Using the Generic Technology Connector (GTC) Framework: Provisioning a User to a Database Table

Purpose

This OBE tutorial describes and shows you how to use the Generic Technology Connector (GTC) framework to provision a user to a table in Oracle Database.

Time to Complete

Approximately 2 hours

Topics

This OBE tutorial covers the following topics:

 Overview
 Scenario
 Prerequisites
 Copying Connector Files
 Configuring Oracle Identity Manager Server
 Creating a Table in Oracle Database
 Creating a Lookup Definition
 Importing Connector Files
 Creating a Generic Technology Connector (GTC)
 Assigning the Connector to the User
 Accessing the Resource
 Summary
 Related Information

Viewing Screenshots

 Place the cursor over this icon to load and view all the screenshots for this tutorial. (Caution: Because this action loads all screenshots simultaneously, response time may be slow depending on your Internet connection.)

Note: Alternatively, you can place the cursor over each individual icon in the following steps to load and view only the screenshot associated with that step.

The screenshots will not reflect the specific environment you are using. They are provided to give you an idea of where to locate specific functionality in Oracle Identity Manager.

Overview

Oracle Identity Manager is a component of the suite of Oracle Identity and Access Management products. It administers and selectively automates tasks to manage user access privileges across a company’s resources throughout the identity management life cycle. Specifically, Oracle Identity Manager handles tasks for creating user access privileges, modifying these privileges dynamically (based on changes to user and business requirements), and removing user access privileges. As a result, Oracle Identity Manager handles user identity information across multiple identity data stores to maintain data accuracy.

Features and benefits of Oracle Identity Manager include identity and role administration (user and group management, self-service functionalities for users, and delegated administration), provisioning (approval and request management, and configurable workflow models), policy-based entitlements, reconciliation, and attestation support (for audit, regulatory, and compliance purposes).

Back to Topic List

Scenario

Linda works as a network administrator for Mydo Main Corporation. In Mydo Main, she performs identity and access management tasks on users within the company. To perform these tasks, she uses Oracle Identity Manager to assign connectors to them. These connectors represent resources to be provisioned to them.

Robert works for Mydo Main Corporation. Because records for all company employees are stored in the MY_USERS table of Oracle Database, Linda must assign the connector, which represents this resource, to Robert. When this occurs, Linda fills out the electronic form associated with the connector. After she populates the fields of this form, Oracle Identity Manager saves the corresponding values, and uses these values to provision Robert with the resource (that is, create an entry for Robert in the MY_USERS table of Oracle Database).

Back to Topic List

Prerequisites

Before starting this tutorial, you should:

1.

Complete the OBE titled Installing, Configuring, and Launching Oracle Identity Manager.

2.

Complete the OBE titled Preparing to Customize the Administrative and User Console.

3.

Complete the OBE titled Branding the Administrative and User Console.

4.

Complete the OBE titled Changing the Functionality of the Administrative and User Console.

5.

Complete the OBE titled Branding the Oracle Identity Manager Design Console.

6.

Complete the OBE titled Using the Generic Technology Connector (GTC) Framework: Performing Flat-File Reconciliation.

7.

Complete the OBE titled Integrating Oracle Identity Manager with Sun Java System Directory Server: Performing User Management and Provisioning.

 

Back to Topic List

Copying Connector Files

Linda is ready to transfer Oracle Identity Manager connector files to a folder on Oracle Identity Manager Server. These files are used to provision a user to a table in Oracle Database. By copying these files, the associated connector can function with Oracle Identity Manager, and Linda can use it to provision Robert with the corresponding resource (that is, create an entry for Robert in the MY_USERS table of Oracle Database).

To copy connector files, perform the following steps:

1.

Shut down Oracle Identity Manager Server, the Administrative and User Console, and the Design Console.

Note: For more information about starting and stopping Oracle Identity Manager, refer to the OBE titled Installing, Configuring, and Launching Oracle Identity Manager.

 

2.

Unzip this file into a temporary directory.

 

3.

Copy the Database_App_Tables_91000 subdirectory, found in the temporary directory.

Note: The Database_App_Tables_91000 subdirectory contains the files Oracle Identity Manager requires to provision a user to a table in Oracle Database.

 

4.

Paste this subdirectory into the C:\OIM91_server\xellerate\ConnectorDefaultDirectory directory.

As a result, the Database_App_Tables_91000 subdirectory and all of its files and subdirectories are nested in the C:\OIM91_server\xellerate\ConnectorDefaultDirectory directory.

