Description: Demonstrates how to configure validation of data during reconciliation. Most OIM connectors have this feature (Refer to the connector's documentation for specific instructions). The example given here validates a specific phone number format. A reconciliation event will not be created in OIM if validation fails.
References: https://docs.oracle.com/cd/E22999_01/index.htm
https://docs.oracle.com/cd/E22999_01/doc.111/e28603/extnd_func.htm#BCGICJIB
1. Create a Java class that contains the validation logic for the reconciliation field. The validation logic must be placed under "public Object transform(HashMap hmUserDetails, HashMap hmEntitlementDetails, String sField)" method. Given below is example.
2. Create a JAR file with the class and upload JAR file to Oracle Identity Manager as a Java Tasks type. Refer to OIM Upload Jar Utility for instructions.
3. Create a new lookup definition (E.g. Lookup.RESOURCE_HERE.UM.ReconValidation) which contains associations between the reconciliation field being validated and the fully qualified Java class name that has the validation logic.
Code Key = The name of the reconciliation field being validated. This value is passed in as the third parameter in the validate() method.
Decode = The fully qualified Java class name that contains the logic to validate the reconciliation field specified in the Code Key.
 |
| LDAP Example: Lookup.LDAP.UM.ReconValidation Code Key = Telephone Decode = com.blogspot.oraclestack.validation.ReconciliationEventDataTelephoneNumberValidation |
4. Modify the UM Configuration lookup definition for your particular resource (Lookup.RESOURCE_HERE.UM.Configuration) and add an entry for the validation lookup.
Code Key = Recon Validation Lookup
Decode = Name of your validation lookup definition
 |
| LDAP Example: Lookup.LDAP.UM.Configuration Code Key = Recon Validation Lookup Decode =Lookup.LDAP.UM.ReconValidation |
5. Verify validation code by running reconciliation scheduled job.
Invalid Case
 |
| User in OpenLDAP with invalid TelephoneNumber |
 |
| LDAP Connector User Search Reconciliation |
 |
| OIM Server Logs For Failed Recon Event |
 |
| Logs for custom validation code |
Valid Case
 | |
| User with valid telephone number |
 |
| Logs for custom validation code |
 |
| Reconciliation Event Created |
Hi,
ReplyDeleteWe have tried implementing this. In our case, even if the validation has failed, the reconciliation event is not getting skipped. Recon engine is still trying to create the event but failing afterwards.
Please help.
I'm not able to get Active Directory groups to validate them. Do you kmow the code to it?
ReplyDelete