Predefined Providers for Generic Technology Connectors 19-5 files in the staging directories with names that start with the specified prefix are processed, regardless of the file extension. This is a run-time parameter. For example: If you specify usrdata as the value of the File Prefix parameter, data is parsed from the following files placed in the staging directory for multivalued child user data files: usrdataRoleData.csv usrdataGroupMembershipData.txt Data is not extracted from the following files in the same directory, because the file names do not begin with usrdata: RoleData.csv GroupMembershipData.txt ■ Specified Delimiter Use this parameter to specify the character that is used as the delimiter character in the parent and child data files. You can specify only a single character as the value of this parameter. This is a run-time parameter. This parameter overrides the Tab Delimiter parameter. ■ Tab Delimiter Use this parameter to specify whether or not the file is delimited by tabs. This is a run-time parameter. This parameter is ignored if you specify a value for the Specified Delimiter parameter. ■ Fixed Column Width If the input file contains fixed-width data, use this parameter to specify the width in characters of the data columns. This is a run-time parameter. This parameter is ignored if you specify a value for the Specified Delimiter or Tab Delimiter parameter. ■ Unique Attribute Parent Data For multivalued user data, use this parameter to specify the field that is common to both the parent data and child data files. In the examples described earlier, the requirement for a unique attribute is fulfilled by the User ID TD field, which is present in both the parent and child data files. This is a run-time parameter. Note: You cannot use the space character as a delimiter. In addition, you must ensure that the character you specify is used only as the delimiter in the data files. If this character is also used inside the data itself, the data row or record is not parsed correctly. For example, you must not use the comma , as the delimiter if any data value contains a comma. Note: In this context, the term fixed-width refers to the number of characters in the data field, not the byte length of the field. This means that, for example, four characters of single-byte data and four characters of multibyte data are the same in terms of width. 19-6 Oracle Fusion Middleware Developers Guide for Oracle Identity Manager ■ File Encoding Use this parameter to specify the character set encoding used in the parent and data files. This is a design parameter. Specify Cp1251 for data files stored on a computer running an operating system with the English-language setting. This is the canonical name for the java.io API that is supported by the generic technology connector framework. For any other language that you select from the list given in the Multilanguage Support section, you must specify the canonical name for the corresponding java.io API listed on the following Web page: http:java.sun.comj2se1.4.2docsguideintlencoding.doc.h tml For example, if you want to specify the encoding set for the Traditional Chinese language on a Microsoft Windows computer, you specify MS950 as the value of the File Encoding parameter. Permissions to Be Set on the Staging and Archiving Directories You must ensure that the required permissions are set on the staging and archiving directories. The following table describes the effect of the various permissions on the shared directories that are used to hold staging and archiving data files. Note: If you select the Trusted Source Reconciliation option on the Step 1: Provide Basic Information page, you must not specify a value for the Unique Attribute Parent Data parameter. This is because the reconciliation of multivalued child data is not supported in trusted source reconciliation. Note: The canonical name that you specify for the API must be entered exactly the way it is displayed on this Web page. You must not change the case uppercase or lowercase of the canonical name. Storage Entity Access Permission Reason for Access Permission Requirement Staging directory for parent data files Read This permission is required for reconciliation to take place. An error message is logged if this permission is not applied. Staging directory for parent data files Write This permission is required for the deletion of data files from the parent staging directory at the end of the archive process. Staging directory for parent data files Execute Not applicable Staging directory for child data files Read This permission is required for the reconciliation of child data. An error message is logged if this permission is not applied. Staging directory for child data files Write This permission is required for the deletion of data files from the child staging directory at the end of the archive process. Staging directory for child data files Execute Not applicable Predefined Providers for Generic Technology Connectors 19-7

19.2 CSV Reconciliation Format Provider

The CSV reconciliation format provider converts reconciliation data that is in character-delimited, tab-delimited, or fixed-length format into a format that is supported by Oracle Identity Manager. Although the CSV reconciliation format provider is packaged as a standalone provider, all of its parameters are bundled with the shared drive transport provider. If you select the shared drive transport provider on the Step 1: Provide Basic Information page, you must select the CSV format provider. When you select this provider, its parameters are displayed along with the shared drive transport provider parameters.

