Integrating Oracle Role Manager and Oracle Identity Manager

Purpose

This OBE tutorial describes and shows you how to integrate Oracle Role Manager and Oracle Identity Manager. This process involves:

  • Installing the Oracle Role Manager Integration Library (Integration Library). The Integration Library contains files used to integrate Oracle Role Manager and Oracle Identity Manager.
  • Configuring Oracle Role Manager and Oracle Identity Manager to integrate the products with each other
  • Configuring JBoss Application Server, the application server used with both Oracle Role Manager and Oracle Identity Manager
  • Testing the Integration Library to verify Oracle Role Manager and Oracle Identity Manager can be integrated with each other

 

Time to Complete

Approximately 2 hours

 

Topics

This OBE tutorial covers the following topics:

 Overview
 Scenario
 Prerequisites
 Installing the Oracle Role Manager Integration Library (Integration Library)
 Configuring Oracle Role Manager
 Configuring Oracle Identity Manager
 Configuring JBoss Application Server
 Testing the Integration Library
 Summary
 Related Information

 

Viewing Screenshots

 Place the cursor over this icon to load and view all the screenshots for this tutorial. (Caution: Because this action loads all screenshots simultaneously, response time may be slow depending on your Internet connection.)

Note: Alternatively, you can place the cursor over each individual icon in the following steps to load and view only the screenshot associated with that step.

The screenshots will not reflect the specific environment you are using. They are provided to give you an idea of where to locate specific functionality in Oracle Identity Manager.

 

Overview

Oracle Identity Manager

Oracle Identity Manager is a component of the suite of Oracle Identity and Access Management products. It administers and selectively automates tasks to manage user access privileges across a company’s resources throughout the identity management life cycle. Specifically, Oracle Identity Manager handles tasks for creating user access privileges, modifying these privileges dynamically (based on changes to user and business requirements), and removing user access privileges. As a result, Oracle Identity Manager handles user identity information across multiple identity data stores to maintain data accuracy.

Features and benefits of Oracle Identity Manager include identity and role administration (user and group management, self-service functionalities for users, and delegated administration), provisioning (approval and request management, and configurable workflow models), policy-based entitlements, reconciliation, and attestation support (for audit, regulatory, and compliance purposes).


Oracle Role Manager

Oracle Role Manager is an enterprise-class application for managing business and organizational relationships, roles, and entitlements. An authoritative source for role life-cycle management, it drives automation of role-based provisioning and access control across the IT infrastructure.

Features and benefits of Oracle Role Manager include role and rule mining (importing existing data about users, resources, and entitlements to discover candidate roles and membership policies), a context-aware, polyarchy-enabled role engine (traversing relationships between users and organizations to derive accurate, real-time role memberships), an authoritative role and entitlement repository (supplying trusted entitlement data to enterprise systems), a configurable and extensible role and relationship model (modeling enterprise structures and relationships, and provide tools for customizing the user interface), and role delegation (delegating user access and privileges easily without violating existing business policies).

Back to Topic List

 

Scenario

Linda is a network administrator for Mydo Main Corporation. In Mydo Main, she is responsible for managing business and organizational relationships, roles, and entitlements to resources for users within the company. To perform these tasks, she must use Oracle Role Manager and Oracle Identity Manager.

To enable Oracle Role Manager to function with Oracle Identity Manager, Linda must install and configure the Oracle Role Manager Integration Library (Integration Library). The Integration Library contains files used to integrate Oracle Role Manager and Oracle Identity Manager.

By integrating Oracle Role Manager and Oracle Identity Manager, Linda can manage roles and role life-cycle events in Oracle Role Manager to drive provisioning in Oracle Identity Manager. This ensures entitlements are provided for the correct users across the infrastructure of Mydo Main.

Back to Topic List

 

Prerequisites

Before starting this tutorial, you should:

1.

Complete the OBE titled Installing, Configuring, and Launching Oracle Identity Manager.

2.

Complete the OBE titled Installing, Configuring, and Launching Oracle Role Manager.

Important: For this OBE, JBoss is the application server associated with both Oracle Identity Manager and Oracle Role Manager. For more information about configuring JBoss Application Server to function with these products, refer to the Oracle Identity Manager Installation and Configuration Guide for JBoss Application Server and the Oracle Role Manager Installation Guide.

 

Back to Topic List

 

Installing the Oracle Role Manager Integration Library (Integration Library)

Linda is ready to install the Oracle Role Manager Integration Library (Integration Library). The Integration Library contains files used to integrate Oracle Role Manager and Oracle Identity Manager.

To install the Integration Library, perform the following steps:

1.

Within the root directory of the computer that houses Oracle Identity Manager, create the ORMINT_HOME subdirectory.

Note: The ORMINT_HOME subdirectory is the base installation directory for the Integration Library.

 

2.

Copy the ORMIntegration_OIM.zip file.

3.

Paste this file into the ORMINT_HOME subdirectory.

 

4.

