IBM Security Verify Adapter v10.0.4 for Oracle eBS Adapter is available. Compatibility, installation, and other getting-started issues are addressed.
Copyright IBM Corporation 2016, 2025 All Rights Reserved
US Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
These Release Notes contain information for the following products that was not available when the IBM Security Verify Server manuals were printed:
Oracle eBS Adapter Installation and Configuration Guide
The Oracle eBS Adapter is designed to create and manage accounts on the Oracle e-Business Suite application. The adapter runs in "agentless" mode and communicates using JDBC to the systems being managed.
IBM recommends the installation of this Adapter (and the prerequisite Security Directory Integrator) on each node of IBM Security Verify Server WebSphere cluster. A single copy of the adapter can handle multiple IBM Security Verify Server Services. The optimum deployment configuration is based, in part, on the topology of your network domain, but the primary factor is the planned structure of your IBM Security Verify Server Provisioning Policies and Approval Workflow process. Please refer the IBM Knowledge Centre for a discussion of these topics.
IBM Security Verify Server Adapters are powerful tools that require administrator level authority. Adapters operate much like a human system administrator, creating accounts, permissions and home directories. Operations requested from the IBM Security Verify Server will fail if the adapter is not given sufficient authority to perform the requested task. IBM recommends that this adapter run with administrative (root) permissions.
Review and agree to the terms of the IBM Security Verify Adapter License prior to using this product.
The license can be viewed from the "license" folder included in the product package.
Adapter Version
Component |
Version |
|
Build Date |
2025 June 19 21.55.45 |
|
Adapter Version |
10.0.4 |
|
Component Versions |
Adapter build: 10.0.4.77 Profile: 10.0.4.77 Connector: 10.0.4.77 Dispatcher 7.1.39(packaged separately) |
|
Documentation |
The following guides are available in the IBM Knowledge Centre * Oracle EBS Adapter Installation and Configuration Guide
|
New Features
|
Internal # |
Enhancement # (RFE) |
Description |
|
|
|
Items included in current (10.0.4) release |
|
SVGAD-4667 |
ADAPT-217 |
Certify the adapter for use with IBM Security Verify Directory Integrator version 10.0.0 |
|
|
|
Items included in 10.0.3 release |
|
|
|
None |
|
|
|
Items included in 10.0.2 release |
|
|
|
None |
|
|
|
Items included in 10.0.1 release |
|
|
|
None |
|
|
|
Items included in 7.1.12 release |
|
|
Internal
|
Support for the new specialFlags attribute in targetProfile.json |
|
|
|
Items included in 7.1.11 release |
|
RTC 151780 |
Add Support for Identity Governance and Intelligence (IGI) v5.2.2
This adapter is now designed for use with IBM Security Identity Manager, Privileged Identity Manager, and Identity Governance and Intelligence. |
|
|
|
|
Items included in 7.0.10 release |
|
RTC142418
|
|
ODBC: eBS 12.2.5 (GA 10/15) Support for Oracle EBS adapter V12.2.5
|
|
RTC 133536 |
Support for Complex attribute handler for OracleeBS Note: Refer to Installation and Configuration Notes, Corrections to Installation Guide section.
|
|
|
|
|
Items included in 7.0.9 release |
|
|
64565 (33791)
|
Support for Oracle EBS adapter V12.2
|
|
|
RFE 65867 (34485) |
Oracle EBS adapter posed a security hole when user is suspended but individual responsibility code is not end-dated.
Note: Refer to Installation and Configuration Notes, Corrections to Installation Guide section.
|
|
|
|
Items included in 7.0.8 Release |
|
PMR 88770,999,000 Bug[1466] |
|
Added service form options for support data. Do not Reconcile Roles? Do not Reconcile Suppliers? Do not Reconcile Persons? Do not Reconcile Customers? Do not Reconcile Responsibilities? Do not Reconcile Securing Attributes?