19.3 SPML Provisioning Format Provider

The SPML provisioning format provider converts the provisioning data generated during a provisioning operation on Oracle Identity Manager into an SPML request that can be processed by an SPML-compatible target system. Archiving directory Write This permission is required for the copying of parent and child data files to the archiving directory during the archive process. Even if this permission is not applied: ■ Parent and child data reconciliation takes place. ■ Files are deleted from the parent and child staging directories if the required permissions have been set on those directories. Archiving directory Execute Not applicable Parent or child data file in staging directory Read This permission is required for the reconciliation of the data in the file. An error message is logged if this permission is not applied. Parent or child data file in staging directory Write This permission is required for the deletion of the data file at the end of the archive process. An error message is logged if this permission is not applied. However, data in this file is reconciled. Parent or child data file in staging directory Execute Not applicable Note: Data files in the staging directory cannot be deleted if they are open in any editor or are open for writing by any other program. Storage Entity Access Permission Reason for Access Permission Requirement 19-8 Oracle Fusion Middleware Developers Guide for Oracle Identity Manager Figure 19–1 shows the setup of the system in which the SPML provisioning format provider acts as the requesting authority RA, and the target system provides the provisioning service provider PSP and the provisioning service target PST. Figure 19–1 Communication Between the SPML Provisioning Format Provider and the Target System During actual provisioning, a Velocity template engine is used to create the SOAP-SPML requests. For the following processes, the provider generates SOAP requests based on the SPML 2.0 DSML profile: ■ Add request ■ Modify request for the following Oracle Identity Manager process tasks: – Field updated – Add child data – Modify child data – Delete child data ■ Suspend request for Disable Oracle Identity Manager process tasks ■ Resume request for Enable Oracle Identity Manager process tasks ■ Delete request The Create Organization, Update Organization, and Delete Organization are not supported. This is because the resource object created for a generic technology connector does not support provisioning operations for organizations. The Create Group, Update Group, and Delete Group operations are not supported. This is because Oracle Identity Manager does not support operations to provision groups. Note: Each SPML request is sent in a SOAP message. The SOAP header carries authentication information for the request. The actual SPML request data is the SOAP message body. See Chapter 32, Using SPML Services for information about the structure of the SPML-SOAP message. You can access sample SOAP messages in the following directory: OIM_HOMEGTCSamplesspml For information about the SPML specification, see the following Web page on the OASIS Web site at http:www.oasis-open.orgspecsindex.phpspmlv2.0 Predefined Providers for Generic Technology Connectors 19-9 When you select this provider, the following identity fields are displayed by default on the Step 3: Modify Connector Configuration page as described in Step 3: Modify Connector Configuration Page on page 21-15, along with the ID field: ■ objectClass ■ containerID For each provisioning task for example, Create User and Modify User, the provider generates a request in a predefined format. The following sections discuss the parameters of this provider: ■ Run-Time Parameters ■ Design Parameters Depending on the application server that you use, some of the run-time and design parameters are mandatory and some have fixed values. The following sections discuss these parameters: ■ Nonmandatory Parameters ■ Parameters with Predetermined Values

19.3.1 Run-Time Parameters

The following are run-time parameters of the SPML provisioning format provider: ■ Target ID This value uniquely identifies the target system for provisioning operations. ■ User Name authentication This is the user name of the account required to connect to the target system PST through the Web service interface PSP. ■ User Password authentication This is the password of the user account required to connect to the target system PST through the Web service interface PSP.

