Using the Generic Technology Connector (GTC) Framework: Performing Flat-File Reconciliation

Purpose

This OBE tutorial describes and shows you how to use the Generic Technology Connector (GTC) framework to create and manage a trusted source reconciliation workflow.

Time to Complete

Approximately 2 hours

Topics

This OBE tutorial covers the following topics:

 Overview
 Scenario
 Prerequisites
 Creating a Flat File
 Creating a Generic Technology Connector (GTC)
 Modifying the GTC
 Using the GTC to Perform Flat-File Reconciliation
 Summary
 Related Information

Viewing Screenshots

 Place the cursor over this icon to load and view all the screenshots for this tutorial. (Caution: Because this action loads all screenshots simultaneously, response time may be slow depending on your Internet connection.)

Note: Alternatively, you can place the cursor over each individual icon in the following steps to load and view only the screenshot associated with that step.

The screenshots will not reflect the specific environment you are using. They are provided to give you an idea of where to locate specific functionality in Oracle Identity Manager.

Overview

Oracle Identity Manager is a component of the suite of Oracle Identity and Access Management products. It administers and selectively automates tasks to manage user access privileges across a company’s resources throughout the identity management life cycle. Specifically, Oracle Identity Manager handles tasks for creating user access privileges, modifying these privileges dynamically (based on changes to user and business requirements), and removing user access privileges. As a result, Oracle Identity Manager handles user identity information across multiple identity data stores to maintain data accuracy.

Features and benefits of Oracle Identity Manager include identity and role administration (user and group management, self-service functionalities for users, and delegated administration), provisioning (approval and request management, and configurable workflow models), policy-based entitlements, reconciliation, and attestation support (for audit, regulatory, and compliance purposes).

Back to Topic List

Scenario

Linda works as a network administrator for Mydo Main Corporation. In Mydo Main, she performs identity and access management tasks on users within the company.

One of Linda's responsibilities is creating and maintaining users in Oracle Identity Manager to provision these users with resources. Trusted source reconciliation is the process by which an action to create, modify, or delete user information for a designated resource in Oracle Identity Manager is initiated from an authoritative (or trusted) source.

For this OBE, the user information to be transferred into Oracle Identity Manager through trusted source reconciliation is contained within a plain text file, known as a flat file. A flat file contains one user record per line with the fields of each record separated by delimiters. The process by which Oracle Identity Manager receives user records from a flat file is flat-file reconciliation.

In this OBE, Linda uses the methods listed in this section to create and manage a flat-file reconciliation workflow.

Back to Topic List

Prerequisites

Before starting this tutorial, you should:

1.

Complete the OBE titled Installing, Configuring, and Launching Oracle Identity Manager.

2.

Complete the OBE titled Preparing to Customize the Administrative and User Console.

3.

Complete the OBE titled Branding the Administrative and User Console.

4.

Complete the OBE titled Changing the Functionality of the Administrative and User Console .

5.

Complete the OBE titled Branding the Oracle Identity Manager Design Console.

 

Back to Topic List

Creating a Flat File

The purpose of this OBE is for Oracle Identity Manager to retrieve a user record from a trusted source. For this OBE, the record is contained in a flat file.

Presently, this file does not exist. Therefore, Linda must create it. Then, Oracle Identity Manager can receive the record in the file through flat-file reconciliation.

To create a flat file, perform the following steps:

1.

Shut down Oracle Identity Manager Server, the Administrative and User Console, and the Design Console.

Note: For more information about starting and stopping Oracle Identity Manager, refer to the OBE titled Installing, Configuring, and Launching Oracle Identity Manager.

 

2.

Within the C:\stage\External Files directory, use a text editor to create the identities 20080902.txt flat file. Enter the following lines of code into this file:

#GTC Trusted Source
login|firstName|lastName|eMail|organization
RLAVALLI|Robert|La Vallie|robert.lavallie@oracle.com|Xellerate Users

Note: The identities 20080902.txt file contains a record for Robert La Vallie, the user to be transferred into Oracle Identity Manager through flat-file reconciliation. The fields of this record are separated by the | delimiter.

 

3.

Save and close the identities 20080902.txt flat file.

