OIM Account Restore User Status From Deleted to Active

Restoring the Deleted Account in OIM

When you delete the user from the Oracle Identity Manager System, the user will not been removed physically from the system and also it changes the status from Active to Deleted. It also revoke the resources from the target system for the deleted user.

I need to reactivate the deleted user from the Oracle Identity Manager as follows:

1. Login to the OIM data base user into the data base and update the user status from Deleted to Active.

2. Execute the following sql to update the user status

UPDATE USR SET USR_STATUS = 'Active' WHERE usr_login='login id'

replace login id with your login id.

3. Login to the OIM Admin Console and verify the user status is changed  from Deleted to Active.

4. Re-Provision the users.

Building the OIM metadata for data base Incremental reconciliation icf connector

Pre-Requisite

Build the OIM Metadata for Reconciliation

Incremental Target Reconciliation can be build in OIM using the SearchReconTask and also SyncReconTask. To build the incremental reconciliation, the following components needs to be modified and Developed:

Incremental Reconciliation for Database ICF SearchReconTask

1. Lookup.dbicf.Configuration

Add the Recon Date Format as a lookup code and decode should be valid java date format. For example 

Recon Date Format

- yyyy/MM/dd HH:mm:ss

2. DataBaseIdentityFilter Class

Override the createGreaterThanExpression and createAndExpression methods to implement the Incremental Reconciliation.

@Override

protected String createGreaterThanExpression(

GreaterThanFilter filter, boolean not) {

String operation="createGreaterThanOrEqualExpression - ";

logger.ok(operation + " Started");

         String query= null;

         if(not)

         {

                 return query;

         }

         Attribute attr= filter.getAttribute();

         if(attr==null || attr.getValue()==null || (attr.getValue()!=null && attr.getValue().isEmpty()))

         {

                 return query;

         }

         

         String name=filter.getName();

         Object val=attr.getValue().get(0);

         if(DataBaseIdentityUtil.isEmpty(val))

         {

                 throw new ConnectorException("The filter value can not be empty");

         }

         String strValue=DataBaseIdentityUtil.getString(val);

         

         if(name.equalsIgnoreCase("updateDate"))

         {

        query="T."+name + " > FUNC('TO_DATE','"+DataBaseIdentityUtil.convertDateToString(new Date(new Long(strValue).longValue()))+"','"+DataBaseIdentityConstants.DB_DATE_FORMAT+"')";

         }

         else

         {

        query="T."+name + " > '"+strValue+"'";

         }

     

         logger.ok(operation + " Final Filter "+query);

         logger.ok(operation + " Ended ");

         return query;

}

 

@Override

protected String createAndExpression(String leftExpression,

String rightExpression) {

return leftExpression + " AND "+ rightExpression;

}

 

3. Schedule Task Reconciliation Metadata

Add the Scheduled Task Name parameter name in the Schedule Task Reconciliation Metadata file. After Adding the parameter to the file as follows:

<?xml version = '1.0' encoding = 'UTF-8'?>

<xl-ddm-data version="2.0.1.0" user="XELSYSADM" database="jdbc:oracle:thin:@localhost:5524/estView.regress.rdbms.dev.us.oracle.com" exported-date="1307546406635" description="FF">

<scheduledTask repo-type="MDS" name="DataBaseICFConnectorReconciliation" mds-path="/db" mds-file="DataBaseICFConnectorReconciliation.xml">

    <completeXml>

        <scheduledTasks xmlns="http://xmlns.oracle.com/oim/scheduler">

            <task>

            <name>DataBaseICFConnectorReconciliation</name>

            <class>oracle.iam.connectors.icfcommon.recon.SearchReconTask</class>

            <description>DataBaseICFConnectorReconciliation</description>

            <retry>0</retry>

            <parameters>

              <string-param required="false" encrypted="false" helpText="Filter">Filter</string-param>

              <string-param required="false" encrypted="false" helpText="Incremental Recon Date Attribute">Incremental Recon Date Attribute</string-param>

              <string-param required="false" encrypted="false" helpText="IT Resource Name">IT Resource Name</string-param>

              <string-param required="false" encrypted="false" helpText="Object Type">Object Type</string-param>

              <string-param required="false" encrypted="false" helpText="Latest Token">Latest Token</string-param>

              <string-param required="false" encrypted="false" helpText="Resource Object Name">Resource Object Name</string-param>

              <string-param required="false" encrypted="false" helpText="Scheduled Task Name">Scheduled Task Name</string-param>

           </parameters>

          </task>

        </scheduledTasks>

    </completeXml>

</scheduledTask>

</xl-ddm-data>

The newly added parameter is highlighted as a bold  font.

4. Import Schedule Task Reconciliation Metadata

Re-import the Schedule Task Reconciliation Metadata into the oim repository as follows:

Login to the OIM Console  --> Advance --> Import Deployment Manager File --> Select the Scheduler Task File  --> Add File --> Import. It will import the XMl File into the OIM Repository.

