Transcription
Oracle Identity ManagerConnector Guide for BMC Ticket ManagementRelease 9.0.4E10393-01May 2007
Oracle Identity Manager Connector Guide for BMC Ticket Management, Release 9.0.4E10393-01Copyright 2006, 2007, Oracle. All rights reserved.Primary Author:Shiladitya GuhaContributing Authors:Deepa Aswani, Debapriya Datta, Lyju VadasseryThe Programs (which include both the software and documentation) contain proprietary information; theyare provided under a license agreement containing restrictions on use and disclosure and are also protectedby copyright, patent, and other intellectual and industrial property laws. Reverse engineering, disassembly,or decompilation of the Programs, except to the extent required to obtain interoperability with otherindependently created software or as specified by law, is prohibited.The information contained in this document is subject to change without notice. If you find any problems inthe documentation, please report them to us in writing. This document is not warranted to be error-free.Except as may be expressly permitted in your license agreement for these Programs, no part of thesePrograms may be reproduced or transmitted in any form or by any means, electronic or mechanical, for anypurpose.If the Programs are delivered to the United States Government or anyone licensing or using the Programs onbehalf of the United States Government, the following notice is applicable:U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical datadelivered to U.S. Government customers are "commercial computer software" or "commercial technical data"pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. Assuch, use, duplication, disclosure, modification, and adaptation of the Programs, including documentationand technical data, shall be subject to the licensing restrictions set forth in the applicable Oracle licenseagreement, and, to the extent applicable, the additional rights set forth in FAR 52.227-19, CommercialComputer Software--Restricted Rights (June 1987). Oracle USA, Inc., 500 Oracle Parkway, Redwood City, CA94065.The Programs are not intended for use in any nuclear, aviation, mass transit, medical, or other inherentlydangerous applications. It shall be the licensee's responsibility to take all appropriate fail-safe, backup,redundancy and other measures to ensure the safe use of such applications if the Programs are used for suchpurposes, and we disclaim liability for any damages caused by such use of the Programs.Oracle, JD Edwards, PeopleSoft, and Siebel are registered trademarks of Oracle Corporation and/or itsaffiliates. Other names may be trademarks of their respective owners.The Programs may provide links to Web sites and access to content, products, and services from thirdparties. Oracle is not responsible for the availability of, or any content provided on, third-party Web sites.You bear all risks associated with the use of such content. If you choose to purchase any products or servicesfrom a third party, the relationship is directly between you and the third party. Oracle is not responsible for:(a) the quality of third-party products or services; or (b) fulfilling any of the terms of the agreement with thethird party, including delivery of products or services and warranty obligations related to purchasedproducts or services. Oracle is not responsible for any loss or damage of any sort that you may incur fromdealing with any third party.
ContentsPreface . vAudience.Documentation Accessibility .Related Documents .Documentation Updates .Conventions .1About the ConnectorReconciliation Module .Lookup Fields Reconciliation .Ticket Reconciliation.Provisioning Module.Supported Functionality .Multilanguage Support.Files and Directories That Comprise the Connector .Determining the Release Number of the Connector.Before Deployment .After Deployment .2vvvivivi1-11-21-21-21-31-31-41-41-41-5Deploying the ConnectorStep 1: Verifying Deployment Requirements.Step 2: Configuring the Target System.Customizing the HPD:HelpDesk Form For the Specific Target Application.Enabling Encryption .Enabling Remedy Encryption .AR System Encryption Error Messages.Step 3: Copying the Connector Files and External Code Files .Step 4: Configuring the Oracle Identity Manager Server.Changing to the Required Input Locale.Clearing Content Related to Connector Resource Bundles from the Server Cache .Enabling Logging .Step 5: Importing the Connector XML File .Defining IT Resources .2-12-12-22-22-22-32-42-42-52-52-52-72-8iii
