The following tasks needs to be performed to create the OIM metadata for provisioning and Reconciliation. They are
- Provisioning
The following components are required to build the user provisioning. They are
1. IT Resource Type Definition
2. Connector Lookup Configuration
3. Pre-Populate Adapters
4. Process Form Definition
5. Process Task Adapters
6. Resource Object
7. Process Definition
1. It Resource Type Definition
This component is required to establish the communication from Oracle Identity Manager to Target Resource. In our example target resource is Data Base Identity Connector. Creating the IT Resource Type Definition as follows.
Login to the design console --> Resource Management --> IT Resource Type Deinition. Enter the Server Type and Select Insert Multiple Check box and Click Save. It will create the IT Resource Type Definition as Database ICF Connector.
It Resource Type Parameters:
The IT Resource Type Parameters are available in the DataBaseIdentityConfig class with @ConfigurationProperty annotation. Those properties should be added in the IT Resource Parameter Section and also you need to add additional parameter Configuration Lookup for configuring the Connector Info like Connector Class, Connector Bundle, Connector Provisioning Attribute Mapping, etc.
The IT Resource Type Parameters are
1. driver
2. url
3 userName
4. password
5. environment
6. Configuration Lookup.
The example screen shot is given below.
The IT Resource Type Parameters are available in the DataBaseIdentityConfig class with @ConfigurationProperty annotation. Those properties should be added in the IT Resource Parameter Section and also you need to add additional parameter Configuration Lookup for configuring the Connector Info like Connector Class, Connector Bundle, Connector Provisioning Attribute Mapping, etc.
The IT Resource Type Parameters are
1. driver
2. url
3 userName
4. password
5. environment
6. Configuration Lookup.
The example screen shot is given below.
2. Connector Lookup Configuration
This component is required to maintain the connector configuration for user provisioning and reconciliation. The following lookup configuration needs to be configured:
2.1 Lookup.dbicf.Configuration
This Component is required to configure the connector bundle information and also User Provisioning and Reconciliation Lookup info. The lookup parameters as follows:
1. Bundle Version
2. Bundle Name
3. Connector Name
4. User Configuration Lookup.
The Bundle Version and Bundle Name is available in the Data Base Connector ICF JAR in the META-INF/MANIFEST.MF file. The Connector Name is Data Base Identity Connector class with full qualified name. In our example edu.sfsu.identity.dbconnector.DatabaseIdentityConnector. The bundle name mapping should be as follows:
Bundle Version = ConnectorBundle-Version
Bundle Name= ConnectorBundle-Name
Connector Name = Connector Class Name with package
User Configuration Lookup=Lookup.dbcf.UM.Configuration
The sample values are given below in the screen shot.
2.2 Lookup.dbcf.UM.Configuration
This component is required for configuring the Provisioning and Reconciliation configuration lookup details. The configuration lookup parameters as follows:
1. User Validation For Prov = false
2. Provisioning Attribute Map = Lookup.dbcf.UM.ProvAttrMap
3. User Transformation For Recon = false
4. User Validation For Recon = false
5. Recon Attribute Map = Lookup.dbcf.UM.ReconAttrMap
The parameter 2. Provisioning Attribute Map contains the Process Form field label and target resource schema mapping.
The configuration details are given below as a screen shot.
2.3. Lookup.dbcf.UM.ProvAttrMap
This component is required for provisioning attribute mapping from Process Form Field Label to Target Resource Schema Mapping. The mapping details as follows:
1. Unique ID = __UID__
2. User Login = userLogin
3. User Password = password
4. First Name= firstName
5. Last Name = lastName
6. Middle Name= middleName
The configuration details are given below as a screen shot.
2.1 Lookup.dbicf.Configuration
This Component is required to configure the connector bundle information and also User Provisioning and Reconciliation Lookup info. The lookup parameters as follows:
1. Bundle Version
2. Bundle Name
3. Connector Name
4. User Configuration Lookup.
The Bundle Version and Bundle Name is available in the Data Base Connector ICF JAR in the META-INF/MANIFEST.MF file. The Connector Name is Data Base Identity Connector class with full qualified name. In our example edu.sfsu.identity.dbconnector.DatabaseIdentityConnector. The bundle name mapping should be as follows:
Bundle Version = ConnectorBundle-Version
Bundle Name= ConnectorBundle-Name
Connector Name = Connector Class Name with package
User Configuration Lookup=Lookup.dbcf.UM.Configuration
The sample values are given below in the screen shot.
