Configuring OID 11.1.1.6 connector in OIM 11.1.2

Leave a comment

There is a big change in the way direct provisioning is done from OIM (Oracle Identity manager) to OID(Oracle Internet Directory) using OIM 11.1.2 connectors.

The connector documentation available for OIM 11.1.1 is http://docs.oracle.com/cd/E22999_01/index.htm

The same documentation can be used for configuring provisioning/reconciliation using OIM 11.1.2 connectors. But, there is a difference in the way resource is added in 11.1.2 OIM screens and this blog will help you perform it.

I did not come across OIM 11.1.2 specific connector documentation yet.

Pre-install Tasks

Creating a Target System User Account for Connector Operations

http://docs.oracle.com/cd/E22999_01/doc.111/e28603/deploy.htm#BGBDBGIE

Download the connector software from

http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/connectors-101674.html

Link: http://download.oracle.com/otn/nt/ias/connectors/111/OID-11.1.1.6.0.zip

Perform pre-installation task (unzip the zip file in ConnectorDefault directory)

[oracle@oim-server ConnectorDefaultDirectory]$ pwd

/u01/Middleware1/Oracle_IDM1/server/ConnectorDefaultDirectory

[oracle@oim-server ConnectorDefaultDirectory]$ unzip OID-11.1.1.5.0.zip

Archive:  OID-11.1.1.5.0.zip

creating: OID-11.1.1.5.0/

creating: OID-11.1.1.5.0/bundle/

inflating: OID-11.1.1.5.0/bundle/org.identityconnectors.ldap-1.0.6380.jar

creating: OID-11.1.1.5.0/configuration/

inflating: OID-11.1.1.5.0/configuration/eDirectory-CI.xml

.

.

inflating: OID-11.1.1.5.0/xml/OID-ConnectorConfig.xml

inflating: OID-11.1.1.5.0/xml/OID-Datasets.xml

[oracle@oim-server ConnectorDefaultDirectory]$

[oracle@oim-server ConnectorDefaultDirectory]$ cd OID-11.1.1.5.0

[oracle@oim-server OID-11.1.1.5.0]$ ls

bundle  configuration  documentation  lib  readme.html  resources  xml

Configuring OIM – OID Connector in Provisioning mode.

Install the connector by login to http://<oim-hostname&gt;.<domain>:14000/sysadmin/

Login:

1

Xelsysadm/<pwd>

Click on manage connectors

2

Refresh this page J

3

Connector installation.

4

5

Click Load and wait till page loads 3 times.

6

Installation Successful

Run Oracle Identity Manager PurgeCache utility to load the server cache with content from the connector resource bundle

[oracle@oim-server bin]$ pwd

/u01/Middleware1/Oracle_IDM1/server/bin

[oracle@oim-server bin]$ export APP_SERVER=weblogic

[oracle@oim-server bin]$ export OIM_ORACLE_HOME=/u01/Middleware1/Oracle_IDM1

[oracle@oim-server bin]$ export JAVA_HOME=/u01/jdk1.6.0_37

[oracle@oim-server bin]$ export WL_HOME=/u01/Middleware1/wlserver_10.3

[oracle@oim-server bin]$ ./PurgeCache.sh all

For running the Utilities the following environment variables need to be set

APP_SERVER is weblogic

OIM_ORACLE_HOME is /u01/Middleware1/Oracle_IDM1

JAVA_HOME is /u01/jdk1.6.0_37

MW_HOME is /u01/Middleware1

WL_HOME is /u01/Middleware1/wlserver_10.3

DOMAIN_HOME is /u01/Middleware1/user_projects/domains/IDAM_domain

[Enter the admin username:]xelsysadm

[Enter the admin password:]