3Configuring Connector FunctionalityConfiguring Reconciliation.Configuring the Reconciliation Scheduled Tasks.Specifying Values for the Scheduled Task Attributes .Lookup Fields Reconciliation Scheduled Task.BMC Ticket Reconciliation Scheduled Task .Adding Custom Attributes for Reconciliation.Configuring Provisioning.Compiling Adapters .Adding Custom Attributes for Provisioning .Configuring the Connector for Multiple Target Applications .Configuring the Connector for Multiple Installations of the Target System .43-13-13-23-23-33-33-53-53-63-83-9Testing and TroubleshootingTesting the Connector. 4-1Testing Partial and Batched Reconciliation. 4-1Troubleshooting Connector Problems . 4-25Known IssuesA Attribute Mappings Between Oracle Identity Manager and BMC TicketManagementIndexiv
PrefaceOracle Identity Manager Connector Guide for BMC Ticket Management providesinformation about integrating Oracle Identity Manager with BMC Ticket Management.Some parts of the product and documentation still refer to theoriginal Thor company name and Xellerate product name and will berebranded in future releases.Note:AudienceThis guide is intended for users who want to deploy the Oracle Identity Managerconnector for BMC Ticket Management.Documentation AccessibilityOur goal is to make Oracle products, services, and supporting documentationaccessible, with good usability, to the disabled community. To that end, ourdocumentation includes features that make information available to users of assistivetechnology. This documentation is available in HTML format, and contains markup tofacilitate access by the disabled community. Accessibility standards will continue toevolve over time, and Oracle is actively engaged with other market-leadingtechnology vendors to address technical obstacles so that our documentation can beaccessible to all of our customers. For more information, visit the Oracle AccessibilityProgram Web site y of Code Examples in DocumentationScreen readers may not always correctly read the code examples in this document. Theconventions for writing code require that closing braces should appear on anotherwise empty line; however, some screen readers may not always read a line of textthat consists solely of a bracket or brace.Accessibility of Links to External Web Sites in DocumentationThis documentation may contain links to Web sites of other companies ororganizations that Oracle does not own or control. Oracle neither evaluates nor makesany representations regarding the accessibility of these Web sites.v
TTY Access to Oracle Support ServicesOracle provides dedicated Text Telephone (TTY) access to Oracle Support Serviceswithin the United States of America 24 hours a day, seven days a week. For TTYsupport, call 800.446.2398.Related DocumentsFor more information, refer to the following documents in the Oracle IdentityManager documentation library: Oracle Identity Manager Release Notes Oracle Identity Manager Installation Guide for JBoss Oracle Identity Manager Installation Guide for Oracle Containers for J2EE Oracle Identity Manager Installation Guide for WebLogic Oracle Identity Manager Installation Guide for WebSphere Oracle Identity Manager Administrative and User Console Guide Oracle Identity Manager Administrative and User Console Customization Guide Oracle Identity Manager Design Console Guide Oracle Identity Manager Tools Reference Guide Oracle Identity Manager Audit Report Developer Guide Oracle Identity Manager Best Practices Guide Oracle Identity Manager Globalization Guide Oracle Identity Manager Glossary of TermsThe following document is available in the Oracle Identity Manager Connector Packdocumentation library: Oracle Identity Manager Connector Framework GuideDocumentation UpdatesOracle is committed to delivering the best and most recent information available. Forinformation about updates to the Oracle Identity Manager Connector Pack Release9.0.4 documentation library, visit Oracle Technology Network ndex.htmlConventionsThe following text conventions are used in this document:viConventionMeaningboldfaceBoldface type indicates graphical user interface elements associatedwith an action, or terms defined in text or the glossary.italicItalic type indicates book titles, emphasis, or placeholder variables forwhich you supply particular values.monospaceMonospace type indicates commands within a paragraph, URLs, codein examples, text that appears on the screen, or text that you enter.