5. DataBaseIdentityConnector Class

Include the Incremental Recon Date Attribute parameter as a Long value in the ConnectorObject attributes in the executeQuery method. The sample code is given below.

public void executeQuery(ObjectClass objectClass, String filter,

ResultsHandler handler, OperationOptions operations) {

logger.ok("executeQuery Started");

logger.ok("executeQuery filter "+filter);

List<String> returnAttrs= new ArrayList<String>();

if(operations != null)

{

for (String attr: operations.getAttributesToGet())

{

logger.ok("executeQuery Attributes "+attr);

returnAttrs.add(attr);

}

}

List<UserProfile> profiles=userProfileDao.findByUsersCriteria(filter);

logger.ok("executeQuery Result "+profiles);

if(profiles != null && !profiles.isEmpty())

{

for (UserProfile userProfile : profiles) 

{

ConnectorObject conobj=DataBaseIdentityUtil.convertMapToConnectorObject(userProfile);

if(returnAttrs.contains(DataBaseIdentityConstants.LAST_UPDATE))

{

conobj=DataBaseIdentityUtil.convertMapToConnectorObject(userProfile,DataBaseIdentityConstants.LAST_UPDATE);

}

else if(returnAttrs.contains(DataBaseIdentityConstants.CREATE_DATE))

{

conobj=DataBaseIdentityUtil.convertMapToConnectorObject(userProfile,DataBaseIdentityConstants.CREATE_DATE);

}

else

{

conobj=DataBaseIdentityUtil.convertMapToConnectorObject(userProfile);

}

logger.ok("executeQuery Attributes Objects  "+conobj.getAttributes());

handler.handle(conobj);

logger.ok("executeQuery Attributes Objects  After "+conobj.getAttributes());

}

}

logger.ok("executeQuery Ended");

}

DataBaseIdentityUtil class

public static ConnectorObject convertMapToConnectorObject(UserProfile userProfile,String updateFieldName)

    {

            ConnectorObjectBuilder userObjBuilder = new ConnectorObjectBuilder();

            String status=userProfile.getStatus();

            if(!isEmpty(status) && status.equalsIgnoreCase(DataBaseIdentityConstants.STATUS_ENABLED))

            {

            userObjBuilder.addAttribute(DataBaseIdentityConstants.STATUS,DataBaseIdentityConstants.STATUS_ENABLED);

             

            }

            else

            {

            userObjBuilder.addAttribute(DataBaseIdentityConstants.STATUS,DataBaseIdentityConstants.STATUS_DISABLED );              

            }

            

            userObjBuilder.addAttribute(DataBaseIdentityConstants.FIRST_NAME,userProfile.getFirstName());

            userObjBuilder.addAttribute(DataBaseIdentityConstants.LAST_NAME,userProfile.getLastName());

            userObjBuilder.addAttribute(DataBaseIdentityConstants.MIDDLE_NAME,userProfile.getMiddleName());

            userObjBuilder.addAttribute(DataBaseIdentityConstants.USER_LOGIN,userProfile.getUserLogin());

            userObjBuilder.setUid(Long.toString(userProfile.getId()));

            userObjBuilder.setName(Long.toString(userProfile.getId()));

            

            if(updateFieldName != null)

            {

        if(updateFieldName.equalsIgnoreCase("updateDate"))

        {

        if(userProfile.getUpdateDate() != null)

        {

        userObjBuilder.addAttribute(updateFieldName,userProfile.getUpdateDate().getTime());

        }

        }

        if (updateFieldName.equalsIgnoreCase("createDate"))

        {

        if(userProfile.getCreateDate() != null)

        {

        userObjBuilder.addAttribute(updateFieldName,userProfile.getCreateDate().getTime());

        }

        }

            }

            logger.ok("Final Object Data "+userObjBuilder.toString());

            ConnectorObject conobj=userObjBuilder.build();

            logger.ok("Final Object Data "+conobj.getAttributes());

            return conobj;

    }

6. Re-Deploy the ICF Jar

Build the Jar File

Execute the following command to build and generate the dbconnector-demo-1.0.jar.

gradle build

Deploy the Jar File

1. Login to the OIM Server.

2. Go to the DOMAIN_HOME/bin directory and execute source ./setDomainEnv.sh file. After executing the file , it will set the classpath.

3. Go to the OIM_HOME/server/bin directory an execute the 

UploadJars.sh [-username <username>] [-password <password>] [-serverURL <t3://oimhostname:oimportno>] [-ctxFactory <weblogic.jndi.WLInitialContextFactory>] [- [-ICFBundle <Location of the ICF Bundle Jar>]

It will deploy the ICFBundle into the OIM repository.

7. Restart the OIM Server

Login to the OIM Server and go to the $DOMAIN_HOME/bin directory and execute the following files:

./stopManagedWebLogic.sh oim_server1 t3://weblogicadminhost:port

./startManagedWebLogic.sh oim_server1 t3://weblogicadminhost:port

8. Re-Create the Schedule Task

Delete Schedule Task Name

Login to the OIM Admin Console --> Advanced -->  System Management  --> Search Schedule Jobs --> Enter Schedule task job name. After Searching the job name, Select the Job Name in the list and Click X Icon . It will delete the Schedule Task Name

Create the Schedule Task Name

Login to the OIM Admin Console --> Advanced -->  System Management  --> Actions --> Create -->  Select Task Name from the Task List, Enter Schedule Job Name, Select  No Predefined Schedule for testing, later we can configure periodic, Enter Incremental Recon Date Attribute, IT Resource Name, Object Type, Latest Token, Resource Object Name, and Scheduled Task Name. The Job Name and Scheduled Task Name should be same because it will update the Latest Token value based on the Scheduled Task Name value. The example configuration is given below.

If you specify the Filter and Incremental Recon Date Attribute in the configuration, It will search the user based on the filter and also incremental Recon Date Attribute. It will invoke the createGreathanExpression, createEqualExpression, and also createAndExpression.