If any of above checkbox is selected then that support data won't be reconciled. E.g.: If checkbox for "Do not Reconcile Roles?" is checked then Roles won't be reconciled.
|
|
|
Items included in 7.0.7 release |
|
|
|
Initial Release |
Closed Issues
|
Internal# |
APAR# / Case# |
Description |
|
|
|
Items included in current (10.0.4) release |
|
SVGAD-3812 Bug 4496 |
DT435356 - TS018433401 |
Error encountered during role assignment on Oracle e-Business Suite Target using Oracle EBS Adapter |
|
SVGAD-1392 Bug 4221 |
TS007533296 |
When updating the start date for a single responsibility value, start date of all other responsibilities is being updated with the same start date. This issue has been closed in IBM Security Verify Governance Identity Manager 10.0.1 FP5 |
|
|
|
Items included in 10.0.3 release |
|
RTC 190017 Bug 3667 |
IJ36252 - TS007533296 |
Question about new permissions/rights needed in latest Oracle EBS adapter for nonapps |
|
|
|
Items included in 10.0.2 release |
|
RTC 188940 Bug 3504 |
IJ32488 - TS005410282 |
End Date Responsibilities on Account Suspend is Not Working for non-APPS user |
|
|
|
Items included in 10.0.1 release |
|
RTC 188060 Bug 3378 |
IJ29324 - TS004384761 |
ISIM : looking to verify Oracle eBS wrong password schenario, Bugz 3378, TS004384761, APAR IJ29324. |
|
|
|
Items closed in 7.1.12 release |
|
RTC 168156 Bug 2454 |
PMR 45750,004,000 |
As an Oracle eBS adapter developer, I must ensure my adapter works correctly with IGI 5.2.3. |
|
RTC 169649 Bug 2465 |
IJ01896 PMR 47347,004,000 - TS000016292 |
As an Oracle eBS adapter developer, I must ensure my adapter correctly handles date/time attributes |
|
|
|
Items closed in 7.1.11 release |
|
|
|
None |
|
|
|
Items closed in 7.0.10 release |
|
|
|
|
|
|
|
Items closed in 7.0.9 release |
|
|
|
|
|
|
|
Items closed in 7.0.8 release |
|
|
|
None |
|
Items closed in 7.0.7 release |
||
|
RTC 108806 |
PMR 21917,000,834 |
Removed service group for responsibilities from service.def as ISIM does not support subforms for service groups.
|
|
|
|
Initial Release |
Known Limitations
Internal# |
APAR# |
Case# / Description |
|
SVGAD-3753 |
N/A |
The container versions of IBM Verify Identity Governance that works with this adapter is 11.0.0.0_IF1 image and above. Other IBM Verify Identity Governance images and IBM Security Verify Governance Identity Manager v10 images including 10.0.2.4 experience permissions issues while importing sub-forms and complex attribute handlers for Oracle EBS Adapter. |
|
N/A |
N/A |
Deprovisioning user accounts Account deprovisioning is not supported natively (no stored procedure) in Oracle e-Business Suite and is therefore not available in the adapter. |
|
N/A |
N/A |
Changing a Password on a Suspended Account On Oracle eBS 12i if account is suspended (end dated) then password change operation will fail with following error: "ORA-20001: APP-FND-02602: Unabled to change password for user XXXXXXX for this following reason: Your account does not exist or has expired" Work Around: 1. You must enable the account first by setting future end date or deleting the end date and then perform password change. 2. Use restore operation and specify new password. |
|
N/A |
N/A |
Anonymous Record History Assigning or modifying responsibilities through ITIM results in the audit fields ("Created By" and "Updated By") showing an anonymous value. Workaround: To have the "SYSADMIN" value show in the audit fields for the responsibility record of an Oracle eBS user account, modify OracleEBSManageUserAL.xml and nonAPPS.sql (if using a non-APPS user) as follows: Step 1. Changes required for OracleEBSManageUserAL.xml: In the conOracleEBSManageUser connector, add the following piece of code to the After Initialize hook of the Prolog section: if (g_bIsAPPSUser) { task.logmsg("DEBUG","Initialized session parameters APPS"); result = thisConnector.connector.execSQL("Begin FND_GLOBAL.APPS_INITIALIZE( 0, -1, -1, 0, -1); end;"); } else { task.logmsg("DEBUG","Initialize session parameters