1About the ConnectorOracle Identity Manager automates access rights management, security, andprovisioning of IT resources. Oracle Identity Manager connectors are used to integrateOracle Identity Manager with third-party applications. The connector for BMC TicketManagement is used to integrate Oracle Identity Manager with BMC TicketManagement.Oracle Identity Manager connectors were referred to asresource adapters prior to the acquisition of Thor Technologies byOracle.Note:This chapter contains the following sections: Reconciliation Module Provisioning Module Supported Functionality Multilanguage Support Files and Directories That Comprise the Connector Determining the Release Number of the ConnectorAt some places in this guide, BMC Ticket Management hasbeen referred to as the target system.Note:For this connector, BMC Remedy is treated as a provisioning tool ormedium.In this connector, target application refers to the applicationprovisioned indirectly via Remedy's Help desk-basedmanual/automated processes.Reconciliation ModuleReconciliation involves duplicating in Oracle Identity Manager additions of andmodifications to user accounts on the target system. It is an automated processinitiated by a scheduled task that you configure.See Also: The "Deployment Configurations of Oracle IdentityManager" section in Oracle Identity Manager Connector Framework Guidefor conceptual information about reconciliation configurationsAbout the Connector1-1
Provisioning ModuleBased on the type of data reconciled from the target system, reconciliation can bedivided into the following types: Lookup Fields Reconciliation Ticket ReconciliationLookup Fields ReconciliationLookup fields reconciliation involves reconciling the following lookup fields: Category Item TypeTicket ReconciliationTicket reconciliation involves reconciling the following fields: Summary Description Category Type Item CaseType Login Name Source StatusProvisioning ModuleProvisioning involves creating or modifying a Ticket in the Remedy Helpdesk systemthrough Oracle Identity Manager.Oracle Identity Manager sends basic provisioning information to Remedy forprovisioning a ticket. The provisioning connector invokes Remedy to generate a ticket.Provisioning information includes: Target application Access information for target application modules User provisioning informationYou use the Administrative and User Console to perform provisioning operations.See Also: The "Deployment Configurations of Oracle IdentityManager" section in Oracle Identity Manager Connector Framework Guidefor conceptual information about provisioningIn provisioning, you can specify values for the following fields: Description1-2 Oracle Identity Manager Connector Guide for BMC Ticket Management
Multilanguage Support Category Type Item CaseType Source OIMUser ID CaseID OIMStatusSupported FunctionalityThe following table lists the functions that are available with this connector.FunctionTypeDescriptionCreate TicketProvisioningCreates a TicketSummary UpdatedProvisioningUpdates the Summary of a TicketCategory UpdatedProvisioningUpdates the Category of a TicketType UpdatedProvisioningUpdates the Type of a TicketItem UpdatedProvisioningUpdates the Item of a TicketCaseType UpdatedProvisioningUpdates the CaseType of a TicketSource UpdatedProvisioningUpdates the Source of a TicketReconcile Lookup FieldReconciliationReconciles the lookup fieldsReconcile Ticket DataReconciliationReconciles Ticket data from BMC TicketManagement to Oracle Identity ManagerAppendix A, "Attribute Mappings Between OracleIdentity Manager and BMC Ticket Management"See Also:Multilanguage SupportThe connector supports the following languages: Brazilian Portuguese English French German Italian Japanese Korean Simplified Chinese Spanish Traditional ChineseAbout the Connector1-3
Files and Directories That Comprise the ConnectorSee Also: Oracle Identity Manager Globalization Guide for informationabout supported special charactersFiles and Directories That Comprise the ConnectorThe files and directories that comprise this connector are in the following directory onthe installation media:These files and directories are listed in the following table.File in the Installation Media .jarThis file contains the SQL code for the trigger that is run onthe BMC Remedy database for moving the records of on.jarThis file contains the class files that are required forreconciliation.Files in the resources directoryEach of these resource bundle files contains language-specificinformation that is used by the connector.Note: A resource bundle is a file containing localized versionsof the text strings that are displayed on the user interface ofOracle Identity Manager. These text strings include GUIelement labels and messages displayed on the Administrativeand User Console.xml/BMCTicketConnector DM.xmlThis file contains definitions for the following components ofthe connector: IT resource type IT resource Resource object Process form Process definition Process tasks Adapter tasksThe "Step 3: Copying the Connector Files and External Code Files" section on page 2-4provides instructions to copy these files into the required directories.Determining the Release Number of the ConnectorYou can use any one of the following methods to determine the release number of theconnector.Before DeploymentTo determine the release number of a connector before you deploy it:1.Extract the contents of the xlBMCRemedyTicket.jar file. This file is in thefollowing directory on the installation media:Help Desk/BMC Ticket Management/BMC Remedy Ticket Management Rev9.0.4/lib/JavaTask2.Open the manifest.mf file in a text editor. The manifest.mf file is one of thefiles bundled inside the xlBMCRemedyTicket.jar file.1-4 Oracle Identity Manager Connector Guide for BMC Ticket Management