Extract the contents of the ORMIntegration_OIM.zip file into the ORMINT_HOME subdirectory.

 

5.

Copy the OIM-IntegrationSupport.jar file, which resides in the ORMINT_HOME\oimlib directory.

6.

Paste this file into the OIM91_server\xellerate\EventHandlers directory.

Note: The OIM-IntegrationSupport.jar file contains class files that support the underlying framework of the integration between Oracle Role Manager and Oracle Identity Manager.

 

7.

Copy the OIM-Integration.jar and OIM-IntegrationSupport.jar files, which reside in the ORMINT_HOME\oimlib directory.

8.

Copy the server_api_14.jar file, located in the ORMINT_HOME\lib directory.

9.

Paste these files into the OIM91_server\xellerate\JavaTasks directory.

Note: The OIM-Integration.jar file contains class files for handling approval role resolution between roles in Oracle Role Manager and user groups in Oracle Identity Manager. The server_api_14.jar file contains library files. These library files are required to integrate Oracle Role Manager and Oracle Identity Manager.

 

10.

Copy the ScheduledFullUserReconciliation.class, ScheduledIntegrationTask.class, ScheduledRoleReconciliation.class, and ScheduledUserReconciliation.class files, which reside in the ORMINT_HOME\oimlib directory.

11.

Paste these files into the OIM91_server\xellerate\ScheduleTask directory.

Note: The ScheduledFullUserReconciliation.class file enables user accounts to be reconciled between Oracle Role Manager and Oracle Identity Manager. The ScheduledIntegrationTask.class file is the base scheduled task used by other Oracle Role Manager scheduled tasks in Oracle Identity Manager. The ScheduledRoleReconciliation.class file synchronizes roles in Oracle Role Manager with groups in Oracle Identity Manager. The ScheduledUserReconciliation.class file sends Oracle Identity Manager user records to Oracle Role Manager.

Linda installed the Integration Library. She is ready to configure Oracle Role Manager to integrate it with Oracle Identity Manager.

 

 

Back to Topic List

 

Configuring Oracle Role Manager

In the previous section of this OBE, Linda installed the Integration Library. The Integration Library contains files used to integrate Oracle Role Manager and Oracle Identity Manager.

Linda is ready to configure Oracle Role Manager to integrate it with Oracle Identity Manager. To configure Oracle Role Manager, Linda must complete the following actions:

  1. Deploy integration library model files into Oracle Role Manager. Oracle Role Manager requires these files to integrate with Oracle Identity Manager.
  2. Load a data file for the oimSystem account into Oracle Role Manager. oimSystem is a system administrator account for Oracle Identity Manager in Oracle Role Manager. Oracle Role Manager requires this account to integrate with Oracle Identity Manager.
  3. Configure the Integration Library by:
    • Pointing the library to the home directory for Oracle Identity Manager Server. As a result, values specific to Oracle Identity Manager (for example, active or deleted) are interpreted properly when sent to Oracle Role Manager.
    • Disabling encryption for the library (for performance reasons). As a result, Oracle Role Manager does not have to authenticate the oimSystem account when sending messages from Oracle Identity Manager to Oracle Role Manager.

The following sections illustrate how to configure Oracle Role Manager to integrate it with Oracle Identity Manager.

 

Deploy Integration Library Model Files

Linda is ready to deploy Integration Library model files into Oracle Role Manager. A model file is an XML file that extends the functionalities and capabilities of objects in a data model. For example, Linda can add attributes to existing objects in the data model, or add domains, object types, relationships, or hierarchies to new objects in the data model.

Oracle Role Manager requires Integration Library model files to integrate with Oracle Identity Manager. These model files include:

To deploy Integration Library model files into Oracle Role Manager, perform the following steps:

1.

If JBoss Application Server is running, stop it. To do so, make the computer that houses the Oracle Role Manager application active. Close the DOS window that contains the application server's run.bat file.

Linda is ready to transfer three files from the computer that houses Oracle Identity Manager to the computer that contains Oracle Role Manager. The three files are oim_systemIdentity.car , oim_systemIdentity.dar, and oim_integration.car file.

Information in the oim_systemIdentity.car and oim_systemIdentity.dar files is used to create oimSystem, a system administrator account for Oracle Identity Manager in Oracle Role Manager. Oracle Role Manager requires this account to integrate with Oracle Identity Manager.

The oim_integration.car file contains configuration files for the Integration Library. These configuration files affect the behavior of the library.

 

2.

Use the following table to transfer the oim_systemIdentity.car , oim_systemIdentity.dar, and oim_integration.car files:

File Source Directory Target Directory
oim_systemIdentity.car C:\ORMINT_HOME\config C:\ORMHome_2009\config
oim_systemIdentity.dar C:\ORMINT_HOME\config C:\ORMHome_2009\config
oim_integration.car C:\ORMINT_HOME\config C:\ORMHome_2009\config

Note: The C:\ORMINT_HOME\config directory is located on the computer that houses Oracle Identity Manager. The C:\ORMHome_2009\config directory can be found on the computer that contains Oracle Role Manager.