Note: C:\OIM91_server is the base directory for Oracle Identity Manager Server. Linda created this directory in the OBE titled Installing, Configuring, and Launching Oracle Identity Manager.

Linda copied Oracle Identity Manager connector files to a folder on Oracle Identity Manager Server. These files are used to provision a user to a table in Oracle Database.

She is ready to configure Oracle Identity Manager Server so that the associated connector can function with Oracle Identity Manager, and Linda can use it to provision Robert with the corresponding resource (that is, create an entry for Robert in the MY_USERS table of Oracle Database).

 

Back to Topic List

Configuring Oracle Identity Manager Server

In the previous section of this OBE, Linda transferred Oracle Identity Manager connector files for provisioning a user to a table in Oracle Database to a folder on Oracle Identity Manager Server. S he is ready to configure Oracle Identity Manager Server so that the associated connector can function with Oracle Identity Manager, and Linda can use it to provision Robert with the corresponding resource (that is, create an entry for Robert in the MY_USERS table of Oracle Database).

Linda must perform the following actions to configure Oracle Identity Manager Server:

To configure Oracle Identity Manager Server, perform the following steps:

1.

Open a DOS window. To do so, from the Windows Start Menu, select Run

 

2.

On the Run window, enter cmd in the Open field and click OK.

 

3.

On the DOS window, navigate to the C:\OIM91_server\xellerate\bin directory.

 

4.

Enter PurgeCache.bat ConnectorResourceBundle at the DOS prompt.

 

5.

Press Enter. Oracle Identity Manager empties the content from its Server cache. After the cache is cleared, a DOS prompt appears.

Note: The java.lang.NullPointerException message appears because the cache is being purged, along with the cache’s reference point.

Linda cleared content related to connector files from the Server cache. She is ready to enable logging for Oracle Identity Manager Server.

 

6.

In Windows Explorer, navigate to the C:\OIM91_server\xellerate\config directory.

 

7.

Using Microsoft Notepad, open the log.properties file.

 

8.

Locate the log4j.logger.XL_INTG.SJSDS=WARN line of code.

 

9.

Add the following line of code to this file:

log4j.logger.OIMCP.DATC=WARN

Note: By setting the log level for the Database Application Tables connector (DATC) of the Oracle Identity Manager Connector Pack (OIMCP), Oracle Identity Manager logs information about events with that level that occur during provisioning and reconciliation with Oracle Database.

 

10.

Save and close the log.properties file.

Linda configured Oracle Identity Manager Server by clearing content related to connector files from the Server cache and setting the log level for the Server.

She is ready to create a table in Oracle Database. This table, the MY_USERS table, is where records for all company employees (including Robert) are to be stored.

 

Back to Topic List

Creating a Table in Oracle Database

The purpose of this OBE is for Oracle Identity Manager to provision a user to a table in Oracle Database. For this OBE, an entry for Robert is to be created in the MY_USERS database table .

Presently, this table does not exist. Therefore, Linda must create it. Then, Oracle Identity Manager can provision Robert to the database table.

To create a table in Oracle Database, perform the following steps:

1.

Open a second DOS window.

Note: For more information about opening a DOS window, refer to the section of this OBE titled Configuring Oracle Identity Manager Server.

 

2.

Enter sqlplus at the DOS prompt. Press Enter.

 

3.

Use the following table to log in to SQL*Plus:

Field Value Description
user-name system system is the name of the database administrator account.
password sys@orcl as sysdba sys is the password for the system account. orcl is the name of the database.

Note: Linda create the system database administrator account when she installed Oracle Database.

 

4.

Enter the following lines of code to create the MY_USERS database table:

Note: The MY_USERS table is to have eight columns. They are:

  • USER_ID. The ID of the user to be provisioned to the database table.
  • FIRST_NAME. The user's first name.
  • LAST_NAME. The user's last name.
  • PASSWORD. The user's password.
  • EMAIL. The user's e-mail address.
  • PHONE_FIX. The user's home or office phone number.
  • PHONE_MOBILE. The user's mobile phone number.
  • USER_STATUS. The user's status (that is, whether the account is enabled or disabled in Oracle Database).

 

5.

Press Enter. A " Table created." message appears.

Linda created the MY_USERS table in Oracle Database. She is ready to a lookup definition in Oracle Identity Manager with two values: ENABLE and DISABLE. These values correspond to the status of Robert, the user to be provisioned to the MY_USERS table.

 

Back to Topic List

Creating a Lookup Definition

In the previous section of this OBE, Linda created the MY_USERS table in Oracle Database. She is ready to a lookup definition in Oracle Identity Manager with two values: ENABLE and DISABLE. These values correspond to the status of Robert, the user to be provisioned to the MY_USERS table.

