.
In full reconciliation, all target system records are brought to Oracle Identity Manager. The optimized reconciliation feature identifies and ignores records that have already been reconciled. Reconciliation events are created for the remaining records.
You must select incremental reconciliation if either one of the following conditions is true:
-
The target system time stamps or uniquely marks (in some way) files or individual data records that it generates, and the reconciliation transport provider can recognize records that have been time stamped or marked by the target system.
For example:
Suppose the target system can time stamp the creation of or modifications to user data records. If you can create a custom reconciliation transport provider that can read this time-stamp information, only new or modified data records will be transported to Oracle Identity Manager during reconciliation.
-
The target system provides only data records that are newly added or modified after the last reconciliation run.
If neither of these conditions is true, you must select full reconciliation.
-
-
Reconcile Deletion of Multivalued Attribute Data
Use this parameter to specify whether or not you want to reconcile into Oracle Identity Manager the deletion of multivalued attribute data (child data) on the target system.
The following example explains how this design parameter works:
There is an account for user
John Doe
on the target system. This user is a member of two user groups,CREATE USERS
andREVIEW PERMISSIONS
, on the target system. This user account (along with the group membership information) also exists on Oracle Identity Manager.On the target system, suppose this user is removed from the
REVIEW PERMISSIONS
group. During the next reconciliation run, the action that will be taken in Oracle Identity Manager depends on whether or not you select the Reconcile Deletion of Multivalued Attribute Data check box:-
If you select the check box, information about this user being a member of the
REVIEW PERMISSIONS
group on the target system is removed from the Oracle Identity Manager database. All other changes made to this user account on the target system are also reconciled. -
If you do not select the check box, information about this user being a member of the
REVIEW PERMISSIONS
group on the target system is not removed from the Oracle Identity Manager database. However, all other changes made to this user account on the target system are reconciled.
-
-
Source Date Format
Use this parameter to specify the format in which date values are stored in the target system.
The format that you specify is used to validate date values fetched during reconciliation and to convert the date values to the format used internally by Oracle Identity Manager.
The Validate Date Format provider is one of the predefined validation providers. During a reconciliation run, the Validate Date Format provider uses the source date format to validate date values fetched from the target system. Only date values that match the source date format are converted to the date format used by Oracle Identity Manager and reconciled. This format validation and conversion applies to all date fields (for example, Date of Birth and Hire Date) of the target system.
For information about the date formats that you can specify, see the following page on the Sun Java Web site:
http://java.sun.com/docs/books/tutorial/i18n/format/simpleDateFormat.html
Note:
If you want the source date format to be used in date validation, while performing the procedure described in Adding or Editing Fields in Data Sets, you must:
-
Map date fields of the Source data sets to date fields of the reconciliation staging data sets.
-
Edit each date field of the reconciliation staging data sets and set its data type to the Date data type.
The default value of the Source Date Format parameter is the date format specified as the value of the
XL.DefaultDateFormat
system property. If you do not specify a value for the Source Date Format parameter, the default date format is used for date validation during reconciliation.See Also:
System Properties in Oracle Identity Manager for information about the system properties of Oracle Identity Manager.
The following example illustrates how the Source Date Format parameter is used:
Suppose the following are date values in the target system:
-
Date 1:
05/04/2007 06:25:44 PM
-
Date 2:
05/06/2007 07:31:44 PM
-
Date 3:
Thu, Apr 9, '98
-
Date 4:
07/03/2008 02:15:55 PM
Scenario 1:
While creating the connector, you had entered the following as the value of the Source Date Format parameter:
MM/dd/yyyy hh:mm:ss a
During a reconciliation run, the record containing the Date 3 value is not reconciled because it does not conform to the specified source date format.
Scenario 2:
While creating the connector, you had not entered a value for the Source Date Format parameter. Therefore, during a reconciliation run, all four records are validated against the date format specified as the value of the
XL.DefaultDateFormat
system property. -
8.2.2.2.3 Provisioning Specific Design Parameter for the Provider
The following is a provisioning-specific design parameter:
Note:
If you do not select the Provisioning option on the previous page, this provisioning-specific design parameter is not displayed.
-
Target Date Format
Use this parameter to specify the format in which you want to send date values to the target system during provisioning operations.
During a provisioning operation, date values are converted to the format that you specify as the value of the Target Date Format parameter. This format conversion applies to all date fields (for example, Date of Birth and Hire Date) that are used in the provisioning operation.
For information about the date formats that you can specify, see the following page on the Sun Java Web site:
http://java.sun.com/docs/books/tutorial/i18n/format/simpleDateFormat.html
If you do not specify a date format, the following date format is used as the default value of this parameter:
yyyy/MM/dd hh:mm:ss z
The following example illustrates how the Target Date Format parameter is used:
During a provisioning operation, any date value that you enter will be in the
yyyy/MM/dd hh:mm:ss z
format.Scenario 1:
While creating the connector, you had entered the following as the value of the Target Date Format parameter:
yyyy.MM.dd G 'at' hh:mm:ss z
During a provisioning operation, an Oracle Identity Manager date value (for example, 2007/05/04 06:25:44 IST) will be converted into the target date format (for example, 2007.05.04 AD at 06:25:44 IST) and sent to the target system.
