IBM Security Verify Adapter v10.0.3 for Oracle eBS Adapter is available. Compatibility, installation, and other getting-started issues are addressed.
© Copyright IBM Corporation 2016, 2022 All Rights Reserved
US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
These Release Notes contain information for the following products that was not available when the IBM Security Verify Server manuals were printed:
Oracle eBS Adapter Installation and Configuration Guide
The Oracle eBS Adapter is designed to create and manage accounts on the Oracle e-Business Suite application. The adapter runs in "agentless" mode and communicates using JDBC to the systems being managed.
IBM recommends the installation of this Adapter (and the prerequisite Security Directory Integrator) on each node of IBM Security Verify Server WebSphere cluster. A single copy of the adapter can handle multiple IBM Security Verify Server Services. The optimum deployment configuration is based, in part, on the topology of your network domain, but the primary factor is the planned structure of your IBM Security Verify Server Provisioning Policies and Approval Workflow process. Please refer the IBM Knowledge Centre for a discussion of these topics.
IBM Security Verify Server Adapters are powerful tools that require administrator level authority. Adapters operate much like a human system administrator, creating accounts, permissions and home directories. Operations requested from the IBM Security Verify Server will fail if the adapter is not given sufficient authority to perform the requested task. IBM recommends that this adapter run with administrative (root) permissions.
Review and agree to the terms of the IBM Security Verify Adapter License prior to using this product.
The license can be viewed from the "license" folder included in the product package.
Adapter Version
Component |
Version |
Build Date |
2022 March 14 06.57.41 |
Adapter Version |
10.0.3 |
Component Versions |
Adapter build: 10.0.3.76 Profile: 10.0.3.76 Connector: 10.0.3.76 Dispatcher 7.0.32(packaged separately) |
Documentation |
The following guides are available in the IBM Knowledge Centre · Oracle EBS Adapter Installation and Configuration Guide
|
New Features
Enhancement # (RFE) |
Description |
|
Items included in current (10.0.3) release |
|
None |
|
Items included in 10.0.2 release |
|
None |
|
Items included in 10.0.1 release |
|
None |
|
Items included in 7.1.12 release |
Internal
|
Support for the new specialFlags attribute in targetProfile.json |
|
Items included in 7.1.11 release |
RTC 151780 |
Add Support for Identity Governance and Intelligence (IGI) v5.2.2
This adapter is now designed for use with IBM Security Identity Manager, Privileged Identity Manager, and Identity Governance and Intelligence. |
|
Items included in 7.0.10 release |
RTC142418
|
ODBC: eBS 12.2.5 (GA 10/15) Support for Oracle EBS adapter V12.2.5
|
RTC 133536 |
Support for Complex attribute handler for OracleeBS Note: Refer to Installation and Configuration Notes, Corrections to Installation Guide section.
|
|
Items included in 7.0.9 release |
64565 (33791)
|
Support for Oracle EBS adapter V12.2
|
RFE 65867 (34485) |
Oracle EBS adapter posed a security hole when user is suspended but individual responsibility code is not end-dated.
Note: Refer to Installation and Configuration Notes, Corrections to Installation Guide section.
|
|
Items included in 7.0.8 Release |
PMR 88770,999,000 Bug[1466] |
Added service form options for support data. Do not Reconcile Roles? Do not Reconcile Suppliers? Do not Reconcile Persons? Do not Reconcile Customers? Do not Reconcile Responsibilities? Do not Reconcile Securing Attributes?
If any of above checkbox is selected then that support data won't be reconciled. E.g.: If checkbox for "Do not Reconcile Roles?" is checked then Roles won't be reconciled.
|
Items included in 7.0.7 release |
|
Initial Release |
Closed Issues
Internal# |
APAR# |
PMR# / Description |
|
|
Items included in current (10.0.3) release |
RTC 190017 Bug 3667 |
IJ36252 - TS007533296 |
Question about new permissions/rights needed in latest Oracle EBS adapter for nonapps |
|
|
Items included in 10.0.2 release |
RTC 188940 Bug 3504 |
IJ32488 - TS005410282 |
End Date Responsibilities on Account Suspend is Not Working for non-APPS user |
|
|
Items included in 10.0.1 release |
RTC 188060 Bug 3378 |
IJ29324 - TS004384761 |
ISIM : looking to verify Oracle eBS wrong password schenario, Bugz 3378, TS004384761, APAR IJ29324. |
|
|
Items closed in 7.1.12 release |
RTC 168156 Bug 2454 |
PMR 45750,004,000 |
As an Oracle eBS adapter developer, I must ensure my adapter works correctly with IGI 5.2.3. |
RTC 169649 Bug 2465 |
IJ01896 PMR 47347,004,000 - TS000016292 |
As an Oracle eBS adapter developer, I must ensure my adapter correctly handles date/time attributes |
|
|
Items closed in 7.1.11 release |
|
|
None |
|
|
Items closed in 7.0.10 release |
|
|
|
|
|
Items closed in 7.0.9 release |
|
|
|
|
|
Items closed in 7.0.8 release |
|
|
None |
Items closed in 7.0.7 release |
||
RTC 108806 |
PMR 21917,000,834 |
Removed service group for responsibilities from service.def as ISIM does not support subforms for service groups.