To create a lookup definition, perform the following steps:

1.

Restart Oracle Identity Manager Server and the Oracle Identity Manager Design Console.

 

2.

Populate the fields of the Oracle Identity Manager Design Console login window, as follows (and click Login):

Field Value
User ID xelsysadm
Password abcd1234

The Oracle Identity Manager Design Console appears:

 

3.

Open the Lookup Definition form (found in the Administration folder of the Oracle Identity Manager Explorer).

 

4.

Use the following table to create top-level information for the lookup definition:

Field Value
Code Lookup.MY_USERS.Status
Field [leave empty]
Lookup Type option [selected]
Required check box [cleared]
Group Objects

The upper region of the lookup definition should appear, as follows:

Note: For more information about the fields, buttons, check boxes, and tab of the Lookup Definition form, refer to the Oracle Identity Manager Design Console Guide.

 

5.

Click Save. Linda can access the Lookup Code Information tab to create lookup values for this definition.

 

6.

Use the following table to create lookup values (click Add to create a lookup value):

Code Key Decode
disable DISABLE
enable ENABLE

Note: Code keys and decode-related information are case-sensitive.

 

7.

Click Save.

Linda created a lookup definition with two values: ENABLE and DISABLE. These values correspond to the status of Robert, the user to be provisioned to the MY_USERS table of Oracle Database.

In the section of this OBE titled Copying Connector Files, Linda transferred files for provisioning a user to a table in Oracle Database to Oracle Identity Manager Server. She is ready to import these files into Oracle Identity Manager. By doing so, Linda can use the GTC framework to provision Robert with the corresponding resource (that is, create an entry for Robert in the MY_USERS table of Oracle Database).

 

Back to Topic List

Importing Connector Files

In the section of this OBE titled Copying Connector Files, Linda transferred files for provisioning a user to a table in Oracle Database to the C:\OIM91_server\xellerate\ConnectorDefaultDirectory folder on Oracle Identity Manager Server. She is ready to import these files into Oracle Identity Manager. By doing so, Linda can use the GTC framework to provision Robert with the corresponding resource (that is, create an entry for Robert in the MY_USERS table of Oracle Database).

To import connector files, perform the following steps:

1.

Restart the Oracle Identity Manager Administrative and User Console.

Important: For this section of the OBE, use a Microsoft Internet Explorer Web browser to launch the Administrative and User Console. 

 

2.

Populate the fields of the Oracle Identity Manager Administrative and User Console login page, as follows (and click Login):

Field Value
User ID xelsysadm
Password abcd1234

 

3.

Open the Install Connector form (found in the Deployment Management folder of the Oracle Identity Manager Explorer).

 

4.

On the Select Connector to Install panel, select DatabaseApplicationTables 9.1.0.0.0 from the Connector List combo box. Click Load.

Note: DatabaseApplicationTables 9.1.0.0.0 contains connector files for creating a user entry in an Oracle Database table. Linda is to import these files into Oracle Identity Manager. By doing so, she can use the GTC framework to provision Robert with the corresponding resource (that is, create an entry for Robert in the MY_USERS table of Oracle Database).

These connector files are available for selection because Linda transferred them to the C:\OIM91_server\xellerate\ConnectorDefaultDirectory folder in the section of this OBE titled Copying Connector Files.

 

5.

Click Continue.

Oracle Identity Manager begins to import the library files, XML files, and adapters it requires to create an entry for a user in an Oracle Database table .

After all files are imported, the Connector Installation panel appears.

 

6.

On the Connector Installation panel, click Finish.

 

7.

Restart Oracle Identity Manager Server, the Administrative and User Console, and the Design Console.

Important: Linda must restart the server and its consoles. By doing so, the files she imported can be unzipped and placed into the appropriate directories of Oracle Identity Manager Server.

Linda imported files Oracle Identity Manager requires to create an entry for a user in an Oracle Database table. She is ready to use the GTC framework to create and manage a workflow in Oracle Identity Manager. As a result, Linda can create an entry for Robert in the MY_USERS table of Oracle Database.

 

Back to Topic List

Creating a Generic Technology Connector (GTC)

In the previous section of this OBE, Linda imported files Oracle Identity Manager requires to create an entry for a user in an Oracle Database table. She is ready to construct a Generic Technology Connector (GTC). By building this connector, Linda constructs the workflow Oracle Identity Manager requires to create an entry for Robert in the MY_USERS table of Oracle Database.

