Peoplesoft Connectors for Oracle Identity Manager – Part I

Introduction

Couple of weeks ago, I attended an Oracle Webcast titled “Introducing Oracle Identity Management 11g”. That webcast was about introducing the remaining components of Oracle Identity Management Product Suite which is part of the Oracle Fusion Middleware 11g (we can call it as a second set of product release!).

During the first phase release of Oracle Fusion Middleware Components, Oracle released the few components such as Oracle Internet Directory (OID), Oracle Virtual Directory (OVD) etc. Along with couple of other components, following are the major software releases (as part of second release) of the new Oracle Identity Management 11g Product Suite:

• Oracle Identity Manager
• Oracle Access Manager
• Oracle Identity Analytics
• … and few others …

In Identity Management, Oracle Identity Management 11g product suite provides Identity and Access Management (IAM) functions along with compliance/security related solutions. In Oracle Identity Management 11g, as usual, more features are added such as security development platform, integration with Fusion Middleware.

In this blog series, I am going to talk more about the Oracle Identity Manager (OIM) Product. Let us first understand about the Oracle Identity Manager Product and its features, and then we will talk more about various options available for integrating Peoplesoft Systems with Oracle Identity Manager Product. I used my personal experience with the product and referred the Oracle Identity Manager 11g Release 1 documentation for these. These are various guides available as part of Oracle Fusion Middleware Documentation. If you need in-depth knowledge about this product, you need to refer these manuals. Let’s understand OIM product first.

About Oracle Identity Manager

One of the Major and important Oracle Identity Management Component is Oracle Identity Manager (OIM). Earlier this product was called Xellerate Provisioning (by a company called Thor technologies). OIM product provides a central repository to store user and group information for any organization. One of the important features of OIM is it can integrate with various target systems available (such as Peoplesoft HRMS, SAP, Active Directory, Siebel etc). Also, various other Oracle products such as JD Edwards, EBS and Oracle Retail  have connectors as well.

I like the OIM Connectors Page at the Oracle Website. You should visit once. There are connectors for most commonly used products in the market (such as Sun Java Directory, Novell eDirectory, SAP products, Databases, Siebel etc). In this post, I want to explore the Peoplesoft Connectors and how can we deploy these connectors in an enterprise implementing OIM. I am going to provide a conceptual understanding only, for more details on the Connectors; you should refer the connector documentation (Search for “oracle identity manager connector documentation” to visit the Connector Documentation page). Also, other products (that has no connectors) can be integrated with OIM using Generic Technology Connectors (GTC) which is delivered as part of OIM product. We will talk more about GTC in later posts.

Integrating Peoplesoft HRMS system with OIM

Peoplesoft HRM (or HRMS) Systems are ERP systems deployed in many enterprises across the world. Hexaware supports many such Peoplesoft HRMS systems implementation and support across the globe. There are two Peoplesoft connectors available for OIM product.  They are:

• PSFT Employee Reconciliation Connector
• PSFT User Management Connector

These two connectors are used for different purposes in a Peoplesoft based environment. Let’s explore the use of these connectors using an Architecture diagram. I created the following diagram to show the integration and the use of PSFT connectors.

In this High-level Architecture, I used an existing Peoplesoft HRMS System as a trusted source for OIM. OIM will play a role of central repository to store user and group information. The User Provisioning will be happening to multiple target systems mentioned in the diagram.

PSFT Employee Reconciliation Connector is used to perform trusted source reconciliation with Peoplesoft HRMS system. In this scenario, Peoplesoft HRMS system is the source for all the user or employee related information during the entire user management lifecycle (user add, user delete, user modification etc). There are two versions of the PSFT Employee Recon Connector.

• Version 9.0.4.x
• Version 9.1.x

If you are in Peopletools 8.48 or earlier releases, then you should opt for 9.0.4. For detailed list of supported releases, you can refer the connector documentation.

