OIM Web Service Connector - Oracle · 2014-06-04 · Deploy and configure web service connector...

Deploy and configure web service connector Oracle Proprietary - Restricted to Personal Use in an Oracle partner training class

1

OIM Web Service Connector Lab26-Deploy and Configure Web Service Connector

Disclaimer: The Virtual Machine Image and other software are provided for use only

during the workshop. Please note that you are responsible for deleting them from your

computers before you leave. If you would like to try out any of the Oracle products,

you may download them from the Oracle Technology Network

(http://www.oracle.com/technology/index.html) or the Oracle E-Delivery WebSite

(http://edelivery.oracle.com)

http://www.oracle.com/technology/index.html

http://edelivery.oracle.com/


2

Contents Business Case ........................................................................................................................................................... 4

Business Use Cases - Extending the connector ....................................................................................................... 4

Using this Document................................................................................................................................................ 5

Extending the connector – Detailed Lab Instructions ............................................................................................ 5

1. Deploy Sample WS to SOA Service ................................................................................................................... 5

2. Generate an instance of WS Connector CLOUD CRM ...................................................................................... 6

3. Install the CLOUD CRM Connector in OIM ....................................................................................................... 7

4. Create an IT Resource Instance CLOUD CRM ................................................................................................... 8

5. Create a new Sandbox .................................................................................................................................... 10

6. Create an Application Instance CLOUD CRM ................................................................................................. 11

7. Create Form CLOUDCRM ................................................................................................................................ 12

8. Create a new Parent Form Field Extension Attribute in the CLOUDCRM Form ............................................. 14

9. Publish the Sandbox. ...................................................................................................................................... 15

Creating Custom Attribute (Create User Operation) ............................................................................................ 16

1. Update the Provisioning Attribute Map Lookup to add mapping of OIM attributes to Web Service

Attributes. ................................................................................................................................................... 16

2. Run Catalog Synchronization Job. .............................................................................................................. 18

3. Open the wired SOA Composite that is part of the Assets package. ......................................................... 19

4. Add provisioning attribute mappings in SOA Composite ........................................................................... 19

5. Deploy the SOA Composite to the SOA Server. .......................................................................................... 23

6. Log into OIM and provision the ACME CRM Account to a User. ................................................................ 25

Modifying Custom Attribute (Update Operation) ................................................................................................ 26

1. Add Custom Attribute for Update Operation............................................................................................. 26

2. Add the adpACMEUPDATEATTRIBUTEVALUE adapter ............................................................................... 28



3



6. Log into OIM and Modify the Value of Extension Attribute....................................................................... 40

Password Reset Operation .................................................................................................................................... 41




4. Log into OIM and Reset the Password of ACME CRM User Account. ........................................................ 50


4

Business Case [ACME] corporation leverages the OIM Web Services connector to manage accounts in its cloud applications.

This connector has given them the ability to manage accounts across all their cloud applications without

spending additional money and time on building custom connectors for each of their Cloud Applications. The

OIM web services connector has given them the platform through which they can

Accelerate implementation and their return on investment.

Minimize custom development; reduce maintenance and total cost of ownership.

Effectively managing change is critical to the success of any IT Project and in this scenario we will demonstrate

how to extend the connector to meet new business requirements.

Business Use Cases - Extending the connector

I. The Cloud CRM application stores an Employee’s Business Group in an attribute named

“ExtensionAttribute”; initially this attribute was being managed by a dedicated Cloud CRM Admin. In an

effort to ensure consistency and streamline operations the IT team has mandated that this attribute be

managed by Oracle Identity Manager.

II. [ACME] corporation’s end users have been using Oracle Identity Managers self service console to manage

their contact number (Mobile attribute). The Cloud CRM Application stores an employee’s contact number

in an attribute named MobilePhone. To ensure that an employee’s contact number is synchronized with

the Cloud CRM system we will extend the connector to provision the value of the Mobile attribute(OIM) to

the MobilePhone attribute(Target Web Service) in the Cloud CRM application.


5

Using this Document

Following environment specific values have been used in this document, please replace these values to match

your deployment environment.

Field Value

hostname identity.oracleads.com

Weblogic Console Port 7001

OIM Port 14000

SOA Infra Port 8001

OIM Admin admin

Weblogic Admin weblogic

All Passwords Oracle123

Assets Home /app/assets

OIM Home /app/Middleware/Oracle_IDM1/server

Existing User Alice Adams

Extract the contents of Extending Webservice Connector.zip to /app/assets [Assets Home]

Note: For the workshop environment files are extracted into /app/assets folder.

Extending the connector – Detailed Lab Instructions

1. Deploy Sample WS to SOA Service

a. The sample web service is located at /app/assets/SampleWebservice.war

b. Log into Weblogic Console

1. http://identity.oracleads.com:7001/console

2. weblogic/Oracle123

c. Click on Deployments from the menu.

d. Click on Install.

e. Specify Path as /app/assets

f. Select SampleWebservice.war

g. Click on Next

h. Select “Install this deployment as an application”

i. Click on Next.

j. Select soa_server1


6

k. Click on Next.

[Note this can be deployed on any application server, for the purpose of this lab we will deploy it on the

SOA server to minimize the number of active runtime servers]

l. Select “I will make the deployment accessible from the following location”

m. Click on Next.

n. Review Deployment Summary.

o. Click on Finish.

2. Generate an instance of WS Connector CLOUD CRM a. Download Webservice connector from OTN

http://download.oracle.com/otn/nt/ias/connectors/111/Webservices-11.1.1.5.0.zip

Note: For the workshop environment. The connector has already been downloaded into /app/assets

folder. You can skip this step.

b. Extract the contents of the connector bundle.

cd /app/assets unzip Webservices-11.1.1.5.0.zip

http://download.oracle.com/otn/nt/ias/connectors/111/Webservices-11.1.1.5.0.zip


7

c. Grant execute permissions on the connector build scripts.

d. Run the build scripts to create an instance of the OIM web service connector.

e. Copy the Connector to the ConnectorDefaultDirectory

cd Webservices-11.1.1.5.0 chmod +x build-connector.sh ./build-connector.sh "Cloud CRM" "CCRM" cd .. cp -rf Webservices-11.1.1.5.0 /app/Middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/

3. Install the CLOUD CRM Connector in OIM a. Log into the OIM sysadmin console as an administrator

http://identity.oracleads.com:14000/sysadmin

Admin/Oracle123

b. Click on Manage Connector

c. In the pop up window click on Install to install the new connector

d. Select Cloud CRM Connector 11.1.1.5 and click on Load.

e. Click on Continue.

f. Do not close the Pop up window. It takes about 2 to 5 min to install the connector in OIM.



8

g. Once the connector is installed you will see a Successful message.

h. Click on Exit.

4. Create an IT Resource Instance CLOUD CRM

Note: Testing the WSDL connection.

You need to make sure that the WSDL of the Sample WebService you deployed in section 1 is

accessible.

Open a browser and enter the following URL

http://identity.oracleads.com:8001/SampleWebservice/My_Service?wsdl

You should see the WSDL returned in the browser.

If you are not able to get the WSDL. Stop in this step here as it needs to be resolved. Otherwise you

can continue.

a. Log into the OIM sysadmin console as an administrator



9


Admin/Oracle123

b. Click on IT Resource.

c. Click on Create IT Resource.

d. Provide the following values in the Provide IT Resource Information form

Field Value

IT Resource Name Cloud CRM

IT Resource Type Cloud CRM

e. Click on Continue.

f. Provide the following values in the Specify IT Resource Parameter Values form

Field Value

passcode Oracle123

securityPolicies oracle/wss_username_token_client_policy

soaServiceWSDL http://identity.oracleads.com:8001/soa-infra/services/default/CloudCRMWSConnector/wsconnector_client_ep?WSDL

soaUserName weblogic

soaUserPassword Oracle123

Note: Make sure to enter the WSDL URL in Single Line.

g. Click on Continue.

h. Click on Continue in the Set Access Permission to IT Resource page.

i. Click on Continue in the Verify IT Resource Details page.



10

j. Click on Continue in the IT Resource Connection Result page.

k. Click on Finish.

5. Create a new Sandbox a. Log into the OIM sysadmin console as an administrator


Admin/Oracle123

b. Click on the Sandboxes link.

c. Click on the Create Sandbox button. Provide the following values in the popup window.

Field Value



11

Sandbox Name CloudCRM

Sandbox Description Sandbox to create artifacts for Cloud CRM Connector

d. Click on the Save and Close button.

6. Create an Application Instance CLOUD CRM

a. Log into the OIM sysadmin console as an administrator


Admin/Oracle123

b. Ensure that the Sandbox CloudCRM is active

c. Click on Application Instances

d. Click on Create.

e. Provide the following values in the Create Application Instance form.

Field Value

Name CloudCRM

Display Name Cloud CRM

Description Cloud CRM Application

Resource Object Cloud CRM User

IT Resource Instance Cloud CRM

f. Click on the Save button.



12

7. Create Form CLOUDCRM

a. While in Cloud CRM Application instance tab click on the Create icon besides the Form field.

b. Provide the following values in the New form for Cloud CRM User form.

Field Value

Resource Type Cloud CRM User

Form Name CLOUDCRM

c. Click on the Create button.


13

d. In the Application Instance: Cloud CRM tab click on the Refresh icon besides the Form field.

e. Select the CLOUDCRM from the Form field lookup.

f. Click on the Apply button.


14

8. Create a new Parent Form Field Extension Attribute in the CLOUDCRM Form a. In the Application Instance: Cloud CRM tab click on the Edit icon besides the Form field.

b. In the Manage CloudCRM ->Fields sub tab click on the Create icon.

c. Set Field Type as Text in the popup window.

d. Click on the OK button.

e. Provide the following values in the Create Text Field form

Field Value

Display Name Extension Attribute

Display Width (default) 40

Name (auto populated) ExtensionAttribute

Description Extension Attribute

Searchable Checked

f. Click on the Save and Close button.


15

g. Click on the Regenerate View icon.

h. Click on the OK button in the popup window.

9. Publish the Sandbox. a. Close all tabs except the Manage Sandboxes tab.

b. Select the CloudCRM sandbox.

c. Click on the Publish Sandbox button.

d. Click on the Yes button in the confirmation window that pops up.


16

Creating Custom Attribute (Create User Operation)

1. Update the Provisioning Attribute Map Lookup to add mapping of OIM attributes

to Web Service Attributes. a. Log into the OIM sysadmin console as an administrator

1. http://identity.oracleads.com:14000/sysadmin

2. Admin/Oracle123

b. Click on Lookups.

c. Enter Lookup.CCRM.UM.ProvAttrMap in the Meaning field

d. Click on the Search Button.

e. Ensure Lookup.CCRM.UM.ProvAttrMap is selected then click on the Edit icon.

f. Modify the mapping of the Mobile attribute. Set the following values



17

Field Value

Meaning (Target WS Attribute) MobileNumber

Code (OIM Field Label) Mobile

g. Click on the Create Icon to add an additional lookup code value. Add the following values:

Field Value

Meaning (Target WS Attribute) ExtensionAttribute

Code (OIM Field Label) Extension Attribute


18

h. Click on the Save button.

i. Click on the OK Button to close the popup window.

2. Run Catalog Synchronization Job. a. Log into the OIM sysadmin console as an administrator

1. http://identity.oracleads.com:14000/sysadmin

2. Admin/Oracle123

b. Click on Scheduler.

c. Type Catalog Synchronization Job in the Search text box

d. Click on the Search icon.

e. Click on the Catalog Synchronization Job.

f. In the Job Details: Catalog Synchronization Job tab Click on the Refresh button.

g. Verify the Attribute values of the Scheduled Job Parameters

Field Value

FilePath [Blank]

Mode Incremental

Process Application Instances Yes

Process Entitlements Yes

Process Roles Yes

Updated Date [Leave Default]



19

h. Click on Run Now.

3. Open the wired SOA Composite that is part of the Assets package. a. A wired version of the SOA composite is available for this lab. To extract the contents unzip the

contents of the CloudCRM.zip file.

cd /app/assets unzip CloudCRM.zip

Note: If your environment details are different then you need to replace the My_Service.wsdl file

located at /app/assets/CloudCRM/CloudCRMWSConnector/wsdl/ with the one that is available in your

environment.

You can download the wsdl file from URL:


b. Start Jdeveloper. Ensure that you are using Jdeveloper 11.1.1.6 and have SOA Composite Editor

Extension for Jdeveloper 11.1.1.6 installed.

c. From the Jdeveloper menu Navigate to File -> Open.

d. Select /app/assets/CloudCRM/ CloudCRM.jws.

e. Click on the Open button.

4. Add provisioning attribute mappings in SOA Composite a. Double click on the WSConnector.bpel file from the Application Navigator tab to open the file for

editing.



20

b. Double click on the CreateAssignment task to add mappings for Extension Attribute and Mobile

attributes.

c. In the Copy Rule tab you will see 2 windows with To (left) and From (right) variable list.

d. In the From (left) window expand Process->Variables->CreateOp_InputVariable->parameters-

>ns2:create->userAccount->otherAttributes.

e. In the To (right) window expand Process->Variables->InvokeCreate_CreateAccount_InputVariable-

>prarmeters->ns3:CreateAccount->arg0

f. Click on the value attribute in the From (left) window; drag and drop the mouse to the

extensionAttribute attribute in the To(right) window.

g. Click on the value attribute in the From (left) window; drag and drop the mouse to the mobileNumber

attribute in the To(right) window.

Note: If you are not able to see the variables on the right hand side. Make sure you download the

WSDL file from http://identity.oracleads.com:8001/SampleWebservice/My_Service?wsdl

Save it as My_Service.wsdl inside /app/assets/CloudCRM/CloudCRM/CloudCRMWSConnector/wsdl

Directory replacing the existing WSDL file. Now check the mapping again.



21


22

h. Manually Edit the XPath of the From Variable of the copy operation for Mobile Number and Extension

Attribute as follows

Attribute From:XPath (new)

ExtensionAttribute /ns2:create/userAccount/otherAttributes[name = 'ExtensionAttribute'] /value

MobileNumber /ns2:create/userAccount/otherAttributes[name = 'MobileNumber'] /value

Note: The blue assignment line shifts to userAccount on the ‘From’ side after this step.

i. Right click on the mappings for MobileNumber and ExtensionAttribute and select

ignoreMissingFromData.


23

j. Click on the Apply button.

k. Click on the OK button

l. Click on the Save All icon from the menu.

5. Deploy the SOA Composite to the SOA Server. a. Right Click on the CloudCRMWSConnector project in Jdeveloper.

b. Navigate to Deploy -> CloudCRMWSConnector


24

c. Select Deploy to Application Server.

d. Click on the Next button.

e. Ensure Overwrite any existing composite with the same revision ID is checked.

f. Click on the Next button.

g. Click on the + icon to add Application server connection information.

Attribute Value

Connection Name OIM-SOA

Connection Type [default] Weblogic 10.3

Username weblogic

Password Oracle123

Weblogic hostname Identity.oracleads.com

Port 7001

SSL Port 7002

Weblogic Domain Iam_domain

h. After providing connection information click on the Test Connection button to verify the connection.

i. Click on the Finish button.

j. Click on the Finish button.


25

Note: Ensure Jdeveloper’s proxy is setup correctly as per you environment. If the proxy is not set goto

Tools->Preferences->Web Browser and Proxy. After change values here Jdeveloper must be restarted.

If you are executing the JDeveloper from the VM Environment no proxy is needed. Tools -> Preferences ->

Web Browser and Proxy: un-check Use HTTP Proxy Server

6. Log into OIM and provision the ACME CRM Account to a User. a. Log into the OIM Identity Self Service console as an administrator

1. http://identity.oracleads.com:14000/identity

2. admin/Oracle123

b. Click on the Users icon.

c. Search for an existing user ( Alice Adam[ AA10127] ).

d. Click on the Accounts tab.

e. Click on the Request Accounts icon.

f. Enter Cloud CRM in the catalog search field and click on the Search icon.

