Transcription
Oracle Identity ManagerConnector Guide for RSA AuthenticationManagerRelease 11.1.1E52545-10July 2020
Oracle Identity Manager Connector Guide for RSA Authentication Manager, Release 11.1.1E52545-10Copyright 2014, 2020, Oracle and/or its affiliates.Primary Author: Gowri.G.RContributing Authors: Debapriya.DattaThis software and related documentation are provided under a license agreement containing restrictions onuse and disclosure and are protected by intellectual property laws. Except as expressly permitted in yourlicense agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license,transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverseengineering, disassembly, or decompilation of this software, unless required by law for interoperability, isprohibited.The information contained herein is subject to change without notice and is not warranted to be error-free. Ifyou find any errors, please report them to us in writing.If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it onbehalf of the U.S. Government, then the following notice is applicable:U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software,any programs embedded, installed or activated on delivered hardware, and modifications of such programs)and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Governmentend users are "commercial computer software" or “commercial computer software documentation” pursuantto the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such,the use, reproduction, duplication, release, display, disclosure, modification, preparation of derivative works,and/or adaptation of i) Oracle programs (including any operating system, integrated software, any programsembedded, installed or activated on delivered hardware, and modifications of such programs), ii) Oraclecomputer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in thelicense contained in the applicable contract. The terms governing the U.S. Government’s use of Oracle cloudservices are defined by the applicable contract for such services. No other rights are granted to the U.S.Government.This software or hardware is developed for general use in a variety of information management applications.It is not developed or intended for use in any inherently dangerous applications, including applications thatmay create a risk of personal injury. If you use this software or hardware in dangerous applications, then youshall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure itssafe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of thissoftware or hardware in dangerous applications.Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks oftheir respective owners.Intel and Intel Inside are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks areused under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Epyc,and the AMD logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registeredtrademark of The Open Group.This software or hardware and documentation may provide access to or information about content, products,and services from third parties. Oracle Corporation and its affiliates are not responsible for and expresslydisclaim all warranties of any kind with respect to third-party content, products, and services unless otherwiseset forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will notbe responsible for any loss, costs, or damages incurred due to your access to or use of third-party content,products, or services, except as set forth in an applicable agreement between you and Oracle.
ContentsPrefaceAudienceixDocumentation AccessibilityixRelated DocumentsixDocumentation UpdatesixConventionsixWhat's New in Oracle Identity Manager Connector for RSAAuthentication Manager?1Software UpdatesxiDocumentation-Specific UpdatesxiAbout the RSA Authentication Manager Connector1.1Introduction to RSA Authentication Manager Connector1-11.2Certified Components1-11.3Usage Recommendation1-21.4Certified Languages1-21.5Connector Architecture1-31.6Features of the Connector1-51.6.1Support for Reconciliation and Provisioning of RSA AuthenticationManager User Accounts and Tokens1-51.6.2Full and Incremental Reconciliation1-51.6.3Batched Reconciliation1-51.6.4Limited (Filtered) Reconciliation1-61.6.5Enable and Disable User Accounts and Tokens1-61.6.6Reconciliation of Deleted User Accounts and Unassigned Tokens1-61.6.7EJB-Based Communication with the Target System1-61.6.8Standard and Custom Attribute Mapping for Reconciliation andProvisioning1-6Transformation and Validation of Account Data1-71.6.91.6.10Support for Setting a PIN and the Token Lost Attribute1-7iii