Determining the Release Number of the ConnectorIn the manifest.mf file, the release number of the connector is displayed as thevalue of the Version property.If you maintain a copy of the xlBMCRemedyTicket.jar fileafter deployment, then you can use this method to determine therelease number of the connector at any stage. After you deploy theconnector, it is recommended that you use the "After Deployment"method, which is described in the following section.Note:After DeploymentTo determine the release number of a connector that has already been deployed:See Also:Oracle Identity Manager Design Console Guide1.Open the Oracle Identity Manager Design Console.2.In the Form Designer, open the process form. The release number of the connectoris the value of the Version field.About the Connector1-5
Determining the Release Number of the Connector1-6 Oracle Identity Manager Connector Guide for BMC Ticket Management
2Deploying the ConnectorDeploying the connector involves the following steps: Step 1: Verifying Deployment Requirements Step 2: Configuring the Target System Step 3: Copying the Connector Files and External Code Files Step 4: Configuring the Oracle Identity Manager Server Step 5: Importing the Connector XML FileStep 1: Verifying Deployment RequirementsThe following table lists the deployment requirements for the connector.ItemRequirementOracle Identity ManagerOracle Identity Manager release 8.5.3 or laterTarget systemsBMC Remedy AR System 6.0External code filesThe following JAR and DLL files from the BMCRemedy Admin Client installation 0.dllarrpc60.dllarutl60.dllTarget system user accountCreate a user in Remedy with all the privileges assignedto the Demo user.You provide the credentials of this user account whileperforming the procedure in the "Defining ITResources" section on page 2-8.Step 2: Configuring the Target SystemConfiguring the target system involves the following steps: Customizing the HPD:HelpDesk Form For the Specific Target Application Enabling EncryptionDeploying the Connector 2-1
Step 2: Configuring the Target SystemCustomizing the HPD:HelpDesk Form For the Specific Target ApplicationEach target application has custom ticket form in Remedy.User is required to add fields to provide information on Target Application Name,Access information for target application modules and User specific details on theHPD:HelpDesk Form.There are two approaches, which can be used for this operation1.Add the additional Fields on the HPD:HelpDesk Form.2.Create a View of the HPD:HelpDesk Form and add the additional fields in view.For more details on how to add fields on HPD:HelpDesk Form and to create a view,refer to Action request system 6.0 Developing ARSystem Application:Basic.Enabling EncryptionThis section discusses the following topics related to Remedy encryption: Enabling Remedy Encryption AR System Encryption Error MessagesEnabling Remedy EncryptionTo enable encryption and set encryption options, you must include server encryptionoptions in the ar.conf file (UNIX) or the ar.cfg file (Microsoft Windows). You cando this by using a text editor.You can set the Encrypt-Security-Policy encryption option. This is an integervalue that indicates whether or not encryption is enabled. If this option is not in thear.cfg (or ar.conf) file, then encryption is disabled by default. If encryption isenabled, then you can set encryption to any one of the following values to this option: 0: Encryption is allowed. Clients and servers with or without encryption enabledon them can connect to this AR System server.1: Encryption is required. Only clients and servers that have encryption enabledon them can connect to this AR System server.2: Encryption is disallowed. Regardless of whether or not encryption is enabled,clients and servers can communicate without encryption.Sample Encryption Product Settings in the Configuration FileThe following table explains sample settings for the options that you can add in thear.conf (or ar.cfg) file.Option SettingsSignificanceEncrypt-Security-Policy: 1Encryption is required.Encrypt-Public-Key-Expire: 86400Public key duration is 1 day (86400 seconds).Encrypt-Symmetric-Data-Key-Expire: 2700Symmetric data encryption key duration is 45minutes (2700 seconds).Encrypt-Public-Key-Algorithm: 5Public key encryption key strength isRSA-1024 (Performance Security).Encrypt-Data-Encryption-Algorithm: 2Symmetric data encryption key strength isRC4 128-bit (Performance Security).2-2 Oracle Identity Manager Connector Guide for BMC Ticket Management