Linda created a flat file. She is ready to use the Generic Technology Connector (GTC) framework to create and manage a workflow for Oracle Identity Manager to receive the record in the file through flat-file reconciliation.

 

Back to Topic List

Creating a Generic Technology Connector (GTC)

In the previous section of this OBE, Linda created a flat file. She is ready to construct a Generic Technology Connector (GTC). By creating this connector, Linda creates the workflow Oracle Identity Manager requires to receive the record in the file through flat-file reconciliation.

There are four stages in creating a GTC for reconciliation purposes:

  1. Defining high-level information about the connector. This information includes:

    • A name for the connector

    • The method used to transfer the record contained in the flat file into Oracle identity Manager. This method is a transport provider.

    • The method used to parse the record fetched by the transport provider and convert this data into a structure to be stored in Oracle Identity Manager. This method is a format provider.

  2. Specifying parameter values for the connector. This information includes specifying values for the parameters of the transport provider and format provider selected in the previous stage. Provider parameters are divided into two categories:

    • Runtime Parameters. These parameters are input variables of the selected transport and format providers. A runtime parameter represents a value not constrained by the design of the providers. For example, the directory where the flat file resides ( C:\stage\External Files) is a runtime parameter.

    • Design Parameters. These parameters are either design parameters of the providers or reconciliation-specific parameters common to all GTCs.

  3. Defining data fields and specifying data mappings for the connector. Linda completes these actions by creating a gateway between two entities:

  4. Verifying the information of the connector

To create a GTC, perform the following steps:

1.

Restart Oracle Identity Manager Server, and the Administrative and User Console. 

 

2.

Populate the fields of the Oracle Identity Manager Administrative and User Console login page, as follows (and click Login):

Field Value
User ID xelsysadm
Password abcd1234

 

3.

Open the Create Generic Technology Connector form (found in the Generic Technology Connector folder of the Oracle Identity Manager Explorer).

 

4.

Populate the fields of the Provide Basic Information panel of this form, as follows (and click Continue):

Field Value
Name Trusted Source
Reconciliation check box [selected]
Transport Provider Shared Drive
Format Provider CSV
Trusted Source Reconciliation check box [selected]

Note: The value Linda enters into the Name field must not contain non ASCII characters, because these characters are not supported by Oracle Identity Manager. However, the name can contain spaces. Also, Linda selects the Trusted Source Reconciliation check box because the GTC is to be used to perform trusted source reconciliation with the flat file. Finally, Linda does not populate the Provisioning region of the panel because she is not using the GTC for provisioning purposes.

 

5.

Populate the fields of the Run-Time Parameters region of the Specify Parameter Values panel, as follows:

Field Value
Staging Directory (Parent identity data) C:\stage\External Files
Archiving Directory C:\stage\External Files\archive
File Prefix identities
Specified Delimiter |

Note: The staging directory is the directory where the flat file resides. The archiving directory is the directory where the record contained in the flat file is archived after Oracle Identity Manager retrieves it during reconciliation. The file prefix is the prefix given to the name of the flat file Linda created in the section of this OBE titled Creating a Flat File. The specified delimiter is the delimiter that separates the fields of the record contained in the flat file.

For more information about the remaining fields of the Run-Time Parameters region of the Specify Parameter Values panel, refer to the Oracle Identity Manager Administrative and User Console Guide.

 

6.

Populate the fields of the Design Parameters region of the Specify Parameter Values panel, as follows (and click Continue):

Field Value
File Encoding UTF8
Source Date Format yyyy/MM/dd hh:mm:ss z
Reconcile Deletion of Multivalued Attribute Data check box [cleared]
Reconciliation Type Full

Note: The File Encoding field contains the character set encoding used for the data in the flat file. The Source Date Format field contains the format of the date-and-time stamp ( yyyy/MM/dd hh:mm:ss z) that matches the XL.DefaultDateFormat system configuration property of Oracle Identity Manager.

For this OBE, Linda is not reconciling the deletion of multivalued attribute data (or child data) into Oracle Identity Manager. Therefore, she cleared the Reconcile Deletion of Multivalued Attribute Data check box. Also, because Linda wants Oracle Identity Manager to perform full reconciliation with the flat file, she specifies Full for the Reconciliation Type field. As a result, because the record in the flat file is "new" (that is, it does not exist in Oracle Identity Manager), it is extracted and transferred into Oracle Identity Manager.