Both Version 9.0.4.x and Version 9.1.x use Integration Broker Architecture for integrating with OIM. As you are aware, the IB architecture is considerably changed starting with Peopletools 8.48. There are new features added in Peopletools 8.49. For Version 9.1.x, the Supported Peoplesoft HRMS systems are 8.9, 9.0 and 9.1 with Peopletools 8.49 and 8.50.

Let’s explore these two Peoplesoft Connectors for OIM in future posts. I really like to share and learn more about these connectors, mainly for two reasons. I worked as Peoplesoft Admin for so many years and I also learned some basics of OIM recently. Let’s meet in next post. Until then

Read More about OIM Connector

Marketing Automation in B2B – Separating the Wheat from the Chaff

The B2B landscape in its inherent form is a complex jar of beans primarily because the initial connection needs lots of nurturing with the right mix of appropriate communication to ensure the “best weather” for sales interaction. Marketers not only have to measure outcomes right up to revenue but also find the “sweet spot” for marketing and sales to drum up the right notes.

The year 2009 and the first half of 2010 saw a marked shift towards marketing automation worldwide. All of this has helped channelize information and reach out to prospects better, yet it is pertinent to note the today’s internet savvy prospect is also armed with qualifying information about your brand, your products and your competitors as never before. To get inside the mind of the B2B buyer, marketers not only need to understand his intent from his digital body language but also ensure that automated lead generation processes in place scale up in terms of the following pertinent factors at any point of time.

• Are lead recycling programs in place for not-sales-ready leads?
• Has social media, inbound marketing and marketing automation been integrated seamlessly?
• Is your marketing communication supported by buyer-centric collaterals that help the buyer decide in your favor?
• Has your data been data washed and scrubbed clean?
• Does your web metrics provide actionable information for user profiling and conversion?
• Are sales and marketing on the same latitude to proving your prospect the best buying experience?
• Does your Social media spin influence the markets conversation about your brand effectively?
• Is your opt-in list getting fresh brew in the form of persuasive communication and supporting newsletter value?
• Is your marketing funnel measurable and process definitions flexible to innovation?
• How effective is your conversation model, does it ensure that you are at top of mind when prospects decide to bite the bait?
• Are you able to capitalize on marketing automation’s great benefit – reporting effectively and use it as a strategic tool?
• Does your data-centric marketing plans lead the way for greater customer intelligence since value of data will not be a constant ?

The above are just a few important cogs that can make or break your lead generation wheel. As marketers brace themselves to capitalize on marketing automation to enhance pipeline opportunities, trends all point to an explosive growth in marketing automation adoption. It is highly imperative that automation vendors provide more sophisticated reporting, better sales engagement processes and social media integration.

To help marketing efficiently separate the wheat from the chaff, marketing automation should not just serve as a driver of operational efficiency but more importantly enhance continuity of dialogue with prospects throughout the decision making/buying cycle at all relevant touch points.

Ultimately it is all about the harvest – the pipeline and revenue, the executive leadership would not mind how you do it.

Read More about Marketing Automation

Oracle Internet Directory LDAP Relpica States in Fusion Middleware 11g

Oracle Internet Directory LDAP Relpica States in Fusion Middleware 11g (11.1.1)

In the Oracle Fusion Middleware 11g Documentation (I think I was referring to Version 11.1.1 of the doco), you can find OID Administrator’s Guide. As the name suggests, this is the top most important and valuable guide for Oracle Internet Directory Administrators. I think I have read most of this guide already. However I still refer this guide, since there is a lot of information provided in this guide (and it is a reference guide too).

I want to write about the LDAP Replica states mentioned in the Appendix D (How Replication Works) of this Guide. In Fusion middleware, Oracle provides lot of details about Oracle Internet Directory Replication. Earlier this information was scattered around the Oracle Support Website and was difficult to find. Now, I think Oracle collected most of this information in this guide.