This component is required for configuring the Provisioning and Reconciliation configuration lookup details. The configuration lookup parameters as follows:
1. User Validation For Prov = false
2. Provisioning Attribute Map = Lookup.dbcf.UM.ProvAttrMap
3. User Transformation For Recon = false
4. User Validation For Recon = false
5. Recon Attribute Map = Lookup.dbcf.UM.ReconAttrMap
The parameter 2. Provisioning Attribute Map contains the Process Form field label and target resource schema mapping.
The configuration details are given below as a screen shot.
2.3. Lookup.dbcf.UM.ProvAttrMap
This component is required for provisioning attribute mapping from Process Form Field Label to Target Resource Schema Mapping. The mapping details as follows:
1. Unique ID = __UID__
2. User Login = userLogin
3. User Password = password
4. First Name= firstName
5. Last Name = lastName
6. Middle Name= middleName
The configuration details are given below as a screen shot.
3. Pre-Populate Adapter
This component is required to transfer the values from Oracle Identity Manager User data to Process Form while after initiating the user provisioning. The pre-populate creation process as follows:
3.1. Create Pre-populate Adapter
3.2. Create Adapter Variable
3.3. Create Adapter Task
3.1. Create Pre-populate Adapter
Click Adapter Factory --> and enter the following values into the form
Adapter Name: dbicf_prepop_adp
Adapter Type: Pre-populate Rule Generator
Description: Enter your description
Click Save Icon and It will create the Pre-Populate Adapter
3.2. Create Adapter Variable
Click Variable List --> Add and it will display the following screen.
Enter the following details into the variable screen and click Save Icon.
Variable Name: oimdata
Type : String
Mapp To : Resolve at runtime
Description: Enter Description
The configuration of the Adapter Variable as follows:
3.3. Create Adapter Task
Click Add --> Logic Task --> SET VARIABLE --> and It will display the following screen.
Select the variable Name is Adapter return value, operand Type is Variable and Operand Qualifier is oimdata. The sample is given below.
Click Save Icon and it will Display the following screen.
Click Build Button and It will compile the adapter and ready to use in process form.
3.1. Create Pre-populate Adapter
3.2. Create Adapter Variable
3.3. Create Adapter Task
3.1. Create Pre-populate Adapter
Click Adapter Factory --> and enter the following values into the form
Adapter Name: dbicf_prepop_adp
Adapter Type: Pre-populate Rule Generator
Description: Enter your description
Click Save Icon and It will create the Pre-Populate Adapter
3.2. Create Adapter Variable
Click Variable List --> Add and it will display the following screen.
Enter the following details into the variable screen and click Save Icon.
Variable Name: oimdata
Type : String
Mapp To : Resolve at runtime
Description: Enter Description
The configuration of the Adapter Variable as follows:
3.3. Create Adapter Task
Click Add --> Logic Task --> SET VARIABLE --> and It will display the following screen.
Select the variable Name is Adapter return value, operand Type is Variable and Operand Qualifier is oimdata. The sample is given below.
Click Save Icon and it will Display the following screen.
Click Build Button and It will compile the adapter and ready to use in process form.
4. Process Form Definition
This component is required to capture the data from Oracle Identity Manager and transfer to process definition to store the values in target resource. The following sub component are required to create the process form definition.
4.1 Creating the Process Form
4.2 Additional Columns
4.3 Properties
4.4 Pre-Populate
4.5 Building Form
4.1 Creating the Process Form
Click Form Designer --> Enter Table Name and Description and Click Save Button. It will create the Process Form. The process form configuration is given below as a screen shot.
4.2 Additional Columns
Add the following additional columns in the Additional Column Section to capture the data. They are
1. Unique ID
2. User Login
3. User Password
4. First Name
5. Last Name
6. Middle Name
7.Data Base Server
The configuration details are given below:
4.3 Properties
Click Properties tab and configure the following properties for validation.