Linda is ready to create the oimSystemProps.txt text file. This file contains properties associated with the system administrator account for Oracle Identity Manager in Oracle Role Manager (the oimSystem account). Oracle Role Manager requires this account to integrate with Oracle Identity Manager.

 

3.

Within the C:\ORMHome_2009\config directory of the computer that contains Oracle Role Manager, use a text editor to create the oimSystemProps.txt text file. Enter the following lines of code into this file:

displayName= oimSystem
status = active
description = The System Identity used by the Integration Library for OIM

 

4.

Save and close the oimSystemProps.txt file.

 

5.

Open a DOS window. Navigate to the directory that contains the utility Linda is to use to deploy the oim_systemIdentity.car, oim_systemIdentity.dar, and oim_integration.car files into Oracle Role Manager. For this OBE, the utility is located in the C:\ORMHome_2009\bin directory.

 

6.

Enter the following command to deploy the three files into Oracle Role Manager and create the Oracle Role Manager administrator (and press Enter):

deploy.bat "..\config\oim_systemIdentity.car;..\config\oim_systemIdentity.dar;
..\config\oim_integration.car" dbowner1 appuser1 admin1

Note: dbowner1 , appuser1 , and admin1 are names of the Oracle Role Manager database owner, application user, and system administrator accounts. Linda created these accounts in the OBE titled Installing, Configuring, and Launching Oracle Role Manager.

Linda is ready to enter passwords for the Oracle Role Manager database owner, application user, and system administrator accounts (for verification purposes).

 

7.

Use the following table to enter passwords for the database owner, application user, and system administrator accounts (and press Enter):

Prompt Password
Database owner password dead_line1
Application user password dead_line1
Admin user password dead_line1

Note: dead_line1 is the password for all three administrator accounts. This password is hidden for security purposes.

The deployment utility runs and performs the following actions:

  • It creates the oimSystem account.
  • It imports the oim_systemIdentity.car, oim_systemIdentity.dar, and oim_integration.car files into Oracle Role Manager.

Linda deployed Integration Library model files into Oracle Role Manager. She is ready to import a data file for the oimSystem account into Oracle Role Manager. By doing so, Oracle Role Manager uses data in this file to create relationships the oimSystem account requires to be functional.

 

 

Load a Data File for the oimSystem Account

In the previous section of this OBE, Linda created the oimSystem administrator account. Oracle Role Manager uses this account to integrate with Oracle Identity Manager.

However, the oimSystem account is not functional until the organizational, role, and entitlement relationships it requires are created. To create these relationships, Linda must import a data file into Oracle Role Manager. She performs this action by using the Oracle Role Manager Administrative Console.

Note: For more information about the Oracle Role Manager Administrative Console, refer to the OBE titled Creating an Approver Role in Oracle Role Manager.

To load a data file for the oimSystem account, perform the following steps:

1.

Start JBoss Application Server for the computer that houses Oracle Role Manager.

Note: For more information about launching this application server, refer to the OBE titled Installing, Configuring, and Launching Oracle Role Manager.

 

2.

Open a Microsoft Internet Explorer Web browser. In the Address field, enter the following:

  • localhost (Oracle Database, JBoss Application Server, and Oracle Role Manager reside on the same computer.)
  • 8086 (the port number for JBoss Application Server)
  • ormconsole (a literal that is case-sensitive)

As a result, the URL should have the following naming convention:

http://localhost:8086/ormconsole

 

3.

Populate the fields of the Oracle Role Manager login page, as follows (and click Log In):

Field Value
User ID admin1
Password dead_line1

Note: The login credentials Linda enters are for the Oracle Role Manager system administrator. She created this account when she installed Oracle Role Manager. Also, the password is encrypted for security purposes.

 

4.

On the Home page of the Oracle Role Manager Administrative Console, click Upload.

 

5.

On the Upload panel, click Browse.

 

6.

Navigate to the C:\ORMHome_2009\config directory, and select the oim_systemIdentity.dar file. Click Open.

 

7.

Click Load.

The contents of the oim_systemIdentity.dar file are imported into Oracle Role Manager. This file contains data Oracle Role Manager uses to create relationships for the oimSystem account. The account requires these relationships to be functional.

Linda is ready to configure the Integration Library to point to the home directory for Oracle Identity Manager Server. As a result, values specific to Oracle Identity Manager (for example, active or deleted) are interpreted properly when sent to Oracle Role Manager. Then, for performance reasons, she is to disable encryption for the Integration Library.

 

 

Configure the Integration Library

Linda is ready to configure the Integration Library to point to the home directory for Oracle Identity Manager Server. By doing so, values specific to Oracle Identity Manager (for example, active or deleted) are interpreted properly when sent to Oracle Role Manager.