Scenario 2:
While creating the connector, you had not entered a value for the Target Date Format parameter. During a provisioning operation, date values are sent to the target system in the (default)
yyyy/MM/dd hh:mm:ss z
format.
8.2.2.3 Sample Values for the Run-Time and Design Parameters
After you specify values for the run-time and design parameters, click Continue.
Note:
If any value that you provide on this page is not correct, an error message is displayed at the top of the page after you click Continue. If this happens, fix the parameter value and click Continue again.
Table 8-2 lists sample entries for the Specify Parameter Values page. The GUI elements displayed on this page are based on the entries made on the Provide Basic Information page.
Table 8-2 Sample Entries for the Step 2: Specify Parameter Values Page
Label on the Step 2: Specify Parameter Values Page | Sample Value or Action | Reference Information |
---|---|---|
Run-Time Parameters of the Shared Drive Reconciliation Transport Provider |
"Shared Drive Reconciliation Transport Provider" in Developing and Customizing Applications for Oracle Identity Governance |
|
Staging Directory (Parent Identity Data) field |
D:\gctestdata\commaDelimited\parent |
NA |
Staging Directory (Multivalued Identity Data) field |
D:\gctestdata\commaDelimited\child |
NA |
Archiving Directory field |
D:\gctestdata\commaDelimited\archive |
NA |
File Prefix field |
file |
NA |
Specified Delimiter field |
, |
NA |
Tab Delimiter check box |
Check box not selected |
NA |
Fixed Column Width field |
NA |
|
Unique Attribute (Parent Data) field |
UserIDTD |
NA |
Run-Time Parameter of the Web Services Provisioning Transport Provider |
"Web Services Provisioning Transport Provider" in Developing and Customizing Applications for Oracle Identity Governance |
|
Web Service URL field |
http://acme123:8080/spmlws/services/HttpSoap11 |
NA |
Run-Time Parameters of the SPML Provisioning Format Provider |
||
Target ID field |
target |
NA |
User Name (authentication) field |
xelsysadm |
NA |
User Password (authentication) field |
NA |
|
Design Parameters of the Shared Drive Reconciliation Transport Provider |
"Shared Drive Reconciliation Transport Provider" in Developing and Customizing Applications for Oracle Identity Governance |
|
File Encoding field |
Cp1251 |
NA |
Design Parameters of the Web Services Provisioning Transport Provider |
"Web Services Provisioning Transport Provider" in Developing and Customizing Applications for Oracle Identity Governance |
|
Web Service SOAP Action field |
http://xmlns.oracle.com/OIM/provisioning/processRequest |
NA |
Design Parameters of the SPML Provisioning Format Provider |
||
WSSE Configured for SPML Web Service? check box |
Check box not selected |
NA |
Custom Authentication Credentials Namespace field |
http://xmlns.oracle.com/OIM/provisioning |
NA |
Custom Authentication Header Element field |
OIMUser |
NA |
Custom Element to Store User Name field |
OIMUserId |
NA |
Custom Element to Store Password field |
OIMUserPassword |
NA |
SPML Web Service Binding Style (DOCUMENT or RPC) field |
RPC |
NA |
SPML Web Service Complex Data Type field |
NA |
|
SPML Web Service Operation Name field |
processRequest |
NA |
SPML Web Service Target Namespace field |
http://xmlns.oracle.com/OIM/provisioning |
NA |
SPML Web Service Soap Message Body Prefix field |
NA |
|
ID Attribute for Child Dataset Holding Group Membership Information field |
NA |
|
Generic Design Parameters |
NA |
|
Target Date Format field |
yyyy-MM-dd hh:mm:ss.fffffffff |
NA |
Batch Size field |
All |
NA |
Stop Reconciliation Threshold field |
None |
NA |
Stop Threshold Minimum Records field |
None |
NA |
Source Date Format field |
yyyy/MM/dd hh:mm:ss z |
NA |
Reconcile Deletion of Multivalued Attribute Data check box |
Check box selected |
NA |
Reconciliation Type list |
Incremental |
NA |
8.2.3 Modifying Connector Configuration
The step 3 of the connector creation process involves defining of data sets. After creation of data sets, these data sets need to be associated with the fields. In this step, you specify the user data fields that are required for the generic technology connectors.
You can perform the following actions on the Step 3: Modify Connector Configuration page:
8.2.3.1 About Metadata for Generic Technology Connector
Use this page to define data sets and mappings between the fields of the data sets. In other words, you use this page to specify the user data fields that you want to:
-
Propagate from the target system to Oracle Identity Manager during reconciliation
-
Propagate from Oracle Identity Manager to the target system during provisioning
In the generic technology connector context, the term metadata refers to the set of identity fields that constitute the user account information on the target system.
First Name, Last Name, Hire Date, and Department ID are examples of user data fields that constitute metadata. The values assigned to these fields constitute the user data on the target system. For example, the identity information of user John Doe on the target system can be composed of the following fields:
-
First Name: John
-
Last Name: Doe
-
Hire Date: 04-December-2007
-
Department ID: Sales
-
. . .