Non-APPS"); result = thisConnector.connector.execSQL("Begin APPS.ITIM_APPS_INITIALIZE(0, -1, -1, 0, -1); end;"); } if (result != "") { task.logmsg("ERROR","Could not initialize the session parameters"); if(g_bIsAPPSUser) task.logmsg("DEBUG","FND_GLOBAL.APPS_INITIALIZE Failed. Error: " + result); else task.logmsg("DEBUG","APPS.ITIM_APPS_INITIALIZE Failed. Error: " + result); } After making the changes, recreate the OraEBSProfile.jar. Import the modified OraEBSProfile.jar to ITIM. Step 2. Changes required in nonAPPS.sql: Add the following lines to the nonAPPS.sql and execute the file. create or replace PROCEDURE "APPS"."ITIM_APPS_INITIALIZE" ( user_id in number, resp_id in number, resp_appl_id in number, security_group_id in number default 0, server_id in number default -1 ) AS begin FND_GLOBAL.APPS_INITIALIZE ( user_id => user_id, resp_id => resp_id, resp_appl_id => resp_appl_id, security_group_id => security_group_id, server_id => server_id); end ITIM_APPS_INITIALIZE; grant execute on APPS.ITIM_APPS_INITIALIZE to nonapps; |
See the IBM Security verify Adapter Installation and Configuration Guide for Oracle EBS for detail instructions.
The PeopleSoft Adapter Installation and Configuration Guide can be obtained from the IBM Knowledge Center.
Corrections to Installation Guide:
Chapter 1: Overview
Features of the adapter
No updates for the
current release
Architecture of the adapter
No updates for the
current release
Supported configurations
No updates for the
current release
Chapter 2: Planning
Prerequisites:
Directory
Integrator
Replace "IBM®
Security Directory Integrator Version 7.2 + FP6 + 7.2.0-ISS-SDI-LA0019" in
the description with "Please consult the release notes for the currently
supported versions of the below products".
Remove The adapter supports IBM Security Directory Integrator 7.2,
which is available only to customers who have the correct entitlement. Contact
your IBM representative to find out whether you have the entitlement to
download IBM Security Directory Integrator 7.2. from the note.
Identity
Server IBM Security Verify Governance Servers
Remove existing description and update description as below:
The following servers are supported:
- IBM Verify Identity Governance
- IBM Security Verify Governance Identity Manager
- IBM Security Verify Governance
Oracle
e-Business Suite
Remove existing description and update description as below:
Please consult the release notes for the currently supported versions of the
below products
Oracle
Thin JDBC Driver
Remove existing description and update description as below:
Please consult the release notes for the currently supported versions of the
below products
Chapter 3: Installing
Installing
in the virtual appliance(Only for Identity Governance)
Add below note to the end of this chapter:
Note: While
uploading the Adapter package, you may receive System Error: A file
included in the SDI Adapter zip already exists on the system and
the Server Message log under Appliance tab of VA will have a
reference to error com.ibm.identity.sdi.SDIManagementService E File
ibm.com_IBM_Verify_Identity_Governance_xxxx.swidtag found in the adapter zip at
location ILMT-Tags/ already exists in system. This is because, you can
install the same swidtags only once. So, if another adapter of the same type is
installed, remove the swidtags.
The ibm.com_IBM_Verify_Identity_Governance_Enterprise-xxxx.swidtag file
is common to all adapters. In addition to the common swidtag file, an
application adapter needs ibm.com_IBM_Verify_Identity_Governance_Application_Adapters-xxxx.swidtag file
and an infra adapter needs ibm.com_IBM_Verify_Identity_Governance_Lifecycle-xxxx.swidtag and ibm.com_IBM_Verify_Identity_Governance_Compliance-xxxx.swidtag files.
So, if an application adapter is already installed and this is an infra
adapter, then only install the infra-specific swidtags and the other way
around. Please visit Security
Verify Governance Adapters v10.x link to identify the adapter type of
the installed adapters.
