OIM Connector: PeopleSoft Employee Reconcilation 11.1.1.5.0

Tested On: Oracle Identity Manager 11.1.2.3.0
Description: Demonstrates how to install and configure PeopleSoft Employee Reconciliation connector. This connector only uses trusted reconciliation (OIM users are created based on data from an authoritative source such as PeopleSoft).
References: https://docs.oracle.com/cd/E22999_01/index.htm
https://docs.oracle.com/cd/E22999_01/doc.111/e25370/toc.htm

Connector Installation
1. Unzip the connector bundle to "$MW_HOME/Oracle_IDM1/server/ConnectorDefaultDirectory" directory (E.g. unzip PSFT_ER-11.1.1.5.0.zip -d $MW_HOME/Oracle_IDM1/server/ConnectorDefaultDirectory/).

2. Run the Connector Installer in Oracle Identity Manager System Administration.

Oracle Identity System Administration

Provisioning Configuration > Manage Connector

Click Install

Specify connector, click load, and then continue

Connector Installation Progress

Install Complete

3. Adjust the PSFT HRMS IT Resource if needed.

Default IT Resource Configuration

Deploying the PeopleSoft Listener
Incremental reconciliation for this connector is real-time. When data is added or updated on PeopleSoft target system, a PeopleCode event is generated. Then the event generates a message such as PERSON_BASIC_SYNC (for creation of new OIM user) and WORKFORCE_SYNC (for updates on OIM user) to send to the listener. The PeopleSoft listener is responsible for parsing the incoming messages and creating reconciliation events.

1. Set the following environment variables. Adjust variables accordingly.
export ORACLE_COMMON=$MW_HOME/Oracle_IDM1/common
export WLS_HOME=$MW_HOME/wlserver_10.3
export JAVA_HOME=/home/oracle/jdk1.6.0_38
export ORACLE_HOME=$MW_HOME/Oracle_IDM1
export ANT_HOME=$MW_HOME/modules/org.apache.ant_1.7.1
export PATH=$ANT_HOME/bin:$PATH

2. Adjust the deploy.properties file, which is located in "$MW_HOME/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_ER-11.1.1.5.0/listener" directory.

3. Navigate to ""$MW_HOME/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_ER-11.1.1.5.0/listener" directory and run the following command:
ant setup-listener

Buildfile: build.xml
Trying to override old definition of datatype wldeploy

check-wl-home:

check-oracle-common:

check-oracle-home:

check-env-vars:

setup-archive:
    [mkdir] Created dir: /home/oracle/Oracle/Middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_ER-11.1.1.5.0/listener/deployable-archive
     [copy] Copying 4 files to /home/oracle/Oracle/Middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_ER-11.1.1.5.0/listener/deployable-archive
     [copy] Copied 5 empty directories to 1 empty directory under /home/oracle/Oracle/Middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_ER-11.1.1.5.0/listener/deployable-archive
     [copy] Copying 1 file to /home/oracle/Oracle/Middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_ER-11.1.1.5.0/listener/deployable-archive/PeopleSoftOIMListener.ear/PeopleSoftOIMListener.war/WEB-INF/lib
     [copy] Copying 1 file to /home/oracle/Oracle/Middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_ER-11.1.1.5.0/listener/deployable-archive/PeopleSoftOIMListener.ear/PeopleSoftOIMListener.war/WEB-INF/lib
     [copy] Copying 1 file to /home/oracle/Oracle/Middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_ER-11.1.1.5.0/listener/deployable-archive/PeopleSoftOIMListener.ear/PeopleSoftOIMListener.war/WEB-INF/lib
     [echo] Updating deployment descriptor (web.xml)