After you click the Continue button on the Step 2: Specify Parameter Values page, the metadata displayed on the Step 3: Modify Connector Configuration page depends on the following factors:
-
Input provided on the Step 1: Provide Basic Information and Step 2: Specify Parameter Values pages
-
Availability of sample target system data
Note:
In the generic technology connector context, the term metadata detection refers to the process in which sample user data is read from the target system and the corresponding metadata (identity field names) is displayed on the Step 3: Modify Connector Configuration page.
Oracle Identity Manager performs the following steps while attempting to detect metadata:
-
The reconciliation transport provider and reconciliation format provider try to fetch and parse metadata from the target system.
Together, the shared drive reconciliation transport provider and CSV reconciliation format provider can detect metadata from the target system. If you want custom providers to perform the same function, you must ensure that:
-
The Java code for the reconciliation transport provider contains an implementation of the
getMetadata()
method of theReconTransportProvider
interface. -
The Java code for the reconciliation format provider contains an implementation of the
parseMetadata()
method of theReconFormatProvider
interface.
If these providers successfully fetch and parse metadata from the target system, Oracle Identity Manager uses information returned by them to display metadata and the following step is not performed.
-
-
If the reconciliation transport provider and reconciliation format provider cannot fetch and parse metadata from the target system, the provisioning transport provider and provisioning format provider try to perform this function.
The Web Services provisioning transport provider and SPML provisioning format provider cannot detect metadata from the target system. If you want custom providers to be able to detect metadata, you must ensure that:
-
The Java code for the provisioning transport provider contains an implementation of the
defineMetadata()
method of theProvisioningTransportProvider
interface. -
The Java code for the provisioning format provider contains an implementation of the
parseMetadata()
method of theProvisioningFormatProvider
interface.
If the provisioning transport provider and provisioning format provider successfully fetch and parse metadata from the target system, Oracle Identity Manager uses information returned by these providers to display metadata. If these providers are not successful, only the default fields defined for any of the provisioning-specific providers that you select are displayed. For example, the
ID
field of the OIM - Account data set and theobjectClass
andcontainerID
fields of the provisioning staging data set are displayed by default. These data sets and fields are discussed later in this guide. -
Figure 8-1 shows the Step 3: Modify Connector Configuration page for the sample entries listed at the end of the "Step 1: Provide Basic Information Page" and "Step 2: Specify Parameter Values Page" sections.
Figure 8-1 Step 3: Modify Connector Configuration Page
Description of "Figure 8-1 Step 3: Modify Connector Configuration Page"
8.2.3.2 Data Set for Generic Technology Connectors
The data sets displayed on the Step 3: Modify Connector Configuration page are categorized as follows:
-
Source
The Source data sets are displayed only if you select the Reconciliation option on the first page, regardless of whether or not you select the Provisioning option.
-
Reconciliation Staging
The reconciliation staging data sets are displayed only if you select the Reconciliation option on the Step 1: Provide Basic Information page, regardless of whether or not you select the Provisioning option.
-
Oracle Identity Manager
The Oracle Identity Manager data sets are always displayed, regardless of the options you select on the Step 1: Provide Basic Information page. However, the OIM - Account data set and its child data sets are not displayed if you select the Trusted Source Reconciliation option on the Step 1: Provide Basic Information page. To overcome this issue, you must perform the following steps:
-
Open the generic technology connector and navigate to Jgraph screen.
-
In the Reconciliation Staging of the Jgraph screen, modify the field data type to Date for all the fields which holds date value.
-
Save the connector.
The fields displayed in the OIM - User data set are predefined for the Oracle Identity Manager User. You can show or minimize the full list of OIM - User data set fields by clicking the arrow icon at the top of the data set. The following fields are displayed in the minimized state of the data set:
-
User ID
-
Email
-
Password
-
First Name
-
Last Name
Note:
If you select the Trusted Source Reconciliation option on the Step 1: Provide Basic Information Page, all the fields of the OIM - User data set are displayed and you cannot use the arrow icon to minimize the display.
These fields constitute the minimum set of Oracle Identity Manager User fields for which values must be defined. You can designate some or all of the remaining OIM - User data set fields as mandatory Oracle Identity Manager User fields for your Oracle Identity Manager installation. You do this by ensuring that these fields always hold values when the Oracle Identity Manager User is created.
Note:
Data set and field names that take up more than a certain amount of space are truncated and dots are displayed after the truncated part of the names. For example, the Deprovisioning Date field of the OIM - User data set is displayed as follows:
Deprovisioning Da..
To view the full name of a field, you can click the edit icon for that field or the field to which that field is mapped. In the pop-up window, the field name that you want to view is on either the first page or the second page, depending on the data set to which the field belongs.
You can add user-defined fields (UDFs) to the list of predefined Oracle Identity Manager User fields by using the Design Console. These UDFs are displayed in the OIM - User data set on the Step 3: Modify Connector Configuration page.
