Pages

Monday, March 21, 2016

Disconnected Resource in PS3

Disconnected Resource

Disconnected resources are targets for which there is no connector. Therefore, the provisioning fulfillment for disconnected resources is not automated, but manual.
In earlier releases of Oracle Identity Manager, disconnected provisioning is not supported as a first class use case, it is supported by using manual tasks in the provisioning process. This approach has a number of limitations, which are taken care in Disconnected Resources model.
 In Oracle Identity Manager 11g Release 2 (11.1.2.3.0), disconnected resources are an enhanced configuration for manual provisioning that leverage SOA integration to provide higher flexibility and configurability of the manual provisioning workflow
Creating a Disconnected Application Instance
Log in to Oracle Identity System Administration















Create and activate a sandbox

  1.  Click on Sandbox and click on the Create link
  2.  Provide the details of Sandbox Name and Sandbox Description
  3.  By Default the activate Sandbox is checked
  4.  Save and Close



In the left pane, under Configuration, click Application Instances. The Application Instances page is displayed

When Click on Application Instance, it would display the below screen


From the Actions menu, select Create. Alternatively, click Create on the toolbar. The Create Application Instance page is displayed.



Enter the Name, Display Name, Description and check the Disconnected checkbox
Click Save, and then click OK on the information dialog box. The application instance is created, and the details of the application instance is displayed.


The UI form for the disconnected resource is automatically created and set, click Apply.



Publish the sandbox.




In addition to the application instance, in the back end, the following provisioning artifacts are automatically created
Resource Object Of Type Disconnected
IT Resource Type with following parameters
  1. Configuration Lookup
  2. Connector Server Name
  3. Identity Gateway Name         
IT resource of type definition
Parent process form with the following fields:
  • Account ID
  • Password
  • Account login
  • IT resource
Process definition with workflows for the following operations:
  • Provision Account
  • Enable Account
  • Disable Account
  • Revoke Account
  • Modify Account Attributes
Adapters
  • Manual Provisioning
  • Manual Entitlement Provisioning
From the System Administration UI, search for schedule job called "Catalog Synchronization Job" and execute it

The Application Instance available to request from catalog in the Identity Console

To cross check and request for self or other then click on Request Access
Make sure SOA Server is running and request the application instance




---Nagaraju Gorrepati

Sunday, March 20, 2016

Adding Custom UDF on Create User Page



When you create a UDF, it is created only in the back-end, and is not available in the page for use on which you want it to be displayed.

Note:
·        Adding a custom attribute is always in relation to one of the following entities: User, Organization, Role, or Catalog.
·        When catalog UDFs are customized to show in the first page of the Create Role wizard, they are also shown in the summary page of the wizard. But when role UDFs are customized to show in first page of the Create Role wizard, they are not shown in the summary page of the wizard. The summary page must be separately customized for these role UDFs to be displayed.

To display a UDF in a page in Oracle Identity Self Service


http://www.iamidm.com/2016/03/creating-custom-attribute-in-oim-ps3.html

Please follow the instructions in above link to create custom UDF on the entities User, Role, Catalog or Organization.

After adding a UDF through the User form, logout of both Oracle Identity System Administration and Oracle Identity Self Service, and then login again to be able to see the newly added UDF and use it for customization.

Adding UDF on Create User Form

     Log in to Oracle Identity Self Service as the system administrator

          Create and activate a sandbox
       To do so, Click on Create and Provide the sandbox name and Descrption
Click Manage. The Home tab displays the different Manage option. Click Users. The Manage Users page is displayed 
From the Actions menu, select Create. Alternatively, you can click Create on the toolbar. The Create User page is displayed with input fields for user profile attributes 

Click Customize at the upper right corner of the page to open Web Center Composer

Enter values for all mandatory fields


Select Structure tab
Select the section of the page on which you want to add the UDF 

In the Confirm Task Flow Edit dialog box, click Edit to confirm the edit task. The corresponding ADF component in the object tree is selected 
     Select the panelFormLayout component, and click the Add icon. The Add Content dialog 
     box is displayed.
     Click on Add icon and Add Content dialog box is displayed

