7 Oracle Identity Management Integration

Notes for this release include information about supported integrations.

Features Supported in Release

Oracle Identity Management supports the following integration in this release:

  • Oracle Access Management 12c and Oracle Identity Governance 12c using LDAP Connectors

  • Oracle Access Management 12c and Oracle Adaptive Access Manager 11g R2PS3

Features Not Supported in Release

Oracle Identity Management doesn’t support the following integrations features in this release:
  • For all directory types (OUD, OID, and AD) the following reconciliations are not supported:

    • User delete full and incremental reconciliation.

    • Reconciliation of deleted roles that have user members or child roles.

  • For Active Directory type, Role hierarchy full and incremental reconciliation is not supported.

  • If LDAP directory is used as a target in customer's setup, you cannot use it for OAM-OIG integration. It is not supported out-of-box and must be handled as one-off.

This chapter contains the following topic:

7.1 Oracle Identity Management Integration Issues and Workarounds

Use OIG as a primary source for managing Users and Roles.

Perform deletion of users, or role related changes such as memberships and hierarchy in OIG and not directly against the directory.

The following are the known limitations for the OIG-OAM integration:

  • If you are cloning the SSOTrusted-for-SSOTarget application to reconcile against another LDAP target (not the LDAP used for SSO integration) for trusted reconcile with OIG, make sure that the name of the cloned application does not contain the following keywords:
    • SSOTrusted
    • OID Trusted App
    • AD Authoritative

    If these keywords are used in the cloned application name, the trusted reconcile will reconcile the users to OIG, but will not synchronize those users to SSO LDAP.

  • For all directory types, the version number in the LDAP connector templates must match the version number of the downloaded connector bundle. It requires directly editing the template XML files. For example, If OUD is your directory type, update the XMLs under $ORACLE_HOME/idm/server/ssointg/connector/oud/ directly to change the connector version from to

  • Group names must be unique in target LDAP for SSO-integrated setup.

  • Orchestration-Provisioning Compensation will not be performed by any of the LDAP account, role, user membership, and role hierarchy post process handlers.

Account Self-Locking Issues

In an Oracle Identity Governance-Oracle Access Manager Integration environment, connection sockets in IDS pool times out and does not reset as expected. Oracle Access Manager does not lock User after five invalid login attempts. Apply the libOVD patch as follows:

Before applying the patches to Oracle software in your Oracle Fusion Middleware environment, ensure that you have and unzipped it.

  1. Download the latest libOVD patch, p26401006_122130_Generic.zip and unzip it to the desired location.

  2. Set the environmental variables.

    export ORALCE_HOME=/scratch/work/access
  3. Stop the OAM domain.

  4. Apply libOVD patch through opatch apply command.

  5. Restart the OAM domain.

See Patching Your Environment Using OPatch in Oracle Fusion Middleware Patching with OPatch.