Depending on the options that you select on the Step 1: Provide Basic Information page, some fields are displayed by default on the Step 3: Modify Connector Configuration page:
-
ID
fieldThe
ID
field is displayed by default in the OIM - Account data set, regardless of whether or not you select the Reconciliation option or Provisioning option on the Step 1: Provide Basic Information page. When an account is created, this field is used to store the value that uniquely identifies the account in Oracle Identity Manager and in the target system. For a particular user, this unique field is used to direct other operations, such as modify, delete, enable, disable, and child data operations.Every target system would have a unique field for tracking the creation of and updates made to a user account. While creating a custom provisioning transport provider, you must ensure that the provider retrieves this unique field value from the target system at the end of a Create User operation. This value must be used to populate the
ID
field of the OIM - Account data set.During reconciliation, the value of the
ID
field must come from the corresponding unique field of the reconciliation staging data set. To set this up, you must create a mapping between the two fields. The procedure to create a mapping is discussed later in this section.Caution:
If you select both the Provisioning and Reconciliation options while creating a generic technology connector and if you do not create a mapping between the ID field and the unique field of the target system, records that are linked through reconciliation cannot be used for provisioning operations (such as modify, delete, enable, disable, and child data operations). This is because the ID field is not populated in the linked records.
-
objectClass
fieldThe
objectClass
field is displayed by default in the OIM - Account data set and provisioning staging data set only if you select the SPML provisioning format provider on the Step 1: Provide Basic Information page. -
containerID
fieldThe
containerID
field is displayed by default in the OIM - Account data set and provisioning staging data set only if you select the SPML provisioning format provider on the Step 1: Provide Basic Information page.
-
-
Provisioning Staging
The provisioning staging data sets are displayed only if you select the Provisioning option on the first page, regardless of whether or not you select the Reconciliation option.
The display of data sets on the Step 3: Modify Connector Configuration page depends on the input that you provide on the Step 1: Provide Basic Information page and Step 2: Specify Parameter Values page. The display of fields within the data sets depends on whether or not metadata detection has taken place.
Note:
Metadata detection does not take place if any of the following conditions are true:
-
Sample target system data (including metadata) is not available.
-
The Transport and format providers that you select are not capable of detecting metadata from sample target system data.
This is illustrated by the following example:
Suppose you select only the Reconciliation option on the Step 1: Provide Basic Information page. In addition, metadata detection has not taken place. Under these conditions, the display of data sets and fields on the Step 3: Modify Connector Configuration page can be summarized as follows:
The following data sets are displayed:
-
Source
-
Reconciliation Staging
-
Oracle Identity Manager
The fields that constitute the data sets are not displayed.
In addition, if you had selected the Trusted Source Reconciliation option on the Step 1: Provide Basic Information page, the OIM - Account data set and its child data sets are not displayed.
In Table 8-3, Scenario 1 shows the outcome of this set of input conditions. The rest of the scenarios in this table describe the display of data sets and fields under the combination of input conditions listed in the first row and first column of the table.
Table 8-3 Display of Data Sets and Fields Under Various Input Conditions
Metadata Detection | Only Reconciliation Option Selected | Both Reconciliation and Provisioning Options Selected | Only Provisioning Option Selected |
---|---|---|---|
Metadata detection has not taken place |
Scenario 1 The following data sets are displayed:
The fields that constitute the data sets are not displayed. If you select the Trusted Source Reconciliation option on the Step 1: Provide Basic Information page, the OIM - Account data set and its child data sets are not displayed. |
Scenario 2 The following data sets are displayed:
The fields that constitute the data sets are not displayed. |
Scenario 3 The following data sets are displayed:
The fields that constitute the data sets are not displayed. |
Metadata detection has taken place |
Scenario 4 The following data sets are displayed:
The fields that constitute the data sets are displayed. If you select the Trusted Source Reconciliation option on the Step 1: Provide Basic Information page, the OIM - Account data set and its child data sets are not displayed. |
Scenario 5 The following data sets are displayed:
The fields that constitute the data sets are displayed. |
Scenario 6 The following data sets are displayed:
The fields that constitute the data sets are displayed. |
8.2.3.3 Mapping Parameters for Data Sets
Each flow line displayed on the Step 3: Modify Connector Configuration page represents a mapping (link) between two fields of different data sets. A mapping serves one of the following purposes:
-
Establishes a data flow path between fields of two data sets, for either provisioning or reconciliation
A mapping of this type forms the basis for validations or transformations to be performed on data.
-
Creates a basis for comparing (matching) field values of two data sets
The following are examples of matching-only mappings:
-
Mappings created between fields of the reconciliation staging data set and the OIM - User data set form the basis of a reconciliation rule.
-
A mapping between the unique field of the reconciliation staging data set and the
ID
field of the OIM - Account data set helps identify the key field for reconciliation matching. Along with the ID field, other fields of the OIM - Account data set can be (matching-only) mapped to corresponding fields of the reconciliation staging data set to create a composite key field for reconciliation matching.
-
8.2.3.4 About Adding or Editing Fields in Data Sets
Identity fields detected through metadata detection are displayed on the Step 3: Modify Connector Configuration page. You can modify these fields and the mappings between them. If required, you can also add new fields on this page and create mappings between them.
The following is a summary of the actions that you can perform while adding or editing fields on the Step 3: Modify Connector Configuration page:
Note:
These actions are described in detail in the procedure that follows this list. The procedure also describes the conditions that must be fulfilled before you can perform some of these actions.
-
Default attributes (such as the data type and length) are assigned to the fields displayed through metadata detection. You must edit these fields to set the required attributes for them.