Installing
in an IBM Security Verify Directory Dispatcher Container
Before you begin
The steps to install adapter and related
files into the container can be performed using the adapterUtil.sh script,
which is shipped with the dispatcher package. This script should be staged on
the machine running Kubernetes cli. The adapterUtil.sh script is also readily
available in the bin directory of ISIM IBM Security Verify Governance Identity
Manager Container Starter Kit installation directory (If ISVDI was selected for
installation during the ISIM container installation steps).
If, for any reason, the adapter util
script cannot be executed or used, the below manual instructions must be
followed to copy the files to the persistent volume.
Note: The container must
be restarted after installing or uninstalling the adapter and any changes to
the configuration yaml. To activate changes and restart the container run the
following commands:
· <path_to_starterkit>/bin/createConfigs.sh
isvdi
· For OpenShift container: oc -n
isvgim rollout restart deployment isvdi
· For Kubernetes container:
kubectl -n isvgim rollout restart deployment isvdi
Note: This document only
describes the adapterUtil.sh command options that are required to install this
adapter. For other command options, such as listing installed connectors and
3rd party jars, please refer to the Dispatcher10 Installation and Configuration
Guide.
Installing / Upgrading / Re-installing / Downgrading the adapter
Using Script
Use
below command to install / upgrade/ re-install / downgrade the adapter:
/path/to/adapterUtil.sh -loadAdapter "/path/to/Adapter-OracleEBS-*.zip"
accept
Where
/path/to/adapterUtil.sh is the location where the adapterUtil.sh script is
installed and /path/to/Adapter-OracleEBS-*.zip is the location where the
Adapter zip file is staged on the machine running Kubernetes cli.
Manually copying files to
Persistent Volume
Copy
the files to the persistent volume mapped to the /opt/IBM/svgadapters directory
of the container image as per the given directory structure:
ILMT-Tags
Copy below files to <Persistent_Volume>/swidtag directory:
- ibm.com_IBM_Verify_Identity_Governance_Application_Adapters-11.0.0.swidtag
- ibm.com_IBM_Verify_Identity_Governance_Enterprise-11.0.0.swidtag
Deploying the subforms
About this task
You
must perform this procedure only while using ISVGIM or IVIG Container, else
this step can be skipped.
Procedure
1.
Execute below command on the system where ISIM starter kit is installed, this
will copy extensions and custom directories
from ISIM container to <Starter_Kit_Directory>/extensions and <Starter_Kit_Directory>/custom directories.
<Starter_Kit_Directory>/bin/util/getExtensions.sh
2.
Copy the contents (dncodec.jspi, json.jspi, oraebsformcommon.jspi, oraebsformend.jspi,
oraebsformstart.jspi, oraebsrespattrform.jsp, oraebsroleform.jsp and oraebssecattrform.jsp
files) from OraEBSSubForms.zip file to below directories:
<Starter_Kit_Directory>/custom/itim_console.war/subforms
<Starter_Kit_Directory>/custom/isim_isc_subform.war/subforms
3.
Copy the contents of <Starter_Kit_Directory>/custom directory
(not the custom directory itself) to the persistent volume which is is mounted
at /tmp/isvgimcustom directory of ISVGIM or IVIG container.
See https://www.ibm.com/docs/en/sig-and-i/11.x?topic=customization-overview for
more details.
Copying 3rd party libraries:
Using Script
Use
below command to copy 3rd party jars:
/path/to/adapterUtil.sh -copyTo3rdpartyOthers "/path/to/ojdbc8.jar"
This
command will copy the 3rd party jars to <Persistent_Volume>/jars/3rdparty/others directory.
Manually copying files to
Persistent Volume
Copy
below 3rd party jar files to <Persistent_Volume>/jars/3rdparty/others directory
(Refer release notes for the supported jar versions):
- ojdbc8.jar
Enabling TLS 1.2
Refer https://www.ibm.com/docs/api/v1/content/SSCQGF_10.0.0/container/html/verify-directory-integrator.html#advanced page
from SVDI.
If the config.yaml file which is used as
the YAML_CONFIG_FILE environment variable for the container
doesn't have an advanced configuration element, follow the instructions that
are provided in https://www.ibm.com/docs/api/v1/content/SSCQGF_10.0.0/container/html/verify-directory-integrator.html#advanced to
add an advanced configuration section to the config.yaml file.