Then, she is to disable encryption for the Integration Library (for performance reasons). As a result, Oracle Role Manager does not have to authenticate the oimSystem account when sending messages from Oracle Identity Manager to Oracle Role Manager.

To configure the Integration Library, perform the following steps:

1.

Using a text editor, open the IMConfig.xml file, found in the C:\ORMINT_HOME\config directory of the computer that contains Oracle Identity Manager.

Note: The IMConfig.xml file contains values specific to Oracle Identity Manager that must be interpreted properly when sent to Oracle Role Manager.

 

2.

Locate the following piece of code:

<string>c:\\OIM</string>

 

3.

Replace the c:\\OIM value with the full path to the home directory for Oracle Identity Manager Server (for this OBE, C:\\OIM91_server).

Note: By pointing the Integration Library to the home directory for Oracle Identity Manager Server, values specific to Oracle Identity Manager (for example, active or deleted) are interpreted properly when sent to Oracle Role Manager.

Linda is ready to disable encryption for the Integration Library (for performance reasons).

 

4.

Locate the following piece of code:

<id>ormEncrypt</id><boolean>true</boolean>

 

5.

Replace the true value with a false value.

Note: By changing this value (from true to false), Linda disables the encryption setting for the Integration Library. As a result, Oracle Role Manager does not have to authenticate the oimSystem account when sending messages from Oracle Identity Manager to Oracle Role Manager.

 

6.

Save and close the IMConfig.xml file.

In this section of this OBE, Linda configured Oracle Role Manager to integrate it with Oracle Identity Manager. She is ready to configure Oracle Identity Manager to integrate it with Oracle Role Manager.

 

 

Back to Topic List

 

Configuring Oracle Identity Manager

In the previous section of this OBE, Linda configured Oracle Role Manager to integrate it with Oracle Identity Manager. She is ready to configure Oracle Identity Manager to integrate it with Oracle Role Manager.

To configure Oracle Identity Manager, Linda must complete the following actions:

  1. Create an account for ormSystem, the Oracle Role Manager system administrator in Oracle Identity Manager. This administrator receives messages from Oracle Role Manager to add, modify, or delete user groups in Oracle Identity Manager.
  2. Create a group for the ormSystem administrator account, and assign the administrator to the group. By being a member of this group, the ormSystem administrator receives messages whenever a user group is created, modified, or deleted in Oracle Role Manager.
  3. Import a file from the Integration Library into Oracle Identity Manager. The ormoimBase.xml file contains information Oracle Identity Manager requires to integrate with Oracle Role Manager.
  4. Define a system property in Oracle Identity Manager. By doing so, Oracle Identity Manager can access software files contained in the Integration Library.
  5. Define an IT resource in Oracle Identity Manager. An IT resource is a virtual representation of Oracle Role Manager. It provides descriptive information about the resource and contains values Oracle Identity Manager requires to:
    • Communicate with the resource
    • Access it as a system administrator (for provisioning or reconciliation purposes).

The following sections illustrate how to configure Oracle Identity Manager to integrate it with Oracle Role Manager.

 

Create the Oracle Role Manager System Administrator

Linda is ready to create an account for ormSystem, the Oracle Role Manager system administrator in Oracle Identity Manager. This administrator receives messages from Oracle Role Manager to add, modify, or delete user groups in Oracle Identity Manager.

To create an account for the Oracle Role Manager system administrator in Oracle Identity Manager, perform the following steps:

1.

Start Oracle Identity Manager Server, and the Administrative and User Console.

Important: For more information about starting Oracle Identity Manager Server, and the Administrative and User Console, refer to the OBE titled Installing, Configuring, and Launching Oracle Identity Manager.

 

2.

Populate fields of the Oracle Identity Manager Administrative and User Console login page, as follows (and click Login):

Field Value
User ID xelsysadm
Password abcd1234

 

3.

Open the Create User form (found in the Users folder of the Oracle Identity Manager Explorer).

 

4.

Populate fields of the Create User form, as follows:

Field Value
User ID ormSystem
First Name ORM
Last Name User
Organization Xellerate Users
User Type End-User Administrator
Employee Type Full-Time Employee
Email Address ormSystem@oracle.com
Password ormSystem
Confirm Password ormSystem

Important: ormSystem is the user ID for the Oracle Role Manager system administrator. This ID must not be changed.

Note: The password is encrypted for security purposes.

 

5.

Click Create User.

The User Detail form appears.

Note: The Status field is set to Active and the current date appears in the Provisioned Date field.

Linda created an account for ormSystem, the Oracle Role Manager system administrator in Oracle Identity Manager. This administrator receives messages from Oracle Role Manager to add, modify, or delete user groups in Oracle Identity Manager.

She is ready to assign this administrator to a group reserved for Oracle Role Manager users. By being a member of this group, the user receives messages whenever a user group is created, modified, or deleted in Oracle Role Manager.

