Thursday, July 7, 2016

Scheduled Task Plugin: Reconciliation Event Generator Database Feed

Tested On: Oracle Identity Manager 11.1.2.3.0
Description: A custom scheduled task used to create reconciliation events for a specific resource object using data from a database table. Trusted or target resource object can be used as long as the required fields are provided.


Scheduled Task Plug-in
Given below are the components that make the plug-in: Scheduled Task Java Class, Plug-in XML, and scheduled task XML. 

Usage
Given below demonstrates using this plug-in to create reconciliation events for a disconnected resource. Linking of accounts to users are handled by the reconciliation engine.

1. Create the database tables. Given below are SQL scripts for creating tables with sample records.

2. Define reconciliation action rules on the resource object in order to dictate when linking should occur.

Resource Object: Reconciliation Action Rules

3. Create reconciliation rule for linking the target account to OIM user using key attributes.

Reconciliation Rule:
Link by "User Login" attribute to "Account Login" reconciliation field.

4. Ensure process rule matching are set appropriately.

Reconciliation Mappings: Key flag made up the process rule matching

5. Create a lookup to define mappings between table columns and reconciliation fields. For Code Key, use the name of the reconciliation field. For Decode, use the actual target column name. Entries with "~" indicate child table (Code Key = <Reconciliation Field Map>~<Reconciliation Field Name>, Decode = <Child Table Name>~<Column Name>). "__SERVER__" is used to indicate IT Resource field and is required for target resource.  

Code Key = Reconciliation Field Name
Decode = Target Column Name


6. Adjust the parameters on the scheduled job accordingly.

Parameters for Scheduled Job
Data Source = JNDI Name of WebLogic data source

Date Format = Date format for reconciliation event

Filter = WHERE clause for filtering E.g. where emplid='100001'
Ignore Duplicate Event = If true, a reconciliation event is created only when there is a change between the incoming data and the data on the process form. If false, reconciliation event is created regardless of any deltas.

IT Resource Name = Required for target resource. Not needed for trusted.

Link Column Name = Name of column to relate parent table to child tables.

Mapping Lookup = Mapping between columns and reconciliation fields.

Resource Object Name = Name of resource object / reconciliation profile

Table Name = Parent table name

7. Run scheduled job and ensure reconciliation events are created and linked accordingly.



2 comments:

  1. Can you please provide/upload Scheduled Task Java Class, Plug-in XML, and scheduled task XML.

    ReplyDelete
  2. Hi Team,

    when i am doing target recon, event is getting created, linked user successfully in the event but in the user account tab account is not created. any idea why on this issue ?

    ReplyDelete