Saturday, March 19, 2016

OIM ICF DBAT Deployment in PS3


Certain companies have some database-driven custom applications. These applications do not have any APIs for identity administration. These companies want to manage the life cycle of users in these custom applications by using a centralized identity management system such as OIM. The DBAT connector is one of the solutions to this business problem. Companies can use this connector to enable the exchange of user data between the database and Oracle Identity Manager.

You can use one of the following releases of Oracle Identity Manager

 Oracle Identity Manager 11g Release 2 BP10 ( and any later BP in this release trac
 Oracle Identity Manager 11g Release 2 PS1 ( and any later BP in this release track
 Oracle Identity Manager 11g Release 2 PS2 ( and any later BP in this release track
 Oracle Identity Manager 11g Release 2 PS3 (

 Generating the Connector
    Configuring the Groovy File
  1.  The DBAT connector is shipped with a groovy file named DBATConfiguration.groovy.
  2.  This file is located in the dbat- directory of the connector installation ZIP.
  3. You use the DBATConfiguration.groovy file to specify values for properties that can store basic information about your target system schema.
   This file is used by the DBAT Generator to perform the following tasks:
  1. ·        Discover the schema
  2. ·        Configure the mode (trusted source or target resource) in which you want to run the connector
  3. ·        Generate the connector package specific to your target system

 To configure the DBATConfiguration.groovy file

 Download the connector installation ZIP file from Oracle Technology Network

2.   Extract the contents of the connector installation ZIP to any directory on the computer hosting OIM. This creates a directory named dbat-

3.     Extract the contents of the dbat- file to any directory. This creates a directory named dbat-generator-

4.     In a text editor, open the DBATConfiguration.groovy file located in the dbat-generator- directory.

In this example, I am using this connector for trsuted reconcillation so the properties of the groovy file is described below

Entries in the Predefined Sections

itResourceDefName – DBAT Trusted
This is a mandatory entry. Enter the name of the IT resource type for the target system. Note that the value that you specify for this entry determines the name of the connector package, connector configuration file, and connector installer file. For example, if you specify DBAT as the value of this entry, then the name of the connector package directory is
a.      trusted - for configuring your target system as a trusted source.
b.     target - for configuring your target system as a target resource.

trusted {
    itResourceDefName='DBAT Trusted' // DBAT is a name of the package
    itResourceName="dbat" //the same as itResourceDefName
    config = [
        'table' : 'PERSONS',
        'keyColumn' : 'USERLOGIN',
        'passwordColumn' : 'Password',
        'user' : 'DEV_OIM',//Enter the database User details
                'jdbcUrlTemplate' : 'jdbc:oracle:thin:@',
        'jdbcDriver': 'oracle.jdbc.driver.OracleDriver',

    alias = ['__UID__':'User Login', '__NAME__':'Last Name', 'Organization':'Organization Name', 'Xellerate Type':'Xellerate Type', '__ENABLE__':'Status', 'Role':'Role']


This is how the target schema looks like

5.Save and close the DBATConfiguration.groovy file
Discovering the Schema and Generating the Connector
1.     After configuring the DBATConfiguration.groovy file, you must run the DBAT Generator to discover the schema and generate the connector package.

2.     The DBAT Generator is the DBATGenerator.cmd or file that is located in the dbat-generator- directory

3.     In a command window, change to the dbat-generator-RELEASE_NUMBER/bin directory (for example, dbat-generator- and run one of the following commands depending on the operating system that you are using:

                          For Microsoft Windows



In this command, replace:

  1. ·        CONFIG_FILE with the absolute or relative path name of the DBATConfiguration.groovy file.
  2. ·        CONFIG_NAME with the name of the configuration within the DBATConfiguration.groovy file, being used for the target system. The predefined configurations within this file are trusted and target. You can create additional custom configurations with different names depending on your requirements.

The following is a sample command:

DBATGenerator.cmd ..\resources\DBATConfiguration.groovy trusted

In this command, "target" denotes the name of the section in the DBATConfiguration.groovy file for which values have been specified. In other words, the connector is being configured as a target resource.

4.   When prompted, enter a value for User Password, which is the password of the database user account that Oracle Identity Manager must use to connect to the target system
The above command generate the jar file based on itResourceDefName in DBATConfiguration.groovy
Here is output that generate the Connector based on information in Groovy File.

Understanding the Generated Connector Package

The connector package is a ZIP file that is generated in the /dbat-generator-RELEASE_NUMBER directory.
For example, I have specified DBAT Trusted as the value of the itResourceDefName entry in the DBATConfiguration.groovy file, then the connector package ZIP (DBAT file is generated in the /dbat-generator- The directory structure of the connector package is as follows:

In this directory structure:
·        CONNECTOR_PACKAGE is replaced with the name of the IT resource definition specified as the value of the itResourceDefName entry in the DBATConfiguration.groovy file.
·        IT_RES_DEF is replace with the name of the IT resource definition specified as the value of the itResourceDefName entry in the DBATConfiguration.groovy file.
The following behavior is observed after generation of the connector configuration XML file:
·      The length of a field (column) from the target system is not fetched into the process form. Therefore, except for the Unique ID and Password fields, the length of all other data fields (of the String data type) on the process form is always set to 255 characters. The length of the Unique ID and Password fields is set to 40 characters.
·        All columns in a database table that are not null are displayed as mandatory process form fields in Oracle Identity Manager.

Installing and Configuring the Connector

You must install the connector package (generated after running the DBAT Generator) by running the connector installer. To do so:

    Copy the unzipped connector package generated through DBAT Generator into following directory

Extract the DBAT file using unzip command
Unzip DBAT

Create a directory in OIM_HOME/ConnectorDefaultDirectory/targetsystems-lib with the same name as the installer package. For example:
Copy the jdbc driver to above directory and in my scenario, it is ojdbc6.jar

Log in to Oracle Identity System Administration

Click on the Manager Connector in Provisioning Configuration

Click install

Select the Connector from List of Connectors in the Connector Default Directory. In this example, the connector I created is DBAT Trusted Connector

Select the Connector and click on Load

Click on Continue then
Install the connector will get started  

If all the configuration is correct then it would install successfully

Configuring the IT Resource for the Target System

When you run the DBAT Generator, the IT resource corresponding to this connector is automatically created in Oracle Identity Manager. You must specify values for the parameters of this IT resource as follows:
  1. Log in to Oracle Identity System Administration.
  2. In the left pane, under Configuration, click IT Resource.

  1. In the IT Resource Name field on the Manage IT Resource page, enter the name of the IT resource, and then click Search. The name of the IT resource is the value of the itResourceName property in the DBATConfiguration.groovy file.

  1. Click the edit icon for the IT resource.
  2. From the list at the top of the page, select Details and Parameters.


If there is any changes to the connection details that you mentioned in the Groovy file when creating the Connector then only configuring the IT Resource for the Target System is needed

Run the Trusted Recon Scheduler

Check the Event in the Event Management

If the Above Configuration followed with out missing single step then User will get reconcilled from the trusted source to OIM

Nagaraju Gorrepati

No comments:

Post a Comment

Other Posts