1. User Login
Required = true
2. User Password
Required = true
3. Last Name
Required = true
4.Data Base Server
Required = true
Type = Data Base ICF Connector
4.4 Pre-Populate
This component is required for mapping from OIM User to Process Form Field. The following field are mapping:
1. User Login = User Login
2. User Password = Password
3. First Name = First Name
4. Last Name= Last Name
5. Middle Name = Middle Initial
The User Login configuration as shown below a screen shot.
4.1 Creating the Process Form
4.2 Additional Columns
4.3 Properties
4.4 Pre-Populate
4.5 Building Form
4.1 Creating the Process Form
Click Form Designer --> Enter Table Name and Description and Click Save Button. It will create the Process Form. The process form configuration is given below as a screen shot.
4.2 Additional Columns
Add the following additional columns in the Additional Column Section to capture the data. They are
1. Unique ID
2. User Login
3. User Password
4. First Name
5. Last Name
6. Middle Name
7.Data Base Server
The configuration details are given below:
Click Properties tab and configure the following properties for validation.
1. User Login
Required = true
2. User Password
Required = true
3. Last Name
Required = true
4.Data Base Server
Required = true
Type = Data Base ICF Connector
The configuration details are given below:
4.4 Pre-Populate
This component is required for mapping from OIM User to Process Form Field. The following field are mapping:
1. User Login = User Login
2. User Password = Password
3. First Name = First Name
4. Last Name= Last Name
5. Middle Name = Middle Initial
The User Login configuration as shown below a screen shot.
Select the Field Name is User Login, Rule is Default, Adapter is dbicf_prepop_adp and Clcik Save. Click Map Button and It will display the following screen.
Select Map To is User Definition and Qualifier is User Login. Click Save Icon.
Repeat the steps for remaining fields. After completion of the configuration look like this:
4.5 Building Form
Click Make version Active button and it will display the following screen.
Click OK button and it will activate the form is active mode and and we can use in the resource object.
5. Process Task Adapters
This is required to process the data from OIM to target resource and persists the data into the database. The following components are required for database connector. They are
5.1. Create User
5.2. Update User
5.3. Delete User
5.4. Enable User
5.5. Disable User
5.1. Create User
5.1.1.Create Adapter
Click Adapter Factory --> Enter the Adapter Name. Adapter Type and Description. Click Save Icon and It will display the following screen.
5.1.2 Create Responses
The following responses needs to be created. They are
Code Name - Status
1. SUCCESS - C (Completed)
2. ERROR - R (Rejected Due to failure)
The configuration as follows:
5.1.3.Create Variable
Click Variable List tab and Create the following variables in the variable list. They are
Name - Type - Mapped As - Description
1. objectType - String - Resolve at runtime - objecttype
2. processInstanceKey - Long - Resolve at runtime - processinstancekey
3. itResourceColumnName -String - Resolve at runtime - itresourcecolumnnmae
Resolve at runtime means we will map the values later at the process definition create task mapping.
The configuration as follows:
5.1.4.Create Adapter Task
Click Adapter Task tab --> Add --> Functional Task (Java) --> Select New Object Instance --> Continue --> Enter task Name and Select API Source is ICFIntglar:icf-oim-intg.jar and Select Application is ICProvisioningManager class and Select method createObject. Click Save Icon and It will display the following screen.
Click Constructor and Method it will display the following screen.
Constructor Mapping
Input: String - Map to Adapter Variable - Name is itResourceColumnName
inpiut: long - Map to Adapter Variable - Name is processInstanceKey
input: com.thortech.xl.dataaccess.tcDataProvider - Map to Adapter References - Name is Database reference
Method Mapping
Output: String - Map to Adapter Variable - Name is Return Variable
Input: String - Map to Adapter Variable - Name is objectType
After mapping is done, the configuration is given below:
Click Save Icon and click close button and it will display the following screen.
5.1.5 Compile the Adapter
Click Build button and It will compile the adapter and it will display the following screen.
After compiling the adapter , the Compile Status os OK. If your seeing any error while compiling the adapter, please fix the errors and recompile.