Incremental SyncRecon Task

Incremental Reconciliation for Database ICF SynReconTask

Incremental Reconciliation for Database ICF SynReconTask

1. Creating the Scheduler Task Metadata

<?xml version = '1.0' encoding = 'UTF-8'?>

<xl-ddm-data version="2.0.1.0" user="XELSYSADM" database="jdbc:oracle:thin:@localhost:5524/estView.regress.rdbms.dev.us.oracle.com" exported-date="1307546406635" description="FF">

<scheduledTask repo-type="MDS" name="DataBaseICFConnectorSyncReconciliation" mds-path="/db" mds-file="DataBaseICFConnectorSyncReconciliation.xml">

    <completeXml>

        <scheduledTasks xmlns="http://xmlns.oracle.com/oim/scheduler">

            <task>

            <name>DataBaseICFConnectorSyncReconciliation</name>

            <class>oracle.iam.connectors.icfcommon.recon.SyncReconTask</class>

            <description>DataBaseICFConnectorSyncReconciliation</description>

            <retry>0</retry>

            <parameters>

              <string-param required="false" encrypted="false" helpText="IT Resource Name">IT Resource Name</string-param>

              <string-param required="false" encrypted="false" helpText="Object Type">Object Type</string-param>

              <string-param required="false" encrypted="false" helpText="Sync Token">Sync Token</string-param>

              <string-param required="false" encrypted="false" helpText="Resource Object Name">Resource Object Name</string-param>

      <string-param required="false" encrypted="false" helpText="Scheduled Task Name">Scheduled Task Name</string-param>

            </parameters>

          </task>

        </scheduledTasks>

    </completeXml>

</scheduledTask>

</xl-ddm-data>

2. Import Schedule Task Reconciliation Metadata

Import the Schedule Task Reconciliation Metadata into the oim repository as follows:

Login to the OIM Console  --> Advance --> Import Deployment Manager File --> Select the Scheduler Task File  --> Add File --> Import. It will import the XMl File into the OIM Repository.

3. Restart the OIM Server

Login to the OIM Server and go to the $DOMAIN_HOME/bin directory and execute the following files:

./stopManagedWebLogic.sh oim_server1 t3://weblogicadminhost:port

./startManagedWebLogic.sh oim_server1 t3://weblogicadminhost:port

4. Create the Schedule Task

Create the Schedule Task Name

Login to the OIM Admin Console --> Advanced -->  System Management  --> Actions --> Create -->  Select Task Name from the Task List, Enter Schedule Job Name, Select  No Predefined Schedule for testing, later we can configure periodic, Enter  IT Resource Name, Object Type, Resource Object Name, and Scheduled Task Name. The Job Name and Scheduled Task Name should be same because it will update the Sync Token value based on the Scheduled Task Name value. The example configuration is given below.

The Sync Token value updated after running the Schedule Task.

How to develop and deploy custom Identity connector framework (ICF) Connector in OIM

Developing the Custom Connector using the  Identity Connector Framework (ICF) classified as three parts. They are

1. Connector Development

It is a Java Connector Component and implementing the ICF interface to develop the Provisioning ,De-Provisioning, and Reconciliation.

2. Building the OIM metadata for User Provisioning

Building the OIM metadata for User Provisioning, Update User Attributes, Enable and Disable User, and De-Provisioning the user.

3. Building the OIM metada for Reconciliation

Building the metadata for target reconciliation.

Building the OIM metadata for data base reconciliation icf connector

The following components are required to build the ICF Connector Reconciliation (Target Reconciliation). They are

1. Reconciliation Lookup Configuration

2. Resource Object Reconciliation Fields

3. Resource Object Reconciliation Action Rules

4. Process Definition Reconciliation Field Mappings

5. Reconciliation Rules

6. Creating Reconciliation Profiles

7. Importing the Schedule Task Reconciliation Metadata to OIM Repository.

8. Create the OIM Schedule Job

9. Restart the OIM Server

10. Run the Reconciliation Schedule Task

1. Reconciliation Lookup Configuration

 The Lookup.dbcf.UM.ReconAttrMap component is required for mapping between the target resource and OIM ICF Connector Resource Object Reconciliation Fields.  The lookup code name is Resource Object Reconciliation Field Name  and Decode is Target Resource Schema.

1. Unique ID=__UID__

2. User Login=userLogin

3. First Name=firstName

4. Last Name=lastName

5. Middle Name=middleName
6. Status=status

2. Resource Object Reconciliation Fields

This component is required for creating the OIM ICF Connector Process Form field Label names and also data types for Mapping the Reconciliation. We also defining the IT Resource Object and also Object Status Mapping. They are

1. Unique ID = string

2. User Login = string

3. First Name = string

4. Last Name = string

5. Middle Name = string

6. Status = string

7. IT Resource Key = number

Reconciliation request , the OIM built the reconciliation object based on the target data and also it adds the Status and IT Resource Key in the Reconciliation Request.  The Status value should be Enabled  or Disabled for the target reconciliation mapping. If the value is other than these you need to write the User Transformation For Recon java code.

The following way to create the reconciliation fields:

Login to the Design Console --> Resource Management --> Object Reconciliation --> Reconciliation Fields -->  Add Field. It will display the following screen,

Enter the Field Name is Unique ID and Field Type is string. Click Save and Close button. It will create the reconciliation field mapping.

Repeat the steps to creating the reconciliation field mapping for remaining fields.