deploy:
     [echo] Deploying the listener
[passwdreader] Enter weblogic admin password: 
 [wldeploy] weblogic.Deployer -debug -verbose -noexit -name PeopleSoftOIMListener -source /home/oracle/Oracle/Middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_ER-11.1.1.5.0/listener/deployable-archive/PeopleSoftOIMListener.ear -targets oim_server1 -adminurl t3://localhost:7001 -user weblogic -password ******** -deploy 
 [wldeploy] weblogic.Deployer invoked with options:  -debug -verbose -noexit -name PeopleSoftOIMListener -source /home/oracle/Oracle/Middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_ER-11.1.1.5.0/listener/deployable-archive/PeopleSoftOIMListener.ear -targets oim_server1 -adminurl t3://localhost:7001 -user weblogic -deploy
 [wldeploy] [WebLogicDeploymentManagerImpl.<init>():115] : Constructing DeploymentManager for J2EE version V1_4 deployments
 [wldeploy] [WebLogicDeploymentManagerImpl.getNewConnection():158] : Connecting to admin server at localhost:7001, as user weblogic
 [wldeploy] [ServerConnectionImpl.getEnvironment():286] : setting environment
 [wldeploy] [ServerConnectionImpl.getEnvironment():289] : getting context using t3://localhost:7001
 [wldeploy] [ServerConnectionImpl.getMBeanServer():237] : Connecting to MBeanServer at service:jmx:t3://localhost:7001/jndi/weblogic.management.mbeanservers.domainruntime
 [wldeploy] [ServerConnectionImpl.getMBeanServer():237] : Connecting to MBeanServer at service:jmx:t3://localhost:7001/jndi/weblogic.management.mbeanservers.runtime
 [wldeploy] [DomainManager.resetDomain():36] : Getting new domain
 [wldeploy] [DomainManager.resetDomain():39] : Using pending domain: true
 [wldeploy] [MBeanCache.addNotificationListener():96] : Adding notification listener for weblogic.deploy.api.spi.deploy.mbeans.TargetCache@174323d5
 [wldeploy] [MBeanCache.addNotificationListener():103] : Added notification listener for weblogic.deploy.api.spi.deploy.mbeans.TargetCache@174323d5
 [wldeploy] [MBeanCache.addNotificationListener():96] : Adding notification listener for weblogic.deploy.api.spi.deploy.mbeans.ModuleCache@55c79dfc
 [wldeploy] [MBeanCache.addNotificationListener():103] : Added notification listener for weblogic.deploy.api.spi.deploy.mbeans.ModuleCache@55c79dfc
 [wldeploy] [ServerConnectionImpl.initialize():169] : Connected to WLS domain: oim_domain
 [wldeploy] [ServerConnectionImpl.init():159] : Initializing ServerConnection : weblogic.deploy.api.spi.deploy.internal.ServerConnectionImpl@d2f41a5
 [wldeploy] [BasicOperation.dumpTmids():713] : Incoming tmids:
 [wldeploy] [BasicOperation.dumpTmids():715] :   {Target=oim_server1, WebLogicTargetType=server, Name=PeopleSoftOIMListener}, targeted=true
 [wldeploy] [BasicOperation.deriveAppName():141] : appname established as: PeopleSoftOIMListener
 [wldeploy] <Aug 26, 2015 8:04:32 AM EDT> <Info> <J2EE Deployment SPI> <BEA-260121> <Initiating deploy operation for application, PeopleSoftOIMListener [archive: /home/oracle/Oracle/Middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_ER-11.1.1.5.0/listener/deployable-archive/PeopleSoftOIMListener.ear], to oim_server1 .> 
 [wldeploy] [BasicOperation.dumpTmids():713] : Incoming tmids:
 [wldeploy] [BasicOperation.dumpTmids():715] :   {Target=oim_server1, WebLogicTargetType=server, Name=PeopleSoftOIMListener}, targeted=true
 [wldeploy] [BasicOperation.loadGeneralOptions():628] : Delete Files:false
 [wldeploy] Timeout :3600000
 [wldeploy] Targets: 
 [wldeploy] oim_server1
 [wldeploy] ModuleTargets={}
 [wldeploy] SubModuleTargets={}
 [wldeploy] }
 [wldeploy] Files: 
 [wldeploy] null
 [wldeploy] Deployment Plan: null
 [wldeploy] App root: /tmp/oracle/./config/deployments/PeopleSoftOIMListener
 [wldeploy] App config: /tmp/oracle/./config/deployments/PeopleSoftOIMListener/plan
 [wldeploy] Deployment Options: {isRetireGracefully=true,isGracefulProductionToAdmin=false,isGracefulIgnoreSessions=false,rmiGracePeriod=-1,retireTimeoutSecs=-1,undeployAllVersions=false,archiveVersion=null,planVersion=null,isLibrary=false,libSpecVersion=null,libImplVersion=null,stageMode=null,clusterTimeout=3600000,altDD=null,altWlsDD=null,name=PeopleSoftOIMListener,securityModel=null,securityValidationEnabled=false,versionIdentifier=null,isTestMode=false,forceUndeployTimeout=0,defaultSubmoduleTargets=true,timeout=0,deploymentPrincipalName=null,useExpiredLock=false}
 [wldeploy] 
 [wldeploy] [BasicOperation.execute():445] : Initiating deploy operation for app, PeopleSoftOIMListener, on targets:
 [wldeploy] [BasicOperation.execute():447] :    oim_server1
 [wldeploy] Task 0 initiated: [Deployer:149026]deploy application PeopleSoftOIMListener on oim_server1.
 [wldeploy] Task 0 completed: [Deployer:149026]deploy application PeopleSoftOIMListener on oim_server1.
 [wldeploy] Target state: deploy completed on Server oim_server1
 [wldeploy] 
 [wldeploy] Target Assignments:
 [wldeploy] + PeopleSoftOIMListener  oim_server1
 [wldeploy] [ServerConnectionImpl.close():332] : Closing DM connection
 [wldeploy] [ServerConnectionImpl.close():352] : Unregistered all listeners
 [wldeploy] [ServerConnectionImpl.closeJMX():372] : Closed JMX connection
 [wldeploy] [ServerConnectionImpl.closeJMX():384] : Closed Runtime JMX connection
 [wldeploy] [ServerConnectionImpl.closeJMX():396] : Closed Edit JMX connection