5.2. Update User
5.2.1.Create Adapter
Follow the step 5.1.1 to create the adapter.
5.2.2 Create Responses
Follow the steps 5.1.2 to create the responses.
5.2.3.Create Variable
Follow the steps 5.1.3 to create the variables. Add the following additional variable:
attrFieldName -String - Resolve at runtime - Attribute Field Label.
5.1.4.Create Adapter Task
Follow the steps 5.1.4 to create the Adapter task. Choose Methods is updateAttributeValue(String).
Constructor Mapping
Input: String - Map to Adapter Variable - Name is itResourceColumnName
inpiut: long - Map to Adapter Variable - Name is processInstanceKey
input: com.thortech.xl.dataaccess.tcDataProvider - Map to Adapter References - Name is Database reference
Method Mapping
Output: String - Map to Adapter Variable - Name is Return Variable
Input: String - Map to Adapter Variable - Name is objectType
Input: String - Map to Adapter Variable - Name is attrFieldName
5.2.5 Compile the Adapter
Follow the steps 5.1.5 to compile the dapter
5.3 Delete User
5.3.1.Create Adapter
Follow the step 5.1.1 to create the adapter.
5.3.2 Create Responses
Follow the steps 5.1.2 to create the responses.
5.3.3.Create Variable
Follow the steps 5.1.3 to create the variables.
5.3.4.Create Adapter Task
Follow the steps 5.1.4 to create the Adapter task. Choose Methods is deleteUser(String objectType)
Constructor Mapping
Input: String - Map to Adapter Variable - Name is itResourceColumnName
inpiut: long - Map to Adapter Variable - Name is processInstanceKey
input: com.thortech.xl.dataaccess.tcDataProvider - Map to Adapter References - Name is Database reference
Method Mapping
Output: String - Map to Adapter Variable - Name is Return Variable
Input: String - Map to Adapter Variable - Name is objectType
Follow the step 5.1.1 to create the adapter.
5.3.2 Create Responses
Follow the steps 5.1.2 to create the responses.
5.3.3.Create Variable
Follow the steps 5.1.3 to create the variables.
5.3.4.Create Adapter Task
Follow the steps 5.1.4 to create the Adapter task. Choose Methods is deleteUser(String objectType)
Constructor Mapping
Input: String - Map to Adapter Variable - Name is itResourceColumnName
inpiut: long - Map to Adapter Variable - Name is processInstanceKey
input: com.thortech.xl.dataaccess.tcDataProvider - Map to Adapter References - Name is Database reference
Method Mapping
Output: String - Map to Adapter Variable - Name is Return Variable
Input: String - Map to Adapter Variable - Name is objectType
5.3.5 Compile the Adapter
Follow the steps 5.1.5 to compile the dapter
5.4 Enable User
5.4.1.Create Adapter
Follow the step 5.1.1 to create the adapter.
5.4.2 Create Responses
Follow the steps 5.1.2 to create the responses.
5.4.3.Create Variable
Follow the steps 5.1.3 to create the variables.
5.4.4.Create Adapter Task
Follow the steps 5.1.4 to create the Adapter task. Choose Methods is enableObject(String objectType)
Constructor Mapping
Input: String - Map to Adapter Variable - Name is itResourceColumnName
inpiut: long - Map to Adapter Variable - Name is processInstanceKey
input: com.thortech.xl.dataaccess.tcDataProvider - Map to Adapter References - Name is Database reference
Method Mapping
Output: String - Map to Adapter Variable - Name is Return Variable
Input: String - Map to Adapter Variable - Name is objectType
Follow the step 5.1.1 to create the adapter.
5.4.2 Create Responses
Follow the steps 5.1.2 to create the responses.
5.4.3.Create Variable
Follow the steps 5.1.3 to create the variables.
5.4.4.Create Adapter Task
Follow the steps 5.1.4 to create the Adapter task. Choose Methods is enableObject(String objectType)
Constructor Mapping
Input: String - Map to Adapter Variable - Name is itResourceColumnName
inpiut: long - Map to Adapter Variable - Name is processInstanceKey
input: com.thortech.xl.dataaccess.tcDataProvider - Map to Adapter References - Name is Database reference
Method Mapping
Output: String - Map to Adapter Variable - Name is Return Variable
Input: String - Map to Adapter Variable - Name is objectType
5.4.5 Compile the Adapter
Follow the steps 5.1.5 to compile the adapter
5.4 Disable User
5.5.1.Create Adapter
Follow the step 5.1.1 to create the adapter.