Oracle Identity Manager populates the Batch Size, Stop Reconciliation Threshold, and Stop Threshold Minimum Records fields automatically. For more information about these fields, refer to the Oracle Identity Manager Administrative and User Console Guide.

 

After Linda clicks Continue, the Modify Connector Configuration panel appears.

This panel contains three subpanels:

  • Source. This subpanel contains data to be reconciled into Oracle Identity Manager. The data is stored in fields defined in the source. For this OBE, the source is the flat file Linda created in the section of this OBE titled Creating a Flat File.
  • Reconciliation Staging. This subpanel is a staging area that functions as a gateway between the Source and OIM subpanels.
  • OIM. This subpanel contains fields in the designated Oracle Identity Manager (OIM) form that are to house reconciled data. For this OBE, Linda is creating a trusted source reconciliation workflow. Therefore, the target Oracle Identity Manager form is the Create User form (packaged with the product).

Linda is ready to define the password data field in the Reconciliation Staging subpanel. This field is to contain the user's password. Oracle Identity Manager requires this information to create a user record after reconciling with the trusted source (for this OBE, the flat file).

 

7.

Click the Plus icon in the Reconciliation Staging subpanel.

 

8.

Enter password in the Field Name field of the Provide Field Information panel. Click Continue.

 

9.

On the Provide Mapping Information panel, click Continue.

Note: By setting this mapping, Linda is specifying that the user's login ID is to be replicated as the user's password.

 

10.

Click Close.

Linda defined the password data field in the Reconciliation Staging subpanel. She also mapped it to the login field in the Source panel.

Linda is ready to define two more data fields in the Reconciliation Staging subpanel: employeeType and userType. These fields are to contain data Oracle Identity Manager requires to create a user record after reconciling with the trusted source (for this OBE, the flat file).

 

11.

Click the Plus icon in the Reconciliation Staging subpanel.

 

12.

Enter employeeType in the Field Name field of the Provide Field Information panel. Click Continue.

 

13.

On the Provide Mapping Information panel, select the Literal option. Enter Full-Time in the text field. Click Continue.

Note: By setting this mapping, Linda is hard-coding a literal value of Full-Time for the user's employee type.

 

14.

Click Close.

 

15.

Repeat steps 11-14 to define the userType data field in the Reconciliation Staging subpanel and hard-code a literal value of End-User on the Provide Mapping Information panel.

Linda defined data fields in the Reconciliation Staging subpanel of the Modify Connector Configuration panel. She also specified mappings for these fields.

Linda is ready to create mappings between the data fields in the Reconciliation Staging subpanel and the associated fields in the OIM subpanel. By doing so, she creates a gateway between the Source and OIM subpanels. Oracle Identity Manager requires this gateway to reconcile with the trusted source (for this OBE, the flat file).

 

16.

Click the Modify icon associated with the Organization field of the OIM subpanel.

 

17.

On the Provide Field Information panel, click Continue.

 

18.

On the Provide Mapping Information panel, select organization from the Field Name field. click Continue.

By selecting organization from the Field Name field, Linda is mapping the Organization field of the OIM subpanel to the organization field of the Reconciliation Staging subpanel.

 

19.

Click Close.

Linda mapped the Organization field of the OIM subpanel to the organization field of the Reconciliation Staging subpanel.

 

20.

Repeat steps 16-19 to create the following mappings between the data fields in the Reconciliation Staging subpanel and the associated fields in the OIM subpanel.

Reconciliation Staging Field OIM Field
login User ID
firstName First Name
lastName Last Name
eMail Email
password Password
employeeType Employee Type
userType User Type

 

21.

On the Modify Connector Configuration panel, click Close.

 

22.

On the Verify Connector Information panel, click Save.

A confirmation message appears.

Linda created a GTC. She is ready to modify this connector.

 

Back to Topic List

Modifying the GTC

In the previous section of this OBE, Linda mapped the password data field in the Reconciliation Staging subpanel to the Password data field in the OIM subpanel. Each data field has a variable associated with it. A variable is a placeholder for data transmitted from one field to another.

