Integrating Oracle Identity Manager with Oracle Database: Modifying a User's Password

Purpose

This OBE tutorial describes and shows you how to use Oracle Identity Manager to change the password of a centralized user account and pass this modification into a resource with which the user is provisioned. That is, the modified Oracle Identity Manager password replaces the existing resource-related password, thereby synchronizing the user's account with both systems.

For this tutorial, Robert functions as the user and an Oracle database serves as the resource.

Time to Complete

Approximately two hours

Topics

This OBE tutorial covers the following topics:

 Overview
 Scenario
 Prerequisites
 Creating a Process Task Adapter
 Modifying a Provisioning Process
 Assigning an Adapter to a Process Task
 Modifying a User's Password
 Accessing the Resource
 Summary
 Related information

Viewing Screenshots

 Place the cursor over this icon to load and view all the screenshots for this tutorial. (Caution: Because this action loads all screenshots simultaneously, response time may be slow depending on your Internet connection.)

Note: Alternatively, you can place the cursor over each individual icon in the following steps to load and view only the screenshot associated with that step.

The screenshots will not reflect the specific environment you are using. They are provided to give you an idea of where to locate specific functionality in Oracle Identity Manager.

Overview

Oracle Identity Manager is a highly flexible and scalable enterprise identity management system that controls user accounts and access privileges within enterprise IT resources centrally. It provides the functionalities of provisioning, identity and role administration, approval and request management, policy-based entitlement management, technology integration, and audit and compliance automation.

Features and benefits of Oracle Identity Manager include identity and role administration (user and group management, self-service functionalities for users, and delegated administration), provisioning (approval and request management, and configurable workflow models), policy-based entitlements, reconciliation, and attestation support (for audit and compliance purposes).

Back to Topic List

Scenario

Linda works as a network administrator for Mydo Main Corporation. In Mydo Main, Linda is responsible for performing identity and access management tasks on various users within the organization. One of these tasks is changing the password of a user's centralized account and passing this modification into a resource with which the user is provisioned. By doing so, the modified Oracle Identity Manager password replaces the existing resource-related password, thereby synchronizing the user's account with both systems.

Robert works within the Engineering department of Mydo Main Corporation. For security purposes, Linda needs to update the password for Robert's resource-related account (that is, an Oracle database) periodically.

An efficient way for Linda to complete this action is to modify the password of Robert's centralized user account. Then, Oracle Identity Manager can transfer this updated password into Robert�s resource-related account. By doing so, she synchronizes Robert�s account with both systems.

Back to Topic List

Prerequisites

Before starting this tutorial, you should:

1.

Complete the OBE titled "Installing Oracle Identity Manager"

2.

Complete the OBE titled "Integrating Oracle Identity Manager with Oracle Database: Performing User Management and Provisioning"

3.

Complete the OBE titled "Integrating Oracle Identity Manager with Sun Java Directory Server: Performing Reconciliation"

Back to Topic List

Creating a Process Task Adapter

Linda wants to configure Oracle Identity Manager so that when she changes the password of a centralized user account, this modification is passed into a resource with which the user is provisioned. That is, the modified Oracle Identity Manager password replaces the existing resource-related password, thereby synchronizing the user's account with both systems.

For this OBE, Robert functions as the user and an Oracle database serves as the resource.

For this to occur, Linda needs to provide a way for Oracle Identity Manager to transfer the password modification from the centralized user account into the resource-related account. To do this, she needs to build a process task adapter.

To create a process task adapter within Oracle Identity Manager, perform the following steps:

1.

Launch your Oracle Identity Manager Server, Administrative Console, and Design Console.

Note: For more information about loading, setting up, or starting Oracle Identity Manager, refer to the OBE titled "Installing Oracle Identity Manager."

 

2.

Log in to your Design Console with the "superuser" account for Oracle Identity Manager (that is, enter xelsysadm in the User ID field and abcd1234 in the Password field).

 

3.

Expand the Development Tools folder and double-click the Adapter Factory node.

 

4.