1.6.111.7Lookup Definitions Used During Reconciliation and Provisioning1-71-71.7.1About Lookup Field Synchronization1-81.7.2Lookup Definitions Synchronized with the Target AAM.RadiusProfile1-121.7.31.8Preconfigured Lookup s1-15Connector Objects Used During Reconciliation1-151.8.1User Fields for Target Resource Reconciliation1-161.8.2Reconciliation Rule for User Target Resource Reconciliation1-171.8.3Viewing Reconciliation Rule for User Target Resource Reconciliation1-181.8.4Reconciliation Action Rules for User Target Resource Reconciliation1-181.8.5Viewing Reconciliation Action Rules for User Target ResourceReconciliation1-191.8.6Token Fields for Target Resource Reconciliation1-191.8.7Reconciliation Rule for Token Target Resource Reconciliation1-211.8.8Viewing Reconciliation Rule for Token Target Resource Reconciliation1-211.8.9Reconciliation Action Rules for Token Target Resource Reconciliation1-221.8.101.9Viewing Reconciliation Action Rules for Token Target ResourceReconciliationConnector Objects Used During Provisioning1-221-231.9.1Provisioning Functions1-231.9.2User Fields for Provisioning1-241.9.3Token Fields for Provisioning1-261.102Connection PoolingRoadmap for Deploying and Using the Connector1-27Deploying the RSA Authentication Manager Connector2.1Preinstallation2-1iv
2.22.1.1Copying the External Code Files2-12.1.2Creating a Target System Account for Connector Operations2-1Installation2.2.1Understanding Installation2-112.2.2Installing the Connector in Oracle Identity Manager2-112.2.2.1Running the Connector Installer2-122.2.2.2Configuring the IT Resource for the Target System2-132.2.32.3Deploying the Connector in a Connector Server2-152.2.3.1About the Connector Server2-162.2.3.2Installing and Configuring the Connector Server2-162.2.3.3Running the Connector Server2-172.2.3.4Installing the Connector on the Connector Server2-18Postinstallation2.3.1Postinstallation on Oracle Identity Manager2-192-192.3.1.1Configuring Self-Request Provisioning2-202.3.1.2Configuring Oracle Identity Manager2-202.3.1.3Clearing Content Related to Connector Resource Bundles fromthe Server Cache2-222.3.1.4Managing Logging for RSA Authentication Manager Connector2-232.3.1.5Setting up the Lookup Definition for Connection Pooling2-262.3.1.6Setting up the Lookup Definition for Different Time Zones2-272.3.1.7Localizing Field Labels in UI Forms2-282.3.1.8Addressing Prerequisites for Using the Java API of RSAAuthentication Manager2-302.3.232-11Creating the IT Resource for the Connector Server2-302.4About Upgrading the RSA Authentication Manager Connector2-372.5Postcloning the RSA Authentication Manager2-372.5.1About Postcloning2-382.5.2Updating Child Table Mappings2-38Using the RSA Authentication Manager Connector3.1Performing First-Time Reconciliation3-13.2Scheduled Job for Lookup Field Synchronization3-13.3Configuring Reconciliation3-23.3.1Full Reconciliation3-33.3.2Limited Reconciliation3-33.3.3Batched Reconciliation3-63.3.4Reconciliation Scheduled Jobs3-63.3.4.1Scheduled Jobs for Reconciliation of Token and User Records3-73.3.4.2Scheduled Jobs for Reconciliation of Deleted Token and UserRecords3-9v
3.44Scheduled Jobs3-103.4.1Scheduled Jobs for Lookup Field Synchronization and Reconciliation3-103.4.2Configuring Scheduled Jobs3-113.5Guidelines On Performing Provisioning Operations3-123.6Performing Provisioning Operations3-123.7Uninstalling the Connector3-13Extending the Functionality of the RSA Authentication ManagerConnector4.14.24.3Determining Whether an Attribute Is an Identity Management Services orAuthentication Manager Attribute4-1Adding New User or Token Attributes for Reconciliation4-24.2.1Adding New Attributes4-24.2.2Adding Attributes to Reconciliation Fields4-34.2.3Creating Reconciliation Field Mapping4-44.2.4Creating Entries in Lookup Definitions4-54.2.5Performing Changes in a New UI Form4-6Adding New User or Token Attributes for Provisioning4-64.3.1Adding New Attributes4-74.3.2Creating Entries in Lookup Definitions4-84.3.3Creating a Task to Enable Update4-94.3.4Performing Changes in a New UI Form4-114.4Configuring Validation of Data During Reconciliation and Provisioning4-114.5Configuring Transformation of Data During Reconciliation4-145Troubleshooting the RSA Authentication Manager ConnectorAFiles and Directories On the Installation Mediavi
List of Figures1-1Connector Architecture1-41-2Reconciliation Rule for Target Resource Reconciliation1-181-3Reconciliation Action Rules for Target Resource Reconciliation1-191-4Reconciliation Rule for Target Resource Reconciliation1-211-5Reconciliation Action Rules for Target Resource Reconciliation1-232-1Manage IT Resource Page2-142-2Edit IT Resource Details and Parameters Page for the RSA Server Instance IT Resource2-142-3Step 1: Provide IT Resource Information2-312-4Step 2: Specify IT Resource Parameter Values2-312-5Step 3: Set Access Permission to IT Resource2-342-6Step 4: Verify IT Resource Details2-352-7Step 5: IT Resource Connection Result2-362-8Step 6: IT Resource Created2-37vii