 

 

Create and Assign an Administrator Group

In the previous section of this OBE, Linda created an account for ormSystem, the Oracle Role Manager system administrator in Oracle Identity Manager. She is ready to create a user group reserved for Oracle Role Manager users. A user group is a collection of users who share some common functionality, such as access rights, roles, or permissions for resources. With user groups, administrators manage privileges and access rights of resources for large numbers of users.

After Linda creates the user group, Linda is to assign the ormSystem administrator to it. By being a member of this group, the administrator receives messages whenever a user group is created, modified, or deleted in Oracle Role Manager.

To create a user group and assign the ormSystem account to it, perform the following steps:

1.

Open the Create User Group form (found in the User Groups folder of the Oracle Identity Manager Explorer).

 

2.

Enter ormSystem in the Group Name field.

Important: ormSystem is the ID of the group to which Linda is to assign the ormSystem account. This ID must not be changed.

 

3.

Click Create.

The Group Details form appears.

Linda created the ormSystem group. She is ready to assign the ormSystem administrator account to this group.

 

4.

Select the Member and Sub-Groups item from the drop-down list in the Group Details form.

 

5.

On the Members And Sub-Groups form, click Assign Users.

Note: Make sure the All Directs option is selected before clicking Assign Users.

 

6.

On the Search Member Users form, select User ID from the drop-down list. In the text box to the right of this list, enter ormSystem (the ID of the administrator whom you want to assign to the ormSystem group). Click Search Users.

 

7.

From the result set, select the Assign check box (which appears to the right of the ormSystem user ID). Click Assign.

 

8.

On the Confirmation form, click Confirm Assign.

The Members And Sub-Groups form appears.

The ormSystem administrator is assigned to the ormSystem group.

Linda created a record for the ormSystem administrator in Oracle Identity Manager and assigned this administrator to a group reserved for Oracle Role Manager users (the ormSystem group). By being a member of this group, the administrator receives messages whenever a user group is created, modified, or deleted in Oracle Role Manager.

Linda is ready to import a configuration file from the Integration Library into Oracle Identity Manager. Oracle Identity Manager requires this file to integrate with Oracle Role Manager.

 

 

Import a Library File

Linda is ready to import a file from the Integration Library (the ormoimBase.xml file) into Oracle Identity Manager. This file contains information Oracle Identity Manager requires to integrate with Oracle Role Manager.

To import the ormoimBase.xml file into Oracle Identity Manager, perform the following steps:

1.

Open the Import form (found in the Deployment Management folder of the Oracle Identity Manager Explorer).

Note: If a Popup Blocker message appears, enable pop-ups for the Web browser.

 

2.

On the Warning – Security window, click Yes.

 

3.

On the “Select a file for import” window, select the folder path where the file to be imported resides, along with the name of the XML file (and click Open). For this OBE, Linda selects the ormoimBase.xml file, found in the C:\ORMINT_HOME\config directory.

Note: The ormoimBase.xml file contains information Oracle Identity Manager requires to integrate with Oracle Role Manager.

 

4.

On the Deployment Manager window, click Add File.

 

5.

On the Deployment Manager – Import window, click Next.

 

6.

On the Confirmation window, click Next.

 

7.

On the Deployment Manager window, click Skip.

 

8.

On the Deployment Manager window, click Skip.

Note: In the section of this OBE titled Define an IT Resource, Linda specifies values Oracle Identity Manager uses to access Oracle Role Manager as an administrator for provisioning and reconciliation purposes. Therefore, she does not provide parameter values for either Deployment Manager window at this time.

 

9.

On the Confirmation window, click View Selections.

 

10.

On the Deployment Manager – Import window, click Import.

 

11.

On the Confirmation window, click Import.

 

12.

On the Success window, click OK.

Note: The Success window indicates Linda imported the ormoimBase.xml file properly into Oracle Identity Manager. By doing so, she also imported data Oracle Identity Manager requires to integrate with Oracle Role Manager.

Linda is ready to define a system property in Oracle Identity Manager. As a result, Oracle Identity Manager can access software files contained in the Integration Library.

 

 

Define a System Property

Linda is ready to define a system property in Oracle Identity Manager. By doing so, Oracle Identity Manager can access software files contained in the Integration Library.

To define a system property in Oracle Identity Manager, perform the following steps:

1.

Start the Oracle Identity Manager Design Console.

Important: For more information about launching this console, refer to the OBE titled Installing, Configuring, and Launching Oracle Identity Manager.

 

2.

Populate fields of the Oracle Identity Manager Design Console login window, as follows (and click Login):

Field Value
User ID xelsysadm
Password abcd1234

The Oracle Identity Manager Design Console appears:

 

3.

Open the System Configuration form (found in the Administration folder of the Oracle Identity Manager Explorer).

 

4.

Use the following table to populate the System Configuration form:

Field Value
Server option [selected]
Name ORMITResourceName
Keyword XL.ORMITResourceName
Value ORM ITResource

Note: By defining this system property, Oracle Identity Manager can use the IT resource type definition Linda imported to access software files contained in the Integration Library. Linda imported this IT resource type definition in the section of this OBE titled Import a Library File.

