sion

Oracle Fusion Middleware : Oracle Identity and Access Management Suite 10g/11gR1/11gR2PS1,PS2,PS3 : OIM | OAM,OAAM,OIF | OID, OVD, DIP | OUD/ ODSEE | Microsft AD | OpenLDAP | ADF | EBS R12 | OECMCCR4 | Business Intelleigence - Bi Publisher | Banking | Demo Applications | Core Java | SQL | PLSQL | Web services | Weblogic | Tomcat | JBoss | OHS | WebGate | WebCenter | In any Queries please Contact Me : info@oratechsoft.com

Search This Blog

Sunday, 12 July 2015

Connecting Oracle Identity Manager 11g to Primavera Unifier

The OIM connector has three folders:

1.  JavaTasks has a jar file to communicate with Primavera Unifier.
2.  Resources/XML has an xml file to import into OIM.
3. ThirdParty has third party jars that the connector must use.
As an administrator, you can take advantage of the OIM connector to provision Primavera Unifier users. The OIM connector helps you administer the complete user identity life cycles of Primavera Unifier users. As a primary example, when you create a new user in OIM, it will also create a new user with the same user login name, email address, and personal name in the Primavera Unifier database.
The core attributes and operations supported by the connector are listed below.
Attributes

The following user attributes are managed:

Note: OIM will provision all attributes except the password.

 Login Name
 Password
 First Name
 Last Name
 E-mail Address
Operations

The following operations are supported:

 Create User: Add a new user in Primavera Unifier via OIM.
 Modify User: Modify an attribute, such as an e-mail address, in Primavera Unifier via OIM.
 Disable User: Disable a user's access to the application via OIM.
 Enable User: Enable a user's access to the application via OIM.

Before you configure OIM with Primavera Unifier, you need to check the following in OIM:

1) Verify the System Properties.
2) Update the Lookups.
3) Create and publish a sandbox environment to hide the admin menu from non-admin users.

Installing the OIM 11g R2 Application

Follow the steps below to install OIM and the other applications needed to use OIM:

1) Install Oracle Identity Manager (OIM). Refer to the following URL for documentation specific to this release: http://docs.oracle.com/cd/E27559_01/index.htm.

2) After installing and configuring the Oracle Identity Manager Server for the first time, you must start the Oracle Identity Manager Managed Server. For information about starting the server, see "Starting the Stack" (http://docs.oracle.com/cd/E27559_01/install.1112/e27794/strtstop.htm#OAMQI75794) in the Oracle Identity Manager documentation.

3) Install Primavera Unifier:
          a. Verify the installation works.
          b. Open the Unifier Configurator.
          c. In the General tab, select the option in the OIM/OAM Enabled field.

Verifying System Properties

To verify the system properties:

1) Login to Identity System Administration as an administrative user (for example, xelsysadm).
2) Under System Management, select System Configuration.
3) Locate OIM.Provisioning and ensure the Value field shows ON.
4) Locate XL.EnableDisabledResources and ensure the Value field shows TRUE.
5) Locate XLUserResource.ProvisionMode and ensure the Value field shows JAVA.
6) Change the default user name policy.

By default, OIM uses the email address as the user name, but Unifier does not accept special characters (like the @ symbol) in user names. So you must change the policy.

a. Locate XL.DefaultUserNamePolicyImpl:
Prerequisites Before Configuring OIM

b. In the Value field, change oracle.iam.identity.usermgmt.impl.plugins.DefaultComboPolicy to oracle.iam.identity.usermgmt.impl.plugins.LastNameFirstInitialPolicy.


Updating Lookups

To update lookups:

1) Under Configuration, select Lookups.
2) In the Search window, enter Lookup.USR_PROCESS_TRIGGERS and click Search.
3) Select Lookup.USR_PROCESS_TRIGGERS and click on the edit icon.
4) In the Edit Lookup Type window:
              a. Click Create Lookup Code.
              b. In the Meaning field, enter Change Email.
              c. In the Code field, enter USR_EMAIL. Ensure it's in all caps.
             d. In the Enabled field, select the enabled option.
             e. Click on Save.
5) Click OK to close Lookups.