grant-keystore-permissions:
     [echo] Granting keystore access permissions to the listener.
     [java] Aug 26, 2015 8:04:50 AM oracle.iam.connectors.psft.common.deploy.PermissionsHandler main
     [java] INFO: Connecting to admin server t3://localhost:7001 with user weblogic
     [java] Aug 26, 2015 8:04:50 AM oracle.iam.connectors.psft.common.deploy.PermissionsHandler main
     [java] INFO: Starting the keystore grant for /home/oracle/Oracle/Middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_ER-11.1.1.5.0/listener/deployable-archive/PeopleSoftOIMListener.ear/PeopleSoftOIMListener.war/WEB-INF/lib/-
     [java] Aug 26, 2015 8:04:50 AM oracle.iam.connectors.psft.common.deploy.PermissionsHandler initDomainRuntimeServerConnection
     [java] INFO: Connecting to admin server.. 
     [java] Aug 26, 2015 8:04:51 AM oracle.iam.connectors.psft.common.deploy.PermissionsHandler initDomainRuntimeServerConnection
     [java] INFO: Connection initialized
     [java] Aug 26, 2015 8:04:51 AM oracle.iam.connectors.psft.common.deploy.PermissionsHandler main
     [java] INFO: Granting keystore permissions to PSFT archive libraries..
     [java] Aug 26, 2015 8:04:51 AM oracle.iam.connectors.psft.common.deploy.PermissionsHandler grantRWPermissionsToJar
     [java] INFO: URL /home/oracle/Oracle/Middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_ER-11.1.1.5.0/listener/deployable-archive/PeopleSoftOIMListener.ear/PeopleSoftOIMListener.war/WEB-INF/lib/- doesn't jave access to RW keystores. Initiating the grant operation
     [java] Aug 26, 2015 8:04:51 AM oracle.iam.connectors.psft.common.deploy.PermissionsHandler grantRWPermissionsToJar
     [java] INFO: Permission for OIM Authenticator  set in system-jazn-data.xml successfully
     [java] Aug 26, 2015 8:04:51 AM oracle.iam.connectors.psft.common.deploy.PermissionsHandler main
     [java] INFO: Granting keystore permissions to cached archive..
     [java] Aug 26, 2015 8:04:52 AM oracle.iam.connectors.psft.common.deploy.PermissionsHandler grantRWPermissionsToJar
     [java] INFO: URL ${domain.home}/servers/${weblogic.Name}/stage/PeopleSoftOIMListener/PeopleSoftOIMListener.ear/PeopleSoftOIMListener.war/WEB-INF/lib/- doesn't jave access to RW keystores. Initiating the grant operation
     [java] Aug 26, 2015 8:04:52 AM oracle.iam.connectors.psft.common.deploy.PermissionsHandler grantRWPermissionsToJar
     [java] INFO: Permission for OIM Authenticator  set in system-jazn-data.xml successfully
     [java] Aug 26, 2015 8:04:52 AM oracle.iam.connectors.psft.common.deploy.PermissionsHandler main
     [java] INFO: Grant finished
     [java] Aug 26, 2015 8:04:52 AM oracle.iam.connectors.psft.common.deploy.PermissionsHandler closeConnection
     [java] INFO: Connection to admin server closed