5.5.2 Create Responses
Follow the steps 5.1.2 to create the responses.
5.5.3.Create Variable
Follow the steps 5.1.3 to create the variables.
5.5.4.Create Adapter Task
Follow the steps 5.1.4 to create the Adapter task. Choose Methods is disableUser(String objectType)
Constructor Mapping
Input: String - Map to Adapter Variable - Name is itResourceColumnName
inpiut: long - Map to Adapter Variable - Name is processInstanceKey
input: com.thortech.xl.dataaccess.tcDataProvider - Map to Adapter References - Name is Database reference
Method Mapping
Output: String - Map to Adapter Variable - Name is Return Variable
Input: String - Map to Adapter Variable - Name is objectType
Follow the step 5.1.1 to create the adapter.
5.5.2 Create Responses
Follow the steps 5.1.2 to create the responses.
5.5.3.Create Variable
Follow the steps 5.1.3 to create the variables.
5.5.4.Create Adapter Task
Follow the steps 5.1.4 to create the Adapter task. Choose Methods is disableUser(String objectType)
Constructor Mapping
Input: String - Map to Adapter Variable - Name is itResourceColumnName
inpiut: long - Map to Adapter Variable - Name is processInstanceKey
input: com.thortech.xl.dataaccess.tcDataProvider - Map to Adapter References - Name is Database reference
Method Mapping
Output: String - Map to Adapter Variable - Name is Return Variable
Input: String - Map to Adapter Variable - Name is objectType
5.5.5 Compile the Adapter
Follow the steps 5.1.5 to compile the adapter
6. Resource Object
Creating Resource Object
Click Resource Object --> Enter Object Definition Name, Select Type is Application, Select Allow multiple (Multiple Instances can be created), Allow All (Every one can be requested),Self Requested Allow (Request the resource using the self Service Option), and Off-line Provisioning Check boxes. Click Save and It will create the Resource Object.
7. Process Definition
Click Process Management --> Process Definition --> Enter Name, Type,Object Name, Table Name, Select Default Process, Auto Pre-populate, and Auto Save Form Check box. Click Save Button and it will display the following screen.
Tasks
The following tasks needs to be created for provisioning operations in the connector. They are
7.1 Create User
Create task is being used to provision the user into the target system.
7.1.1 Create User Task:
Click Add button in the Tasks Section and it will open the following screen.
Enter the Task Name is Create User, Task Description is Creating the User in target System, Select Required for Completion, Allow Cancellation while Pending, Allow multiple Instances, Enter Retry Period in minutes, and Retry Count. Click Save button.The configuration details are given below.
Task Integration
Click Integration tab and it will display the following screen.
Click Add button and It will display the following screen.
Select Adapter option and it will display the following screen.
The create user adapter name is dbicf_database_createuser. While you selecting this adapter in the process definition is adpDBICF_DATABASE_CREATEUSER.
Select Create User adapter is adpDBICF_DATABASE_CREATEUSER and it will
Click OK Button and It will display the following screen
Click Yes button and it will display the following screen.
Select Adapter return value and click Map button and It will display the following screen.
Select the Map To is Response Code and Click Save Button and Click Close button.
Select objectType and click Map button and It will display the following screen.
Select Map to is Literal,Qualifier is String, and Literal Value is User. Click Save and Close button.
Select processInstanceKey --> click Map button --> Select Map to Process Data and Qualifier is Process Instance. Click Save and Close button.
Select itResourceColumnName --> click Map button --> Select Map to Literal, Qualifier is String, and Literal value is UD_DBICF_USR_SERVER. Click Save and Close button. After configuring all the variables, the configuration is shown below.
Tasks Object Status Mapping
Click Object Status Mapping Tab --> Select Status C and Object Status is Provisioned and Click Save. The configuration as follows:
Click Save and Close Button.
Tasks Enable User
General Tab
Click Add button and Enter the following details in the general Section.