List of Tables1-1Certified Components1-21-2Entries in the Lookup.RSAAM.Configuration Lookup Definition1-131-3Entries in the Lookup.RSAAM.UM.Configuration Lookup Definition1-131-4Entries in the Lookup.RSAAM.Token.Configuration Lookup Definition1-141-5Entries in the Lookup.RSAAM.UM.ReconAttrMap lookup definition1-171-6Action Rules for Target Resource Reconciliation1-181-7Entries in the Lookup.RSAAM.Token.ReconAttrMap lookup definition1-201-8Action Rules for Target Resource Reconciliation1-221-9Provisioning Functions1-231-10Entries in the Lookup.RSAAM.UM.ProvAttrMap lookup definition1-251-11Entries in the Lookup.RSAAM.Token.ProvAttrMap lookup definition1-262-1Log Levels and ODL Message Type:Level Combinations2-242-2Connection Pooling Properties2-262-3Time Zone Properties2-272-4Parameters of the IT Resource for the Connector Server2-323-1Attributes of the Scheduled Jobs for Lookup Field Synchronization3-23-2Attributes of the Scheduled Jobs for Reconciliation of Token Records3-73-3Attributes of the Scheduled Jobs for Reconciliation of User Records3-83-4Attributes of the Scheduled Jobs for Delete Token Reconciliation3-93-5Attributes of the Scheduled Jobs for Delete User Reconciliation3-103-6Scheduled Jobs for Lookup Field Synchronization and Reconciliation3-105-1Troubleshooting for the RSA Authentication Manager Connector5-1A-1Files and Directories On the Installation MediaA-1viii
PrefaceThis guide describes the connector that is used to integrate Oracle Identity Managerwith RSA Authentication Manager.AudienceThis guide is intended for resource administrators and target system integration teams.Documentation AccessibilityFor information about Oracle's commitment to accessibility, visit the OracleAccessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx acc&id docacc.Access to Oracle SupportOracle customers that have purchased support have access to electronic supportthrough My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx acc&id info or visit http://www.oracle.com/pls/topic/lookup?ctx acc&id trs if you are hearing impaired.Related DocumentsFor information about installing and using Oracle Identity Manager, visit the followingOracle Help Center page:http://docs.oracle.com/cd/E52734 01/index.htmlFor information about Oracle Identity Manager Connectors documentation, visit thefollowing Oracle Help Center page:http://docs.oracle.com/cd/E22999 01/index.htmDocumentation UpdatesOracle is committed to delivering the best and most recent information available. Forinformation about updates to the Oracle Identity Manager Connectors documentation,visit Oracle Technology Network athttp://download.oracle.com/docs/cd/E22999 01/index.htmConventionsThe following text conventions are used in this document:ix
PrefaceConventionMeaningboldfaceBoldface type indicates graphical user interface elements associatedwith an action, or terms defined in text or the glossary.italicItalic type indicates book titles, emphasis, or placeholder variables forwhich you supply particular values.monospaceMonospace type indicates commands within a paragraph, URLs, codein examples, text that appears on the screen, or text that you enter.x
What's New in Oracle Identity ManagerConnector for RSA AuthenticationManager?This chapter provides an overview of the updates made to the software anddocumentation for the RSA Authentication Manager connector in release 11.1.1.5.0.The updates discussed in this chapter are divided into the following categories: Software UpdatesThis section describes updates made to the connector software. This section alsopoints out the sections of this guide that have been changed in response to eachsoftware update. Documentation-Specific UpdatesThese include major changes made to this guide. For example, the relocation ofa section from the second chapter to the third chapter is a documentation-specificupdate. These changes are not related to software updates.Software UpdatesThe following section discusses software updates:Software Updates in Release 11.1.1.5.0This is the first release of the Oracle Identity Manager connector for RSAAuthentication Manager based on ICF architecture. Therefore, there are no softwareupdates for this release of the connector.Documentation-Specific UpdatesThe Chapter Known Issues and Workarounds has been removed.Documentation Updates in Release 11.1.1.5.0The following is a documentation-specific update in revision "10" of release 11.1.1.5.0:Few editorial changes and minor updates to the document structure have been madefor better readability.The following is a documentation-specific update in revision "9" of release 11.1.1.5.0:xi