Note:
Oracle Identity Manager can recognize date values fetched during reconciliation only if you set the Date data type for fields of the reconciliation staging data sets. In addition, if you have specified a value for the Source Date Format parameter on the Step 2: Specify Parameter Values page, you must map date fields of the Source data sets to the corresponding date fields of the reconciliation staging data sets.
-
You can create transformation mappings between fields by using a transformation provider. While performing this action, you can use the predefined concatenation transformation provider or translation transformation provider, or a custom transformation provider that you have created.
-
You can create matching-only mappings between fields of the reconciliation staging data set and Oracle Identity Manager data sets. Matching-only mappings that you create between the reconciliation staging data set and the OIM - User data set forms the reconciliation rule. Matching-only mappings that you create between the reconciliation staging data set and the OIM - Account data set identifies the key field for reconciliation matching.
-
You can add a child data set to an existing data set.
-
You can encrypt the value of a field, both in the process form and in the database.
-
You can designate a field as a lookup field and select an input source for the field. The input source can be a lookup definition or a combination of columns from Oracle Identity Manager database tables.
-
You can configure user account status reconciliation.
If you want to configure user account status reconciliation, refer to the "Configuring Account Status Reconciliation" section.
8.2.3.5 Adding or Editing Fields in Data Sets
To add or edit a field in a data set:
Note:
The display of the GUI elements and pages described in the following steps depends on the data set in which you are adding or editing a field. For example, the Required and Encrypted check boxes are not displayed if you are adding or editing a field in a Source data set.
-
Depending on whether you want to add or edit a field, click the Add icon for the data set or the edit icon for the field.
-
On the Step 1: Field Information page, specify values for the following GUI elements:
-
Field Name: If you are adding a field, specify a name for the field. The field name that you specify must contain only ASCII characters, because non-ASCII characters are not allowed.
-
Mapping Action: Select the type of mapping that you want to create with this field as the destination field of the mapping. You can select one of the following mapping actions:
-
Select Create Mapping Without Transformation if you only want to create a one-to-one mapping between a source (input) field and the field that you are adding or editing, and you do not want to use a transformation provider.
-
Select the Remove Mapping option if you are editing the field and you want to remove the mapping for which this field is the destination field. The procedure to remove a mapping is covered in detail in the Removing Mapping Between Fields section.
-
The transformation mapping options displayed in the Mapping Action list are based on the predefined transformation providers and the custom transformation providers that you create. The following menu options correspond to the predefined transformation providers:
* Create Mapping With Concatenation
* Create Mapping With Translation
Apply the following guidelines while selecting a transformation mapping:
-
You can create transformation mappings only between fields of the following data sets:
- Source and Reconciliation Staging
- Oracle Identity Manager and Provisioning Staging
This means that, for example, you cannot create transformation mappings between a field in a reconciliation staging data set and a field in an Oracle Identity Manager data set.
You cannot create a 1-to-2 mapping with the following source and destination fields:
Source field: Unique field of the reconciliation staging data
Destination fields:
User ID
field of the OIM - User data set andID
field of the OIM - Account data setThis mapping is not supported. Instead, you must create a one-to-one mapping between the unique field of the reconciliation staging data and either the
User ID
field (of the OIM - User data set) or theID
field (of the OIM - Account data set). -
Ensure that all the fields of provisioning staging data sets are mapped to corresponding fields of OIM - User and OIM - Account data sets.
-
When you create a mapping that has any field of the OIM - User data set as the source or destination field, the display of the OIM - User data set fields list is frozen in the position it was in (expanded or minimized) when the mapping was created. To unfreeze the display of the OIM - User data set so that you are able to use the arrow icon, you must remove all mappings that have any OIM - User data set field as the source or destination field.
-
A literal field can be used as one of the input fields of a transformation field. If you select the Literal option, you must enter a value in the field. You must not leave the field blank after selecting it.
-
-
Matching Only: Select this check box if the field is to be used as the destination field of a matching-only mapping. As mentioned earlier in this document, you can create the following types of matching-only mappings:
Note:
You must create matching-only mappings for both parent and child data sets.
-
To create the reconciliation rule, you create matching-only mappings between fields of the reconciliation staging data set and the OIM - User data set. Each mapping represents a reconciliation rule element. If there are child data sets, you must ensure that the names of fields of the reconciliation staging data set that are input fields for the matching-only mappings are not used in any of the reconciliation staging child data sets.
-
To specify the key field for reconciliation matching, you create a matching-only mapping between the unique field of the reconciliation staging data set and the ID field of the OIM - Account data set. Along with the ID field, other fields of the OIM - Account data set can be (matching-only) mapped to corresponding fields of the reconciliation staging data set to create a composite key field for reconciliation matching.
Caution:
If the name of a reconciliation staging field used in a matching-only mapping were to be reused as the name of a field in a reconciliation staging child data set, matching would not take place during a reconciliation run.
This known issue is explained in the Modify Connector Config Page section.
-
-
Create End-to-End Mapping: If you are adding a field, select this check box if you want the same field to be added in all the data sets that are displayed to the right of the data set in which you are adding the field.
-
Multi-Valued Field: Select this check box if you want to add a child data set. If you select this check box, the name that you specify in the Field Name field is used as the name of the child data set.