Creating a Sandbox for Non-Admin Users

The administrative user needs to hide the Administration menu from non-admin users in the Identity Self Service portal.

To hide the Administration menu:

1) Login to the Identity System Administration portal as an administrative user.
2) Select Sandboxes.
3) In the Manage Sandboxes tab, select the Create Sandbox.
4) In the Create Sandbox dialog box:
             a. In the Sandbox Name field, enter a name for the sandbox to identify its purpose.
              b. In the Description field, enter a description of the sandbox.
              c. In the Activate Sandbox field, select the option.
              d. Click Save and Close.
              e. On the confirmation message, click OK.
5) Logout of the Identity System Administration portal.
6) Login to the Identity Self Service portal as an administrative user.
7) Click Sandboxes.
8) Select the sandbox you created.
9) Select Activate Sandbox.
When the sandbox actives, the sandbox link in the top right corner will show the name of the sandbox you created.
10) Select Customize in top right corner.
Connecting Oracle Identity Manager 11g to Primavera Unifier
11) In the Editing Page Identity Self Service toolbar, select the Views dropdown and select Source.
12) Select the Administration portion in the left navigation bar.
13) In the Confirm Task Flow Edit dialog box, select Edit.
14) Click Edit from the top bar.
15) In the Component Properties: Administration dialog box:
a. In the Show Component field, click the arrow.
b. Select Expression Builder….
16) In the Edit dialog box:
a. Select Type a Value or expression.
b. Enter #{oimcontext.currentUser.roles['SYSTEM ADMINISTRATORS'] != null}.
c. Click OK.
17) Click OK to close the Component Properties: Administration dialog box.
18) Click Close from top right to close the Editing Page Identity Self Service toolbar.
19) Select your sandbox and click on Publish Sandbox.
20) Click Yes in confirmation window.
Your sandbox will disappear from Manage Sandboxes.
21) Logout of the Identity Self Service portal.
22) Login to the Identity System Administration portal as a non-admin user.
23) Verify that the Administration section is not visible.



Enabling Single Sign-On

To use OIM, ensure you have enabled Single Sign-On (SSO) and have Oracle Access Manager (OAM) and Oracle HTTP Server/Webgate managing SSO. See the Administrator's Guide for more information.



Workflow

a) Prerequisites
b) Reinstall and Reconfigure OIM Connector
c) Disable Email Uniqueness Validation in OIM
d) Import Configuration XML to create Scheduler Task
e) Create Scheduler Job and specifying parameters

Prerequisites

Ensure that you have:

Setting up OIM for Bidder Integration
 OIM and Unifier installed and configured properly.
 The latest version of OIM Connector.
 Configured OIM and imported OIM Connector.

Reinstall and Reconfigure OIM Connector

1) Stop the OIM Server (For example: WebLogic OIAMDmain - Oracle_IDM2)
2) Copy “OIMConnector.zip” to the local drive (on your PC or Server). The local drive is where you install and configure the OIM Connector
3) Unzip the zip file to local driver and name the folder (For example: CONNECTOR_HOME)
4) Copy CONNECTOR_HOME/JavaTasks/primavera-unifier-oim-connector.jar and paste to OIM_HOME/server/JavaTasks/
5) Copy all the "jars" from CONNECTOR_HOME/ThirdParty/ and paste to OIM_HOME/server/ThirdParty/
6) Start the OIM Server (For example: WebLogic OIAMDmain - Oracle_IDM2)
7) Log in to “Identity System Administration” with admin user’s credentials
8) Click Import (under “System Management”)
9) Select configuration_data.xml (CONNECTOR_HOME>/Resources/XML/configuration_data.xml) to import

When the Deployment Manger - Import window opens:

1) Verify details displayed under File Preview and click Add File
2) Verify details displayed under Substitution and click Cancel Substitution
3) Verify details displayed under Primavera Unifier IT Resource and click Cancel IT Resource Modification
4) Verify details displayed under Current Selections
Note: You may need to expand Primavera Unifier Resource Object and Primavera Unifier Process selections.
5) Right-click UD_PU_USERS and click Remove
6) Ensure that you see the UD_PU_USERS file in the Objects Removed From Import section on the top right-hand corner of the Deployment Manger - Import window
7) Click Import, wait until you see the confirmation message, and click OK
8) Close the Deployment Manger - Import window
Disable Email Uniqueness Validation in OIM
By default, OIM prevents two users to have the same email address (email uniqueness). 