There are five stages in creating a GTC for provisioning purposes:

  1. Defining high-level information about the connector. This information includes:

    • A name for the connector

    • The method used to carry provisioning data from the format provider to the resource (for this OBE, a table in Oracle Database). This method is a transport provider.

    • The method used to parse the record fetched by the transport provider and convert this data into a format supported by the resource. This method is a format provider.

  2. Specifying parameter values for the connector. This information includes specifying values for the parameters of the transport provider and format provider selected in the previous stage. Provider parameters are divided into two categories:

    • Runtime Parameters. These parameters are input variables of the selected transport and format providers. A runtime parameter represents a value not constrained by the design of the providers. For example, administrative login credentials for the resource are runtime parameters.

    • Design Parameters. These parameters are design parameters of the providers. For example, the name of the table of Oracle Database to which Oracle Identity Manager is to create an entry for Robert (the MY_USERS table) is a design parameter.

  3. Verifying data fields and data mappings for the connector. Linda completes these actions by confirming the data fields and mappings for two entities:

  4. Verifying the name of the connector form. In this stage, Linda confirms the name of the connector's process form.

  5. Verifying information about the connector

To create a GTC, perform the following steps:

1.

Populate the fields of the Oracle Identity Manager Administrative and User Console login page, as follows (and click Login):

Field Value
User ID xelsysadm
Password abcd1234

 

2.

Open the Create Generic Technology Connector form (found in the Generic Technology Connector folder of the Oracle Identity Manager Explorer).

 

3.

Populate the fields of the Provide Basic Information panel of this form, as follows (and click Continue):

Field Value
Name MY_USERS
Reconciliation check box [cleared]
Provisioning check box [selected]
Transport Provider Database Application Tables Provisioning
Format Provider Database Application Tables Provisioning

Note: The value Linda enters into the Name field must not contain non ASCII characters because these characters are not supported by Oracle Identity Manager. However, the name can contain underscores. Also, Linda does not populate the Reconciliation region of the panel because she is not using the GTC for reconciliation purposes.

 

4.

Populate the fields of the Run-Time Parameters region of the Specify Parameter Values panel, as follows:

Field Value
Database Driver oracle.jdbc.driver.OracleDriver
Database URL jdbc:oracle:thin:@localhost:1521:orcl
Database User ID system
Database Password system

Note: The Database Driver is the Java Database Connectivity (JDBC) driver class for the database. The Database URL is the URL Oracle Identity Manager requires to connect to this database. The Database User ID and Database Password contain the login credentials Oracle Identity Manager requires to connect to the database as an administrator. The password is encrypted for security purposes.

For more information about the remaining fields of the Run-Time Parameters region of the Specify Parameter Values panel, refer to the Oracle Identity Manager Administrative and User Console Guide.

 

5.

Populate the fields of the Design Parameters region of the Specify Parameter Values panel, as follows (and click Continue):

Field Value
Parent Table/View Name MY_USERS
Status Attribute USER_STATUS
Status Lookup Code Lookup.MY_USERS.Status

Note: The Parent Table/View Name field contains the name of the Oracle Database table in which Oracle Identity Manager is to create an entry for Robert (that is, the MY_USERS table). The Status Attribute field contains the name of the column in the Oracle Database table where Oracle Identity Manager is to place information about this user's status (that is, whether the account is enabled or disabled in Oracle Database). The Status Lookup Code field contains the name of the lookup definition Linda created in the section of this OBE titled Creating a Lookup Definition.

For more information about the remaining fields of the Design Parameters region of the Specify Parameter Values panel, refer to the Oracle Identity Manager Administrative and User Console Guide.

 

After Linda clicks Continue, the Modify Connector Configuration panel appears.

This panel contains two subpanels:

  • OIM. This subpanel contains data in an Oracle Identity Manager (OIM) form. This form is used to house data Oracle Identity Manager transfers to the resource ( for this OBE, the MY_USERS table of Oracle Database). For this OBE, Oracle Identity Manager retrieves data from the connector's process form. Linda imported this form into Oracle Identity Manager when she imported files for the connector in the section of this OBE titled Importing Connector Files.

  • Provisioning Staging. This subpanel contains data propagated from Oracle Identity Manager to the resource during provisioning. The data is stored in fields defined in the subpanel.

For this connector, all data fields and mappings are correct. Therefore, Linda does not have to define data fields or specify data mappings for the connector.

 

6.

On the Modify Connector Configuration panel, click Close.

 

7.

On the Verify Connector Form Names panel, click Continue.