Note:
If you select the Trusted Source Reconciliation check box on the Step 1: Provide Basic Information page, this check box (in selected or deselected state) is ignored. This is because the reconciliation of multivalued (child) data is not supported in trusted source reconciliation.
-
Data Type: Select the data type of the field.
After metadata detection, the String data type is applied by default to all the fields of the reconciliation staging and OIM - Account data sets. Where required, you must use the Data Type list to specify the actual data type of each field.
-
Length: Specify the character length of the field.
-
Required: Select this check box if you want to ensure that the field always contains a value.
-
Encrypted: Select this check box if the value of the field must be stored in encrypted form in the Oracle Identity Manager database.
-
Password Field: Select this check box if the value of the field must be encrypted on the process form. Values of fields for which this check box is selected are displayed as asterisks (*) on the process forms.
Note:
If you select the Encrypted and Password Field check boxes, see "Password-Like Fields" in Developing and Customizing Applications for Oracle Identity Governance for information about guidelines that you must follow.
-
Lookup Field: Select this check box if you want to make the field a lookup field.
-
-
Click Continue.
-
If you select the Lookup Field check box on the Step 1: Field Information page, the Step 2: Lookup Properties page is displayed. On this page, you can select and specify values for any combination of the lookup properties described in Table 8-4.
Table 8-4 Lookup Properties
Lookup Property Value Column Names
In the Property Value field, enter the name of the database column containing the values that must be displayed in the lookup window. If required, you can enter multiple database column names separated by commas.
Note: If you select the Lookup Column Name property, you must also select the Column Names property, which is described later in this table.
After you enter a value in the Property Value field, click Submit.
The following SQL query can be used to illustrate how the Column Names and Lookup Column Name properties are used:
SELECT USR_FIRST_NAME, USR_LOGIN, USR_LAST_NAME FROM USR
Suppose you set the following as the values of the two properties:
- Column Names:
USR_FIRST_NAME, USR_LAST_NAME
- Lookup Column Name:
USR_LOGIN
When the user selects a particular
USR_FIRST_NAME, USR_LAST_NAME
combination from the lookup window, the correspondingUSR_LOGIN
value is stored in the database.Column Captions
In the Property Value field, enter the name of the column heading that must be displayed in the lookup window. If multiple columns are going to be displayed in the lookup window, enter multiple column captions separated by commas, for example, Organization Name, Organization Status.
After you enter a value in the Property Value field, click Submit.
Column Widths
In the Property Value field, enter the character width of the column that must be displayed in the lookup window. This must be the same as the maximum length of the underlying field or column from which data values are drawn to populate the lookup field.
If the lookup window is going to display multiple columns, enter multiple column widths separated by commas.
After you enter a value in the Property Value field, click Submit.
Lookup Query
To specify a value for the Lookup Query property:
-
In the Property Value field, enter the SQL query (without the
WHERE
clause) that must be run when a user double-clicks the lookup field to populate the data columns displayed in the lookup window. -
Click Submit.
-
On the Step 2: Add Validation page, select values from the following lists to create a
WHERE
clause for theSELECT
statement that you specify in Step 1:- Filter Column
- Source
- Field Name
From the values that you select, the
WHERE
clause is created as follows:WHERE Filter_Column=Source.Field_Name
-
Click Save.
To correctly display the data returned from a query, you must add a
lookupfield.header
property to thexlWebAdmin_
locale
.properties
file.For example, consider the following SQL query:
SELECT usr_status FROM usr
To view the data returned from the query, you must add the following entry to the
xlWebAdmin_
locale
.properties
files:lookupfield.header.users.status=User Status
If the
xlWebAdmin_locale.properties
file does not contain alookupfield.header
property for your specified query, the Identity System Administration displays a lookup window after you click the corresponding lookup icon.The syntax for a
lookupfield.header
property is as follows:lookupfield.header.column_code=display value
The
column_code
portion of the entry must be lowercase and any spaces must be replaced by underscore characters (_).By default, the following entries for lookup field column headers are already available in the
xlWebAdmin_locale.properties
file:lookupfield.header.lookup_definition.lookup_code_information .code_key=Value lookupfield.header.lookup_definition.lookup_code_information .decode=Description lookupfield.header.users.manager_login=User ID lookupfield.header.organizations.organization_name=Name lookupfield.header.it_resources.key=Key lookupfield.header.it_resources.name=Instance Name lookupfield.header.users.user_id=User ID lookupfield.header.users.last_name=Last Name lookupfield.header.users.first_name=First Name lookupfield.header.groups.group_name=Group Name lookupfield.header.objects.name=Resource Name lookupfield.header.access_policies.name=Access Policy Name
Lookup Code
In the Property Value field, enter the lookup definition code name. This code must generate all information pertaining to the lookup field, including lookup values and the text that is displayed with the lookup field when a lookup value is selected. The classification type of the lookup definition code must be of Lookup Type (that is, the Lookup Type option on the Lookup Definition form must be selected).
To enter a lookup code, open the Lookup Definition form, query for the required code, and copy the code into the Property Value field.
After you enter a value in the Property Value field, click Submit.
Note:
The Lookup Code property can be used to replace the combination of the Column Captions, Column Names, Column Widths, Lookup Column Name, and Lookup Query properties. In addition, the information contained in the Lookup Code property supersedes any values set in these five lookup properties.
