Oracle Identity Manager 11g:

Develop Identity Provisioning

Volume I - Student Guide

D65156GC10
Edition 1.0
April 2011
D72959

Authors

Copyright 2011, Oracle and/or it affiliates. All rights reserved.

Robert La Vallie
Terri Cantor

Disclaimer

Technical Contributors
and Reviewers
Ajay Keni
Anant Kadam
Ananth Kini
Ashok Maram
Bedanta Kalita
Bhupindra Singh
Brad Donison
Debapriya Datta
Deepak Nagvanshi
Don Bates
Don Gosselin
Eswar Vandanapu
Javed Beg
Jim Garm
Joe Roch
Karl Miller
Lakshmanan Subramanian
Mayank Upadhyay
Mario Lim
Naga Nagarajan
Nalin Sardana
Prakash Hulikere
Radhika Moolky
Raj Kuchi
Rajesh Bijja
Robert Greene
Roopali Jain
Russ Lowenthal
Semyon Shulman
Sidhartha Das
Sreedhar Katti
Thomas Cheong
Uday Shingwekar
Vinaye Misra
Viresh Garg

Editors
Smita Kommini
Aju Kumar
Pj Schemenaur

Graphic Designer
Satish Bettegowda

Publishers
Pavithran Adka
Sumesh Koshy

This document contains proprietary information and is protected by copyright and

other intellectual property laws. You may copy and print this document solely for your
own use in an Oracle training course. The document may not be modified or altered
in any way. Except where your use constitutes "fair use" under copyright law, you
may not use, share, download, upload, copy, print, display, perform, reproduce,
publish, license, post, transmit, or distribute this document in whole or in part without
the express authorization of Oracle.
The information contained in this document is subject to change without notice. If you
find any problems in the document, please report them in writing to: Oracle University,
500 Oracle Parkway, Redwood Shores, California 94065 USA. This document is not
warranted to be error-free.
Restricted Rights Notice
If this documentation is delivered to the United States Government or anyone using
the documentation on behalf of the United States Government, the following notice is
applicable:
U.S. GOVERNMENT RIGHTS
The U.S. Governments rights to use, modify, reproduce, release, perform, display, or
disclose these training materials are restricted by the terms of the applicable Oracle
license agreement and/or the applicable U.S. Government contract.
Trademark Notice
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names
may be trademarks of their respective owners.

Contents

Preface
1

Introduction
Road Map 1-2
Develop Identity Provisioning Tasks 1-3
Course Objectives 1-5
Road Map 1-7
Course Units 1-8
Unit 1: Product Overview 1-9
Unit 2: Managing Direct and Automated Provisioning 1-10
Unit 3: Reconciliation 1-12
Unit 4: Enhancing Provisioning and Reconciliation 1-14
Unit 5: Implementing the GTC Framework 1-15
Unit 6: Customizing Oracle Identity Manager 1-16
Road Map 1-17
Lesson Summary 1-18
Road Map 1-19
Whats Next? 1-20

Refresher of Oracle Identity Manager 11g Concepts

Roadmap 2-2
Lesson Objectives 2-3
Roadmap 2-5
Identity Management: Overview 2-6
Identity Management: Terminology 2-8
Identity Management: Business Drivers 2-10
Quiz 2-12
Roadmap 2-14
Oracle Identity Administration 2-15
Identity Administration: Infrastructure 2-17
Roadmap 2-18
Oracle Identity Management: Products 2-19
Roadmap 2-23
Oracle Identity Manager Architecture: Overview 2-24
Oracle Identity Manager: Architecture 2-25

iii

Tier 1: Presentation Tier 2-27

Tier 2: Business Services Tier 2-29
Business Services Tier: API Services 2-31
Business Services Tier: Identity Services 2-32
Business Services Tier: Integration Services 2-33
Business Services Tier: Platform Services 2-35
Tier 3: Data Tier 2-38
Roadmap 2-40
Case Study 2-41
Oracle Identity Manager: Use Cases 2-42
Use Case: Lifecycle Provisioning 2-43
Use Case: Automatic Generation of Credentials 2-44
Use Case: Implementing GTC Providers 2-45
Use Case: Email Notifications 2-46
Use Case: Request-Based Scenario 2-47
Roadmap 2-48
Oracle Identity Manager Environment: Single Domain Configuration 2-49
Oracle Identity Manager Server: Overview 2-50
SOA Server: Overview 2-51
Starting Administration and Managed Servers 2-53
Starting the Administration Server 2-54
Starting the Managed Servers 2-55
Monitoring the Status of the Managed Servers 2-56
Oracle Identity Manager: Interfaces 2-57
Oracle Identity Manager Administrative and User Console: Overview 2-58
Web Console: Overview 2-59
Starting the Oracle Identity Manager Web Consoles 2-61
Oracle Identity Manager Design Console: Overview 2-62
Starting the Oracle Identity Manager Design Console 2-63
Oracle SOA Platform: Overview 2-64
Oracle BPM Worklist Console: Overview 2-65
Launching the Oracle SOA Consoles 2-66
Roadmap 2-67
Lesson Summary 2-68
Roadmap 2-69
Lesson Demos 2-70
Roadmap 2-71
Practice 2 Overview: Launching Oracle Identity Manager 2-72
Roadmap 2-73
Whats Next? 2-74