Depending on the area or entity  the UDF is added then select the Data Component and View object

For User entity, given some Data Component and View Object



User
Create User
Data Component - Catalog
userVO

Modify User
Data Component - Catalog
userVO

Search Users
Data Component - Manage Users
UserVO1

View User Details
Data Component - Manage Users
UserVO1

My Information
Data Component - My Information
UserVO1

New User Registration
Data Component - User Registration
UserVO1


























    In this example, i am adding the custom attribute on Create User Form so i used Data 
     Component Catalog and ViewObect userVO


    Scroll to find the UDF that you added and click Add. If the UDF is not displayed, then refresh   the content by clicking the Refresh icon at the top right hand corner of the dialog box.
           Depending on the custom attribute that you created in creating Custom attributes section and the type of UDF that you want to display, select one of the following items from the menu:
For a UDF of Text or Number type:
a.      ADF Output Text
b.     ADF Output Text w/Label
c.      ADF Output Formatted
d.     ADF Output Formatted w/Label
e.      ADF Input Text
f.      ADF Input Text w/Label
g.     ADF Label
h.     ADF Readonly Input Text w/Label
i.       ADF Table Column
For a UDF of Checkbox type:
j.       ADF Select Boolean Checkbox
k.     ADF Table Column
For a UDF of Date type:
l.       ADF Input Date w/Label
m.   ADF Table Column
For a UDF of Lookup type:
n.     ADF Input List Of Value (select only for searchable PickList)  
o.     ADF Select One Choice (select only for non-searchable PickList; this option is not visible for a searchable PickList for which you must select ADF Input List of Value)
p.     ADF Table Column (select when adding a column within an af:table)
For example, if you have created a UDF of Text type, then select ADF Input Text w/Label
  Click Close to close the Add Content dialog box.
    
From the object tree on the Editing Page, select the UDF on the page, and click the Show properties icon. The Component Properties page is displayed.
On the Display Options tab:
  Select Auto Submit.
    If you have added the UDF on the user form, then in the Value Change Listener field, enter
         #{pageFlowScope.cartDetailStateBean.attributeValueChangedListener}.
If you have added the UDF on a form other than the user form, then copy the value of the Value Change Listener field from any of the existing fields on the form and paste it as the value of the Value Change Listener field for the newly added UDF
Here are some more properties that you can add based on requirement
 If you want to mark this attribute as mandatory, then change the Required and Show Required properties to true. To set the Show Required property, select the Show Required option. In the Required field, select Expression Editor, and in the Expression Editor field, enter the value as true.
 If you want to display this attribute as read-only, then select the checkbox for the Read Only property.
If you want to bind this attribute to a custom-managed bean method, then change the Value property.
The custom-managed bean method must include a call to the original method binding. For more information
   Click OK.
    Click Close to leave customization mode.
 It is recommended that you export the sandbox, in case if you intend to move the change from test to production environment. 
Publish the sandbox. For detailed instructions on publishing a sandbox,
Remove UDF 
To remove a UDF, you can use the customization mode to open the WebCenter Composer. In the customization mode, select the component or UDF that you want to remove, and then delete it or set the rendered property on that UDF to false.
----Nagaraju Gorrepati

Saturday, March 19, 2016

OIM ICF DBAT 11.1.1.6.0 Deployment in PS3

 Description

Certain companies have some database-driven custom applications. These applications do not have any APIs for identity administration. These companies want to manage the life cycle of users in these custom applications by using a centralized identity management system such as OIM. The DBAT connector is one of the solutions to this business problem. Companies can use this connector to enable the exchange of user data between the database and Oracle Identity Manager.

