4-14 Oracle Fusion Middleware Developers Guide for Oracle Identity Manager For a given request type, for example Assign Role, Oracle Identity Manager is making callbacks to more than one callback Web service although the policyName matches with one callback service. This is because when callbackOnly is set to false for all the eligible entity type and operation, for example Assign Role request types, the callbacks are triggered for all matching entity types and operations. PolicyName matching is ignored when callbackOnly attribute is set to false. If callbackOnly Attribute is set to true, then it checks for the policy name. All the callback Web service URLs present in that policy are triggered when the entity type and operation condition is also met. All the callback Web service URLs present in that policy are triggered when the entity type and operation condition is also met. The policy reference URI oraclewss_saml_or_username_token_se rvice_policy is not valid. Make sure that WSM Policy Manager is deployed and targeted to the interacting servers such as Oracle Identity Manager and SPML request starting server. In addition, make sure that WSM Policy Manager is in active mode and is ready for serving the requests. Not sure what is SPML APPID and Oracle Identity Manager APPID, and where these APPIDs are to be created. SPML APPID is used for submitting SPML requests to Oracle Identity Manager. Any client that seeks user provisioning service with Oracle Identity Manager must contain SPML APPID in their repository. For example, when Fusion Applications is the client to Oracle Identity Manager, Fusion Applications typically use LDAP directory as their repository. Oracle Identity Manager APPID is used for sending callbacks to all the Web services registered in the CallbackConfiguration.xml file for a given SPML request type. Oracle Identity Manager repository or database contains only SPML APPID. Oracle Identity Manager APPID is not present in Oracle Identity Manager repository but is present in the Credentials Store Framework CSF under map name oim and with key appid.credentials. SPML repository or LDAP contains both SPML APPID and Oracle Identity Manager APPID. When Fusion Applications sends a SPML request to Oracle Identity Manager, it uses SPML APPID to communicate to Oracle Identity Manager. This SPML APPID is present in the SPML repository or LDAP. This user is authenticated at Oracle Identity Manager side against the database. Therefore, Oracle Identity Manager database contains SPML APPID in it. When Oracle Identity Manager communicates with Fusion Applications, it uses Oracle Identity Manager APPID to communicate to Fusion Applications. This Oracle Identity Manager APPID is present in the CSF. This user is authenticated at Fusion Applications side again LDAP by checking the Oracle Identity Manager APPID in LDAP repository. Therefore, LDAP contains Oracle Identity Manager APPID in it. Table 4–4 Cont. Trobleshooting Callback Service Problem Solution 5 Developing Rules 5-1 5 Developing Rules This chapter describes the Business Rule Definition of the Design Console. It contains the following topics: ■ Overview of Business Rule Definition ■ Event Handler Manager Form ■ Data Object Manager Form ■ Reconciliation Rules Form

5.1 Overview of Business Rule Definition

The Development ToolsBusiness Rule Definition folder provides system administrators and developers with tools to manage the event handlers and data objects of Oracle Identity Manager. This folder contains the following forms: ■ Event Handler Manager : This form lets you create and manage the event handlers that are used with Oracle Identity Manager. ■ Data Object Manager : This form lets you define a data object, assign event handlers and adapters to it, and map any adapter variables associated with it.

5.2 Event Handler Manager Form

This form is displayed in the Development ToolsBusiness Rule Definition folder. You use this form to manage the Java classes that process user-defined or system-generated actions or events. These classes are known as event handlers. When you add a new event handler to Oracle Identity Manager, you must first register it here so that Oracle Identity Manager can recognize it. There are two types of event handlers: ■ Event handlers that are created through the Adapter Factory form. These begin with the letters adp. They are known as adapters. ■ Event handlers that are created internally in Oracle Identity Manager. These begin with the letters tc. They are referred to as system event handlers. By using the Event Handler Manager form, you can specify when you want Oracle Identity Manager to trigger an event handler. An event handler can be scheduled to run as follows: ■ Pre-Insert : Before information is added to the database 5-2 Oracle Fusion Middleware Developers Guide for Oracle Identity Manager ■ Pre-Update : Before information is modified in the database ■ Pre-Delete : Before information is removed from the database ■ Post-Insert : After information is added to the database ■ Post-Update : After information is modified in the database ■ Post-Delete : After information is removed from the database Figure 5–1 shows the Event Handler Manager form. Figure 5–1 Event Handler Manager Form Table 5–1 describes the fields of the Event Handler Manager form. Table 5–1 Fields of the Event Handler Manager Form Field Name Descriptions Event Handler Name The name of the event handler. Package The Java package to which the event handler belongs. Pre-Insert If you select this check box, Oracle Identity Manager will trigger the event handler before information is added to the database. Pre-Update If you select this check box, Oracle Identity Manager will trigger the event handler before information is modified in the database. Pre-Delete If you select this check box, Oracle Identity Manager will trigger the event handler before information is removed from the database.