When defining the system property, Linda selects the Server option because the property is to be associated with Oracle Identity Manager Server. ORMITResourceName is the name of the system property, XL.ORMITResourceName is the property's unique ID, and ORM ITResource is the value for this instance of the property definition. Also, values for this system property are case-sensitive.

 

5.

Click Save.

Oracle Identity Manager generates a unique identification number for the ORMITResourceName system property and populates the Key field with it.

Linda defined a system property in Oracle Identity Manager. She is ready to define an IT resource for Oracle Role Manager in Oracle Identity Manager. An IT resource is a virtual representation of Oracle Role Manager. It provides descriptive information about the resource and contains values Oracle Identity Manager requires to:

  • Communicate with the resource
  • Access it as a system administrator (for provisioning or reconciliation purposes)

 

 

Define an IT Resource

In the section of this OBE titled Import a Library File, Linda imported the ormoimBase.xml file into Oracle Identity Manager. By doing so, she transferred an IT resource type definition for Oracle Role Manager into Oracle Identity Manager. This record contains information about the classification type, parameter fields, and encryption settings associated with Oracle Role Manager.

However, because an IT resource contains administrative credentials Oracle Identity Manager requires to communicate with a specific instance of Oracle Role Manager for provisioning or reconciliation purposes, Linda must create this definition.

To define an IT resource for Oracle Role Manager in Oracle Identity Manager, perform the following steps:

1.

Open the IT Resources form (found in the Resource Management folder of the Oracle Identity Manager Explorer).

 

2.

Enter ORM ITResource in the Name field. Click Query.

Parameters and default values for the IT resource of Oracle Role Manager appear. Linda imported these parameters and values when she imported the ormoimBase.xml file in the section of this OBE titled Import a Library File.

Default parameters and values for the IT resource include:

Parameter Value
initialContextFactory org.jnp.interfaces.NamingContextFactory
ormJMSConnectionFactory external/srqueues/QueueConnectionFactory
ormJMSQueue external/srqueues/orm/IncomingEventQueue
ormServerJNDI external/srserver/ServerEJB

Note: The initialContextFactory parameter contains a value for a factory class. This factory class creates contexts for resolving URL strings. The ormJMSConnectionFactory parameter contains a value for an interface. This interface is an administered object Oracle Role Manager uses to create a connection to a Java Message Service (JMS) provider. The ormJMSQueue parameter contains a value for a JMS queue. This queue is a staging area that contains data transferred from Oracle Identity Manager to Oracle Role Manager. The ormServerJNDI parameter contains a value for a Java Naming and Directory Interface (JNDI). This JNDI is a Java API for a directory service Oracle Role Manager uses to find a name to discover and look up data and objects.

 

3.

Enter values for the following parameters of the IT resource (Double-click each Value field to enter the value.):

Parameter Value
ormAdmin oimSystem
ormPassword CHANGETHIS

Note: oimSystem is the user ID for the Oracle Role Manager system administrator in Oracle Identity Manager. The password Linda enters is case-sensitive. Also, for security purposes, it appears as a series of asterisks.

Important: Do not populate the ormServerURL field. Linda is to specify a value for this field when she modifies the oimorm-service.xml file in the section of this OBE titled Configure Oracle Identity Manager Server.

 

4.

Click Save.

Linda defined an IT resource for Oracle Role Manager. She is ready to configure the application servers for Oracle Role Manager and Oracle Identity Manager so that the products can communicate with each other. By doing so, Linda enables integration to occur between Oracle Role Manager and Oracle Identity Manager.

 

 

Back to Topic List

 

Configuring JBoss Application Server

In the previous section of this OBE, Linda configured Oracle Identity Manager to integrate it with Oracle Role Manager. She is ready to configure the application servers for Oracle Role Manager and Oracle Identity Manager so that the products can communicate with each other. By doing so, Linda enables integration to occur between Oracle Role Manager and Oracle Identity Manager. For this OBE, Oracle Role Manager and Oracle Identity Manager use JBoss Application Server.

To configure JBoss Application Server for Oracle Role Manager and Oracle Identity Manager, Linda must complete the following actions:

  1. Configure Oracle Role Manager Server and Oracle Identity Manager Server so that the products can communicate with each other. This communication is required for integration to occur between Oracle Role Manager and Oracle Identity Manager.
  2. Modify the Oracle Identity Manager startup command so that it points to the folder where files for the Integration Library are contained. Oracle Identity Manager requires these files to integrate with Oracle Role Manager.
  3. Deploy the Integration Library. By doing so, files in the library can be used to integrate Oracle Role Manager and Oracle Identity Manager.

The following sections illustrate how to configure JBoss Application Server for Oracle Role Manager and Oracle Identity Manager.

 

Configure Oracle Role Manager Server

Linda is ready to configure Oracle Role Manager Server so that it can communicate with Oracle Identity Manager Server. By doing so, Oracle Role Manager can integrate with Oracle Identity Manager.

For Linda to configure Oracle Role Manager Server, she must modify the ormoim-service.xml file to contain the following:

To configure Oracle Role Manager Server so that it can communicate with Oracle Identity Manager Server, perform the following steps:.

1.

If Oracle Role Manager Server and Oracle Identity Manager Server are running, shut them down.

Important: For more information about stopping Oracle Role Manager Server and Oracle Identity Manager Server, refer to the OBEs titled Installing, Configuring, and Launching Oracle Role Manager and Installing, Configuring, and Launching Oracle Identity Manager.

 

2.

Copy the ormoim-service.xml file, which resides in the C:\ORMINT_HOME\samples\jboss directory of the computer that houses Oracle Identity Manager.

 

3.

Paste this file into the server\default\deploy directory of the computer that hosts JBoss Application Server for Oracle Role Manager.

Linda is ready to modify the ormoim-service.xml file so that Oracle Role Manager can communicate with Oracle Identity Manager.

 

4.

Using a text editor, open the ormoim-service.xml file.

 

5.

Locate the following string of code:

jnp://localhost:21099/queue

 

6.

Modify this code, as follows:

jnp://[IP_Address]:[port_number]/queue

Note: IP_Address is the IP address of the computer for Oracle Identity Manager, port_number is the port number associated with the application server for Oracle Identity Manager, and queue is a case-sensitive literal. For this OBE, the IP address is 144.25.245.165 and the port number is 1099.

 

7.

Save and close the ormoim-service.xml file.

Linda configured Oracle Role Manager Server so that it can communicate with Oracle Identity Manager Server. She is ready to configure Oracle Identity Manager Server so that it can communicate with Oracle Role Manager Server. By doing so, Oracle Identity Manager can integrate with Oracle Role Manager.

 

 

Configure Oracle Identity Manager Server

Linda is ready to configure Oracle Identity Manager Server so that it can communicate with Oracle Role Manager Server. By doing so, Oracle Identity Manager can integrate with Oracle Role Manager.

For Linda to configure Oracle Identity Manager Server, she must modify the oimorm-service.xml file to contain the following:

Linda must also copy the server_api_14.jar and orm_encryption.jar files to folders associated with the application server for Oracle Identity Manager. Oracle Identity Manager requires these files to integrate with Oracle Role Manager.

To configure Oracle Identity Manager Server so that it can communicate with Oracle Role Manager Server, perform the following steps:

1.

Copy the oimorm-service.xml file, which resides in the C:\ORMINT_HOME\samples\jboss directory of the computer that houses Oracle Identity Manager.

 

2.

Copy the server_api_14.jar file, located in the C:\ORMINT_HOME\lib directory.

 

3.

Paste these files into the server\default\deploy directory.

Linda is ready to modify the oimorm-service.xml file so that Oracle Identity Manager can communicate with Oracle Role Manager.

 

4.

Using a text editor, open the oimorm-service.xml file.

 

5.

Locate the following string of code:

jnp://localhost:1099/ejb/orm

 

6.

Modify this code, as follows:

jnp://[IP_Address]:[port_number]/ejb/orm

Note: IP_Address is the IP address of the computer for Oracle Role Manager, port_number is the port number associated with the application server for Oracle Role Manager, and /ejb/orm is a case-sensitive literal. For this OBE, the IP address is 144.25.245.161 and the port number is 1099.

 

7.

Locate the following string of code:

jnp://localhost:1099/queue

 

8.

Modify this code, as follows:

jnp://[IP_Address]:[port_number]/queue

Note: queue is a case-sensitive literal.

 

9.

Save and close the ormoim-service.xml file.

 

10.

Copy the orm_encryption.jar file, located in the C:\ORMINT_HOME\lib directory.

 

11.

Paste this file into the server\default\lib directory.

Linda configured Oracle Identity Manager so that it can communicate with Oracle Role Manager. She is ready to modify the startup command for Oracle Identity Manager so that it points to the folder where files for the Integration Library are contained. Oracle Identity Manager requires these files to integrate with Oracle Role Manager.

 

 

Modify the Oracle Identity Manager Startup Command

The Integration Library contains files Linda uses to integrate Oracle Role Manager and Oracle Identity Manager. However, before Oracle Identity Manager can use this library, Linda must modify the Oracle Identity Manager startup command so that it points to the folder where the library's files are contained.

Because JBoss is the application server used with Oracle Identity Manager for this OBE, the startup command is located within the application server's xlStartServer.bat file.

To modify the Oracle Identity Manager startup command, perform the following steps:

1.

Using a text editor, open the xlStartServer.bat file, found in the C:\OIM91_server\xellerate\bin directory of the computer that hosts Oracle Identity Manager.