However, because of a known product limitation, the variable associated with the password field is incorrect. Therefore, Linda must modify the GTC by assigning the correct variable to the password field. She completes this action through the Reconciliation Field Mappings tab of the Process Definition form. To access this form, she must launch the Oracle Identity Manager Design Console.

To modify the GTC, perform the following steps:

1.

Restart the Oracle Identity Manager Design Console. 

 

2.

Populate the fields of the Oracle Identity Manager Design Console login window, as follows (and click Login):

Field Value
User ID xelsysadm
Password abcd1234

The Oracle Identity Manager Design Console appears:

 

3.

Open the Process Definition form (found in the Process Management folder of the Oracle Identity Manager Explorer).

 

4.

Query for the Trusted Source connector Linda created in the section of this OBE titled Creating a Generic Technology Connector (GTC). To do so, enter TRUSTED SOURCE_GTC in the Name field. Click Query.

Note: For classification purposes, Oracle Identity Manager appends the _GTC suffix to the name of the connector.

 

5.

Click the Reconciliation Field Mappings tab. 

Note: By accessing the Reconciliation Field Mappings tab, Linda can modify the GTC by assigning the correct variable to the password field.

 

6.

For this OBE, Linda is modifying the connector by assigning the correct variable to the password field. Therefore, right-click the password field and select Edit Field Map from the popup menu that appears.

 

7.

On the Edit Reconciliation Field Mapping window, change the variable for the password field (from User Password to Identity). To do so, select Identity from the User Attribute combo box.

 

8.

On the Edit Reconciliation Field Mapping window, click Save and Close.

The Reconciliation Field Mappings tab is active. The correct variable of Identity is assigned to the password field.

Linda modified the connector by assigning the correct variable of Identity to the password field. As a result, the GTC can be used to reconcile with a trusted source (for this OBE, a flat file).

 

Back to Topic List

Using the GTC to Perform Flat-File Reconciliation

In this OBE, Linda used the GTC framework to create and manage a trusted source reconciliation workflow. As a result, Oracle Identity Manager can:

To use the GTC to perform flat-file reconciliation, perform the following steps:

1.

From the Administrative and User Console, click the TRUSTED SOURCE link that appears on the confirmation message.

Note: TRUSTED SOURCE is the name of the GTC Linda created in the section of this OBE titled Creating a Generic Technology Connector (GTC).

 

2.

Restart Oracle Identity Manager Server, and launch the Oracle Identity Manager Administrative and User Console.

 

3.

Open the Manage Scheduled Task form (found in the Resource Management folder of the Oracle Identity Manager Explorer).

Note: Linda is accessing the Manage Scheduled Task form to run a scheduled task associated with the connector. She must run this task. Otherwise, Oracle Identity Manager cannot perform flat-file reconciliation.

 

4.

Query for the scheduled task associated with the connector Linda created in the section of this OBE titled Creating a Generic Technology Connector (GTC). To do so, select Scheduled Task Name from the drop-down list in the form. Then enter TRUSTED SOURCE_GTC in the text box to the right of the list. Finally, click Search.

Note: For efficiency purposes, Oracle Identity Manager uses the same name for both the connector and the scheduled task.

 

5.

Click the Enabled link that appears to the right of the name of the scheduled task. Then, click the Run Now button.

 

6.

Open the Manage User form (found in the Users folder of the Oracle Identity Manager Explorer).

 

7.

Query for Robert La Vallie, the user account Linda created in the flat file in the section of this OBE titled Creating a Flat File. To query for this account, select User ID from the drop-down list in the form. Then enter Robert La Vallie in the text box to the right of the list. Finally, click Search User.

Because of the reconciliation workflow, this user record is detected in the trusted source and brought into Oracle Identity Manager automatically.

Linda used the GTC framework to create and manage a trusted source reconciliation workflow.

 

Back to Topic List

Summary

In this lesson, you learned how to:

 Create a flat file
 Create a Generic Technology Connector (GTC)
 Modify the GTC
 Use the GTC to Perform Flat-File Reconciliation

Back to Topic List

Related Information

 To ask a question about this OBE tutorial, post a query on the OBE Discussion Forum.

Back to Topic List

 Place the cursor over this icon to hide all screenshots.

 

Left Curve
Popular Downloads
Right Curve
Untitled Document