Complete the upper portion of the Adapter Factory form as follows:

Field Name Field Value
Adapter Name Update Oracle Identity Manager Password
Adapter Type Process Task
Description Oracle Identity Manager uses this adapter to modify the password of a centralized user account and transfer this value into the resource with which the user is provisioned.
Compile Status [do not populate]
Last Edit [do not populate]

 

5.

Click Save.

Linda is now ready to create a task and variable for this process task adapter. An adapter task is a Java class that she can create through the Adapter Factory form. As Linda creates this adapter, she may need to map data to the parameters of this task for the adapter to work. For this reason, Linda must create a placeholder to map this data at run time. This placeholder is known as an adapter variable.

In the next section of this procedure, Linda is to create an adapter variable. This variable is created through the Variable List tab of the Adapter Factory form.

 

6.

Click the Variable List tab of this form.

 

7.

Click Add.

The "Add a variable" window appears.

 

8.

Complete the fields of this window as follows:

Field Name Field Value
Final [do not select]
Variable Name Password
Type String
Description This variable contains the password that Oracle Identity Manager transfers from the centralized user account to the resource-related account.
Map To Resolve at runtime

Note: By selecting Resolve at runtime from the Map To drop-down menu, Linda specifies that this adapter variable’s mapping occurs later, at run time. By selecting this option, the reusability of the adapter increases.

 

9.

Click Save. Then, click Close.

Note: If a Closing Form window appears, click Yes.

The Variable List tab is active again.

Linda is now ready to create an adapter task. This task is created through the Adapter Tasks tab of the Adapter Factory form.

 

10.

Click the Adapter Tasks tab of this form.

 

11.

Click Add.

The Adapter Task Selection window appears.

 

12.

Select the Logic Task option. Then, from the display area to the right of it, select SET VARIABLE, and click Continue.

The Add Set Variable Task Parameters window appears.

Note: Linda is creating a set variable task because she needs to reassign the value of an adapter variable to another adapter variable. The task that enables her to reallocate an adapter variable’s value is known as a set variable task.

 

13.

Complete the fields of this window as follows:

Field Name Field Value
Variable Name Adapter return value
Operand Type Variable
Operand Qualifier Password

 

14.

Click Save. Then, click Close.

Note: If a Closing Form window appears, click Yes.

The Adapter Tasks tab is active again.

Linda is now ready to compile this process task adapter. As a result, the adapter can be used to transfer a modified password from a centralized user account into the user's resource-related account. Linda compiles the process task adapter by clicking the Build button on the Adapter Factory form.

 

15.

Click Save.

 

16.

Click Build.

OK appears within the Compile Status field.

This signifies that Linda compiled this process task adapter successfully. It can now be used to transfer the modified password of a centralized user account into the resource with which a user is provisioned. For this OBE, Robert functions as the user and an Oracle database serves as the resource.

However, for this to happen, Linda needs to add a process task to the provisioning process of the Oracle Identity Manager Connector that is associated with the resource. This way, she can attach the process task adapter to it and map the adapter's run-time variables.

In the next section of this OBE, Linda learns how to create a task for the provisioning process.

Back to Topic List

Modifying a Provisioning Process

In the previous section of this OBE, Linda created a process task adapter within Oracle Identity Manager. This adapter transfers the modified password of a centralized user account into the resource with which a user is provisioned, thereby synchronizing the user's account with both systems. For this OBE, Robert functions as the user and an Oracle database serves as the resource.

In this section, Linda is ready to modify the provisioning process of the Oracle Identity Manager Connector that is associated with the resource. Specifically, she is to add a process task to this process. This way, she can attach the process task adapter to it and map the adapter's run-time variables. For this OBE, the record that represents the provisioning process is titled DataBase Access (Login).

To modify the DataBase Access (Login) provisioning process, perform the following steps:

1.

Expand the Process Management folder of the Design Console and double-click the Process Definition node.

 

2.

Enter DataBase Access (Login) in the Name field and click Query.

 

3.

Click Add.

The Creating New Task window appears.

 

4.