Task Name : Enable User
Description :
Select Task Properties like Conditional, Required Completion,Allow Cancellation while pending, Allow multiple instances, Enter Retry Period in minutes is 30 and Retry Count is 5.
Select Task Effect is Enable Process or Access to Application
The Configuration details are given below
Integration Tab
Click Integration Tab --> Add --> Select Adapter option --> Select adpDBICF_DATABASE_ENABLEUSER --> Click Save --> Click OK button --> Click Yes Button.
Mapping the Adapter Variable
Select Adapter return value --> click Map button --> Select Map to Response Code. Click Save and Close button.
Select objectType --> click Map button --> Select Map to Literal,Select Qualifier String, and
Literal Value is User. Click Save and Close button.
Select itResourceColumnName --> click Map button --> Select Map to Literal,Select Qualifier String, and Literal Value is UD_DBICF_USR_SERVER. Click Save and Close button.
Select processInstanceKey --> click Map button --> Select Map to Process Data and Qualifier is Process Instance. Click Save and Close button.
After Completing the Configuration as follows:
Click Object Status Mapping Tab --> Select Status C and Object Status is Enabled and Click Save. The configuration as follows:
Click Save and Close button. It will create the Enable User Task.
Tasks Disable User:
General Tab
Click Add button and Enter the following details in the general Section.
Task Name : Disable User
Description :
Select Task Properties like Conditional, Required Completion,Allow Cancellation while pending, Allow multiple instances, Enter Retry Period in minutes is 30 and Retry Count is 5.
Select Task Effect is Disable Process or Access to Application
The Configuration details are given below
Integration Tab
Click Integration Tab --> Add --> Select Adapter option --> Select adpDBICF_DATABASE_DISABLEUSER --> Click Save --> Click OK button --> Click Yes Button.
Mapping the Adapter Variable
Select Adapter return value --> click Map button --> Select Map to Response Code. Click Save and Close button.
Select objectType --> click Map button --> Select Map to Literal,Select Qualifier String, and
Literal Value is User. Click Save and Close button.
Select itResourceColumnName --> click Map button --> Select Map to Literal,Select Qualifier String, and Literal Value is UD_DBICF_USR_SERVER. Click Save and Close button.
Select processInstanceKey --> click Map button --> Select Map to Process Data and Qualifier is Process Instance. Click Save and Close button.
After Completing the Configuration as follows:
Click Object Status Mapping Tab --> Select Status C and Object Status is Disabled and Click Save. The configuration as follows:
Click Save and Close button. It will create the Disable User Task.
General Tab
Click Add button and Enter the following details in the general Section.
Task Name : Delete User
Description :
Select Task Properties like Conditional, Required Completion,Allow Cancellation while pending, Allow multiple instances, Enter Retry Period in minutes is 30 and Retry Count is 5.
Integration Tab
Click Integration Tab --> Add --> Select Adapter option --> Select adpDBICF_DATABASE_DISABLEUSER --> Click Save --> Click OK button --> Click Yes Button.
Mapping the Adapter Variable
Click Integration Tab --> Add --> Select Adapter option --> Select adpDBICF_DATABASE_DISABLEUSER --> Click Save --> Click OK button --> Click Yes Button.
Mapping the Adapter Variable
Select Adapter return value --> click Map button --> Select Map to Response Code. Click Save and Close button.
Select objectType --> click Map button --> Select Map to Literal,Select Qualifier String, and
Literal Value is User. Click Save and Close button.
Select itResourceColumnName --> click Map button --> Select Map to Literal,Select Qualifier String, and Literal Value is UD_DBICF_USR_SERVER. Click Save and Close button.
Select processInstanceKey --> click Map button --> Select Map to Process Data and Qualifier is Process Instance. Click Save and Close button.
After Completing the Configuration as follows:
Task Object Status Mapping
Click Object Status Mapping Tab --> Select Status C and Object Status is Revoked and Click Save. The configuration as follows:
Tasks User Login Updated:
Tasks Disable User:
General Tab
Click Add button and Enter the following details in the general Section.