Note: The xlStartServer.bat file contains the startup command for Oracle Identity Manager. C:\OIM91_server is the home directory for Oracle Identity Manager Server. Linda specified this directory when she installed Oracle Identity Manager in the OBE titled Installing, Configuring, and Launching Oracle Identity Manager.

 

2.

Locate the following argument in the Oracle Identity Manager startup command:

-Djava.awt.headless=true

 

3.

Add the following argument to the startup command:

-DORMINT_ROOT_DIR=C:\ORMINT_HOME

Note: By adding this argument to the startup command, Linda points Oracle Identity Manager to the full path of the folder where the Integration Library files are located. For this OBE, the library's files are found in the C:\ORMINT_HOME folder.

 

4.

Save and close the xlStartServer.bat file.

Linda modified the startup command for Oracle Identity Manager. She is ready to deploy the Integration Library. By doing so, Oracle Identity Manager can use files in the library to integrate with Oracle Role Manager.

 

 

Deploy the Integration Library

Linda is ready to deploy the Integration Library. By doing so, files in the library can be used to integrate Oracle Role Manager and Oracle Identity Manager.

For this OBE, JBoss is the application server for both Oracle Identity Manager and Oracle Role Manager. Therefore, to deploy the Integration Library, Linda must copy the roleManagerIntegration_JBoss4.0.3.ear file to a folder associated with JBoss Application Server. Oracle Identity Manager requires this ear file to integrate with Oracle Role Manager.

To deploy the Integration Library, perform the following steps:

1.

Copy the roleManagerIntegration_JBoss4.0.3.ear file, which resides in the C:\ORMINT_HOME\lib directory of the computer that houses Oracle Identity Manager.

 

2.

Paste this file into the server\default\deploy directory .

 

3.

Start Oracle Role Manager Server and Oracle Identity Manager Server.

In this OBE, Linda:

  • Installed the Integration Library
  • Configured Oracle Role Manager, Oracle Identity Manager, and their application servers so that the products can communicate with each other

As a result, Linda enables integration to occur between Oracle Role Manager and Oracle Identity Manager. She is ready to test the Integration Library to verify it functions as expected.

 

 

Back to Topic List

Testing the Integration Library

In this OBE, Linda installed the Integration Library. Then, she configured Oracle Role Manager, Oracle Identity Manager, and their application servers so that the products can communicate with each other. As a result, integration can occur between Oracle Role Manager and Oracle Identity Manager.

Linda is ready to test the Integration Library to verify it is installed and configured properly. For this OBE, she is to create a user account in Oracle Identity Manager and ensure the account is transferred into Oracle Role Manager automatically. As a result, data is synchronized in real time between the two products.

To test the Integration Library, perform the following steps:

1.

Log in to the Oracle Identity Manager Administrative and User Console.

Note: For more information about accessing this console, refer to the section of this OBE titled Create the Oracle Role Manager System Administrator.

 

2.

Open the Create User form (found in the Users folder of the Oracle Identity Manager Explorer).

 

3.

Populate fields of the Create User form, as follows:

Field Value
User ID EALLEN
First Name Ernest
Last Name Allen
Organization Xellerate Users
User Type End-User Administrator
Employee Type Full-Time Employee
Email Address ernest.allen@oracle.com
Password eallen
Confirm Password eallen

Important: EALLEN is the ID of the user account to be transferred from Oracle Identity Manager to Oracle Role Manager to verify the Integration Library functions as expected.

Note: The password is encrypted for security purposes.

 

4.

Click Create User.

The User Detail form appears.

Linda created a user account for Ernest Allen. She is ready to ensure the account is transferred into Oracle Role Manager automatically. As a result, data is synchronized in real time between the two products, and Linda verifies the Integration Library is installed and configured properly.

 

5.

Log in to the Oracle Role Manager Web User Interface.

Note: For more information about accessing this interface, refer to the OBE titled Installing, Configuring, and Launching Oracle Role Manager.

 

6.

Click Organizations & People on the navigation bar.

 

7.

Click People on the subnavigation bar.

 

8.

On the People page, select First Name from the left combo box and is from the right combo box. Enter Ernest in the text box to the right of the combo boxes.

Note: By specifying this criteria, Linda is querying Oracle Role Manager for all users with a first name of Ernest.

 

9.

Click Search.

The user account of Ernest Allen appears in the People page.

This account is transferred from Oracle Identity Manager to Oracle Role Manager automatically. As a result, data is synchronized between the two products. Linda verified the Integration Library is installed and configured properly.

 

 

Back to Topic List

 

Summary

In this lesson, you learned how to:

 Install the Oracle Role Manager Integration Library (Integration Library)
 Configure Oracle Role Manager
 Configure Oracle Identity Manager
 Configure JBoss Application Server
 Test the Integration Library

 

Back to Topic List

Related Information

 To ask a question about this OBE tutorial, post a query on the OBE Discussion Forum.

 

Back to Topic List

 Place the cursor over this icon to hide all screenshots.

 

Left Curve
Popular Downloads
Right Curve
Untitled Document