If you are working or supporting or planning to implement an OID Replication High Availability environment, then you should be familiar with this section of the topic in the guide. This replica states information will be useful if you are running LDAP Based Replica (Just to refresh your memory, there are two types of Replication possible, ASR based and LDAP Based – ASR is based on Ddatabase Links, while LDAP based replication uses a LDAP Client process).

orclReplicaState Attribute

orclReplicaState attribute stores the Replication State for the LDAP Based Replication Replica. You can check the current Replica State of the OID using the ldapsearch command. (In a Live System that uses LDAP based replication, it will be set to the numeric value of 1 – which means it is in online state).

You need to run the following LDAPSEARCH and check the orclreplicastate attribute as shown below. Please make sure to replace values for the arguments specific to your site, I just gave an example.

ldapsearch -h localhost -p 389 -D cn=orcladmin -w password -b “orclreplicaid=local_replica_ID, cn=replication configuration” -s sub objectclass=*

You need to check the value of the orclreplicastate in the output. Alternatively, you can get the orclreplicastate attribute value directly as shown below example:

ldapsearch -h localhost -p 389 -D cn=orcladmin -w password -b “orclreplicaid=local_replica_ID, cn=replication configuration” -s sub objectclass=* orclreplicastate

The local_replica_ID is specific to your installation, normally it is machine_database. You can check the value using a ldapsearch query as shown below.

Ldapsearch Argument Description:

Argument	Description
-h	Hostname or IP Address of the LDAP Directory ServerI used localhost since I am running this command on the same server where OID is running.
-p	Port Number for the LDAP Directory, default LDAP port is 389, LDAPS port is 636.If you use the port 636, then you should define the –U argument.
-D	Bind DN – LDAP DN for connecting to LDAP Directory
-w	Password for the Bind DN – It is site specific.
-b	Base DN for the search – here it starts from the top.
-s base	Search Scope is base (other values are sub and one)

orclReplicaState possible values in 11g

There are 9 LDAP Replica States mentioned in this guide (In 10g OID, there are only 7 LDAP Replica states, it looks like Oracle added two more LDAP Replica states in 11.1.1). As I mentioned earlier, in a normal production system which uses LDAP based replication, the orclreplicastate will be set to the value of 1 automatically during the start of the replication server first time.

Let’s list the LDAP replica states:

LDAP Replica State	Description
0	Bootstrap - This is one of the important Value. You can setup a new LDAP based consumer replica using this value. Lets talk about it in next blog
1	Online – For regular replication processing.
2	Offline
3	Bootstrap in progress
4	Bootstrap in progress + cn=orclcontext completed
5	Bootstrap completed with failures
6	Database based
7	Sync Schema only (Not Data)
8	Bootstrap without schema sync (Only Data)

In a LDAP replication with high-availability environment, it is a must that you should understand these values and their significance. Let’s talk about these values and how we can exploit this attribute and their values in the coming blogs. Until then

Read More about Oracle Internet Directory

Features and Enhancements in SAP TAO 2.0 from SAP TAO 1.0

The SAP Test Acceleration and Optimization™ (SAP TAO ™) software streamlines the creation and maintenance of ERP business process testing. It helps Quality Analyst specialists to break down application into components. Assemble test cases through a simple interface using drag and drop components in Quality Center. Test script can be parameterized for flexible reuse. Maintained easily and inexpensively, even when screens, flows, or service packs change.

Features of SAP TAO ™ 1.0 version released in 2007:
Inspect: Captures the data in a screen or transaction and determines its validity. It enables you to create and maintain a list of transactions and screens.

Import/Export: Primarily runs in background mode to export and import data from the SAP Test Acceleration and Optimization™ client to the SAP Quality Center.

Consolidator: Gathers all the objects and data in an SAP Quality Center test script and creates a single component.