[Enter the service url : (i.e.: t3://oimhostname:oimportno for weblogic or corbaloc:iiop:oimhostname:oimportno for websphere)]t3://<oimhostname>.<domain>:14000

weblogic.jndi.WLInitialContextFactory

UsernamePasswordLoginModule.initialize(), debug enabled

UsernamePasswordLoginModule.login(), username xelsysadm

UsernamePasswordLoginModule.login(), URL t3://<oimhostname>.<domain>:14000

PurgeCache Login Success…

Purging the cache categories:[all] is successful

Configure IT resource for the Target System

IT resource name: OID Server

IT Resource type: OID Server

Configuration Lookup: Lookup.OID.Configuration

Connect Server Name : <leave blank=”>

baseContext : “dc=<client domain>,dc=com” (Note: Make sure you put the base context in quotes)

credentials : ****

failover : <blank>

host : <oid host=”>

port : <oid port>

principal : cn=orcladmin

ssl : false

Login to http://<oimhostname&gt;.<domain>:14000/sysadmin

7

8

Click Search

If you see an Error Page -> refresh the page by pressing F5 button.

9

Click edit

10

* Did not install and configure the connector server for OID

* Did not configure SSL for the connector

* Did not Enabling Logging for the Connector

Post-installation steps:

Clearing Content Related to Connector Resource Bundles from the Server Cache by running purgecache.sh script.

Setting up the Lookup Definition for Connection Pooling (optional, did not do it for now)

Perform the following inside the OIM design console

Login to design console and make sure auto save feature is enabled in the OID user form (resource object).

Login to design console by running $ORACLE_HOME/designconsole/xlclient.sh

In the design console check Lookup.OID.Organization

You will see only 281/LookupOIDOrg

Add the following entry to Lookup.OID.Organization lookup:

Code Key: 281~cn=Users,dc=<client domain>,dc=com (where 281 is the IT resource key)

Decode: OID Server~cn=Users,dc==<client domain>,dc=com (where LDAP_server is the IT resource name)


 Run the 2 lookup field reconciliation jobs:

OID Connector Group Lookup Reconciliation

Parameters (stuck with ones populated by default)

key code attribute : dn

decore attribute : cn

IT resource name : OID Server

Lookup Name : Lookup.OID.Group

Object Type : Group

OID Connector OU Lookup Reconciliation

key code attribute : dn

decore attribute : ou

IT resource name : OID Server

Lookup Name : Lookup.OID.Organization

Object Type : OU

Performing Provisioning Operations (Direct Provisioning)

In 11.1.2 OIM resource object cannot be directly assigned to a user.

We need to create an application instance.

So the procedure is as per the following:

 a. Create a sandbox. Do not publish it now.

b. Create an application instance

Populate the following:

Name: AppInstance1

Display Name: AppInstance1

Resource Object: OID User

IT resource instance: OID Server

Form: Create

Resource Type: OID user

Form Name: Form 1. Make sure bulkload options are enabled for all fields in the form.

In the organization for the application instance populate “Xellerate Users”

Click on checkbox for entitlement below.

Run Catalog Synchronization job from scheduler in OIM

Publish the Catalog.

Run Catalog Synchronization job from scheduler in OIM (does not cost to run multiple times).

c. Create a user in OIM:

Firstname: Subhajit

Lastname: Chaudhuri

Organization: Xellerate Users (depends)

Organization Type: Consultant (depends)

Userlogin: chaudhuri

Password: ****

Confirm password ****

 

Once the user is created, go to Accounts tab

Click on request Account

Search for Catalog with string OID

Add AppInstance1 Application instance to the cart.

 

d. Push the following information in the form:

Userid

Password

First Name

Last Name

Container DN = OID Server~cn=Users,dc=<client domain>, dc=com

ssouid

Email ID abc@pythian.com

Preferred Language

Click on Ready to Submit

Click on Submit

e. User will now get provisioned.

Check on resource summary for the user.

System Validation Completed

Create User done.

f. Log into ODSM in OID

Check that the user got provisioned there as well.