Recommendation
You can use one of the following releases of Oracle Identity Manager

 Oracle Identity Manager 11g Release 2 BP10 (11.1.2.0.10) and any later BP in this release trac
 Oracle Identity Manager 11g Release 2 PS1 (11.1.2.1.0) and any later BP in this release track
 Oracle Identity Manager 11g Release 2 PS2 (11.1.2.2.0) and any later BP in this release track
 Oracle Identity Manager 11g Release 2 PS3 (11.1.2.3.0)


 Generating the Connector
 
    Configuring the Groovy File
  1.  The DBAT connector is shipped with a groovy file named DBATConfiguration.groovy.
  2.  This file is located in the dbat-11.1.1.6.0/generator/dbat-generator-11.1.1.6.0 directory of the connector installation ZIP.
  3. You use the DBATConfiguration.groovy file to specify values for properties that can store basic information about your target system schema.
   This file is used by the DBAT Generator to perform the following tasks:
  1. ·        Discover the schema
  2. ·        Configure the mode (trusted source or target resource) in which you want to run the connector
  3. ·        Generate the connector package specific to your target system

\
 To configure the DBATConfiguration.groovy file

 Download the connector installation ZIP file from Oracle Technology Network


2.   Extract the contents of the connector installation ZIP to any directory on the computer hosting OIM. This creates a directory named dbat-11.1.1.6.0




3.     Extract the contents of the dbat-11.1.1.6.0/generator/dbat-generator-11.1.1.6.0.zip file to any directory. This creates a directory named dbat-generator-11.1.1.6.0



4.     In a text editor, open the DBATConfiguration.groovy file located in the dbat-generator-11.1.1.6.0/resources directory.


In this example, I am using this connector for trsuted reconcillation so the properties of the groovy file is described below

Entries in the Predefined Sections

itResourceDefName – DBAT Trusted
This is a mandatory entry. Enter the name of the IT resource type for the target system. Note that the value that you specify for this entry determines the name of the connector package, connector configuration file, and connector installer file. For example, if you specify DBAT as the value of this entry, then the name of the connector package directory is DBAT.zip
a.      trusted - for configuring your target system as a trusted source.
b.     target - for configuring your target system as a target resource.


trusted {
    itResourceDefName='DBAT Trusted' // DBAT is a name of the package
    itResourceName="dbat" //the same as itResourceDefName
    trusted=true
    bundleJar='../lib/org.identityconnectors.databasetable-1.2.2.jar'
    config = [
        'table' : 'PERSONS',
        'keyColumn' : 'USERLOGIN',
        'passwordColumn' : 'Password',
        'user' : 'DEV_OIM',//Enter the database User details
                'jdbcUrlTemplate' : 'jdbc:oracle:thin:@192.168.0.9:1522:orcl',
        'jdbcDriver': 'oracle.jdbc.driver.OracleDriver',
        'statusColumn':'STATUS',
        'enableValue':'Enabled',
        'disableValue':'Disabled',
     'database':'dbat',
    'host':'192.168.0.9',
    'port':'1522'
    ]

   
    alias = ['__UID__':'User Login', '__NAME__':'Last Name', 'Organization':'Organization Name', 'Xellerate Type':'Xellerate Type', '__ENABLE__':'Status', 'Role':'Role']

}

This is how the target schema looks like


5.Save and close the DBATConfiguration.groovy file
Discovering the Schema and Generating the Connector
1.     After configuring the DBATConfiguration.groovy file, you must run the DBAT Generator to discover the schema and generate the connector package.

2.     The DBAT Generator is the DBATGenerator.cmd or DBATGenerator.sh file that is located in the dbat-generator-11.1.1.6.0/bin directory



3.     In a command window, change to the dbat-generator-RELEASE_NUMBER/bin directory (for example, dbat-generator-11.1.1.6.0/bin) and run one of the following commands depending on the operating system that you are using:

                          For Microsoft Windows

DBATGenerator.cmd CONFIG_FILE CONFIG_NAME

For UNIX

DBATGenerator.sh CONFIG_FILE CONFIG_NAME

In this command, replace:

  1. ·        CONFIG_FILE with the absolute or relative path name of the DBATConfiguration.groovy file.
  2. ·        CONFIG_NAME with the name of the configuration within the DBATConfiguration.groovy file, being used for the target system. The predefined configurations within this file are trusted and target. You can create additional custom configurations with different names depending on your requirements.