What's New in Oracle Identity Manager Connector for RSA Authentication Manager?The "Oracle Identity Governance or Oracle Identity Manager" row of Table 1-1 hasbeen updated to include support for Oracle Identity Governance release 12c PS4(12.2.1.4.0).The following is a documentation-specific update in revision "8" of release 11.1.1.5.0:A "Note" regarding the Incorrect Passcodes check box has been added to UserFields for Provisioning.The following are documentation-specific updates in revision "7" of release 11.1.1.5.0: Additional certification details for Oracle Identity Governance 12c (12.2.1.3.0) hasbeen added to Table 1-1. The "Target Systems" row in Table 1-1 has been modified to include the supportedversion RSA Authentication Manager 8.3 and 8.4.The following are documentation-specific updates in revision "6" of release 11.1.1.5.0: The "Target Systems" row in Table 1-1 has been modified to include the supportedversion RSA Authentication Manager 8.2. The "JDK" row has been added to Table 1-1.The following is a documentation-specific update in revision "5" of release 11.1.1.5.0:The "Oracle Identity Manager" row of Table 1-1 has been updated.The following are documentation-specific updates in revision "4" of release 11.1.1.5.0: A "Note" regarding lookup queries has been added at the beginning of Extendingthe Functionality of the RSA Authentication Manager Connector . A "Note" regarding lookup queries has been removed from Lookup DefinitionsUsed During Reconciliation and Provisioning.The following are documentation-specific updates in revision "3" of release 11.1.1.5.0: The following are documentation-specific updates in revision "4" of release11.1.1.5.0: A "Note" regarding lookup queries has been added to Lookup Definitions UsedDuring Reconciliation and Provisioning. The "Target System" row of Table 1-1 has been updated.The following is a documentation-specific update in revision "2" of release 11.1.1.5.0:Configuring Self-Request Provisioning has been added.xii
1About the RSA Authentication ManagerConnectorThis chapter introduces the RSA Authentication Manager connector.This chapter discusses the following topics: Introduction to RSA Authentication Manager Connector Certified Components Usage Recommendation Certified Languages Connector Architecture Features of the Connector Lookup Definitions Used During Reconciliation and Provisioning Connector Objects Used During Reconciliation Connector Objects Used During Provisioning Roadmap for Deploying and Using the Connector1.1 Introduction to RSA Authentication Manager ConnectorOracle Identity Manager automates access rights management, security, andprovisioning of IT resources. Oracle Identity Manager connectors are used tointegrate Oracle Identity Manager with external, identity-aware applications. This guidediscusses the connector that enables you to use RSA Authentication Manager as amanaged (target) resource of Oracle Identity Manager.Note:At some places in this guide, RSA Authentication Manager has been referredto as the target system.In the account management (target resource) mode of the connector, informationabout users created or modified directly on the target system can be reconciled intoOracle Identity Manager. In addition, you can use Oracle Identity Manager to performprovisioning operations on the target system.1.2 Certified ComponentsTable 1-1 lists the certified components for the target system.1-1
Chapter 1Usage RecommendationTable 1-1Certified ComponentsItemRequirementOracle Identity Governanceor Oracle Identity ManagerYou can use one of the following releases of Oracle IdentityManager: Target SystemOracle Identity Governance 12c (12.2.1.4.0)Oracle Identity Governance 12c (12.2.1.3.0)Oracle Identity Manager 11g Release 2 PS3 (11.1.2.3.0)Oracle Identity Manager 11g Release 2 PS2 (11.1.2.2.0)and any later BP in this release trackOracle Identity Manager 11g Release 2 PS1 (11.1.2.1.0)and any later BP in this release trackOracle Identity Manager 11g Release 2 (11.1.2.0.0) and anylater BP in this release trackYou can use one of the following supported versions of the targetsystem: RSA Authentication Manager 8.0RSA Authentication Manager 8.1RSA Authentication Manager 8.2RSA Authentication Manager 8.3RSA Authentication Manager 8.4Connector Server11.1.2.1.0Connector Server JDKJDK 1.6 or later1.3 Usage RecommendationDepending on the Oracle Identity Manager version that you are using, you mustdeploy and use one of the following connectors: If you are using an Oracle Identity Manager release that is earlier than OracleIdentity Manager 11g Release 2 (11.1.2.0.0), then you must use the 9.1.0.x versionof this connector. However, if you are using RSA Authentication Manager 6.0, or6.1, or 6.1.2, then you must use the 9.0.4.x version of this connector. If you are using Oracle Identity Manager 11g Release 2 or later, then youmust use the 11.1.1.x version of this connector. However, if you are using RSAAuthentication Manager 7.1 with SP3 or later, then use the 9.1.0.x version of thisconnector.1.4 Certified LanguagesThe connector supports the following languages: Arabic Chinese (Simplified) Chinese (Traditional) Czech Danish Dutch1-2