Step 2: Configuring the Target SystemIf you do not set these options, then the default values are used. Defaults for the levelof encryption depend on the encryption product that you are using.To enable Remedy encryption:Exit or stop all AR System processes that are running.1.To do this, open Control Panel, Administrator Tools, and Services. Stop each ARSystem process that is running.In the ar.conf file (for UNIX) or the ar.cfg file (for Microsoft Windows), addthe Encrypt-Security-Policy option with a setting of 0 (encryption isallowed) or 1 (encryption is required). Add other options in the file as required.2.The default UNIX directory for the ar.conf file is ar install dir/conf. InMicrosoft Windows, the ar.cfg file is stored in the ar install dir\confdirectory. Here, ar install dir is the installation directory for ARSystem onthe AR server.Caution: If you set the Encrypt-Security-Policy option to 1(encryption is required), then communication is not allowed for anyserver or client that has not been upgraded to use encryption.Restart the AR System server.3.AR System Encryption Error MessagesWhen the AR System server is started, it checks encryption licensing and encryptionconfiguration settings, if encryption is enabled. If the appropriate Remedy Encryptionproduct licenses are not detected or if invalid configuration settings are detected, thenone or more of the following error messages are displayed.Error NumberError Message and Description9010Encryption is enabled, but the encryption library is not found.Install the Remedy Encryption product.9012No encryption license.Add the encryption license for the Remedy Encryption product that youare using.9013The encryption license does not match the type of Remedy Encryptionproduct that is installed.Obtain the license for the type of Remedy Encryption product that isinstalled.9006The encryption library does not support the specified public keyencryption algorithm.Set the Encryption-Public-Key-Algorithm option in the ar.cfg(or ar.conf) file to a value that is supported by the type of AR SystemEncryption product that is installed.9007The encryption library does not support the specified data encryptionalgorithm.Set the Encrypt-Data-Encryption-Algorithm option in thear.cfg (or ar.conf) file to a value that is supported by the type of ARSystem Encryption product that is installed.Deploying the Connector 2-3
Step 3: Copying the Connector Files and External Code FilesIf encryption is disabled, then encryption error checking does not occur andencryption errors are bypassed. Error messages are listed in the order in which theyare detected.Step 3: Copying the Connector Files and External Code FilesThe connector files to be copied and the directories to which you must copy them aregiven in the following table.File in the Installation Media DirectoryDestination Directorylib/JavaTask/xlBMCRemedyTicket.jarOIM dyTicketRec OIM home/xellerate/ScheduleTaskon.jarFiles in the resources directoryOIM ector DM.xmlOIM home/xlclientAfter you copy the connector files:1.Copy the following files from the BMC Remedy Admin Client installationdirectory (for example, C:/Program Files/AR System) to theOIM home/xellerate/ThirdParty 0.dllarrpc60.dllarutl60.dll2.Include OIM home/xellerate/ThirdParty in the PATH environment variable.While installing Oracle Identity Manager in a clusteredenvironment, you copy the contents of the installation directory toeach node of the cluster. Similarly, you must copy theconnectorResources directory and the JAR files to thecorresponding directories on each node of the cluster.Note:Step 4: Configuring the Oracle Identity Manager ServerIn this guide, the term Oracle Identity Manager server refers tothe computer on which Oracle Identity Manager is installed.Note:Configuring the Oracle Identity Manager server involves the following procedures:In a clustered environment, you must perform this step oneach node of the cluster.Note: Changing to the Required Input Locale Clearing Content Related to Connector Resource Bundles from the Server Cache2-4 Oracle Identity Manager Connector Guide for BMC Ticket Management
Step 4: Configuring the Oracle Identity Manager ServerChanging to the Required Input LocaleChanging to the required input locale (language and country setting) involvesinstalling the required fonts and setting the required input locale.You may require the assistance of the system administrator to change to the requiredinput locale.Clearing Content Related to Connector Resource Bundles from the Server CacheWhile performing the instructions described in the "Step 3: Copying the ConnectorFiles and External Code Files" section on page 2-4, you copy files from the resourcesdirectory on the installation media into theOIM home/xellerate/connectorResources directory. Whenever you add anew resource bundle in the connectorResources directory or make a change in anexisting resource bundle, you must clear content related to connector resource bundlesfrom the server cache.To clear content related to connector resource bundles from the server cache:1.In a command window, change to the OIM home/xellerate/bin directory.You must perform Step 1 before you perform Step 2. If yourun the command described in Step 2 as follows, then an exception isthrown:Note:OIM home/xellerate/bin/batch file name2.Enter one of the following commands: On Microsoft Windows:PurgeCache.bat ConnectorResourceBundle On UNIX:PurgeCache.sh ConnectorResourceBundleYou can ignore the exception that is thrown when youperform Step 2.Note:In this command, ConnectorResourceBundle is one of the content categoriesthat you can remove from the server cache. Refer to the following file forinformation about the other content categories:OIM home/xellerate/config/xlConfig.xmlEnabling LoggingWhen you enable logging, Oracle Identity Manager automatically stores in a log fileinformation about events that occur during the course of provisioning andreconciliation operations. To specify the type o
Provisioning involves creating or modifying a Ticket in the Remedy Helpdesk system through Oracle Identity Manager. Oracle Identity Manager sends basic provisioning information to Remedy for provisioning a ticket. The provisioning conne ctor invokes Remedy to generate a ticket. Provisioning information includes: Target application