 

8.

On the Verify Connector Information panel, click Save.

A confirmation message appears.

Linda created a GTC. She is ready to assign this connector to Robert and fill out the process form associated with the connector. After she populates the fields of this form, Oracle Identity Manager saves the corresponding values, and uses these values to provision Robert with the resource (that is, create an entry for Robert in the MY_USERS table of Oracle Database).

 

Back to Topic List

Assigning the Connector to the User

In the previous section of this OBE, Linda created a GTC . She is ready to assign this connector to Robert and fill out the process form associated with the connector.

After Linda populates the fields of the process form, Oracle Identity Manager saves the corresponding values, and uses these values to provision Robert with the resource (that is, create an entry for Robert in the MY_USERS table of Oracle Database).

To assign the connector to the user, perform the following steps:

1.

Open the Manage User form of the Administrative and User Console (found in the Users folder of the Oracle Identity Manager Explorer).

 

2.

Query for RLAVALLI, the user transferred into Oracle Identity Manager in the OBE titled Using the Generic Technology Connector (GTC) Framework: Performing Flat-File Reconciliation. To do so, select User ID from the combo box in this form. Enter RLAVALLI in the text box to the right of the combo box. Click Search User.

 

3.

From the result set, click the link that contains the ID for RLAVALLI.

 

4.

On the User Detail form, select Resource Profile from the combo box.

 

5.

On the Resource Profile form, click Provision New Resource.

Note: The iPlanet User connector represents the Sun Java System Directory Server resource. Linda provisioned this resource to Robert in the OBE titled Integrating Oracle Identity Manager with Sun Java System Directory Server: Performing User Management and Provisioning.

 

6.

On the Select a Resource panel, select the MY_USERS_GTC connector. Click Continue.

Note: The MY_USERS_GTC connector represents the connector Linda created in the section of this OBE titled Creating a Generic Technology Connector (GTC).

Linda is ready to populate the fields of the process form, contained within this connector, and save this information. By doing so, Oracle Identity Manager uses these values to provision Robert with the resource (that is, create an entry for Robert in the MY_USERS table of Oracle Database).

 

7.

On the Verify Resource Selection panel, click Continue.

 

8.

Populate the process form, as follows (and click Continue):

Field Value
USER_ID RLAVALLI
FIRST_NAME Robert
LAST_NAME Lavallie
PASSWORD rlavalli
EMAIL robert.lavallie@oracle.com
PHONE_FIX +9145551212
PHONE_MOBILE +9145553434
USER_STATUS [do not populate]
ID [do not populate]

Note: Oracle Identity Manager assigns a status level and unique identification number to Robert's entry in the MY_USERS table of Oracle Database automatically. Therefore, Linda does not have to populate the USER_STATUS or ID fields of the process form.

 

9.

On the Verify Process Data panel, click Continue.

 

10.

Click the Back to User Resource Profile link.

The Resource Profile form appears:

The status of the MY_USERS_GTC connector, Provisioned, appears in the Status column of the Resource Profile form. Oracle Identity Manager provisioned Robert with the associated resource (that is, created an entry for Robert in the MY_USERS table of Oracle Database).

Linda is ready to verify this user is provisioned with the resource.

 

Back to Topic List

Accessing the Resource

In this OBE, Linda used the GTC framework of Oracle Identity Manager to provision a user to a table in Oracle Database. Specifically, she created an entry for Robert in the MY_USERS table of Oracle Database.

Now, she must ensure this user is provisioned with the resource. For this OBE, this is accomplished by using SQL*Plus, a command-based client for Oracle Database.

To access the resource, perform the following steps:

1.

Make the DOS window active that Linda used to create the MY_USERS table in the section of this OBE titled Creating a Table in Oracle Database.

 

2.

At the SQL prompt, enter select user_ID from MY_USERS; Press Enter.

The IDs of user accounts in the MY_USERS table of Oracle Database appear, including the ID for Robert ( RLAVALLI). This user is provisioned to the Oracle Database table.

 

Back to Topic List

Summary

In this lesson, you learned how to:

 Copy connector files
 Configure Oracle Identity Manager Server
 Create a table in Oracle Database
 Create a lookup definition
 Import connector files
 Create a Generic Technology Connector (GTC)
 Assign the connector to the user
 Access the resource

Back to Topic List

Related Information

 To ask a question about this OBE tutorial, post a query on the OBE Discussion Forum.

Back to Topic List

 Place the cursor over this icon to hide all screenshots.

 

Left Curve
Popular Downloads
Right Curve
Untitled Document