To enable TLSv1.2, add 2 attr and value
(key pair as mentioned in the SVDI guide) as below:
- attr: com.ibm.di.SSLProtocols
value: 'TLSv1.2'
- attr: com.ibm.di.SSLServerProtocols
value: 'TLSv1.2'
Note: The container must
be restarted after making these changes to the configuration yaml. To activate
changes and restart the container run the following commands:
· <path_to_starterkit>/bin/createConfigs.sh
isvdi
· For
OpenShift container: oc -n isvgim rollout restart deployment isvdi
· For
Kubernetes container: kubectl -n isvgim rollout restart deployment isvdi
Enabling debug logs and disabling json-logging
Refer https://www.ibm.com/docs/api/v1/content/SSCQGF_10.0.0/container/html/verify-directory-integrator.html#general_logging page
from SVDI.
If the config.yaml file which is used as
the YAML_CONFIG_FILE environment variable for the container
doesn't have root-level and json-logging configuration
elements, follow the instructions that are provided in https://www.ibm.com/docs/api/v1/content/SSCQGF_10.0.0/container/html/verify-directory-integrator.html#general_logging to
the add root-level and json-logging configuration
elements section to the config.yaml file.
To enable debug logs, set value for root-level to debug and
to disable json logging, set value for json-logging element
to false.
Note: The container must
be restarted after making these changes to the configuration yaml. To activate
changes and restart the container run the following commands:
· <path_to_starterkit>/bin/createConfigs.sh
isvdi
· For
OpenShift container: oc -n isvgim rollout restart deployment isvdi
· For
Kubernetes container: kubectl -n isvgim rollout restart deployment isvdi
Uninstalling the adapter
Using Script
Use
below command to remove the adapter:
/path/to/adapterUtil.sh -removeAdapter Adapter-PeopleTools
Manually copying files to
Persistent Volume
Remove files from the given directory structure of the persistent volume mapped
to /opt/IBM/svgadapters directory of the container image.
ILMT-Tags
Remove below files from <Persistent_Volume>/swidtag directory:
- ibm.com_IBM_Verify_Identity_Governance_Application_Adapters-11.0.0.swidtag
- ibm.com_IBM_Verify_Identity_Governance_Enterprise-11.0.0.swidtag
3rd party jars
Remove 3rd party jar files used by this
adapter listed below from <Persistent_Volume>/jars/3rdparty/others directory:
- ojdbc8.jar
Attribute
Mapping
Remove this chapter for Identity Manager.
Chapter 4: Upgrading
Verifying
that the adapter is working correctly
Remove this chapter.
Chapter 5: Configuring
Enabling TLSv1.2 in
Security Directory Integrator
Procedure:
1. Apply recommended
fix packs and limited availability (LA) versions on the Security Directory
Integrator. See Recommended fixes for IBM Tivoli Directory Integrator (TDI)
& IBM Security Directory Integrator (SDI).
2. After applying the appropriate updates, modify the /solution.properties file
by appending the following text to the bottom of the file:
#####################
# # Protocols to enforce SSL protocols in a SDI Server
# # Optional values for com.ibm.di.SSL* property (TLSv1, TLSv1.1, TLSv1.2). # #
This can be a multi-valued comma separated property
# # Optional values for com.ibm.jsse2.overrideDefaultProtocol property
(SSL_TLSv2, TLSv1,TLSv11,TLSv12).
# # This is a single value property.
#####################
-
com.ibm.di.SSLProtocols=TLSv1,TLSv1.1,TLSv1.2
com.ibm.di.SSLServerProtocols=TLSv1,TLSv1.1,TLSv1.2
com.ibm.jsse2.overrideDefaultProtocol=TLSv1
com.ibm.jsse2.overrideDefaultTLS=true
#####################
Customizing
the adapter
The adapters can be customized or extended or both. The type and method of this
customization varies depending on the adapter.