If you want to implement lookup fields reconciliation, create a scheduled task that populates the lookup code.
Lookup Column Name
In the Property Value field, enter the name of the database column containing the value that must be stored corresponding to the Column Names value selected by the user in the lookup window. If required, you can enter multiple database column names separated by commas.
Note: If you select the Column Names property, you must also select the Lookup Column Name property. See the "Lookup Column Name" row in this table for more information about how these two properties are used.
After you enter a value in the Property Value field, click Submit.
Auto Complete
If you enter
True
in the Property Value field, users can filter the values displayed in the lookup window by entering the first few characters of the value they want to select and double-clicking the lookup field. The outcome of this action is that only lookup values that begin with the characters entered by the users are displayed in the lookup window. For example, for the State lookup field, a user can enterNew
in the field. When the user double-clicks the State lookup field, only states that begin withNew
(for example, New Hampshire, New Jersey, New Mexico, and New York) are displayed in the lookup window.If you do not want to let users filter the display of values in the lookup field, enter
False
in the Property Value field.The default value of the Auto Complete property is
False.
After you enter a value in the Property Value field, click Submit.
If you want to edit the value of a property that is displayed in the table on the Step 2: Lookup Properties page, select the edit option for that property and click Edit. If you want to remove a property that is displayed in the table, select the delete option for that property and click Delete.
After you specify properties for the lookup field, click Continue.
-
-
If you select a transformation option from the Mapping Action list on the Step 1: Field Information page, the Step 3: Mapping page is displayed. Use this page to define the transformation function that you want to perform on the input data to the field that you are adding. The steps to be performed depend on the transformation provider option (concatenation, translation, or custom transformation provider) that you select on the previous page:
If you select a predefined transformation provider (transformation, concatenation or translation), see Transformation Providers for detailed information about the procedure to specify parameter values for the predefined transformation provider. That section also provides detailed information about configuring user account status reconciliation.
You must use the translation transformation provider if you want to configure the reconciliation of user account status information. This procedure is described in "Translation Transformation Provider" in Developing and Customizing Applications for Oracle Identity Governance.
After you specify values for the transformation provider, click Continue.
-
If required, select a validation check for the field and click Add. In other words, select the validation provider that you want to use.
The validation options displayed in this list are based on the predefined validation Providers and any custom validation Providers that you create.
-
Click Continue, and click Close.
-
If you do not want to perform any other action on the Step 3: Modify Connector Configuration page, click the Close button that is displayed at the top of the page. You must perform the previous step before you click this Close button.
8.2.3.6 Removing Fields from Data Sets
To remove a field from a data set:
- Click the Delete icon for that field.
- If you do not want to perform any other action on the Step 3: Modify Connector Configuration page, click the Close button that is displayed at the top of the page.
8.2.3.8 Removing Child Data Sets
To remove a child data set:
- Click the Delete icon for the data set.
- If you do not want to perform any other action on the Step 3: Modify Connector Configuration page, click the Close button that is displayed at the top of the page.
Figure 8-2 shows the Step 3: Specify Connector Configuration page after the MyField
field was added to the OIM - Account and provisioning staging data sets.
Figure 8-2 Step 3: Modify Connector Configuration Page After Addition of a Field
Description of "Figure 8-2 Step 3: Modify Connector Configuration Page After Addition of a Field"
8.2.4 Verifying Connector Form Names
In the step 4 of the connector creation process, you specify names for the process form corresponding to the OIM account data sets and its child data sets.
Use this page to specify form names for the process forms corresponding to the OIM - Account data set and its child data sets.
Note:
If you select the Trusted Source Reconciliation option on the Step 1: Provide Basic Information page, the OIM - Account data set and its child data sets are not created. Therefore, this page is not displayed if you select the Trusted Source Reconciliation option.
The generic technology connector framework automatically creates certain objects after you submit all the information required to create a generic technology connector. Parent and child process forms corresponding to the OIM - Account data sets are examples of objects that are automatically created. Each process form on a particular Oracle Identity Manager installation must have a unique name.
On the Step 4: Verify Connector Form Names page, the generic technology connector framework displays default names for these process forms based on the names of the corresponding data sets. You must verify and, if required, change the names of these forms to ensure that they are unique for this installation of Oracle Identity Manager. While changing the name of a form, you must use only ASCII characters. An error message is displayed if you specify non-unique form names or if any name contains non-ASCII characters.
Note:
You cannot revisit this page, so ensure that the form names that you specify meet all the requirements before you click Continue.
After you specify the form names, click Continue.
Instead of clicking Continue, you can click Back to return to the Step 2: Specify Parameter Values page. However, metadata detection does not take place if you make changes on this page and click the Continue button. This is to ensure that any customization in the data set structure and mappings made during the first pass through this page does not get overwritten. You can manually add or edit fields and mappings on the Step 3: Modify Connector Configuration page.
8.2.5 Verifying Connector Information
In the last step of the connector creation process, you review the information furnished while creating the connectors. For verification, a page-wise explanation of the changes is provided.