Integrating Oracle Internet Directory 11.1.1.6 with Microsoft Active Directory 2008 and Oracle Applications E-Business Suite R12.1

Leave a comment

After a successful launch of my first eBook “Integrating Oracle Applications E-Business Suite 12.1.1 with OID 11.1.1.6 and OAM 11.1.2” I am thrilled to add an extension to the project by integrating Microsoft Active Directory 2008 with OID 11.1.1.6 (which is further integrated with E-Business Suite and OAM).

Link : http://www.amazon.ca/Integrating-Directory-Applications-E-Business-ebook/dp/B00D5NGD64

Integrating Oracle Internet Directory 11.1.1.6 with Microsoft Active Directory 2008 and Oracle Applications E-Business Suite R12.1

Many of us (Apps DBAs) are working on Oracle Fusion Middleware and various other IDM products already. This book will help us in setting up an environment for testing, troubleshooting and gaining more expertise on these integrations in-house.

This book demonstrates the toughest part in setting up and configuring Active Directory in a Home Lab. Also installation screenshots of Microsoft Windows Server 2008 is covered.

Products involved while writing this book:

Oracle Enterprise Linux 4 Update 8

Oracle Applications E-Business Suite R12.1

Oracle JDK 6 Update 37 for Linux x86-64

Weblogic 10.3.5

Oracle Fusion Middleware Repository Creation Utility

Identity Management Suite

Identity Management 11g which includes OID, OVD, OIF, and OHS.

Identity and Access Management 11g which includes OAM, OIM, OAAM, OAPM, and OIN.

Oracle Fusion Middleware Web Tier

Oracle Access Manager WebGates

AccessGate

Microsoft Windows Server 2008 Standard Edition

Microsoft Active Directory 2008


The Flow of information:

E-Business Suite R12.1 is integrated with OAM 11.1.2 and OID 11.1.1.6.

OID 11.1.1.6 is integrated with Microsoft Active Directory 2008.

AD is the master source for all user information.

Using synchronization profile, users created in Active Directory get moved to OID. The password attribute of the user does not get propagated from AD to OID.

Using DIP, users created in OID are passed into Oracle Apps E-business Suite.

GUID of the user in E-Biz matches with orclguid in OID.

OAM is integrated with OID and E-Business Suite.

When a user tries to login to E-business Suite, he is re-directed to the OAM login page.

The user enters his/her username and password. The authentication happens in OID and password is verified in AD using the password authentication plugin installed in OID side.

Once the username and password matches, the user is re-directed to the E-Business Suite Home Page and responsibilities are displayed.

High Level Steps

  1. Installation of Windows 2008 Server
  2. Installation of Active Directory
  3. Configure Home networking so that the host OS falls under AD Domain (optional)
  4. Configure Remote Desktop for users (optional)
  5. Trying to use RDP for the very first time, certificate is installed
  6. Verify account before performing import sync
  7. Manually create the AD OID integration profile and setup the synchronization
  8. Validate / re-Validate mapping until you have no errors
  9. Bootstrap the users using the command line tool
  10. Enable the profile using either FMW EM Console or via the command line tool.
  11. 11g WLS Scripts needed for DIP Management
  12. Validate Mapping Rules
  13. Password Plugin Configuration
  14. Ldapcompare command
  15. E-Business R12.1 and OID integration
  16. Start E-Business Application tier opmn and managed services:
  17. Created a user in AD and make sure it reached OID and E-Business.
  18. Make sure OAM is registered with OID and E-Business.
  19. Document References

My next book will cover Oracle Identity Manager (OIM) integrations with Active Directory, OID and E-business Suite. We will see how OIM connectors are put into good use and how OVD can be used to map more than one Identity Management solution. We will also dig deep into the concepts of Reconciliation and Provisioning.