Connect: Connection settings for SAP and Quality Center

Enhancements in SAP TAO ™ 2.0 versions released in 2009:
PFA (Process flow Analyzer): It records user interactions and the sequence of screens to execute a business process, in the SAP TAO ™ repository. It automates inspection and creation of the test components and a parameterized draft transition test case. It automatically creates the data table spreadsheet with the DT columns and values used during the recording process.

Repository: The SAP Test Acceleration and Optimization™ repository is a part of the SAP Solution Manger system and is used to store:
User interaction and sequence of the screens in a business process.
Information specific to SAP Test Acceleration and Optimization™ that cannot be retrieved by other tools.

Change Analyzer: It helps you to analyze the impact of changes due to upgrades, SAP patches or Custom development on a test, components or consolidated component.

Read More about  SAP TAO

Some myths and challenges faced by BPT Methodology

Is designing test for an entire business scenario a time-consuming process?
Business Process (BP) – a BP should be well-documented written at a level that can be script. The BP should be understandable by people not familiar with business. It should be sufficiently detailed. If possible we can have Mercury Screen Recordings (MSR), Navigational flow etc.

Data – The input data required for executing the BP should be reusable. If it is not reusable, sufficient set of data should provided for automating the BP. For most of the finance modules data are not reusable.

Business Process should be complete, correct and accurate. Verifying BP completeness and correctness takes a lot of time, better to start off with these steps in mind as verification time should be used to ensure the quality of the scripts instead of verifying the quality of the BP. Don’t assume anything, design the test cases so that any person can run it or execute it. Design the test cases so that any person can understand what steps are to be validated.

Generally speaking, the more user involvement a BP requires the less desirable it becomes for automation. Though scripts build during development process are executed successfully, they are liable to fail during regression execution. The common errors and solutions can be summarized as:

Wrong Data is being used: Most of the time the script fails due to a mismatch between the data displayed in application and the data stored in Data Table. The solution for this is to change the incorrect value in the Data Table.

Script Flow has changed due to a new build or a new data: if this is the case we need to modify the existing script to add/remove the necessary steps. This is not acceptable because we are automating scripts with the same process. This may represent delays in our delivery date.

The script is running with a different user: The solution is to use the same user that we were using during the development phase or give the new user the same privileges that the user utilized during development had.

Data is burned: If this is the case we need to get or create new data in order to execute the script.

Are your scripts backward compatible i.e., can they run in lower versions?
Scripts execution in lower version of QTP: The other major problem faced in scripts are not backward compatable.ie.., scripts build in upgraded version of quick test professional like 9.2,cannot be executed in 9.0 or lower versions. This problem can be overcome by using BCIE (Bushiness component Import and Export) tool. Using this tool we can import the reusable component from higher version of QC and export it to lower version of QC. Scripts are then compatible with lower versions.

Does Subject Matter Experts require technical knowledge?
Even though creating Business Processes Test Script using accelerators might seem like a simple task, there are multiple factors and caveats that need to be taken into account.
1.The initial Components base might prove complete for some BP’s, but there will surely be a need to create new components in order to complete all the scripts.
2.Though the UI Scanner automatically generates the required components, it might be required to manually modify the QTP code, or even to manually create a whole component.
3.VB Script knowledge is welcomed, since sometimes, there might even be the need to create new functions in the libraries, or modify the existing ones. It is always better to have a technical architect in a project dedicated to handle Libraries, tool installation, debug and trouble shooting. A technical architect should have considerable knowledge of library architecture and descriptive programming understanding, should understand relationship between Accelerators libraries and Business Process Testing. The responsibilities of the technical architect would be to provide the team with wrappers and

Are accelerators only for ERP applications?
Accelerator projects are not restricted to only ERP applications like SAP, PeopleSoft,Seibel and Oracle. It can be customized for application like Metavance, web based application like SAP web portal by our technically expertise development team.

When to automate?

• Business scenario that will run with each new version of your application
• Business scenario that uses multiple data values for the same operation
• Business scenario that create data for additional business scenario
• Business scenario that require low end-user decision making
• Complex or lengthy business scenario that are often run during business day.

Read More about  Automate

Fusion Middleware: New features in Oracle Internet Directory

Going forward, I am planning to write more about Fusion Middleware 10g, Fusion Middleware 11g and Oracle Database 11g. These are the areas that I am developing more interest now-a-days. I am currently working on Fusion Middleware 10g. First of all, I am learning these new software. And when I write here I feel my knowledge level increases. The first Fusion Middleware component that I am going to write about is Oracle Directory Server and Oracle Internet Directory. Both are LDAP Directories from Oracle and part of Fusion Middleware (Why two LDAP Directories as part of Fusion Middleware? – Think about it).

I worked in multiple LDAP Directories during the last few years. A LDAP Directory is software that stores information or entries or data in a tree like format for easy access, it is based on a standard. As per my experience with LDAP Directories, these are the major LDAP directories:

• Oracle Directory Server (earlier Sun Java/Iplanet Directory)
• Novell’s eDirectory (earlier NDS)
• Microsoft’s Active Directory (AD)
• Oracle Internet Directory (OID)
• openLDAP

Among these, I like Sun Java Directory (now, Oracle Directory Server) the most. It is because I worked on it first and it was from Sun, standards based, and works well in heterogeneous environments. There are other various reasons, but we will talk more about Oracle Internet Directory here.

What is Oracle Internet Directory?

Oracle Internet Directory is a LDAP Version 3 Compliant Directory Server from Oracle Corporation. Oracle Internet Directory (OID) is used in most of the Oracle Components (such as Oracle Single Sign On) and is one of the primary components delivered as part of the Fusion Middleware.

OID is used to integrate Oracle Middleware and applications and mainly used with Oracle Applications. Oracle Internet Directory stores its data in an Oracle Database. The directory store is an Oracle Database. Oracle Database is a required component to run Oracle Internet Directory. This is one of the major differences among the remaining four major LDAP directory servers.

New Features of OID in Fusion Middleware 11g

OID is delivered by Oracle for the use of Oracle Identity Management. This was part of the Oracle Application Server “Application Infrastructure” Component. So, Oracle Internet Directory is not a new component that is delivered as part of Fusion Middleware.  It was already there in Version 10g as well.

I am currently working on Oracle Internet Directory Version 10.1.4.2.0. Fusion middleware version of Oracle Internet Directory is called 11.1.1. There are few improvements between these two versions. I noticed that the improvements lie on these lines

1. Manageability Features

Oracle Directory Services Manager and integration with Weblogic Admin Server are the major changes in the OID Version 11.1.1.  Fusion Middleware is Weblogic-Centric. So it is time to learn Weblogic again. Oracle Process Manager and Notification Server (OPMN) is still used in Fusion Middleware for managing OID, as well as other components.

ODSM (Oracle Directory Services Manager) is replacing Oracle Directory Manager (oidadmin). ODSM is a new web-based management tool for managing Oracle Internet Directory in Fusion Middleware 11g.

2. Replication Features

One of the important features that you can setup is a multi-master replication using LDAP based replica model. In earlier versions, it was not possible. Earlier you need to use ASR based replication to setup a multi-master replication. Now it is possible to setup multi-master replication using LDAP based replication.

3. Instance Configuration

There are changes in configset information. Now every instance can have a separate rootDSE information. This was one of the major issue in earlier version. I need to explore this option more. I will write more about this later.

A last important note is: why Oracle is delivering two separate LDAP Directories now as part of Fusion Middleware 11g or as part of its Directory Services Offerings. Why Oracle supports Oracle Directory Server and Oracle Internet Directory? This is because; Oracle Applications are tightly integrated with Oracle Internet Directory. For Example, Oracle Single Sign On needs Oracle Internet Directory. This is one of the reasons Oracle is unable to move to Oracle Directory Server. Let’s hope this will soon change.

Let’s talk more about OID in coming weeks.  Until then

Read More about Fusion Middleware