Hi all,
I made these notes for myself, in case I work on something else for a few months and have to refresh my memory, but I hope it's useful for others as well. To the old hands this stuff will seem terribly obvious, but as a recent n00b I'm quite sympathetic with those who are struggling to find a purchase.
For some reason this was really difficult for me to figure out at the beginning, but I eventually did. I think part of the issue for me was the fact that all of the documentation, tutorials, etc., seem to assume that the reader already why they want to create an adaptor, and so gets right down into how to go about it. So here are my notes attempting to answer that question, and the related question: how can I synchronise data to an IT resource, like AD?
So basically OIM11gR2 has three different ways to populate data from the main User form (table USR) to application instances (and thereby to the underlying IT resource).
They are:
- Pre-populate Plugins - used to put data on a manually requested application instance form.
- Pre-populate Rule Adaptors - used to put data into an application resource which is populated without a request, say by an Access Policy.
- Task Adaptors - used to synchronise data to an existing application instance.
OK, so for those of us, like me, coming from a more synchronisation-oriented IdM system, like MIIS or FIM (or whatever they're calling it this month), the key think about OIM at least post 11g is that in order to get similar functionality to an MIIS "Management Agent" you need to create these three different kinds of connections from the User form to application instance.
The documentation as of this writing in http://docs.oracle.com/ is quite good about how to create and maintain these things, so I'm not going to go into that, but here are some general notes about usage:
Pre-populate Plugins are the easiest of the three to work with, simply because everything can be done in code. The specification for which User Attributes map to which App Instance attributes is done in an XML file called plugin.xml, which again is very well documented in the newest documentation. The format is quite clear. This needs to be packaged with the jarfile(s) in a zip with a particular format, again well-documented. It works out that Maven is perfectly capable of packaging this zipfile up for you so all you have to do is deploy it. I use the Maven Assembly plugin to do this. See sample code at the bottom.
The adaptors on the other hand will need to be created in the Adaptor Factory in the design console. The process is a bit opaque, but it becomes clearer with practice. I was able to understand what was going on by going a bit beyond the tutorials and documentation by trying to do some outside, undocumented things with it. One thing that's a bit confusing when clicking around in the design console is that the stock adaptors, at least for the AD connector, have some interesting labels. For instance the name of the User Attribute which you are trying to attach to the App Instance is called "returnValue", so I had presumed that it had something to do with the value returned by my code. But it's not! Rather it's the value to be taken from the USR table and returned to the stock adaptor code.
The most important and tricky thing about adaptors is how to get them called. For pre-populate adaptors you do this by attaching the adaptor to a form. The adaptor will be called if the form is created in a non-manual process. For task adaptors you need to attach them to a process - again this is well documented, but it took me far too long to understand that in order to build a process task for a UDF you need to add a code/meaning pair to the lookup Lookup.USR_PROCESS_TRIGGERS. This is documented in section 5.3.3.1.2 of the developers' guide, and for me was the missing link for a certain time. I suppose I would have found it sooner if I'd sat down and read the documentation like a book, but well, I didn't.
So there it is. I hope it helps.
-mark
=========================================================================================
Some useful code snippets:
Assembly snippet for plugins in pom.xml:
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<version>2.5.3</version>
<configuration>
<finalName>ADPrepopulatePlugins</finalName>
<appendAssemblyId>false</appendAssemblyId>
<descriptor>src/assembly/dep.xml</descriptor>
</configuration>
<executions>
<execution>
<id>create-archive</id>
<phase>package</phase>
<goals>
<goal>single</goal>
</goals>
</execution>
</executions>
</plugin>
The assembly configuration file for a pre-populate plugin:
<assembly xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2 http://maven.apache.org/xsd/assembly-1.1.2.xsd">
<id>plugin</id>
<includeBaseDirectory>false</includeBaseDirectory>
<formats>
<format>zip</format>
</formats>
<fileSets>
<fileSet>
<directory>${project.basedir}/src/main/resources/ADPrepopulatePlugins</directory>
<includes>
<include>plugin.xml</include>
</includes>
<useDefaultExcludes>true</useDefaultExcludes>
<outputDirectory></outputDirectory>
</fileSet>
<fileSet>
<directory>${project.basedir}/target</directory>
<includes>
<include>ADPrepopPlugins-1.0.jar</include>
</includes>
<outputDirectory>lib</outputDirectory>
<useDefaultExcludes>true</useDefaultExcludes>
</fileSet>
<fileSet>
<directory>/home/user/.m2/repository/com/who/oim/whoproject/MY-OIM-UTILS/0.1/</directory>
<includes>
<include>MY-OIM-UTILS-0.1.jar</include>
</includes>
<outputDirectory>lib</outputDirectory>
<useDefaultExcludes>true</useDefaultExcludes>
</fileSet>
</fileSets>
</assembly>