setup-listener:

BUILD SUCCESSFUL
Total time: 30 seconds

4. Verify application is deployed on WebLogic. Also, check if proper codebase permissions are granted in WebLogic EM console.

Note: Custom jars for validation and transformation needs to be place in the lib directory.

Testing Reconciliation
A test script is given in the PeopleSoft Employee Reconciliation connector in order to validate the PeopleSoft listener. A PeopleSoft message XML file (E.g. PERSON_BASIC_SYNC = creation of new OIM user, WORKFORCE_SYNC = updates on OIM user) is required to send information to the PeopleSoft listener which parses the data and then OIM creates a reconciliation event based on the data received. Given below are sample PeopleSoft messages.


1. Navigate to "$MW_HOME/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_ER-11.1.1.5.0/test/config" directory and modify the "reconConfig.properties" file. Given below is an example.

#provide the OIM Listener name in format http://<COMPUTER_NAME>:<PORT_NO>/PeopleSoftOIMListener
ListenerURL=http://10.0.2.15:14000/PeopleSoftOIMListener

#specify absolute xml file path with the file name
#The Path should not contain spaces
XMLFilePath=/home/oracle/Oracle/Middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_ER-11.1.1.5.0/test/config/PERSON_BASIC_SYNC_SAMPLE.xml
#XMLFilePath=/home/oracle/Oracle/Middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_ER-11.1.1.5.0/test/config/WORKFORCE_SYNC_SAMPLE.xml

# specify message type
#       - 'ping' for ping request
        - 'none' for normal message
MessageType=none

# Specify the PeopleSoft IT Resource Name which will handle this request
ITResourceName=PSFT HRMS

#provide the name of the message to reconcile. For example: PERSON_BASIC_SYNC.VERSION_3
MessageName=PERSON_BASIC_SYNC
#MessageName=WORKFORCE_SYNC

PeopleSoft Listener URL
WebLogic Console > Deployments > PeopleSoftOIMListener > Testing

2. If you are using Oracle Identity Manager release 11.1.2.x or later, then include the jrf.jar, jrf-api.jar, and jrf-client.jar files to the classpath. These JAR files are located in the $ORACLE_COMMON/modules/oracle.jrf_11.1.1 directory.

export ORACLE_COMMON=/home/oracle/Oracle/Middleware/oracle_common
export PATH=$ORACLE_COMMON/modules/oracle.jrf_11.1.1:$PATH

3. Navigate to "$MW_HOME/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_ER-11.1.1.5.0/test/config" and then execute "InvokeListener.sh" script.


4. Verify that a reconciliation event is created in Oracle Identity Manager.

Reconciliation Event for PERSON_BASIC_SYNC

Reconciliation Event for WORKFORCE_SYNC
This is a defer event. Run the "Run Future Dated Reconciliation" scheduled job when Action Date has passed.