g. Select the Cloud CRM Application instance from the catalog and click on the Add to Cart icon.

h. Click on the Check Out Icon.

i. Provide the following values for the Account

Attribute Value

Login Alice.Adams

Password Oracle123

First Name Alice

Last Name Adams

Email [email protected]

Mobile 9845012345

Extension Attribute NA-WEST-CORP

j. Click on the Ready to submit button.

k. Click on the submit button.

l. Verify that the target web service was invoked successfully by analyzing the SOA server logs.

http://identity.oracleads.com:14000/identity

mailto:[email protected]


26

Modifying Custom Attribute (Update Operation)

1. Add Custom Attribute for Update Operation

In the Design Console, add the Extension Attribute Updated process task.

a. login Design Console as administrator—admin/Oracle123

b. open Cloud CRM User process definition under process management


27

c. Click “Add” button to add Extension Attribute Updated task

General tab:

Task Name Extension Attribute Updated

Task Description Update Cloud CRM Webservice user’s Extension Attribute field

Conditional checked

Allow cancellation while pending checked

Allow Multiple Instances checked


28

Click on Save button to Save the Task you have added.

2. Add the adpCCRMWEBSERVICEUPDATEATTRIBUTEVALUE adapter and complete

the integration similar to an existing task such as FirstName Updated.

a. Integration Tab:

Click “Add” button to add adpCCRMWEBSERVICEUPDATEATTRIBUTEVALUE adapter and “Save”


29

Map Adapter Variable as below:

Map1.

Variable Name attrFieldName

Data Type String

Map To Literal

Qualifier String

Literal Value Extension Attribute

Save and close window


30

.

Map2.

Variable Name itResourceFieldName

Data Type String

Map To Literal

Qualifier String

Literal Value UD_CCRM_USR_SERVER

Save and close window.

Map3.

Variable Name objectType

Data Type String

Map To Literal

Qualifier String

Literal Value User



31

Map4.

Variable Name Adapter return value

Data Type String

Map To Response Code


Map5.

Variable Name procInstanceKey

Data Type Long

Map To Process Data

Qualifier Process Instance

Save and close window


32

After Mapping, the screen looks like below:

Task to Object Status Mapping Tab

Modify Status “C” line ‘s Object Status to “Provisioned”, click “OK’ and ”Save”

Status Category Object Status

C Completed Provisioned


33

Response Tab

Create response as below:


Save and close process definition window, exit Design Console.


34

3. Open the wired SOA Composite that is part of the Assets package.

Note: if you have done create operation, skip the step 3 a below.

a. A wired version of the SOA composite is available for this lab. To extract the contents unzip the




located at /app/asset/CloudCRM/CloudCRMWSConnector/wsdl with the one that is available in your

environment.






d. Select /app/assets/CloudCRM/CloudCRM.jws.


4. Add provisioning attribute mappings in SOA Composite

Note: If this section is already done in the JDeveloper Project, then just cross check.

a. Double click on the WSConnector.bpel file from the Application Navigator tab to open the file for

editing



35

b. Double click on the UpdateAssignment task to add mappings for Extension Attribute and Mobile

attributes.

c. In the Copy Rule tab you will see 2 windows with To (left) and From (right) variable list.

d. In the From (left) window expand Process->Variables->UpdateOp_InputVariable->parameters-

>ns2:update.

e. In the To (right) window expand Process->Variables->InvokeUpdate_UpdateAccount_InputVariable-

>prarmeters->ns3:UpdateAccount

f. Click on the uid attribute in the From (left) window; drag and drop the mouse to the arg0 attribute in

the To(right) window.


36

g. In the From (left) window expand Process->Variables->UpdateOp_InputVariable->parameters-

>ns2:update->updateAttribute.

h. In the To (right) window expand Process->Variables->InvokeUpdate_UpdateAccount_InputVariable-

>parameters->ns3:UpdateAccount

i. Click on the name attribute in the From (left) window; drag and drop the mouse to the arg1 attribute in


j. Click on the value attribute in the From (left) window; drag and drop the mouse to the arg2 attribute in



37


38

k. Right click on the mappings for name and value and select ignoreMissingFromData.

l. Click on the Apply button.

m. Click on the OK button

Click on the Save All icon from the menu

5. Deploy the SOA Composite to the SOA Server. a. Right Click on the CloudCRM project in Jdeveloper.

b. Navigate to Deploy -> CloudCRM


39

c. Select Deploy to Application Server.

d. Click on the Next button.

e. Ensure Overwrite any existing composite with the same revision ID is checked.

f. Click on the Next button.

g. Click on the + icon to add Application server connection information.

Attribute Value

Connection Name OIM-SOA

Connection Type [default] Weblogic 10.3

Username weblogic

Password Oracle123

Weblogic hostname Identity.oracleads.com

Port 7001

SSL Port 7002

Weblogic Domain Iam_domain

h. After providing connection information click on the Test Connection button to verify the connection.

i. Click on the Finish button.

j. Click on the Finish button.




40

6. Log into OIM and Modify the Value of Extension Attribute. a. Log into the OIM Identity Self Service console as an administrator


2. admin/Oracle123




e. Highlight CloudCRM account

f. Click on the Modify Accounts icon.

g. Change Extension Attribute to CA-East-Corp.

h. Click on Ready to submit Icon

i. Click on the Submit Icon.

j. Verify that the target web service was invoked successfully by analyzing the SOA server logs



41

Password Reset Operation

1. Open the wired SOA Composite that is part of the Assets package.

Note: if you have done create operation, skip the step 1 a below

a. A wired version of the SOA composite is available for this lab. To extract the contents unzip the




located at /app/asset/CloudCRM/CloudCRMWSConnector/wsdl with the one that is available in your

environment.






d. Select /app/assets/CloudCRM/CloudCRM.jws.


2. Add provisioning attribute mappings in SOA Composite a. Double click on the WSConnector.bpel file from the Application Navigator tab to open the file for

editing

b. Click source tab to uncomment ResetPassword operation



42


43

Note: You need to only uncomment the ResetPassword Section as shown below. Completed section

should look like this below.


44

c. Navigate back to the design view and drag the arrow from ResetPasswordAssign to the PartnerLink.

d. Double click on the InvokeResetPassword

e. Change Operation to UpdateAccount


45

f. Click on automatically crate Input variable, keep default setting and Click “OK”

g. Click on automatically crate Output variable, keep default setting and Click “OK”


46

h. Click on Apply

i. Click on OK

j. Double click on the ResetPasswordAssignment task to add mappings for Password Attribute.

k. In the Copy Rule tab you will see 2 windows with To (left) and From (right) variable list.

l. In the From (left) window expand Process->Variables->ResetPasswordOp_InputVariable->parameters-

>ns2:resetPassword.

m. In the To (right) window expand Process->Variables-

>InvokeResetPassword_UpdateAccount_InputVariable->prarmeters->ns3:UpdateAccount


47

n. Click on the uid attribute in the From (left) window; drag and drop the mouse to the arg0 attribute in

the To(right) window

o. Click on the newPassword attribute in the From (left) window; drag and drop the mouse to the arg1

attribute in the To(right) window


48

p. Right click on the mappings for uid and newPassword and select ignoreMissingFromData


49

q. Click on the Apply button.

r. Click on the OK button

s. Click on the Save All icon from the menu

3. Deploy the SOA Composite to the SOA Server. a. Right Click on the CloudCRM project in Jdeveloper.

b. Navigate to Deploy -> CloudCRM


50

c. Select Deploy to OIM-SOA.

d. Click on the Finish button.



4. Log into OIM and Reset the Password of ACME CRM User Account. a. Log into the OIM Identity Self Service console as an administrator


2. admin/Oracle123




e. Highlight CloudCRM account

f. Click on the Modify Accounts icon.

g. Change Password to Abcd1234 .

h. Click on Ready to submit Icon

i. Click on the Submit Icon.

j. Verify that the target web service was invoked successfully by analyzing the SOA server logs



51

OIM Web Service Connector - Oracle · 2014-06-04 · Deploy and configure web service connector...

Documents

Transcript of OIM Web Service Connector - Oracle · 2014-06-04 · Deploy and configure web service connector...