19.3.2 Design Parameters

The following are design parameters of the SPML provisioning format provider: ■ Web Service SOAP Action In the WSDL file, this is the value of the soapAction attribute of the operation element. ■ WSSE Configured for SPML Web Service? Select this check box if the Web service is configured to authenticate incoming requests by using WS-Security credentials. ■ Custom Authentication Credentials Namespace See Also: For more information about the SOAP elements and attributes mentioned in this section, visit the following Web site http:www.w3.orgTRwsdl20 19-10 Oracle Fusion Middleware Developers Guide for Oracle Identity Manager This is the name of the credentials namespace that you have defined for the Web service. In most cases, this namespace is the same as the target namespace. ■ Custom Authentication Header Element This is the name of the element that will contain the credentials of the user account used to connect to the target system. In other words, this is the parent element in the custom authentication section of the SOAP message header. ■ Custom Element to Store User Name This is the name of the element in the custom authentication section that will contain the user name you specify as the value of the User Name authentication parameter. ■ Custom Element to Store Password This is the name of the element in the custom authentication section that will contain the user name you specify as the value of the User Password authentication parameter. ■ SPML Web Service Binding Style DOCUMENT or RPC In the WSDL file, this is the value of the style attribute of the binding element. You must enter either DOCUMENT or RPC. ■ SPML Web Service Complex Data Type In the WSDL file, this is the value of the name attribute of the complexType element. This parameter is applicable only if the binding style is DOCUMENT. You must specify a value for this parameter if the target Web service is running on Oracle WebLogic Server. ■ SPML Web Service Operation Name In the WSDL file, this is the value of the name attribute of the operation element. This parameter is applicable only if the binding style is RPC. Note: You need not specify a value for this parameter if you select the SPML Web Service WSSE Configured? check box. Note: You need not specify a value for this parameter if you select the SPML Web Service WSSE Configured? check box. Note: You need not specify a value for this parameter if you select the SPML Web Service WSSE Configured? check box. Note: You need not specify a value for this parameter if you select the SPML Web Service WSSE Configured? check box. Note: You must enter the value DOCUMENT or RPC. Do not use lowercase letters in the value that you specify. Predefined Providers for Generic Technology Connectors 19-11 ■ SPML Web Service Target Namespace In the WSDL file, this is the value of the targetNamespace attribute of the definition element. ■ SPML Web Service Soap Message Body Prefix This is the name of the custom prefix element that contains the SOAP message body. If the target Web service is running on Oracle WebLogic Server, IBM WebSphere Application Server, JBoss Application Server, or Oracle Application Server, then you need not specify a value for this parameter. However, if you are using a different application server, you must enter the name of the custom prefix element. The following is the prefix element if the Web service is running on Oracle WebLogic Server: SPMLv2Document xmlns=http:xmlns.oracle.comOIMprovisioning ■ ID Attribute for Child Dataset Holding Group Membership Information This is the name of the unique identifier field for a provisioning staging child data set that holds group membership information. For provisioning operations on the child data set that contains this field, the SOAP packet will contain SPML code for group operations. The following is an SPML code block for this type of group operation: modification modificationMode=add capabilityData capabilityURI=urn:oasis:names:tc:SPML:2:0:reference mustUnderstand=true reference typeOfReference=memberOf xmlns=urn:oasis:names:tc:SPML:2:0:reference toPsoID ID=Groups:1 targeted=120 reference capabilityData modification For provisioning operations on the child data sets that do not contain this field, the SOAP packet will contain ordinary SPML code. The following is an SPML code block for this type of group operation: modification dsml:modification name=Group Membership operation=add dsml:valueAdminOra, System Admins, USAdsml:value dsml:modification modification

19.3.3 Nonmandatory Parameters

For Oracle WebLogic Server, you need not specify values for the following parameters: ■ SPML Web Service Complex Data Type ■ SPML Web Service Soap Message Body Prefix ■ ID Attribute for Child Dataset Holding Group Membership Information

19.3.4 Parameters with Predetermined Values

For Oracle WebLogic Server, you can specify predetermined values for the following parameters: