Explain the Architecture of Oracle identity Manager?
The Oracle Identity Manager architecture consists of three
tiers
Tier 1: Client:
The Oracle Identity Manager application GUI component reside
in this tier. Users log in by using the Oracle Identity Manager client.The
Oracle Identity Manager client interacts with the Oracle Identity Manager
server, providing it with the user's login credentials.
Tier 2: Application Server:
The second tier implements the business logic, which resides
in the Java Data Objects that are managed by the supported J2EE application
server (JBoss application server, BEA WebLogic, and IBM WebSphere). The Java
Data Objects implement the business logic of the Oracle Identity Manager
application, however, they are not exposed to any methods from the outside
world. Therefore, to access the business functionality of Oracle Identity
Manager, you can use the API layer within the J2EE infrastructure, which
provides the lookup and communication mechanism.
Tier 3: Database: The
third tier consists of the database. This is the layer that is responsible for
managing the storage of data within Oracle Identity Manager.
What is OIM user?
OIM User: OIM user is
an Entity/account which helps in managing the compliance of any organization
and helps in providing the access rights according to its identity in the
related organization.
How many Types of users are there in oracle identity
manager?
• End-User Administrator:
An end-user administrator is a user who has access to both
the Administrative and User Console and the Design Console. An end-user
administrator may be tasked with managing access rights for users, changing the
status of process tasks, or other tasks that include managing the Oracle
Identity Manager environment from higher levels.
• End-User:
End users are normally recipients of resources provisioned
to them by Oracle Identity Manager. They have the ability to log in to the
Oracle Identity Manager Administrative and User Console to perform tasks such
as viewing their user profiles, allocated resources, and assigned roles. By
default, they can perform self-service tasks from the console.
What are Organizations in OIM?
An organization is a logical container of entities including
users and other organizations defined within Oracle Identity Manager.
Oracle Identity Manager can have a flat organizational
structure or a hierarchical structure, which means that an organization can
contain other organizations. These child organizations are known as
sub-organizations.
What Are Roles in OIM?
An Role is used to define the access rights that an entity
may have. These defined roles use unique role names to differentiate them
within the Oracle Identity Manager environment. A role may be associated with
one or more access rights to Oracle Identity Manager Function. For example, a
single role enables a user to create other Oracle Identity Manager user accounts
and manage a specific organization.
Roles determine the
links and menus that are available to users when they log in to the console
OIM Terminologies
IT Resource:
IT Resource stores the configuration data of Actual Target
Resource
This helps to store
configuration data related to targets.
We use this information in IT Resource and use this information to
do CRUD operations into target.
Resources: A resource is
an logical entity which is an external system, service, or application with which
Oracle Identity Manager communicates to perform either provisioning or
reconciliation.
Provisioning:
Provisioning is a process where Users are created, maintained and deleted in
Resources or Target Systems. Provisioning of Users can be achieved by using
connectors and other configuration in OIM to save their information in Target
Systems.
What does User De-Provisioning mean?
User de-provisioning is the process of removing access of an
individual user to an organization’s resources. This can include removing user
accounts on individual machines or servers, or from authentication servers like
Active Directory etc. It can also include removing a user’s machine entirely.
De-provisioning is
usually done when a user leaves an organization.
Forms in OIM: There are
two types of forms in OIM which are used for showing and storing user data for
provisioning.
1. Object Form
2. Process Form
Object Form: Object form
is associated with Resource Object. It is visible at the time of
provisioning/reconciliation. It is used for getting some input from the user
while provisioning.
Process Form: This form
is associated with provisioning process of any target resource. During a
provisioning process, data flows to the actual target resource from process
form.
What is Resource
Object (RO)?
Resource Object is a
virtual representation of an account on a target system. If an OIM user has an
account on the target system the user has an RO instance associated with it.
What is Adapter? What Adapters available in OIM?
An adapter is a Java class which helps in automation of
process within OIM and is created by an Oracle Identity Manager user through
the Adapter Factory.
Process Tasks
adapters - it can be attached only
in task. automate completion of a process task and are attached to a Process
Definition Form (AD user, OID User, etc)
Entity Adapters:
When you want to perform any operation on any Entity like user/group then we
use Entity Adapters. It can be attached only with forms. These adapters can be
used
automatically populates a field on the OIM User form or
custom User Form on pre-update, pre-delete, pre-insert, post-insert,
post-update, or post-delete
Pre-Populate Adapter
- specific type of rule generator attached to a user-created form field that
can automatically generate data to the 'Process form' but does not save that
data to the OIM database but does send that information to appropriate directory
user object. The data can come from manual entry on a form or from automated
entry from the OIM defined forms i.e This adapter is used for populating any
field on forms (Process/Object) with some data.
Rule Generator -
can populate fields automatically on an OIM form or a user-created form and
save to the OIM database based on business rules
Task Assignment
Adapter - automates the assignment of a process task to a user or group. It
is used for assigning the task to any particular user/group.
Task
assignment adapter is used when you want to perform some operation to find the
user to whom you want to assign task.
Some differences between rule generators and entity adapters
are:
• Execution : Entity adapters can be triggered by Oracle
Identity Manager on preinsert, preupdate, predelete, postinsert, postupdate,
and postdelete. A rule generator adapter can be executed only on preinsert and
preupdate.
• Field value modification :
The adapter populates
the form field to which an entity adapter is attached. An Oracle Identity
Manager user should not edit this value because the entity adapter will
overwrite this modification. As a result, the modification will not be saved to
the database.
The adapter also
populates the form field to which a rule generator adapter is attached.
However, an Oracle Identity Manager user can edit this value because this
modification will take precedence over the value that the rule generator
adapter generates. Because of this, the modification will be saved to the
database.
Difference between Event Handler and Entity Adapter
Event Handler
- Need to extend tcBaseEvent Class.
- Can’t take any parameter from form
- Can’t return any value on the form
- Need to register EventHandler via register plug in with Steps : Register Event Handler
Entity Adapter
- No need to extend any class
- Can take any field from form as parameter
- Can return any value to any form field
- depending upon the form
- Usage is during any operation on any Entity like user/group.
- Easy to implement using design console using steps :
No comments:
Post a Comment