Customizing and extending adapters requires a number of skills. The developer
must be familiar with the following concepts and skills:
- IBM Security Verify Governance Identity Manager administration
-
IBM Security Verify Governance administration
- IBM Security Directory Integrator management
- Security Directory Integrator Assembly Line development
- LDAP schema management
- Working knowledge of Java™ scripting language
- Working knowledge of LDAP object classes and attributes
- Working knowledge of XML document structure
Note: If
the customization requires a new Security Directory Integrator connector, the
developer must also be familiar with Security Directory Integrator connector
development and working knowledge of Java programming language.
Support
for custom adapters
The
integration to IBM Security Verify Governance servers "the adapter
framework" is supported. However, IBM does not support the customizations,
scripts, or other modifications. If you experience a problem with a customized
adapter, IBM Support may require the problem to be demonstrated on the GA
version of the adapter before a PMR is opened.
Chapter 6: Troubleshooting
Enabling DEBUG Logs on
SDI Server
Procedure:
1. Stop the SDI Server process
Pre-7.2.0-ISS-SDI-FP0008
2.
Edit the <SDI_Solution_Directory>/etc/log4j.properties
3. Modify the following line:
log4j.rootCategory=INFO, Default
to
log4j.rootCategory=DEBUG, Default
Post-7.2.0-ISS-SDI-FP0008
2. Edit the <SDI_HOME>/etc/log4j2.xml
3. Modify the following line:
<Root level="info">
to
<Root level="debug">
Post-7.2.0-ISS-SDI-FP0011 (To enable TCB block
in debug)
4. Append the line com.ibm.di.logging.close=false in the
<SDI_HOME>/etc/global.properties file.
5. Start the SDI Server process
6. Re-create the problem and collect the
<SDI_Solution_Dir>/logs/ibmdi.log
Logs are not getting printed in FP13 in Windows OS
Procedure:
1. Copy log4j2.xml file from <SDI_Home_Dir>/etc and add to the
<SDI_Solution_Dir>/etc (which was missing there).
2. Configure /ibmdiservice.props with below parameter:
jvmcmdoptions=-Dlog4j2.configurationFile=etc\log4j2.xml
3. Restart SDI Server process
Chapter 7: Uninstalling
No updates for the current release
Chapter 8: Reference
No
updates for the current release
Installation Platform
The IBM Security Verify Server for Oracle eBS Adapter was built and tested on the following product versions.
Adapter Installation Platform
Due to continuous Java security updates that may be applied to your IBM Security Verify Governance servers, the following SDI releases are the officially supported versions:
- Security Directory Integrator 7.2 + FP14
- Security Verify Directory Integrator 10.0.0 + FP5
Earlier versions of SDI that are still supported may function properly, however to resolve any communication errors, you must upgrade your SDI releases to the officially supported versions by the adapters. Please refer to the adapters installation and configuration guides for the latest update on IBM Security Directory Integrator versions and fix packs.
Managed Resource:
- Oracle e-Business Suite 12.1.1
- Oracle e-Business Suite 12.1.3
- Oracle e-Business Suite 12.2.4
- Oracle e-Business Suite 12.2.5
Supported third-party client libraries:
- ojdbc8.jar: https://mvnrepository.com/artifact/com.oracle.database.jdbc/ojdbc8/23.8.0.25.04
Supported IBM Security Verify Governance servers:
- IBM Verify Identity Governance v11.0
- IBM Security Verify Governance Identity Manager v10.0
- IBM Security Verify Governance v10.0
*Unless this document specifies a specific fix pack version of ISVG Identity Manager v10, we expect the adapter to work with ISIM 6 as well. However, it will only be debugged and fixed from the perspective of ISVG-IM v10.
Trademarks
The following terms are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both:
IBM
BM logo
DB2
Universal Database
WebSphere.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.
Intel, Intel Inside (logos), MMX and Pentium are trademarks of Intel Corporation in the United States, other countries, or both.
UNIX is a registered trademark of The Open Group in the United States and other countries.
Linux is a trademark of Linus Torvalds in the U.S., other countries, or both.
Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.
Other company, product, and service names may be trademarks or service marks of others.
End of Release Notes