3. Resource Object Reconciliation Action Rules

This component is required for linking the OIM associated user based on the reconciliation rules. The following reconciliation action rules needs to be create:

Rule Condition - Action

1. No Matches Found  = None
2. One Entity Match Found = Establish Link
3. One Process Match Found = Establish Link

The following way to create the reconciliation action rules:

Login to the Design Console --> Resource Management --> Object Reconciliation --> Reconciliation Action Rules -->  Add. It will display the following screen,

Select the Rule Condition is No Matches Found and Rule Action is None. Repeat the steps  to create the Reconciliation Rule Actions for remaining fields.

4. Process Definition Reconciliation Field Mappings

This component is required to populate the data from target resource to OIM Connector Process form to evaluate the reconciliation rules. The following fields needs to be mapped:

Resource Reconciliation Field  - Process Form Column Name

1. Unique ID = UD_DBICF_USR_UNIQUE_ID

2. User Login = UD_DBICF_USR_LOGIN

3. First Name = UD_DBICF_USR_FIRST_NAME

4. Last Name = UD_DBICF_USR_LAST_NAME

5. Middle Name = UD_DBICF_USR_MIDDLE_NAME

6. Status = OIM_OBJECT_STATUS

7. IT Resource Key = UD_DBICF_USR_SERVER

Replace Process Form Column Name with your own process form column Name. Status field mapping always OIM_OBJECT_STATUS.

The following way to create the Process Definition Reconciliation Field Mappings:

Login to the Design Console --> Process Definition --> Search Process Definition --> Select Process Definition in the Process Definition Table --> Reconciliation Field Mappings --> Add Field Map. It will display the following screen,

Select the Field Name is Unique ID and Process Data Field is UD_DBICF_USR_UNIQUE_ID. Click Save and Close Icon and It will create the Reconciliation Field Mappings. Repeat the steps to create the Reconciliation Field Mapping for remaining  fields.

Configuring the Reconciliation Key Field

This configuration is required for maintain the uniqueness while doing the reconciliation. The configuration as follows:

5. Reconciliation Rules

This component is required to evaluate the OIM Data based on the Reconciliation Target Data and Linking the OIM User to Target User.

OIM User  -  Target User

1. User Login  = User Login.

The following way to create the Process Definition Reconciliation Field Mappings:

Login to the Design Console --> Development Tools --> Reconciliation Rules. It will display the following screen,

Enter the Name , Select the Object and Description. Click Save and It will display the following screen.

Click Add Rule Element and It will Display the following screen.

Select the User Profile Data is User Login, Operator is Equals, Attribute is User Login, Click Save and Close Button. It will create the reconciliation rule. Replace User Profile Data, Operator, and Attribute according to your requirement.

After configuring the reconciliation rule look like this:

Select Active Check Box and Click Save Icon. It will activate the Reconciliation rule.

6. Creating Reconciliation Profiles

This component is required fro to create the reconciliation profile into the oim repository.

The following way to create the Reconciliation Profile:

Login to the Design Console --> Resource Management --> Object Reconciliation --> Create Reconciliation Profile. It will create the reconciliation profile.

7. Importing the Schedule Task Reconciliation Metadata to OIM Repository.

This component is required to reconcile the user  from the target system.

The following xml needs to be imported to create the schedule task:

\<?xml version = '1.0' encoding = 'UTF-8'?>

<xl-ddm-data version="2.0.1.0" user="XELSYSADM" database="jdbc:oracle:thin:@localhost:5524/estView.regress.rdbms.dev.us.oracle.com" exported-date="1307546406635" description="FF">

<scheduledTask repo-type="MDS" name="DataBaseICFConnectorReconciliation" mds-path="/db" mds-file="DataBaseICFConnectorReconciliation.xml">

    <completeXml>

        <scheduledTasks xmlns="http://xmlns.oracle.com/oim/scheduler">

            <task>

            <name>DataBaseICFConnectorReconciliation</name>

            <class>oracle.iam.connectors.icfcommon.recon.SearchReconTask</class>

            <description>DataBaseICFConnectorReconciliation</description>

            <retry>0</retry>

            <parameters>

              <string-param required="false" encrypted="false" helpText="Filter">Filter</string-param>

              <string-param required="false" encrypted="false" helpText="Incremental Recon Date Attribute">Incremental Recon Date Attribute</string-param>

              <string-param required="false" encrypted="false" helpText="IT Resource Name">IT Resource Name</string-param>

              <string-param required="false" encrypted="false" helpText="Object Type">Object Type</string-param>

              <string-param required="false" encrypted="false" helpText="Latest Token">Latest Token</string-param>

              <string-param required="false" encrypted="false" helpText="Resource Object Name">Resource Object Name</string-param>

            </parameters>

          </task>

        </scheduledTasks>

    </completeXml>

</scheduledTask>

</xl-ddm-data>

Login to the OIM Console  --> Advance --> Import Deployment Manager File --> Select the Scheduler Task File  --> Add File --> Import. It will import the XMl File into the OIM Repository.

8. Create the OIM Schedule Job

This component is required to create the schedule job to reconcile the users from target system to oim.

Login to the OIM Console  --> Advance --> System Management --> Actions --> Create. It will display the following screen.

Enter the Job Name, Select Task  the DataBaseICFConnectorReconciliation from the Task Lists. Afterselecting the Task Name from list and it will show the following schedule task parameters:

1. Filter
2. Incremental Recon Date Attribute
3. IT Resource Name
4. Object Type
5. Latest Token
6. Resource Object Name

Enter the Filter is equalTo('userLogin','Login'), IT Resource Name is <IT Resource Name>, Object Type is User, and Resource Object Name is Database ICF User. Replace Filter, IT Resource Name, Resource Object Name according to your naming convention.