To change the default setting for email uniqueness, follow these steps:

1) Log in to Oracle Identity System Administration
2) Click System Management tab
3) From the left-hand pane, click System Configuration
4) In the Search System Properties field enter *email* (include the asterisks, or stars)
5) Press Enter on your keyboard or click the right-arrow icon to begin search
If property keyword “OIM.EmailUniqueCheck” is not defined:


Connecting Oracle Identity Manager 11g to Primavera Unifier

1) Click Actions and select Create to open the Create System Property window and follow these steps in Create System Property window:
2) Provide the required System Information to define a new property as follows:
 Property Name: “Whether or not email should be validated for uniqueness”
 Keyword: “OIM.EmailUniqueCheck”
 Value: "FALSE"
1) When finished, click Perform
If property keyword “OIM.EmailUniqueCheck” is defined:
1) In the System Configuration pane (Search System Properties) click the keyword: OIM.EmailUniqueCheck
2) Verify the information presented in the System Property Detail window to ensure tha tthe Value is set to FALSE.
3) Click Save to complete changing the default setting for email uniqueness

Import Configuration XML to create Scheduler Task

1) Log in to Oracle Identity System Administration
2) Click System Management tab
3) From the left-hand pane, click Import to open the Deployment Manager - Import window
At this point, the file selector window opens allowing you to select the XML file for import, by default.
Note: If the file selector window does not open, click Add File.
1) Select the XML file to import (For example: CONNECTOR_HOME/Resources/XML/Primavera_Unifier_Reconciliation_Task.xml)
2) Review the details of the file that you want to import
3) Click Add File to add the file to the Current Selections window (For example: Primavera_Unifier_Reconciliation_Task.xml)
4) Click Import and if prompted, confirm your selection
5) When finished, click OK to complete the import process and close the Deployment Manager - Import window
Create Scheduler Job and specifying parameters
1) Log in to Oracle Identity System Administration
2) Click System Management
3) Click Scheduler tab
4) In the Search Scheduled Jobs field enter * (asterisk or star) and click the right-arrow icon to see the existing Scheduled Jobs
5) Click Actions and select Create to open the Create Job window
6) Enter a name in the Job Name field (For example: Primavera_Unifier_Reconciliation_Job)


Configuring OIM 11g

7) Click the magnifying glass (in front of the Task field) to open the Search and Select: Scheduled Task window
8) In the Search field enter * (asterisk or star) and click the right-arrow icon to search and retrieve a list of all tasks
9) Click to select your desired task (For example: Primavera_Unifier_Reconciliation_Task) and click Confirm to open the Create Job window
10) Review the contents of the Create Job window
Note: The Create Job window has an additonal section: Parameters.
11) Complete the fields under Job Information, Job Periodic Settings, and Parameters, as follows:
 Start Date: Click the calendar icon and select a date (For example: March 20, 2014 12:00:00 AM PDT)
 Retries: (For example: 0)
 Schedule Type: Select a desired option (For example: Periodic)
 Run Every: Enter a time period (For example: 5 mins)
 OIM Installation Location: (For example: /apps/Oracle/Middleware/Oracle_IDM2)
 OIM Server URL: (For example: t3://slc05etq.us.oracle.com:14000)
 OIM Admin User Name: (For example: xelsysadm)
 OIM Admin User Password: (For example: <password for xelsysadm user>)
 Unifier Server Protocol: (For example: http)
 Unifier Server Host: (For example: host-pc2)
 Unifier Server Port: (For example: 7001)
 Unifier Admin Comp Short Name: (For example: pcc)
 Unifier Admin Comp Auth Code: (For example: <authentication code for pcc company>)
Note: The values of the following fields are the same values as in Primavera Unifier IT Resource.
 Unifier Server Protocol
 Unifier Server Host
 Unifier Server Port
 Unifier Admin Comp Short Name
 Unifier Admin Comp Auth Code
1) Click Apply to complete creating a scheduler job
Complete these steps before you begin connecting OIM 11g and Primavera Unifier.
1) Copy OIMConnector.zip to a local drive where you are planning to install and configure the OIM Connector.
2) Unzip the file to a local folder (this doc will use CONNECTOR_HOME).
Configuring OIM 11g