Task Name : User Login Updated
Description : Updating the user login target resource
Select Task Properties like Conditional, Required Completion,Allow Cancellation while pending, Allow multiple instances, Enter Retry Period in minutes is 30 and Retry Count is 5.
The Configuration details are given below
Integration Tab
Click Integration Tab --> Add --> Select Adapter option --> Select adpDBICF_DATABASE_DISABLEUSER --> Click Save --> Click OK button --> Click Yes Button.
Mapping the Adapter Variable
General Tab
Click Add button and Enter the following details in the general Section.
Task Name : User Login Updated
Description : Updating the user login target resource
Select Task Properties like Conditional, Required Completion,Allow Cancellation while pending, Allow multiple instances, Enter Retry Period in minutes is 30 and Retry Count is 5.
The Configuration details are given below
Integration Tab
Click Integration Tab --> Add --> Select Adapter option --> Select adpDBICF_DATABASE_DISABLEUSER --> Click Save --> Click OK button --> Click Yes Button.
Mapping the Adapter Variable
Select Adapter return value --> click Map button --> Select Map to Response Code. Click Save and Close button.
Select objectType --> click Map button --> Select Map to Literal,Select Qualifier String, and
Literal Value is User. Click Save and Close button.
Select attrFieldName --> click Map button --> Select Map to Literal,Select Qualifier String, and Literal Value is USer Login. Click Save and Close button.
Select itResourceColumnName --> click Map button --> Select Map to Literal,Select Qualifier String, and Literal Value is UD_DBICF_USR_SERVER. Click Save and Close button.
Select processInstanceKey --> click Map button --> Select Map to Process Data and Qualifier is Process Instance. Click Save and Close button.
After Completing the Configuration as follows:
Repeat tasks User Login Updated steps for the following tasks.
Tasks First Name Updated
Tasks Last Name Updated
Tasks Middle Name Updated
Hello I read about some constants like __UID__ that are used in several connector examples, I understand that are a set of contants of the ICF, but I dont understand very well where or which class read the values and use it.
ReplyDeleteI´ve seen the javadoc about UID and Name classes of Oracle Identity Connector Framework but I dont see those contants, can you explain me the use of it and if you have a peper, document or tutorial where I can see all the contants like __UID__ used in ICF, please share it.
Thanks.
Regards.
Hi,
DeleteThe __UID__ constant value returned by UID.getName() method and also __NAME__ value returned by Name.getName() method. These constants are hard coded in the Uid and Name class as a attribute Name. Uid class used in the CreateApiOp interface create method return value. When ever you create a user using CreateApiOp interface, and you need to return a unique uid instance.
In my example I am creating the user in data base with auto generated id and I am returning theauto generated value in Uid class. This uid name mapped as a Unique ID=__UID__ in the provisioning look up map as "Lookup.dbcf.UM.ProvAttrMap".
The OIM ICF framework internally populate the __UID__ value into the Unqiue ID in to the process form after creating the user successfully in the target resource.
Please let me know if you need more inf.
Please refer ICF documentation here:
http://openicf.forgerock.org/connector-framework/apidocs/index.html.
Thanks for your reply, I have another question
ReplyDeleteWhat is the purpose of the following variables adapter:
1.- objectType
2.- processInstanceKey
3.- itResourceColumnName
I would also like to know if the constructor and methods use these data in ICProvisioningManager class, this is true?
Hi
ReplyDelete1. objectType is your object class defined in the ICF Jar. The object types are User, Group and Your custom Object Type. For example the custom Object Class Should be UserMailBox or UserMailUser
2. processInstanceKey is generated by OIM while provisioning the user and this key is unique across the account provisioning. This key is being used to update the __UID__ return value in the Process Form. In my example my unique id is Unique ID. This id is updated after provisioning the user successfully.
3. itResourceColumnName is being used to retrieve the IT Resource Key from the Process Form to create the ICF Config Object to establish the connectivity from OIM ICF Server to Target Resource and also create the ICF instance based on the bundle Name and it is configured in Lookup Configuration.
For my demonstration I have used default provisioning manager and it is a wrapper class for ICF Framework and that is developed by OIM team. You can create your own ICF wrapper using ICF API's and use it.
Please let me know if you need more info.