|
|
|
Initial Release |
Known Issues
Internal# |
APAR# |
PMR# / Description |
N/A |
N/A |
Deprovisioning user accounts Account deprovisioning is not supported natively (no stored procedure) in Oracle e-Business Suite and is therefore not available in the adapter. |
N/A |
N/A |
Changing a Password on a Suspended Account On Oracle eBS 12i if account is suspended (end dated) then password change operation will fail with following error: "ORA-20001: APP-FND-02602: Unabled to change password for user XXXXXXX for this following reason: Your account does not exist or has expired" Work Around: 1. You must enable the account first by setting future end date or deleting the end date and then perform password change. 2. Use restore operation and specify new password. |
N/A |
N/A |
Anonymous Record History Assigning or modifying responsibilities through ITIM results in the audit fields ("Created By" and "Updated By") showing an anonymous value. Workaround: To have the "SYSADMIN" value show in the audit fields for the responsibility record of an Oracle eBS user account, modify OracleEBSManageUserAL.xml and nonAPPS.sql (if using a non-APPS user) as follows: Step 1. Changes required for OracleEBSManageUserAL.xml: In the conOracleEBSManageUser connector, add the following piece of code to the After Initialize hook of the Prolog section: if (g_bIsAPPSUser) { task.logmsg("DEBUG","Initialized session parameters APPS"); result = thisConnector.connector.execSQL("Begin FND_GLOBAL.APPS_INITIALIZE( 0, -1, -1, 0, -1); end;"); } else { task.logmsg("DEBUG","Initialize session parameters Non-APPS"); result = thisConnector.connector.execSQL("Begin APPS.ITIM_APPS_INITIALIZE(0, -1, -1, 0, -1); end;"); } if (result != "") { task.logmsg("ERROR","Could not initialize the session parameters"); if(g_bIsAPPSUser) task.logmsg("DEBUG","FND_GLOBAL.APPS_INITIALIZE Failed. Error: " + result); else task.logmsg("DEBUG","APPS.ITIM_APPS_INITIALIZE Failed. Error: " + result); } After making the changes, recreate the OraEBSProfile.jar. Import the modified OraEBSProfile.jar to ITIM. Step 2. Changes required in nonAPPS.sql: Add the following lines to the nonAPPS.sql and execute the file. create or replace PROCEDURE "APPS"."ITIM_APPS_INITIALIZE" ( user_id in number, resp_id in number, resp_appl_id in number, security_group_id in number default 0, server_id in number default -1 ) AS begin FND_GLOBAL.APPS_INITIALIZE ( user_id => user_id, resp_id => resp_id, resp_appl_id => resp_appl_id, security_group_id => security_group_id, server_id => server_id); end ITIM_APPS_INITIALIZE; grant execute on APPS.ITIM_APPS_INITIALIZE to nonapps; |
See the IBM Security verify Adapter Installation and Configuration Guide for detail instructions.
Installing ILMT-Tags File
Please add new section “Installing
ILMT-Tags File “under the section Installing in adapter install guide.
Under Installing ILMT-Tags specify below steps.
Before you begin:
The Dispatcher must be installed
Procedure:
Copy the files from ILMT-Tags folder to the specified location:
1. Windows: <SDI-HOME>/swidtag
2. Unix/Linux: <SDI-HOME>/swidtag
Corrections to Installation Guide
None
IBM Security Verify Server adapters can be customized and/or extended. The type and method of this customization may vary from adapter to adapter.
Getting Started
Customizing and extending adapters requires a number of additional skills. The developer must be familiar with the following concepts and skills prior to beginning the modifications:
Note: If the customization requires a new IBM Security Directory Integrator connector, the developer must also be familiar with IBM Security Directory Integrator connector development and working knowledge of Java programming language.
IBM Security Verify Server Resources:
Check the "Training" section of the IBM Knowledge Centre for links to training, publications, and demos.
IBM Security Directory Integrator Resources:
Check the "Training" section of the IBM Security Directory Integrator Support web site for links to training, publications, and demos.
Support for Customized Adapters
The integration to the IBM Security Verify Server "the adapter framework" is supported. However, IBM does not support the customizations, scripts, or other modifications. If you experience a problem with a customized adapter, IBM Support may require the problem to be demonstrated on the GA version of the adapter before a PMR is opened.
Installation Platform
The IBM Security Verify Server for Oracle eBS Adapter was built and tested on the following product versions.
Adapter Installation Platform:
Note: The adapter supports IBM Security Directory Integrator 7.2, which is available only to customers who have the correct entitlement. Contact your IBM representative to find out if you have the entitlement to download IBM Security Directory Integrator 7.2.
Managed Resource:
IBM Security Verify Manager v6.x
IBM Security Verify Manager v7.x
IBM Security Privileged Identity Manager v2.x
IBM Security Identity Governance and Intelligence v5.2.x
IBM Security Verify Governance Identity Manager v10.0
IBM Security Verify Governance v10.0
Trademarks
The following terms are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both:
IBM
BM logo
DB2
Universal Database
WebSphere.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.
Intel, Intel Inside (logos), MMX and Pentium are trademarks of Intel Corporation in the United States, other countries, or both.
UNIX is a registered trademark of The Open Group in the United States and other countries.
Linux is a trademark of Linus Torvalds in the U.S., other countries, or both.
Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.
Other company, product, and service names may be trademarks or service marks of others.
End of Release Notes