9. Restart the OIM Server

Login to the OIM Server and go to the $DOMAIN_HOME/bin directory and execute the following files:

./stopManagedWebLogic.sh oim_server1 t3://weblogicadminhost:port

./startManagedWebLogic.sh oim_server1 t3://weblogicadminhost:port

10. Run the Reconciliation Schedule Task

After running the schedule job, it will fetch the data from the target resource and it will create the reconciliation event. If the the reconciliation rule matches, it will associate the owner to the target account.

Build the Incremental Reconciliation Data Base ICF Connector

Testing the ICF Connector User Provisioning in OIM Admin Console

Creating the IT Resource

Login to the OIM Admin Console. Click  --> Advanced --> Create IT Resource -->  Enter IT Resource Name is Application Data Base User and Select IT Resource Type is Data Base ICF Connector --> Continue --> Enter the driver is oracle.jdbc.driver.OracleDriver, url is jdbc:oracle:thin:@localhost:1521:orcl, userName is scott, password is your password, and environment is remote. --> Click Continue with default values to get the Finish button. Click Finish button and it will create the IT Resource.

Creating the Data Source

We need to create the data source in oim server. Go to the Web Logic Admin Console --> Services --> Data Sources --> New  --> Enter JNDI Name is mydatasource and Select Data base type is Oracle  --> Next --> Select Data Base Driver --> Next --> Next --> Enter Data Base Name, Host Name, Port, Data Base User Name, Password and Confirm Password --> Next  --> Next --> Select the Server is oim_server1 --> Finish. It will create the data source.

Restart the OIM Server

Login to the OIM Server machine and Go to the DOMAIN_HOME/bin directory and execute the following command to restart the web logic server

./stopManagedWebLogic.sh oim_server1 <OIM Admin Url>

./startManagedWebLogic.sh oim_server1 <OIM Admin Url>

Testing the Connector Provisioning Operation

Login to the OIM Admin Console --> Search User --> Enter the user you want to seach -->  Click the user from the search list --> Click Resources tab --> Add -->  Select  Resource is Dabase ICF User --> Contiinue --> Continue -->  It will initiate the Provsioning. You will see user in the resources tab with Provisioning Status.

Click Open Form and Select the Data Base Server from the IT Resource List --> Click Save. It will Provisioned the user to target system and also status changed from provisioning to provisioned.

Building the OIM metadata for data base icf connector

The following tasks  needs to be performed to create the OIM metadata for provisioning and Reconciliation. They are

• Provisioning

The following components are required to build the user provisioning. They are

1. IT Resource Type Definition

2. Connector Lookup Configuration

3. Pre-Populate Adapters 

4. Process Form Definition

5. Process Task Adapters

6. Resource Object

7. Process Definition

1. It Resource Type Definition

This component is required to establish the communication from Oracle Identity Manager to Target Resource. In our example target resource is Data Base Identity Connector. Creating the IT Resource Type Definition as follows.

Login to the design console  --> Resource Management --> IT Resource Type Deinition. Enter the Server Type and Select Insert Multiple Check box and Click Save. It will create the IT Resource Type Definition as Database ICF Connector.

It Resource Type Parameters:

The IT Resource Type Parameters are available in the  DataBaseIdentityConfig class with @ConfigurationProperty annotation. Those properties should be added in the IT Resource Parameter Section and also you need to add additional parameter Configuration Lookup for configuring the Connector Info like Connector Class, Connector Bundle, Connector Provisioning Attribute Mapping, etc.

The IT Resource Type Parameters are

1. driver
2. url
3 userName
4. password
5. environment
6. Configuration Lookup.

The example screen shot is given below.

2. Connector Lookup Configuration

This component is required to maintain the connector configuration for user provisioning and reconciliation. The following lookup configuration needs to be configured:

2.1 Lookup.dbicf.Configuration

This Component is required to configure the connector bundle information and also User Provisioning and Reconciliation Lookup info. The lookup parameters as follows:

1. Bundle Version
2. Bundle Name
3. Connector Name
4. User Configuration Lookup.

The Bundle Version and Bundle Name is available in the Data Base Connector ICF JAR in the META-INF/MANIFEST.MF file. The Connector Name is Data Base Identity Connector class with full qualified name. In our example edu.sfsu.identity.dbconnector.DatabaseIdentityConnector. The bundle name mapping should be as follows:

Bundle Version = ConnectorBundle-Version
Bundle Name= ConnectorBundle-Name
Connector Name = Connector Class Name with package
User Configuration Lookup=Lookup.dbcf.UM.Configuration
 
The sample values are given below in the screen shot.

2.2 Lookup.dbcf.UM.Configuration

This component is required for configuring the Provisioning and Reconciliation configuration lookup details.  The configuration lookup parameters as follows:

1. User Validation For Prov = false
2. Provisioning Attribute Map =  Lookup.dbcf.UM.ProvAttrMap
3. User Transformation For Recon = false
4. User Validation For Recon = false
5. Recon Attribute Map = Lookup.dbcf.UM.ReconAttrMap

The parameter 2. Provisioning Attribute Map contains the Process Form field label and target resource schema mapping.

The configuration details are given below as a screen shot.

2.3. Lookup.dbcf.UM.ProvAttrMap

This component is required for provisioning attribute mapping from Process Form Field Label to Target Resource Schema Mapping. The mapping details as follows:

1. Unique ID = __UID__
2. User Login = userLogin
3. User Password = password
4. First Name= firstName
5. Last Name = lastName
6. Middle Name= middleName

The configuration details are given below as a screen shot.