Complete the fields of this window as follows:

Field Name Field Value
Task Name Change User Password
Task Description This task represents the action that Oracle Identity Manager is to perform on the target resource (that is, transfer the modified password of a centralized user account into the resource with which a user is provisioned).
Days [do not populate]
Hours [do not populate]
Minutes [do not populate]
Conditional [selected]
Required for Completion [selected]
Constant Duration [do not select]
Disable Manual Insert [selected]
Allow Cancellation while Pending [selected]
Allow Multiple Instances [selected]
Retry Period in Minutes [do not populate]
Retry Count [do not populate]
Task Effect No Effect
Child Table [do not select]

Note: To modify a value, which appears within a field of the form that holds a centralized user account (that is, the Create User form), Oracle Identity Manager uses the � Change User + Label� naming convention. Therefore, because Linda is updating Robert's password, and the form label, which holds this value, is Password, the name of the process task must be Change User Password.

 

5.

Click Save.

The Change User Password task is created. Linda is now ready to specify a dependency for this task. That is, Oracle Identity Manager cannot execute the Change User Password task unless an account, containing a password, is first created for a user. This action is represented by the Create Login task.

Linda sets the dependency between the Create Login task and the Change User Password task through the Task Dependency tab of the Creating New Task window.

 

6.

Click the Task Dependency tab.

 

7.

From the Preceding Tasks pane of this tab, click Assign.

The Assign Preceding Tasks window appears.

 

8.

From the Existing Tasks pane of this window, select and assign the Create Login task. Then, click OK.

The Creating New Task window is active again.

 

9.

Click Save. Then, click Close.

Note: If a Closing Form window appears, click Yes.

The Process Definition form is active again.

Linda added the Change User Password process task to the DataBase Access (Login) provisioning process. In the next section of this OBE, she is to attach the Update Oracle Identity Manager Password adapter to this process task and map the adapter's run-time variables. By doing so, Oracle Identity Manager can pass the modified password of a centralized user account into the resource with which a user is provisioned, thereby synchronizing the user's account with both systems.

In the next section of this OBE, Linda learns how to attach an adapter to a provisioning process task and map the adapter’s variables.

Back to Topic List

Assigning an Adapter to a Process Task

In the previous section of this OBE, Linda added the Change User Password process task to the DataBase Access (Login) provisioning process. Linda is now ready to attach the Update Oracle Identity Manager Password adapter to this process task and map the adapter's run-time variables. By doing so, Oracle Identity Manager can transfer the modified password of a centralized user account into the resource with which a user is provisioned, thereby synchronizing the user's account with both systems.

To attach an adapter to a provisioning process task and map the adapter’s variables, perform the following steps:

1.

Double-click the number of the row header for the Change User Password process task.

Note: If a Closing Form window appears, click Yes.

The Editing Task window appears.

 

2.

Click the Integration tab.

 

3.

Click Add.

The Handler Selection window appears.

 

4.

Select the Adapter option. Select the adpUPDATEORACLEIDENTITYMANAGERPASSWORD adapter from the Handler Name pane. Click Save.

 

5.

A Confirmation window appears. Click OK.

Note: If a Closing Form window appears, click Yes.

The Editing Task window is active again.

Note: The status of this adapter is Mapping Incomplete because its variables are not yet mapped. Linda is now ready to map the variables for this adapter.

 

6.

Click the Adapter return value variable. Click Map.

The Edit Data Mapping For Variable window appears.

 

7.

Complete the fields of this window as follows:

Field Name Field Value
Map To Process Data
Qualifier Password
Old Value [do not select]

 

8.

Click Save. Then, click Close.

The Editing Task window is active again.

 

9.

Click the Password variable. Click Map.

The Edit Data Mapping For Variable window appears.

 

10.

Complete the fields of this window as follows:

Field Name Field Value
Map To User Definition
Qualifier Password
Old Value [do not select]

 

11.

Click Save. Then, click Close.

The Editing Task window is active again.

Note: The status of this adapter is now Ready because all of its variables are mapped.