iv

Creating Configurations for Direct Provisioning

Roadmap 3-2
Lesson Objectives 3-3
Roadmap 3-4
Resources 3-5
Oracle Identity Manager Connectors 3-6
Comparing Resources and Connectors 3-7
Quiz 3-8
Roadmap 3-10
Provisioning 3-11
Provisioning Resources to Users 3-12
Manual Provisioning and Autoprovisioning 3-13
Quiz 3-14
Roadmap 3-17
Oracle Identity Manager Connectors: Types 3-18
Oracle Identity Manager Connector Types: Predefined Connectors 3-19
Oracle Identity Manager Connector Types: Generic Technology Connectors 3-20
Oracle Identity Manager Connector Types: Custom Connectors 3-22
Oracle Identity Manager Connector: Components 3-23
Provisioning Process Tasks 3-27
Building an Oracle Identity Manager Connector 3-28
Step 1: Create an IT Resource Type 3-29
Step 2: Define an IT Resource 3-30
Step 3: Create a Custom Process Form 3-31
Step 4: Build a Process Task Adapter 3-33
Building the Process Task Adapter: Adapter Tasks 3-35
Adapter Tasks: Walkthrough of Code 3-37
Step 5: Define a Resource Object 3-50
Step 6: Create a Provisioning Process 3-51
Step 7: Create a Process Task 3-52
Step 8: Attach the Process Task Adapter 3-53
Quiz 3-54
Roadmap 3-57
Develop Identity Provisioning Tasks 3-58
Lesson Summary 3-59
Roadmap 3-60
Practice 3 Overview: Creating Configurations for Direct Provisioning 3-61
Roadmap 3-62
Whats Next? 3-63

Creating Configurations for Automated Provisioning

Roadmap 4-2
Lesson Objectives 4-3
Roadmap 4-5
Adapter Type and Functionality: Overview 4-6
Prepopulate Adapter: Overview 4-8
Prepopulate Rule: Overview 4-9
Quiz 4-10
Roadmap 4-11
Implementing a Prepopulate Adapter and Prepopulate Rule: Overview 4-12
Step 1: Modifying the Provisioning Process 4-13
Step 2: Creating the Prepopulate Adapter 4-14
Creating the Prepopulate Adapter: Walkthrough of Code 4-17
Step 3: Creating the Prepopulate Rule 4-24
Step 4: Assigning the Prepopulate Adapter and Prepopulate Rule to Process
Form Fields 4-26
Quiz 4-27
Roadmap 4-29
Develop Identity Provisioning Tasks 4-30
Lesson Summary 4-31
Roadmap 4-32
Practice 4 Overview: Creating Configurations for Automated Provisioning 4-33
Roadmap 4-35
Whats Next? 4-36

Creating Configurations for Key Provisioning Functionalities

Roadmap 5-2
Lesson Objectives 5-3
Roadmap 5-5
Key Provisioning Functions of a System Integrator: Overview 5-6
Expanding the Provisioning Workflow 5-7
Step 1: Build the Process Task Adapter 5-9
Step 2: Create the Process Task 5-14
Provisioning Process, Process Task, and Object Status 5-16
Step 3: Attach the Adapter to the Task 5-18
Step 4: Create Responses 5-19
Quiz 5-20
Roadmap 5-22
Disabling a User Account 5-23
Step 1: Build the Process Task Adapter 5-24
vi

