Description: Demonstrates how to configure validation of data during reconciliation. Most OIM connectors have this feature (Refer to the connector's documentation for specific instructions). The example given here validates a specific phone number format. A reconciliation event will not be created in OIM if validation fails.
References: https://docs.oracle.com/cd/E22999_01/index.htm
https://docs.oracle.com/cd/E22999_01/doc.111/e28603/extnd_func.htm#BCGICJIB
1. Create a Java class that contains the validation logic for the reconciliation field. The validation logic must be placed under "public Object transform(HashMap hmUserDetails, HashMap hmEntitlementDetails, String sField)" method. Given below is example.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package com.blogspot.oraclestack.validation; | |
| import java.util.HashMap; | |
| import java.util.regex.Matcher; | |
| import java.util.regex.Pattern; | |
| import oracle.core.ojdl.logging.ODLLevel; | |
| import oracle.core.ojdl.logging.ODLLogger; | |
| /** | |
| * Reconciliation Event Data Validation Example | |
| * When validation fails, the reconciliation event will be skipped. OIM will not | |
| * create a reconciliation event. | |
| * @author rayedchan | |
| */ | |
| public class ReconciliationEventDataTelephoneNumberValidation | |
| { | |
| // Logger | |
| private static final ODLLogger LOGGER = ODLLogger.getODLLogger(ReconciliationEventDataTelephoneNumberValidation.class.getName()); | |
| /** | |
| * Validates if the incoming data has the proper phone number format: | |
| * +X-XXX-XXX-XXXX | |
| * @param hmUserDetails HashMap<String,Object> containing parent data details | |
| * @param hmEntitlementDetails HashMap<String,Object> containing child data details | |
| * @param sField Name of the reconciliation field being validated | |
| * @return true if target field passes validation; false otherwise | |
| */ | |
| public boolean validate(HashMap<String,Object> hmUserDetails, HashMap<String,Object> hmEntitlementDetails, String sField) | |
| { | |
| LOGGER.log(ODLLevel.NOTIFICATION, "Parameters: Parent Data = {0}, Child Data = {1}, Field = {2}", new Object[]{hmUserDetails, hmEntitlementDetails, sField}); | |
| boolean valid = false; | |
| String phoneNumber = (String) hmUserDetails.get(sField); // Get value using the reconciliation field name | |
| // Empty value case | |
| if(phoneNumber == null || "".equalsIgnoreCase(phoneNumber)) | |
| { | |
| LOGGER.log(ODLLevel.NOTIFICATION, "No data provided. Pass validation."); | |
| return true; | |
| } | |
| String phoneNumberRegex = "\\+\\d(-\\d{3}){2}-\\d{4}"; // Phone Number Regular Expression: +1-111-111-1111 | |
| Pattern pattern = Pattern.compile(phoneNumberRegex); | |
| Matcher matcher = pattern.matcher(phoneNumber); | |
| valid = matcher.matches(); // Checks input against the regex | |
| LOGGER.log(ODLLevel.NOTIFICATION, "Is {0} = {1} valid? {2}", new Object[]{sField, phoneNumber, valid}); | |
| return valid; | |
| } | |
| } |
3. Create a new lookup definition (E.g. Lookup.RESOURCE_HERE.UM.ReconValidation) which contains associations between the reconciliation field being validated and the fully qualified Java class name that has the validation logic.
Code Key = The name of the reconciliation field being validated. This value is passed in as the third parameter in the validate() method.
Decode = The fully qualified Java class name that contains the logic to validate the reconciliation field specified in the Code Key.
 |
| LDAP Example: Lookup.LDAP.UM.ReconValidation Code Key = Telephone Decode = com.blogspot.oraclestack.validation.ReconciliationEventDataTelephoneNumberValidation |
4. Modify the UM Configuration lookup definition for your particular resource (Lookup.RESOURCE_HERE.UM.Configuration) and add an entry for the validation lookup.
Code Key = Recon Validation Lookup
Decode = Name of your validation lookup definition
 |
| LDAP Example: Lookup.LDAP.UM.Configuration Code Key = Recon Validation Lookup Decode =Lookup.LDAP.UM.ReconValidation |
5. Verify validation code by running reconciliation scheduled job.
Invalid Case
 |
| User in OpenLDAP with invalid TelephoneNumber |
 |
| LDAP Connector User Search Reconciliation |
 |
| OIM Server Logs For Failed Recon Event |
 |
| Logs for custom validation code |
Valid Case
 | |
| User with valid telephone number |
 |
| Logs for custom validation code |
 |
| Reconciliation Event Created |
Hi,
ReplyDeleteWe have tried implementing this. In our case, even if the validation has failed, the reconciliation event is not getting skipped. Recon engine is still trying to create the event but failing afterwards.
Please help.
I'm not able to get Active Directory groups to validate them. Do you kmow the code to it?
ReplyDelete