3. Pre-Populate Adapter

This component is required to transfer the values from Oracle Identity Manager User data to Process Form while after initiating the user provisioning. The pre-populate creation process as follows:

3.1. Create Pre-populate Adapter
3.2. Create Adapter Variable
3.3. Create Adapter Task

3.1. Create Pre-populate Adapter

Click Adapter Factory --> and enter the following values into the form
Adapter Name: dbicf_prepop_adp
Adapter Type: Pre-populate Rule Generator
Description: Enter your description


Click Save Icon and It will create the Pre-Populate Adapter

3.2. Create Adapter Variable

Click Variable List --> Add and it will display the following screen.

Enter the following details into the variable screen and click Save Icon.


Variable Name: oimdata
Type : String
Mapp To : Resolve at runtime
Description: Enter Description



The configuration of the Adapter Variable as follows:

3.3. Create Adapter Task

Click Add --> Logic Task --> SET VARIABLE -->  and It will display the following screen.

Select the variable Name is Adapter return value, operand Type is Variable and Operand Qualifier is oimdata. The sample is given below.

Click Save Icon and it will Display the following screen.

Click Build Button and It will compile the adapter and ready to use in process form.

4. Process Form Definition

This component is required to capture the data from Oracle Identity Manager and transfer to process definition to store the values in target resource. The following sub component are required to create the process form definition.

4.1 Creating the Process Form

4.2 Additional Columns

4.3 Properties

4.4 Pre-Populate

4.5  Building Form


4.1 Creating the Process Form

Click Form Designer --> Enter Table Name and Description and Click Save Button. It will create the Process Form. The process form configuration is given below as a screen shot.

4.2 Additional Columns

Add the following additional columns in the Additional Column Section to capture the data. They are


1. Unique ID
2. User Login
3. User Password
4. First Name
5. Last Name
6. Middle Name
7.Data Base Server


The configuration details are given below:

4.3 Properties

Click Properties tab and configure the following properties for validation.

1. User Login
    Required = true
2. User Password
    Required = true
3. Last Name
    Required = true
4.Data Base Server
    Required = true
    Type = Data Base ICF Connector

The configuration details are given below:

4.4 Pre-Populate

This component is required for mapping from OIM User to Process Form Field. The following field are mapping:

1. User Login = User Login
2. User Password = Password
3. First Name = First Name
4. Last Name= Last Name
5. Middle Name = Middle Initial

The User Login configuration as shown below a screen shot.

Select the Field Name is User Login, Rule is Default, Adapter is dbicf_prepop_adp and Clcik Save. Click Map Button and It will display the following screen.

Select Map To is User Definition and Qualifier is User Login. Click Save Icon.

Repeat the steps for remaining fields. After completion of the configuration look like this: 

4.5  Building Form

Click Make version Active button and it will display the following screen.

Click OK button and it will activate the form is active mode and  and we can use in the resource object.

5. Process Task Adapters

This is required to process the data from OIM to target resource and persists the data into the database. The following components are required for database connector. They are

5.1. Create User
5.2. Update User
5.3. Delete User
5.4. Enable User
5.5. Disable User


5.1. Create User

5.1.1.Create Adapter

Click Adapter Factory --> Enter the Adapter Name. Adapter Type and Description. Click Save Icon and It will display the following screen.

5.1.2 Create Responses

The following responses needs to be created. They are

Code Name - Status
1. SUCCESS  - C (Completed)
2. ERROR - R (Rejected Due to failure)

The configuration as follows:

5.1.3.Create Variable

Click Variable List tab and Create the following variables in the variable list. They are

Name - Type - Mapped As - Description
1. objectType  - String - Resolve at runtime -  objecttype
2. processInstanceKey - Long - Resolve at runtime - processinstancekey
3. itResourceColumnName -String - Resolve at runtime -  itresourcecolumnnmae

Resolve at runtime means we will map the values later at the process definition create task mapping.

The configuration as follows:

5.1.4.Create Adapter Task

Click Adapter Task tab --> Add  --> Functional Task (Java) --> Select New Object Instance --> Continue --> Enter task Name and Select API Source is ICFIntglar:icf-oim-intg.jar and Select Application is ICProvisioningManager class and Select method createObject. Click Save Icon and It will display the following screen.

Click Constructor and Method it will display the following screen.

Constructor Mapping

Input: String - Map to Adapter Variable - Name is itResourceColumnName
inpiut: long  - Map to Adapter Variable - Name is processInstanceKey
input: com.thortech.xl.dataaccess.tcDataProvider - Map to  Adapter References - Name is Database reference

Method Mapping

Output: String - Map to Adapter Variable - Name is Return Variable
Input: String - Map to Adapter Variable - Name is objectType

After mapping is done, the configuration is given below:

Click Save Icon and click close button and it will display the following screen.

5.1.5 Compile the Adapter

Click Build button and It will compile the adapter and it will display the following screen.

After compiling the adapter , the Compile Status os OK. If your seeing any error while compiling the adapter, please fix the errors and recompile.

5.2. Update User

5.2.1.Create Adapter

Follow the step 5.1.1 to create the adapter.

5.2.2 Create Responses

Follow the steps 5.1.2 to create the responses.

5.2.3.Create Variable

Follow the steps 5.1.3 to create the variables. Add the following additional variable:

 attrFieldName -String - Resolve at runtime - Attribute Field Label.


5.1.4.Create Adapter Task

Follow the steps 5.1.4 to create the Adapter task. Choose Methods is updateAttributeValue(String).

Constructor Mapping

Input: String - Map to Adapter Variable - Name is itResourceColumnName
inpiut: long  - Map to Adapter Variable - Name is processInstanceKey
input: com.thortech.xl.dataaccess.tcDataProvider - Map to  Adapter References - Name is Database reference

Method Mapping

Output: String - Map to Adapter Variable - Name is Return Variable
Input: String - Map to Adapter Variable - Name is objectType

Input: String - Map to Adapter Variable - Name is attrFieldName

5.2.5 Compile the Adapter

Follow the steps 5.1.5 to compile the dapter

5.3 Delete User

5.3.1.Create Adapter

Follow the step 5.1.1 to create the adapter.

5.3.2 Create Responses

Follow the steps 5.1.2 to create the responses.

5.3.3.Create Variable

Follow the steps 5.1.3 to create the variables.


5.3.4.Create Adapter Task

Follow the steps 5.1.4 to create the Adapter task. Choose Methods is deleteUser(String objectType)

Constructor Mapping

Input: String - Map to Adapter Variable - Name is itResourceColumnName
inpiut: long  - Map to Adapter Variable - Name is processInstanceKey
input: com.thortech.xl.dataaccess.tcDataProvider - Map to  Adapter References - Name is Database reference

Method Mapping

Output: String - Map to Adapter Variable - Name is Return Variable
Input: String - Map to Adapter Variable - Name is objectType

5.3.5 Compile the Adapter

Follow the steps 5.1.5 to compile the dapter

5.4 Enable User

5.4.1.Create Adapter

Follow the step 5.1.1 to create the adapter.

5.4.2 Create Responses

Follow the steps 5.1.2 to create the responses.

5.4.3.Create Variable

Follow the steps 5.1.3 to create the variables.


5.4.4.Create Adapter Task

Follow the steps 5.1.4 to create the Adapter task. Choose Methods is enableObject(String objectType)

Constructor Mapping

Input: String - Map to Adapter Variable - Name is itResourceColumnName
inpiut: long  - Map to Adapter Variable - Name is processInstanceKey
input: com.thortech.xl.dataaccess.tcDataProvider - Map to  Adapter References - Name is Database reference

Method Mapping

Output: String - Map to Adapter Variable - Name is Return Variable
Input: String - Map to Adapter Variable - Name is objectType

5.4.5 Compile the Adapter

Follow the steps 5.1.5 to compile the adapter

5.4 Disable User

5.5.1.Create Adapter

Follow the step 5.1.1 to create the adapter.

5.5.2 Create Responses

Follow the steps 5.1.2 to create the responses.

5.5.3.Create Variable

Follow the steps 5.1.3 to create the variables.


5.5.4.Create Adapter Task

Follow the steps 5.1.4 to create the Adapter task. Choose Methods is disableUser(String objectType)

Constructor Mapping

Input: String - Map to Adapter Variable - Name is itResourceColumnName
inpiut: long  - Map to Adapter Variable - Name is processInstanceKey
input: com.thortech.xl.dataaccess.tcDataProvider - Map to  Adapter References - Name is Database reference

Method Mapping

Output: String - Map to Adapter Variable - Name is Return Variable
Input: String - Map to Adapter Variable - Name is objectType

5.5.5 Compile the Adapter

Follow the steps 5.1.5 to compile the adapter

6. Resource Object

Creating Resource Object

Click Resource Object --> Enter Object Definition Name, Select Type is Application, Select  Allow multiple (Multiple Instances can be created), Allow All (Every one can be requested),Self Requested Allow (Request the resource using the self Service Option), and Off-line Provisioning Check boxes. Click Save and It will create the Resource Object.

7. Process Definition

Click Process Management --> Process Definition --> Enter Name, Type,Object Name,  Table Name, Select Default Process, Auto Pre-populate, and Auto Save Form Check box. Click Save Button and it will display the following screen.

Tasks

The following tasks needs to be created for provisioning operations in the connector. They are

7.1 Create User

Create task is being used to provision the user into the target system.

7.1.1 Create User Task:

Click Add button in the Tasks Section and it will open the following screen.

Enter the Task Name is Create User, Task Description is Creating the User in target System, Select Required for Completion, Allow Cancellation while Pending, Allow multiple Instances, Enter Retry Period in minutes, and Retry Count. Click Save button.The configuration details are given below.

Task Integration

Click Integration tab and it will display the following screen.

Click Add button and It will display the following screen.

Select Adapter option and it will display the following screen.

The create user adapter name  is dbicf_database_createuser. While you selecting this adapter in the process definition is adpDBICF_DATABASE_CREATEUSER.

Select Create User adapter is adpDBICF_DATABASE_CREATEUSER and it will

Click OK Button and It will display the following screen

Click Yes button and it will display the following screen.

Integration Adapter Mapping:

Select Adapter return value and click Map button and It will display the following screen.

Select the Map To is Response Code and Click Save Button and Click Close button.


Select objectType and click Map button and It will display the following screen.

Select Map to is Literal,Qualifier is String, and Literal Value is User. Click Save and Close button.

Select processInstanceKey --> click Map button --> Select Map to Process Data and Qualifier is Process Instance. Click Save  and Close button.

Select itResourceColumnName --> click Map button --> Select Map to Literal, Qualifier is String, and Literal value is UD_DBICF_USR_SERVER. Click Save  and Close button. After configuring all the variables, the configuration is shown below.

Tasks Object Status Mapping

Click Object Status Mapping Tab --> Select  Status C and Object Status is Provisioned and Click Save. The configuration as follows:

Click Save and Close Button.

Tasks Enable User

General Tab
Click Add button and Enter the following details in the general Section.
Task Name : Enable User
Description :

Enabling the user in target resource

Select Task Properties like Conditional, Required Completion,Allow Cancellation while pending, Allow multiple instances,  Enter Retry Period in minutes is 30 and Retry Count is 5.

Select Task Effect is Enable Process or Access to Application

The Configuration details are given below

Integration Tab

Click Integration Tab --> Add  --> Select Adapter option --> Select adpDBICF_DATABASE_ENABLEUSER --> Click Save --> Click OK button --> Click Yes Button.

Mapping the Adapter Variable

Select Adapter return value --> click Map button --> Select Map to Response Code. Click Save  and Close button.

Select objectType --> click Map button --> Select Map to Literal,Select Qualifier String, and 

Literal Value is User. Click Save  and Close button.

Select itResourceColumnName --> click Map button --> Select Map to Literal,Select Qualifier String, and Literal Value is UD_DBICF_USR_SERVER. Click Save  and Close button.

Select processInstanceKey --> click Map button --> Select Map to Process Data and Qualifier is Process Instance. Click Save  and Close button.

After Completing the Configuration as follows:

Task Object Status Mapping

Click Object Status Mapping Tab --> Select  Status C and Object Status is Enabled and Click Save. The configuration as follows:

Click Save and Close button. It will create the Enable User Task.

Tasks Disable User:

General Tab
Click Add button and Enter the following details in the general Section.
Task Name : Disable User
Description :

Disabling the user in target resource

Select Task Properties like Conditional, Required Completion,Allow Cancellation while pending, Allow multiple instances,  Enter Retry Period in minutes is 30 and Retry Count is 5.

Select Task Effect is Disable Process or Access to Application

The Configuration details are given below

Integration Tab

Click Integration Tab --> Add  --> Select Adapter option --> Select adpDBICF_DATABASE_DISABLEUSER --> Click Save --> Click OK button --> Click Yes Button.

Mapping the Adapter Variable

Select Adapter return value --> click Map button --> Select Map to Response Code. Click Save  and Close button.

Select objectType --> click Map button --> Select Map to Literal,Select Qualifier String, and 

Literal Value is User. Click Save  and Close button.

Select itResourceColumnName --> click Map button --> Select Map to Literal,Select Qualifier String, and Literal Value is UD_DBICF_USR_SERVER. Click Save  and Close button.

Select processInstanceKey --> click Map button --> Select Map to Process Data and Qualifier is Process Instance. Click Save  and Close button.

After Completing the Configuration as follows:

Task Object Status Mapping

Click Object Status Mapping Tab --> Select  Status C and Object Status is Disabled and Click Save. The configuration as follows:

Click Save and Close button. It will create the Disable User Task.

Tasks Delete User:

General Tab
Click Add button and Enter the following details in the general Section.
Task Name : Delete User
Description :

Deleting the user in target resource

Select Task Properties like Conditional, Required Completion,Allow Cancellation while pending, Allow multiple instances,  Enter Retry Period in minutes is 30 and Retry Count is 5.

Integration Tab

Click Integration Tab --> Add  --> Select Adapter option --> Select adpDBICF_DATABASE_DISABLEUSER --> Click Save --> Click OK button --> Click Yes Button.

Mapping the Adapter Variable

Select Adapter return value --> click Map button --> Select Map to Response Code. Click Save  and Close button.

Select objectType --> click Map button --> Select Map to Literal,Select Qualifier String, and 

Literal Value is User. Click Save  and Close button.

Select itResourceColumnName --> click Map button --> Select Map to Literal,Select Qualifier String, and Literal Value is UD_DBICF_USR_SERVER. Click Save  and Close button.

Select processInstanceKey --> click Map button --> Select Map to Process Data and Qualifier is Process Instance. Click Save  and Close button.

After Completing the Configuration as follows:

Task Object Status Mapping

Click Object Status Mapping Tab --> Select  Status C and Object Status is Revoked and Click Save. The configuration as follows:

Tasks User Login Updated:

Tasks Disable User:

General Tab
Click Add button and Enter the following details in the general Section.
Task Name : User Login Updated
Description : Updating the user login target resource

Select Task Properties like Conditional, Required Completion,Allow Cancellation while pending, Allow multiple instances,  Enter Retry Period in minutes is 30 and Retry Count is 5.
The Configuration details are given below

Integration Tab

Click Integration Tab --> Add  --> Select Adapter option --> Select adpDBICF_DATABASE_DISABLEUSER --> Click Save --> Click OK button --> Click Yes Button.

Mapping the Adapter Variable

Select Adapter return value --> click Map button --> Select Map to Response Code. Click Save  and Close button.

Select objectType --> click Map button --> Select Map to Literal,Select Qualifier String, and 

Literal Value is User. Click Save  and Close button.

Select attrFieldName --> click Map button --> Select Map to Literal,Select Qualifier String, and Literal Value is USer Login. Click Save  and Close button.

Select itResourceColumnName --> click Map button --> Select Map to Literal,Select Qualifier String, and Literal Value is UD_DBICF_USR_SERVER. Click Save  and Close button.

Select processInstanceKey --> click Map button --> Select Map to Process Data and Qualifier is Process Instance. Click Save  and Close button.

After Completing the Configuration as follows:

Repeat tasks User Login Updated steps for the following tasks.

Tasks User Password Updated
Tasks First Name Updated
Tasks Last Name Updated
Tasks Middle Name Updated

Testing the Connector in OIM Admin Console