Use this page to review information that you have provided up to this point for creating generic technology connectors. The following is a page-wise explanation of the changes that are permitted on the earlier pages:
-
Step 1: Provide Basic Information page
You can use either the View link or Back button to reopen and view the information provided on the Step 1: Provide Basic Information page. You cannot change the information displayed on this page, because any change in this information would amount to creating a new generic technology connector.
-
Step 2: Specify Parameter Values page
You can use either the Change link or Back button to reopen this page. You can change parameter values on this page. However, metadata detection does not take place when you submit the changed values. This is to ensure that any customization in the data set structure and mappings made during the first pass through this page does not get overwritten. You can manually add or edit fields and mappings on the Step 3: Modify Connector Configuration page.
-
Step 3: Modify Connector Configuration page
You can use the Change link to reopen this page and add or edit fields and mappings.
-
Step 4: Verify Connector Form Names page
You cannot revisit this page.
After you verify all the information displayed on the Step 5: Verify Connector Information page, click Create.
At this stage, the generic technology connector framework creates all the standard connector objects on the basis of the information that you provide. The list of these objects includes the connector XML file, which is created and imported automatically into Oracle Identity Manager. Except for the form names, the names of the connector objects are in the GTCname
_GTC
format.
For example, if you specify DB_conn
as the name of a generic technology connector that you create, all (except the forms) the connector objects are named DB_CONN_GTC
.
At the end of the process, a message stating that the connector has been successfully created is displayed on the page.
Note:
If the creation process fails, objects that are created are not automatically deleted.
8.3 Managing Generic Technology Connectors
The generic technology connector framework offers features that enable you to modify a generic connector. The connector management includes tasks, such as editing parameter values and exporting or import a generic connector by using the Deployment Manager.
This section contains these topics:
8.3.1 Modifying Generic Technology Connectors
You can edit or change parameter values that were used during the connector creation process. Use the Design Console to the change existing parameter values.
Caution:
The Design Console can be used to modify connector objects that are automatically created at the end of the generic technology connector creation process. If you use the Manage Generic Technology Connector feature to modify a generic technology connector whose connector objects have been customized by using the Design Console, all the customization work done using the Design Console would get overwritten. Therefore, Oracle recommends that you to follow one of the following guidelines:
-
Do not use the Design Console to modify generic technology connector objects.
The exception to this guideline is the IT resource. You can modify the parameters of the IT resource by using the Design Console. However, for the changes to take effect, you must purge the cache either before or after you modify IT resource parameters.
-
If you use the Design Console to modify generic technology connector objects, do not use the Manage Generic Technology Connector feature to modify the generic technology connector.
In addition, you can modify only one connector at a time. If you try to use the Modify pages for two different connectors at the same time on the same computer, the Modify features would not work correctly.
To modify a generic technology connector:
8.3.2 Exporting Generic Technology Connectors
You can export the XML file of a generic technology connector. This XML file contains definitions for all the objects that are part of the connector.
If you want to use the same generic technology connector on a new Oracle Identity Manager installation, you must first export the XML file and import it into the new Oracle Identity Manager installation.
To export the connector XML file:
- In the Oracle Identity Manager Advanced Administration, under System Management, click Export Deployment Manager File.
- On the first page of the Deployment Manager Wizard, select Generic Connector from the list and click Search.
- In the search results, select the generic technology connector whose XML file you want to export.
- Click Select Children.
- For the selected generic technology connector, select the child entities that you want to export and click Select Dependencies.
- Select the dependencies that you want to export, and click Confirmation.
- After you verify that the elements displayed on the page cover your export requirements, click Add for Export.
- Click Exit wizard and show full selection, and click OK.
8.3.3 Importing Generic Technology Connectors
You can import a stored XML file that contains object definitions. The process of exporting and importing XML files help in reusing an existing objects that are part of the connector.
To copy a generic technology connector to a different Oracle Identity Manager installation:
- If the connector uses custom providers, you must copy the files created during provider creation to the appropriate directories on the destination Oracle Identity Manager installation.
- Export the connector XML file on the source Oracle Identity Manager installation.
- Import the connector XML file on the destination Oracle Identity Manager installation.
Caution:
You must ensure that the names you select for a generic technology connector and its constituent objects on a staging server do not cause naming conflicts with existing connectors and objects on the production server.
The following scenario explains why you must follow this guideline:
Suppose you create a generic technology connector on a staging server, and want to import the connector to a production server. While creating the generic technology connector on the staging server, you would have ensured that the names of the generic technology connector and the connector objects are unique on that server. At the same time, you must also ensure that the names are not the same as the names of connectors and connector objects on the production server.
If any of the names happen to be the same, the old objects would be overwritten by the new objects when you import the connector XML file from the staging server to the production server. No message is displayed during the overwrite process, and the process would lead to eventual failure of the affected connectors.
To ensure that you are able to revert to a working state in the event that an object is overwritten, you must create a backup of the destination Oracle Identity Manager database before you import a connector XML file.
8.3.4 Importing Connector XML File
Import the connector XML file by checking its contents and removing redundant entities.
To import the connector XML file:
After you import the connector XML file, you must update the run-time parameters of the generic technology connector.
Note:
These values are not copied in the connector XML file when you export it.
To update the values of the run-time parameters, follow the procedure described in Modifying Generic Technology Connectors.