Create Trusted Source Reconciliation

Warning: this page is far from being complete!

In this tutorial we will create a simple reconciliation process using Scheduled Tasks. A MySQL database will be used to emulate trusted HR system. We will create the following objects:

  1. Java code to connect the HR DB using JDBC, get user records and feed OIM reconciliation processes
  2. An object which will provide connection information to java code (IT Resource)
  3. An object (Resource object) which will provide OIM reconciliation processes with information on attribute names retrieved by java code, and what to do after the HR data is compared to OIM data.

Objectives

Create a trusted resource connector which extract user records from RDBMS.

Thought out the names

At this step we shall invent various names to use in the connector.

Base attributes:

Name Value Comment
Name HRReconciliationTask This is the (arbitrary) task name
Name of the Java class implementation connectors.hr.HRReconciliationTask This is the name of the java class we will develop for our task
Description HR Database connector Any descriptive text for GUI display
Retry Interval 5 ???

Task type-specific parameters:

Name Data Type Required/Optional Encrypted Help Text
IT Resource String yes No IT Resource for the task
Resource object String yes No Name of the resource object we will create for the task

Resource object name: HR System

Resource object reconciled attributes:

  1. lastname
  2. firstname
  3. middlename
  4. organization
  5. position

IT Resource attributes

Name Value Comment
Name HRConnection The (arbitrary) object name
Driver com.mysql.jdbc.Driver JDBC driver class name
Database hrdb The name of external system DB with HR data
UserID hruser The username to connect to DB
Password secret The password to connect to DB

Create IT Resource object(s)

Using OIM WEB API, create an IT Resource object with the following attributes:

Name Value Comment
Name HRConnection The (arbitrary) object name
Driver com.mysql.jdbc.Driver JDBC driver class name
URL jdbc:mysql://localhost:3306/hrdb?useUnicode=true&characterEncoding=UTF-8&characterSetResults=utf8 The connection URL
UserID hruser The username to connect to DB
Password secret The password to connect to DB

Create Resource object

In Design console:

  1. go Resource Management
  2. go Resource Objects

Fill the form according the following table:

Field Value Comment
Name HR System
Type Application
Trusted Source: YES
  1. go Object Reconciliation
  2. add attributes:
Name Type Required
lastname String yes
firstname String yes
middlename String yes
organization String yes
position String yes

Save the result in XML file:

oimtool --export Resource.xml Resource 'HR System'

Configure the Scheduled Task XML File

At this step we put all metadata listed above to an XML file and put this file to MDS. See here for more detail on dealing with OIM scheduled jobs.

Let us name the file src/main/resources/HRReconciliationTask.xml, the file contents:

<?xml version="1.0" encoding="UTF-8"?>
<scheduledTasks xmlns="http://xmlns.oracle.com">
  <task>
    <name>HRReconciliationTask</name>
    <class>connectors.hr.HRReconciliationTask</class>
    <description>HR Database connector</description>
    <retry>5</retry>
    <parameters>
      <string-param required="true" encrypted="false" helpText="IT Resource for the task">IT Resource</string-param>
      <string-param required="true" encrypted="false" helpText="Resource Object for recon event">Resource Object</string-param>
    </parameters>
  </task>
</scheduledTasks>

Put the file to the metadata store, the path shall be "/db/HRReconciliationTask" (created by concatenation of "/db/" and the task name):

oimtool --md-import config/HRReconciliationTask.xml /db/HRReconciliationTask.xml

Warning: if you are updating the metadata file, you shall delete all previous versions of same document in MDS repository and restart OIM server (TODO or shall we just purge the OIM cache?).

Develop the Scheduled Task Class

  • Build all connectors classes into a JAR file named after the task name HRReconciliationTask.jar

Package plugin

  • Create a file named plugin.xml with the following contents:
<?xml version="1.0" encoding="UTF-8"?>
<oimplugins xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <plugins pluginpoint="oracle.iam.scheduler.vo.TaskSupport">
    <plugin pluginclass="connectors.hr.HRReconciliationTask"
            version="1.0"
            name="HRReconciliationTask"/>
  </plugins>
 
</oimplugins>

where

  1. HRReconciliationTask - task name
  2. connectors.hr.HRReconciliationTask - task Java class name
  • Build all connectors classes into a JAR file named after the task name HRReconciliationTask.jar
  • Create a ZIP with the following structure:
plugin.xml
lib/HRReconciliationTask.jar

Upload plugin

oimtool --register-plugin plugin.zip

Or using Java API.

Create Process

TODO

See also

  1. Scheduled Tasks in Dev Guide
  2. Similar tutorial by Oleg Fainitsky (in Russian)
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License