Step 2: Create the Process Task 5-26

Step 3: Attach the Adapter to the Task 5-27
Step 4: Verify the Provisioning Process to Disable a User Account Is
Successful 5-29
Enabling the User Account 5-30
Step 1: Create the Process Task 5-31
Step 2: Attach the Adapter to the Task 5-32
Step 3: Verify the Provisioning Process to Enable a User Account Is
Successful 5-34
Modifying the Users Resource-Related Password 5-35
Step 1: Create the Process Task 5-36
Step 2: Attach the Adapter to the Process Task 5-38
Step 3: Verify the Provisioning Process to Modify the Password Is
Successful 5-40
Deleting the User Account 5-41
Step 1: Build the Process Task Adapter 5-42
Step 2: Create the Process Task 5-44
Step 3: Attach the Adapter to the Process Task 5-46
Step 4: Verify the Provisioning Process to Delete a User Account Is
Successful 5-48
Roadmap 5-49
Develop Identity Provisioning Tasks 5-50
Lesson Summary 5-51
Roadmap 5-52
Practice 5 Overview: Creating Configurations for Key Provisioning
Functionalities 5-53
Roadmap 5-54
Whats Next? 5-55
6

Understanding Reconciliation
Roadmap 6-2
Lesson Objectives 6-4
Roadmap 6-7
Reconciliation and Provisioning 6-8
Reconciliation: Types 6-10
Reconciliation: Events 6-13
Quiz 6-16
Roadmap 6-22
Authoritative Reconciliation: Conceptual Diagram 6-23
Authoritative Reconciliation: Single and Multiple Trusted Sources 6-24
Account Reconciliation: Conceptual Diagram 6-25
vii

Account Reconciliation: Target System 6-26

Account Reconciliation: Data Process Flow 6-27
Roadmap 6-29
Implementing a Reconciliation Workflow 6-30
Step 1: Verifying Installation and Deployment Requirements 6-33
Step 2: Configuring the External Resource 6-35
Step 3: Copying Connector and External Code Files 6-37
Copying Connector Files: Microsoft Active Directory 6-39
Copying External Code Files: Microsoft Active Directory 6-44
Step 4: Configuring Oracle Identity Manager Server 6-45
Configuring Oracle Identity Manager Server: Clearing the Server Cache 6-46
Configuring Oracle Identity Manager Server: Enabling Logging 6-48
Step 5: Importing an Oracle Identity Manager Connector 6-50
Step 6: Defining an IT Resource 6-53
Step 7: Modifying a Scheduled Job 6-58
Modifying a Scheduled Job: Trusted Source 6-60
Modifying a Scheduled Job: Target Resource 6-62
Step 8: Reconciling with a Trusted Source 6-63
Step 8: Reconciling with a Target Resource 6-66
Quiz 6-69
Roadmap 6-73
Code Sample 6-74
Roadmap 6-87
Lesson Summary 6-88
Roadmap 6-89
Practice 6 Overview: Understanding Reconciliation 6-90
Roadmap 6-91
Whats Next? 6-92
7

Using Event Handlers and Plug-Ins

Roadmap 7-2
Lesson Objectives 7-3
Roadmap 7-5
Operations: Overview 7-6
User Management Operations: Overview 7-7
Event Handlers: Overview 7-8
Plug-Ins: Overview 7-9
Quiz 7-10
Roadmap 7-13
Implementing Event Handlers and Plug-Ins 7-14
Step 1: Implementing a Service Provider Interface (SPI) 7-16
viii

Step 2: Configuring JAR Files 7-17

Configuring JAR Files: Walkthrough of Code 7-19
Step 3: Defining a Plug-In 7-26
Step 4: Developing the Plug-In 7-28
Step 5: Registering the Plug-In 7-31
Registering the Plug-In: Setting the Path Variable 7-33
Registering the Plug-In: Modifying the ant.properties File 7-34
Registering the Plug-In: Setting Environment Variables 7-35
Registering the Plug-In: Running the Plug-In Registration Utility 7-37
Step 6: Defining Custom Events 7-39
Step 7: Importing Custom Events 7-42
Importing Custom Events: Creating a Directory 7-44
Importing Custom Events: Modifying the weblogic.properties File 7-45
Importing Custom Events: Setting the OIM_ORACLE_HOME Environment
Variable 7-46
Importing Custom Events: Running the Import Utility 7-47
Step 8: Reconciling with an Authoritative Source 7-49
Quiz 7-54
Roadmap 7-58
Lesson Summary 7-59
Roadmap 7-60
Practice 7 Overview: Using Event Handlers and Plug-Ins 7-61
Roadmap 7-62
Whats Next? 7-63
8

Creating Approval Processes for Request and Approval Workflows

Roadmap 8-2
Lesson Objectives 8-3
Roadmap 8-4
Request and Approval Workflow Architecture 8-5
Request Life Cycle: Simple Request 8-8
Request Initiation Review 8-10
Quiz 8-12
Roadmap 8-13
SOA Composite Components 8-14
Service Component Architecture Assembly Model 8-16
Building a SOA Composite with the Oracle Identity Manager Helper Utility 8-17
Accessing the SOA Composite in Oracle JDeveloper 8-19
ApprovalProcess BPEL Process 8-20
ApprovalTask Human Workflow 8-22
ApprovalTaskRules Business Rule 8-24
ix

Quiz 8-25
Roadmap 8-26
Customizing the Approval Task Title 8-27
Defining Multiple Participants in an Approval Task 8-28
Creating Sequential Participants in the Approval Task 8-29
Roadmap 8-31
Creating a Business Rule 8-32
Roadmap 8-34
Designing Notification Headers 8-35
Roadmap 8-37
Deploy the SOA Composite to a Defined Application Server 8-38
Registering a SOA Composite with Oracle Identity Manager 8-40
Registering a New SOA Composite with Oracle Identity Manager 8-41
Disabling a SOA Composite from Oracle Identity Manager 8-43
Enabling a SOA Composite with Oracle Identity Manager 8-44
Quiz 8-45
Roadmap 8-48
Develop Identity Provisioning 8-49
Lesson Summary 8-50
Roadmap 8-51
Practice 8 Overview 8-52
Roadmap 8-53
Whats Next? 8-54
9

Understanding the Generic Technology Connector (GTC) Framework

Roadmap 9-2
Lesson Objectives 9-3
Roadmap 9-4
Oracle Identity Manager Connector Support: Review 9-5
Generic Technology Connector (GTC) Framework: Overview 9-6
GTC Framework: Use Cases 9-7
GTC Framework: Functional Architecture 9-8
Provisioning and Reconciliation Data Sets 9-10
Transformation and Validation Providers 9-12
Configuring Account Status Using the Translation Transformation Provider 9-14
Quiz 9-16
Roadmap 9-17
Providers in the Database Application Tables Connector Framework 9-18
Completing Required Tasks Before Creating the Connector 9-19
Enable Logging 9-21

Copying and Installing the Database Application Tables Connector

Provider Files 9-22
Creating the Connector: Reconciliation with a Trusted Source 9-23
Creating the Connector: Provisioning 9-26
Roadmap 9-29
Enabling and Executing the Scheduled Job 9-30
Propagating Changes from the Trusted Source 9-31
Quiz 9-32
Roadmap 9-33
Provisioning a User to the Target Resource 9-34
Roadmap 9-35
Exporting GTC Connectors, Dependencies, and Children 9-36
Exporting GTC Providers 9-37
Roadmap 9-38
Develop Identity Provisioning 9-39
Lesson Summary 9-40
Roadmap 9-41
Practice 9 Overview: Implementing the Generic Technology
Connector Framework 9-42
Roadmap 9-43
Whats Next? 9-44
10 Customizing the Oracle Identity Manager User Interfaces
Roadmap 10-2
Lesson Objectives 10-4
Roadmap 10-6
Oracle Identity Manager User Interfaces 10-7
User Interface 1: The Login Page 10-8
User Interface 2: The Unauthenticated Self Service Console 10-10
User Interface 3: The Identity Administration Console 10-11
User Interface 4: The Authenticated Self Service Console 10-13
User Interface 5: The Advanced Administration Console 10-15
Quiz 10-18
Roadmap 10-21
Levels of Customization 10-22
Levels of Customization: Files to Modify for the Identity
Administration Console 10-24
Levels of Customization: Files to Modify for the Authenticated Self
Service Console 10-26
Quiz 10-28
Branding the Identity Administration Console: Overview 10-30
xi

Branding the Identity Administration Console: Modifying Branding Text 10-31

Branding the Identity Administration Console: Adding a Logo 10-34
Branding the Identity Administration Console: Changing the Logo
Mouseover Text 10-38
Branding the Authenticated Self Service Console: Overview 10-42
Branding the Authenticated Self Service Console: Modifying Branding Text 10-43
Branding the Authenticated Self Service Console: Adding a Logo 10-46
Branding the Authenticated Self Service Console: Changing the Logo
Mouseover Text 10-50
Quiz 10-52
Roadmap 10-53
Modifying the Functionality and Appearance of the Identity Administration
Console: Overview 10-54
Modifying the Functionality and Appearance of the Identity Administration
Console: Renaming Button Labels 10-56
Creating Custom Skins and Style Sheets: Overview 10-59
Modifying the Functionality and Appearance of the Identity Administration
Console: Creating a Custom Skin and Style Sheet 10-60
Modifying the Functionality and Appearance of the Identity Administration
Console: Adding Panels, Links, and URLs 10-65
Modifying the Functionality and Appearance of the Authenticated Self
Service Console: Overview 10-74
Modifying the Functionality and Appearance of the Authenticated Self
Service Console: Renaming Button Labels 10-75
Modifying the Functionality and Appearance of the Authenticated Self Service
Console: Creating a Custom Skin and Style Sheet 10-78
Modifying the Functionality and Appearance of the Authenticated Self Service
Console: Creating a Custom Tab 10-81
Modifying the Functionality and Appearance of the Authenticated Self Service
Console: Adding Panels and Subtabs to a Custom Tab 10-89
Modifying the Functionality and Appearance of the Authenticated Self Service
Console: Adding Panels and Subtabs to a Custom Tab 10-92
Quiz 10-94
Roadmap 10-99
Lesson Summary 10-100
Roadmap 10-101
Practice 10 Overview: Customizing the Oracle Identity Manager User
Interfaces 10-102

xii

11 Working with APIs

Roadmap 11-2
Lesson Objectives 11-3
Roadmap 11-4
Accessing Oracle Identity Manager Services 11-5
Quiz 11-6
Roadmap 11-7
Using OIMClient 11-8
Using tcUtilityFactory 11-10
Naming Conventions: Compare Oracle Identity Manager 10g and 11g 11-12
Mapping Between Legacy and New Services 11-14
Quiz 11-15
Roadmap 11-17
Commonly Used Services 11-18
Roadmap 11-19
Developing Clients for Oracle Identity Manager 11-20
Quiz 11-22
Roadmap 11-24
Code Sample 11-25
Roadmap 11-30
Lesson Summary 11-31
Roadmap 11-32
Practice 11 Overview: Working with APIs 11-33

xiii

Preface

Profile
Before You Begin This Course
Before you begin this course, you should have:
Completed the Oracle Identity Manager 11g: Essentials course
(D65160GC10), or have a comparable skill set with Oracle Identity
Manager 11g
Completed the Oracle WebLogic Server 11g: Administration Essentials
course (D58682GC10), or have a comparable skill set with Oracle
WebLogic Server 11g
A high-level understanding of Service Oriented Architecture (SOA),
BPEL, and JDeveloper
A general comprehension of Oracle Database 11g
A good familiarity with a Windows-based environment
How This Course Is Organized
The Oracle Identity Manager 11g: Develop Identity Provisioning course, based on
version 11gR1 [11.1.1.3.0], is an instructor-led course featuring lectures and handson exercises. Online demonstrations and written practice sessions reinforce the
concepts and skills that are introduced.

Related Publications
Oracle Publications
Title

Part Number

Oracle Fusion Middleware Administrator's

Guide for Oracle Identity Manager 11g
Release 1 (11.1.1)

E14308-06

Oracle Fusion Middleware User's Guide for

Oracle Identity Manager 11g
Release 1 (11.1.1)

E14316-06

Oracle Fusion Middleware Developer's Guide for

Oracle Identity Manager 11g Release 1 (11.1.1)

E14309-06

Additional Publications
System release bulletins
Installation and users guides
read.me files
International Oracle Users Group (IOUG) articles
Oracle Magazine
Oracle Learning Library (OLL)

Typographic Conventions
The following two lists explain Oracle University typographical conventions for
words that appear within regular text or within code samples.
1. Typographic Conventions for Words Within Regular Text
Convention

Object or Term

Example

Courier New

User input;
commands;
column, table, and
schema names;
functions;
PL/SQL objects;
paths

Use the SELECT command to view

information stored in the LAST_NAME
column of the EMPLOYEES table.
Enter 300.
Log in as scott

Initial cap

Triggers;
Assign a When-Validate-Item trigger to
user interface object the ORD block.
names, such as
button names
Click the Cancel button.

Italic

Titles of
courses and
manuals;
emphasized
words or phrases;
placeholders or
variables

For more information on the subject see

Oracle SQL Reference
Manual

Lesson or module
titles referenced
within a course

This subject is covered in Lesson 3,

Working with Objects.

Quotation marks

Do not save changes to the database.

Enter hostname, where
hostname is the host on which the
password is to be changed.

Typographic Conventions (continued)

2. Typographic Conventions for Words Within Code Samples
Convention

Object or Term

Example

Uppercase

Commands,
functions

SELECT employee_id
FROM employees;

Lowercase,
italic

Syntax variables

CREATE ROLE role;

Initial cap

Forms triggers

Form module: ORD

Trigger level: S_ITEM.QUANTITY
item
Trigger name: When-Validate-Item
. . .

Lowercase

Column names,
table names,
filenames,
PL/SQL objects

. . .
OG_ACTIVATE_LAYER
(OG_GET_LAYER ('prod_pie_layer'))
. . .
SELECT last_name
FROM
employees;

Bold

Text that must

be entered by a
user

CREATE USER scott

IDENTIFIED BY tiger;