The following is a sample command:

DBATGenerator.cmd ..\resources\DBATConfiguration.groovy trusted

In this command, "target" denotes the name of the section in the DBATConfiguration.groovy file for which values have been specified. In other words, the connector is being configured as a target resource.



4.   When prompted, enter a value for User Password, which is the password of the database user account that Oracle Identity Manager must use to connect to the target system
The above command generate the jar file based on itResourceDefName in DBATConfiguration.groovy
Here is output that generate the Connector based on information in Groovy File.




Understanding the Generated Connector Package

The connector package is a ZIP file that is generated in the /dbat-generator-RELEASE_NUMBER directory.
For example, I have specified DBAT Trusted as the value of the itResourceDefName entry in the DBATConfiguration.groovy file, then the connector package ZIP (DBAT Trusted.zip) file is generated in the /dbat-generator-11.1.1.6.0/directory. The directory structure of the connector package is as follows:

CONNECTOR_PACKAGE/
         bundle/
                  org.identityconnectors.databasetable-1.2.2.jar
         configuration/
                  IT_RES_DEF-CI.xml
         dataset/
         resources/
                  dbat-generator.properties
         xml/
                  IT_RES_DEF-ConnectorConfig.xml
In this directory structure:
·        CONNECTOR_PACKAGE is replaced with the name of the IT resource definition specified as the value of the itResourceDefName entry in the DBATConfiguration.groovy file.
·        IT_RES_DEF is replace with the name of the IT resource definition specified as the value of the itResourceDefName entry in the DBATConfiguration.groovy file.
The following behavior is observed after generation of the connector configuration XML file:
·      The length of a field (column) from the target system is not fetched into the process form. Therefore, except for the Unique ID and Password fields, the length of all other data fields (of the String data type) on the process form is always set to 255 characters. The length of the Unique ID and Password fields is set to 40 characters.
·        All columns in a database table that are not null are displayed as mandatory process form fields in Oracle Identity Manager.

Installing and Configuring the Connector

You must install the connector package (generated after running the DBAT Generator) by running the connector installer. To do so:

    Copy the unzipped connector package generated through DBAT Generator into following directory
OIM_HOME/server/ConnectorDefaultDirectory




Extract the DBAT Trusted.zip file using unzip command
Unzip DBAT Trsuted.zip



Create a directory in OIM_HOME/ConnectorDefaultDirectory/targetsystems-lib with the same name as the installer package. For example:
OIM_HOME/server/ConnectorDefaultDirectory/targetsystems-lib/dbat-11.1.1.6.0
Copy the jdbc driver to above directory and in my scenario, it is ojdbc6.jar


Log in to Oracle Identity System Administration


Click on the Manager Connector in Provisioning Configuration




Click install



Select the Connector from List of Connectors in the Connector Default Directory. In this example, the connector I created is DBAT Trusted Connector 11.1.1.6.0



Select the Connector and click on Load


Click on Continue then
Install the connector will get started  

If all the configuration is correct then it would install successfully


Configuring the IT Resource for the Target System



When you run the DBAT Generator, the IT resource corresponding to this connector is automatically created in Oracle Identity Manager. You must specify values for the parameters of this IT resource as follows:
  1. Log in to Oracle Identity System Administration.
  2. In the left pane, under Configuration, click IT Resource.


  1. In the IT Resource Name field on the Manage IT Resource page, enter the name of the IT resource, and then click Search. The name of the IT resource is the value of the itResourceName property in the DBATConfiguration.groovy file.


  1. Click the edit icon for the IT resource.
  2. From the list at the top of the page, select Details and Parameters.


Note

If there is any changes to the connection details that you mentioned in the Groovy file when creating the Connector then only configuring the IT Resource for the Target System is needed



Run the Trusted Recon Scheduler



Check the Event in the Event Management




If the Above Configuration followed with out missing single step then User will get reconcilled from the trusted source to OIM

Nagaraju Gorrepati