Chapter 1Connector Architecture English (UK) English (US) Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Norwegian Polish Portuguese Portuguese (Brazilian) Romanian Russian Slovak Spanish Swedish Thai Turkish1.5 Connector ArchitectureFigure 1-1 shows the architecture of the connector.1-3
Chapter 1Connector ArchitectureFigure 1-1Connector ArchitectureThe RSA Authentication Manager connector is implemented by using the IdentityConnector Framework (ICF). The ICF is a component that provides basic reconciliationand provisioning operations that are common to all Oracle Identity Managerconnectors. In addition, ICF provides common features that developers wouldotherwise need to implement on their own, such as connection pooling, buffering, timeouts, and filtering. The ICF is shipped along with Oracle Identity Manager. Therefore,you need not configure or modify the ICF.This connector is used to manage users and tokens on RSA Authentication Managerthrough Oracle Identity Manager. This connector integrates Oracle Identity Managerwith the target system with the help of a Java API.The target system can be configured to run in the Account Management mode.Account management is also known as target resource management. In this mode,the target system is used as a target resource and the connector enables the followingoperations: Provisioning:Provisioning involves creating, updating, or deleting users and tokens on the targetsystem through Oracle Identity Manager. The connector makes use of the JavaAPI to connect to the RSA AM Server, and in turn provision accounts and tokens.Token provisioning operations are performed in the same manner. A separate setof Oracle Identity Manager adapters is used during token provisioning operations.During user provisioning, data received in the create/update operation will bepassed to the target system APIs. RSA APIs accept provisioning data, carry outthe required operation on the target system, and then return the response fromthe target system back to the connector. The connector will return the response toOracle Identity Manager. Target source reconciliation:During reconciliation, the connector fetches data (using scheduled jobs) aboutusers created or modified directly on the target system into Oracle IdentityManager. This data is used to add or modify resources allocated to OIM Users.1-4
Chapter 1Features of the ConnectorSimilarly, during reconciliation, the RSA APIs will accept the search criteria,including filters, and return the records to the connector. The connector supportssearching for users, tokens, roles, groups, identity sources, security domains andRADIUS profiles on the target.1.6 Features of the ConnectorThe following are features of the connector: Support for Reconciliation and Provisioning of RSA Authentication Manager UserAccounts and Tokens Full and Incremental Reconciliation Batched Reconciliation Limited (Filtered) Reconciliation Enable and Disable User Accounts and Tokens Reconciliation of Deleted User Accounts and Unassigned Tokens EJB-Based Communication with the Target System Standard and Custom Attribute Mapping for Reconciliation and Provisioning. Transformation and Validation of Account Data Support for Setting a PIN and the Token Lost Attribute Connection Pooling1.6.1 Support for Reconciliation and Provisioning of RSAAuthentication Manager User Accounts and TokensYou can use the connector to reconcile and provision RSA Authentication Manageruser accounts and tokens. The connector provides separate process forms andresource objects for user accounts and token operations.1.6.2 Full and Incremental ReconciliationIn full reconciliation, all records are fetched from the target system to Oracle IdentityManager. In incremental reconciliation, only records that are added or modified afterthe last reconciliation run are fetched into Oracle Identity Manager.You can switch from incremental to full reconciliation at any time after you deploy theconnector.See Full Reconciliation.1.6.3 Batched ReconciliationYou can break down a reconciliation run into batches by specifying the number ofrecords that must be included in each batch.See Batched Reconciliation.1-5