My First E-Book – Integrating Oracle Applications E-Business Suite 12.1.1 with OID 11.1.1.6 and OAM 11.1.2

1 Comment

I have released my first eBook in Amazon to share my experience on integrating Oracle Applications E-Business Suite 12.1.1 with Oracle Internet Directory 11.1.1.6 and Oracle Access Manager 11.1.2. The OAM version 11.1.2 got certified recently with 12.1 Ebusiness Suite.

Link: http://www.amazon.com/Integrating-Applications-E-Business-11-1-1-6-ebook/dp/B00BLS5EIS

11

I am personally very excited about this.

The following is what comes with IDM and IDAM:

Identity Management (IDM)

Includes:

  • HTTP Server
  • Internet Directory
  • Directory Integration Platform
  • Virtual Directory
  • Directory Services Manager – for synchronization and provisioning
  • Identity Federation
  • Security Developer Tools
  • Enterprise Manager Fusion Middleware Control

Required Additional Software:

  • Identity Management
  • WebLogic Server
  • Repository Creation Utility
  • Patch Scripts
  • Oracle Database

Oracle Identity and Access Management (IDAM)

Includes:

  • Access Manager
  • Adaptive Access Manager
  • Identity Manager
  • Identity Navigator
  • Oracle Security Token Service
  • Oracle Entitlements Server

Required Additional Software:

  • WebLogic Server
  • Repository Creation Utility
  • Patch Scripts
  • Oracle Database
  • BI Publisher
  • SOA Suite (for Oracle Identity Manager)


 Softwares used for the project:

  • Oracle E-Business Suite R12.1.1 + few AD/TXK patches + AccessGate 1.2.1 patch
  • Oracle JDK 6 Update 37 for Linux x86-64
  • Weblogic 10.3.5
  • Oracle Fusion Middleware Repository Creation Utility 11g (11.1.1.6.0)
  • Oracle Identity Management 11g Patch Set 5 (11.1.1.6.0)
  • Oracle Fusion Middleware Repository Creation Utility 11g (11.1.2)
  • Oracle Identity and Access Management 11g (11.1.2.0.0)
  • Oracle Fusion Middleware Web Tier Utilities 11g (11.1.1.2.0)
  • Oracle Fusion Middleware Web Tier Utilities 11g Patch Set 4 (11.1.1.5.0)
  • Oracle Access Manager WebGates 11.1.1.5.0

This book covers details about the basic architecture, flow of data/information, implementation plan comprising 52 steps and each step supported by command outputs and screenshots for every mouse click.

This book is only available in the Kindle version. If you do not have a kindle/iPad/iPhone device, no worries! You can download the kindle software for your PC from http://www.amazon.com/gp/feature.html?ie=UTF8&docId=1000426311 and then sign up in Amazon and get the book delivered directly to your kindle software installed on your PC.

The following documents act as good references:

  • Oracle Fusion Middleware 11g – Video and Podcasts Index [ID 1307123.1]
  • Overview of Single Sign-On Integration Options for Oracle E-Business Suite [ID 1388152.1]
  • Migrating Oracle Single Sign-On 10gR3 (10.1.4.3) to Oracle Access Manager 11gR2 (11.1.2) with Oracle E-Business Suite [ID 1485033.1]
  • Integrating Oracle E-Business Suite Release 12 with Oracle Access Manager 11gR2 (11.1.2) using Oracle E-Business Suite AccessGate [ID 1484024.1]
  • LDAP Directories Explained: An Introduction and Analysis – by Brian Arkills
  • Master Note for 11g Oracle Internet Directory (OID) [ID 1341134.1]
  • Troubleshooting Guide: Oracle Fusion Middleware (FMW) OID DIP [ID 276481.1]

I am already working on my next book which will carry details about SSO 10g upgrade to OAM 11g leveraging mod-osso component and bypassing the AccessGate and webgate layer. It will also cover OAM integration with WNA (Windows Native Authentication) and OID 11g integration with Microsoft AD (Active Directory). I am planning to release it in quick time. So stay tuned!