 

12.

Click Save. Then, click Close.

Note: If a Closing Form window appears, click Yes.

The Process Definition form is active again.

Linda attached the Update Oracle Identity Manager Password adapter to the Change User Password process task and mapped the adapter's run-time variables. As a result, Linda can use Oracle Identity Manager to change the password of a user's centralized account. After this happens, Oracle Identity Manager transfers this modified password into the resource with which a user is provisioned, thereby synchronizing the user's account with both systems.

For this OBE, Robert functions as the user and an Oracle database serves as the resource.

In the next section of this OBE, Linda changes the password of Robert's centralized user account. Then, Oracle Identity Manager passes this modified password into Robert's resource-related account (that is, an Oracle database).

Back to Topic List

Modifying a User's Password

In the previous section of this OBE, Linda attached an adapter to a process task and mapped the adapter's run-time variables. As a result, Linda can now use Oracle Identity Manager to change the password of a user's centralized account. After this occurs, Oracle Identity Manager transfers this modified password into the resource with which a user is provisioned, thereby synchronizing the user's account with both systems. For this OBE, Robert functions as the user and an Oracle database serves as the resource.

In this section of this OBE, Linda changes the password of Robert's centralized user account. Then, Oracle Identity Manager passes this modified password into Robert's resource-related account (that is, an Oracle database).

To modify a user's password, perform the following steps:

1.

Open the Manage User form in the Users folder.

 

2.

Select User ID from the combo box that appears in this form. Then, in the text box that appears to the right of the combo box, enter the ID of the target user (that is, RLAVALLI). Click Search User.

 

3.

From the result set that appears, click the link that represents the ID of the target user.

 

4.

The User Detail form is displayed. Click Change Password.

The Change Password form appears.

 

5.

Complete the fields of this form as follows:

Field Name Field Value
Password robert
Confirm Password robert

 

6.

Click Save Password.

The User Detail form is active again. This signifies that Linda changed the password of Robert's centralized account. Oracle Identity Manager transfers this modified password into the resource with which Robert is provisioned (that is, an Oracle database). As a result, Robert's account is synchronized with both systems.

In the next section of this OBE, Linda verifies that the updated login credentials for Robert (that is, his existing ID and modified password) can be used to access this database. For this OBE, this is accomplished by using Oracle SQL*Plus Client.

Back to Topic List

Accessing the Resource

In this OBE, Linda learned how to use Oracle Identity Manager to change the password of Robert's centralized user account. After this occurs, Oracle Identity Manager passes this modification into the resource with which Robert is provisioned (that is,an Oracle database). As a result, the modified Oracle Identity Manager password replaces the existing resource-related password, thereby synchronizing Robert's account with both systems.

Now, Linda must verify that the updated login credentials for Robert (that is, his existing ID and modified password) can be used to access this database. For this OBE, this is accomplished by using Oracle SQL*Plus Client.

To access the external resource, perform the following steps.

1.

To start Oracle SQL*Plus Client, navigate to SQL Plus (via Start > Programs > Oracle - OraDb10g_home1 > Application Development > SQL Plus)

An Oracle*SQL Plus window and a Log On window appear.

 

2.

Populate the fields of the Log On window as follows:

Field Value
User Name RLAVALLI
Password robert
Host String orcl

 

3.

Click OK.

The following text appears within the Oracle*SQL Plus window:

This signifies that Robert's updated login credentials (that is, his existing ID and modified password) can be used to access the Oracle database. As a result, the modified Oracle Identity Manager password replaces his existing resource-related password, thereby synchronizing Robert's account with both systems.

Back to Topic List

Summary

In this lesson, you learned how to:

 Create a process task adapter
 Modify a provisioning process
 Assign an adapter to a process task
 Modify a user's password
 Access a resource

Back to Topic List

Related Information

 To ask a question about this OBE tutorial, post a query on the OBE Discussion Forum.

Back to Topic List

 Place the cursor over this icon to hide all screenshots.

 

Left Curve
Popular Downloads
Right Curve
Untitled Document