Chapter 1Features of the Connector1.6.4 Limited (Filtered) ReconciliationTo limit or filter the records that are fetched into Oracle Identity Manager during areconciliation run, you can specify the subset of added or modified target systemrecords that must be reconciled.See Limited Reconciliation.1.6.5 Enable and Disable User Accounts and TokensAccount Start and Account Expire are two user attributes on the target system. Fora particular user on the target system, if the Account Expire date is less than thecurrent date, then the account is in the Disabled state. Otherwise, the account is in theEnabled state. When the record of this user is reconciled into Oracle Identity Manager,the user's state (RSA resource) in Oracle Identity Manager matches the user's state onthe target system. In addition, through a provisioning operation, you can set the valueof the Account Expire date to the current date or a date in the past.Alternatively, you can search for and open the Accounts page on Oracle IdentityManager. Click Enable/Disable to enable or disable user accounts or tokens.Note:The Enabled or Disabled state of a user account or a token is not related tothe Locked or Unlocked state of the account.1.6.6 Reconciliation of Deleted User Accounts and Unassigned TokensYou can configure the connector for reconciliation of deleted user accounts andunassigned tokens. In target resource mode, if a user record is deleted or a tokenis unassigned on the target system, then the corresponding RSA resource is revokedfrom the OIM User.See Scheduled Jobs for Reconciliation of Deleted Token and User Records.1.6.7 EJB-Based Communication with the Target SystemThe connector supports EJB-based communication between Oracle Identity Managerand the target system. This is a secure connection. By using the connectionTypeparameter of the IT Resource, you can specify the type of communication (EJB) to beestablished with the target system.1.6.8 Standard and Custom Attribute Mapping for Reconciliation andProvisioningYou can create mappings for attributes that are not included in the list of defaultattribute mappings. These attributes can be custom attributes that you add on thetarget system.See Extending the Functionality of the RSA Authentication Manager Connector.1-6
Chapter 1Lookup Definitions Used During Reconciliation and Provisioning1.6.9 Transformation and Validation of Account DataYou can configure validation of account data that is brought into or sent from OracleIdentity Manager during reconciliation and provisioning. In addition, you can configuretransformation of account data that is brought into Oracle Identity Manager duringreconciliation.The following sections provide more information: Configuring Transformation of Data During Reconciliation Configuring Validation of Data During Reconciliation and Provisioning1.6.10 Support for Setting a PIN and the Token Lost AttributeYou can use the connector to set the following: A PIN for the token that is assigned to a user.Note:You are compulsorily required to assign a value for the PIN attribute ofeach token in order to ensure that provisioning takes place as expected. The Token Lost attribute when the token device is lost.1.6.11 Connection PoolingA connection pool is a cache of objects that represent physical connections tothe target. Oracle Identity Manager connectors can use these connections tocommunicate with target systems. At run time, the application requests a connectionfrom the pool. If a connection is available, then the connector uses it and then returnsit to the pool. A connection returned to the pool can again be requested for andused by the connector for another operation. By enabling the reuse of connections,the connection pool helps reduce connection creation overheads like network latency,memory allocation, and authentication.One connection pool is created for each IT resource. For example, if you have three ITresources for three installations of the target system, then three connection pools willbe created, one for each target system installation.See Setting up the Lookup Definition for Connection Pooling.1.7 Lookup Definitions Used During Reconciliation andProvisioningLookup definitions used during reconciliation and provisioning can either besynchronized with the target system or preconfigured. The following sections containdetailed information: About Lookup Field Synchronization1-7
Chapter 1Lookup Definitions Used During Reconciliation and Provisioning Lookup Definitions Synchronized with the Target System Preconfigured Lookup Definitions1.7.1 About Lookup Field SynchronizationDuring a provisioning operation, you use a lookup field on the process form to specifya single value from a set of values. For example, you use the Identity Source lookupfield to select an identity source during a provisioning operation performed through theAdministrative and User Console. When you deploy the connector, lookup definitionscorresponding to the lookup fields on the target system are automatically created inOracle Identity Manager. Lookup field synchronization involves copying additions orchanges made to the target system lookup fields into the lookup de
2.3.1.4 Managing Logging for RSA Authentication Manager Connector 2-23 2.3.1.5 Setting up the Lookup Definition for Connection Pooling 2-26 2.3.1.6 Setti