Hi, Do you know how to use the variables that are defined on some connectors as ${VARIABLES} in the lookup?
ReplyDeleteI didn't find anywhere how to use them.
Hi
ReplyDeletePlease can you explain more what your looking and I can help you after that
Thanks
IDMOIM
I think you will get it better with this image.
ReplyDeleteHow to use this kind of images.
https://drive.google.com/file/d/0B34Io8SIhWS4NDBraTIyVmxZazA/view?usp=sharing
Sorry, i mean kind of variables.
DeleteHi,
DeleteThe User ID and Container ID variables are defined in the provisioning attribute map lookup as a Lookup Code. Using these lookup variables to populate another variable while building provisioning map using the groovy scripts. In your image they were building the distinguished name using two variables such as User ID and Container ID. In groovy scripts, variables can be auto populated based on the object and the groovy variable name should be "variable_123". They were replacing lookup code name space with underscore. For example DN should be populated in to __NAME lookup code as follows:
__NAME__="uid=${User_ID},${Container ID}".
Another example is you can populate display name using First Name, Middle Name and Last Name with space separated as follows:
DisplayName="${First_Name} ${Middle_Name} ${Last_Name}"
The lookup code First Name and groovy name as "${First_Name}"
The lookup code Middle Name and groovy name as "${Middle_Name}"
The lookup code Last Name and groovy name as "${Last_Name}"
Note: This variable population only works in OIM ICF Connectors.
Please let me know if you need more assistance.
How to read lookip values in ICF code
ReplyDeletelookup values*
DeleteThis comment has been removed by the author.
ReplyDeleteI have a few questions on this. Are you still active here?
ReplyDeleteHi,
ReplyDeletePost your question and I will respond asap.
I have completed the setup till this page. There were some typos here but i have fixed them. When I go to the next page there are a few questions that I have. I will post them in next page.
ReplyDeleteHi there.
ReplyDeleteI've 2 different tables in my case, one for user creation and another one responsible for the give the user access on the system. How can I implement another table exclusively for user access in identity.dbconnector.domain package (UserProfile.java) ? Thanks in advance.
Hi,
ReplyDeleteThank you for posting valuable information about ICF connector development. I have followed all the steps and deployed the connector but facing below error while trying to provision user on target (database table).
Please help in resolving my issue.
Error triggered in OIM logs:
====================================================
[2017-05-12T08:35:35.620+05:30] [oim_server1] [ERROR] [] [ORACLE.IAM.CONNECTORS.ICFCOMMON.PROV.ICPROVISIONINGMANAGER] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 70cd304c0a93c1f8:-70ceede8:15bfa75a705:-8000-00000000000000c1,0] [APP: oim#11.1.2.0.0] [DSID: 0000LjuarKHF0Fo5GVDCif1P5HkI00000X] oracle.iam.connectors.icfcommon.prov.ICProvisioningManager : createObject : Error while creating user[[
oracle.iam.connectors.icfcommon.exceptions.IntegrationException: Connector ConnectorKey( bundleName=identitty connector bundleVersion=1.0 connectorName=identity.dbconnector.DataBaseIdentityConnector ) not found
at oracle.iam.connectors.icfcommon.ConnectorFactory.createConnectorFacade(ConnectorFactory.java:176)
at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.init(ICProvisioningManager.java:113)
at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.init(ICProvisioningManager.java:122)
at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.createObject(ICProvisioningManager.java:267)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImp...:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpDBICF_DATABASE_CREATEUSER.CREATEUSER(adpDBICF_DATABASE_CREATEUSE...:109)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpDBICF_DATABASE_CREATEUSER.implementation(adpDBICF_DATABASE_CREATEUSE...:54)
====================================================
Thank you,
Jagadeesh
How to read lookup values in ICF code
ReplyDeleteIs it correct to say UniqueID is auto-generatedd by OIM?
ReplyDeleteI have created a dbat connector but UniqueID required manual entry and Oracle support is suggesting to use pre-populate adapter with usr_key, which doesnot seem right to me at all.
What a fantabulous post this has been. Never seen this kind of useful post. I am grateful to you and expect more number of posts like these. Thank you very much. ICF Blocks
ReplyDelete