Connecting Oracle Identity Manager 11g to Primavera Unifier

3) Copy the primavera-unifier-oim-connector.jar (in CONNECTOR_HOME/ JavaTasks/) to OIM_HOME/server/JavaTasks/.
4) Copy all the jars from in CONNECTOR_HOME>/ThirdParty/ to OIM_HOME/server/ThirdParty/.
5) Login to Identity System Administration as an admin user.
6) Under System Management, click Import.
7) In the Select a file to import dialog box:
a. Go to CONNECTOR_HOME/Resources/XML/.
b. Select configuration_data.xml.
c. Click Open.
8) In the Deployment Manager dialog box:
a. Verify the details and click on Add File.
b. On the Substitution screen, click Next.
c. In the Provide IT Resource Instance Data screen, enter the details for Primavera Unifier IT Resource and click Next.
d. If you don't have anymore instances, click on Skip.
e. In the Confirmation screen, click View Selections.
f. Verify the details and click Import.
g. In the Success dialog box, click OK at success window and restart OIM (or the server) if required.
h. Close the import screen.
9) Under Configuration, click Application Instances.
10) Click the Create icon to create new application instance.
11) In the Create Application Instance screen:
a. In the Name field, enter a name for the Primavera Unifier instance.
b. In the Display Name field, enter the name you want to display for the Primavera Unifier instance.
c. In the Resource Object field, select a resource object for Primavera Unifier.
d. In the IT Resource Instance, select an IT resource instance for Primavera Unifier.
e. Click Save.
12) Ensure the Catalog Synchronization job runs automatically. If it doesn't, run it manually.
13)Once the application instance completes, go to the Organization tab and add organizations to the instance if needed.
Provisioning Users for OIM

Provisioning Users for OIM

Once you have configured OIM and Primavera Unifier, you will need to provision users in OIM. Provisioning users will ensure you can manage (create, disable, modify) user's profiles through both OIM and Primavera Unifier. For more information on provisioning, see the documentation included with OIM.
Creating Users for Primavera Unifier

To create users from OIM for Primavera Unifier:

1) Create an administrative user in OIM to match the Primavera Unifier administrator:
             a. Login to OIM.
             b. Create an organization with the name Site.
             c. Create an Administrator user in OIM.
2) Login to Unifier as the Administrator you created.
             a. Create the ootb company.
             b. Give the company a short name and authentication code.
3) Return to OIM:
             a. Update the IT Resource in OIM with the ootb information.
             b. Create an organization with the ootb short name.
             c. Create a non-admin user and assign the user to the ootb organization.
             d. In the Accounts tab, click Request Accounts to provision.
             e. Select the Primavera Unifier application instance you created.
             f. Add the instance to the cart.
             g. Click Checkout to provision.
Modifying, Disabling, Enabling OIM Users' Primavera Unifier Privileges
Refer the OIM 11g R2 Application documentation for more information on creating, modifying, and removing users.


To modify or delete an OIM user's access to Primavera Unifier, follow the steps below.

To modify an account:
1) Select the user you want to modify.
2) In User Details page:
       a. Click Modify User.
       b. Update the first name, last name, and email address.
       c. Click Submit.

To disable an account:

1) Select the user you want to disable.
2) In User Details page, go to the Accounts tab.
3) Select the Application Instance you want to disable.
4) Click Disable.

Connecting Oracle Identity Manager 11g to Primavera Unifier
--------------------------------------------------------------------

To enable an account:
1) Select the user you want to enable.
2) In User Details page, go to the Accounts tab.
3) Select the Application Instance you want to enable.
4) Click Enable.

No comments:

Post a Comment