IBM Security Verify Adapter 10.0.1 for PeopleTools Adapter is available. Compatibility, installation, and other getting-started issues are addressed.
Copyright
International Business Machines Corporation 2003, 2021. All rights reserved.
US Government Users Restricted Rights -- Use, duplication or disclosure
restricted by GSA ADP Schedule Contract with IBM Corp.
These Release Notes contain information for the following products that was not available when the IBM Security Verify Server manuals were printed:
The PeopleTools Adapter is designed to create and manage User Accounts on the PeopleSoft application. The adapter runs in "agentless" mode and communicates using JDBC and the PeopleTools Java API to the systems being managed.
IBM recommends the installation of this Adapter (and the prerequisite IBM Security Directory Integrator) on each node of an IBM Security Verify Server WAS cluster. A single copy of the adapter can handle multiple IBM Security Verify Server services. The deployment configuration is based, in part, on the topology of your network domain, but the primary factor is the planned structure of your IBM Security Verify Server Provisioning Policies and Approval Workflow process. Please refer to the IBM Knowledge Centre for a discussion of these topics.
IBM Security Verify Server Adapters are powerful tools that require Administrator Level authority. Adapters operate much like a human system administrator, creating accounts, permissions and home directories. Operations requested from IBM Security Verify Server will fail if the Adapter is not given sufficient authority to perform the requested task. IBM recommends that this Adapter run with administrative (root) permissions.
Review and agree to the terms of the IBM Security Verify Server Adapter License prior to using this product. The license can be viewed from the "license" folder included in the product package.
Adapter Version
|
Component |
Version |
|
Release Date |
2021 March 17 21.59.58 |
|
Adapter Version |
10.0.1 |
|
Component Versions |
Adapter build: 10.0.1.89 Profile: 10.0.1.89 Connector: 10.0.1.89 Dispatcher 7.0.32 and above (packaged separately) |
|
Documentation |
The following guides are available in the IBM Knowledge Centre · Installation and Configuration Guide for IBM Security Verify Adapter for PeopleTools · User Guide for IBM Security Verify Adapter for PeopleTools |
New Features
|
 Internal# |
Enhancement # (RFE) |
Description              |
|
|
|
Items included in current release (10.0.1) |
|
  186988 |
|
Recertify PeopleSoft adapter with 8.58 version |
|
|
|
Items included in current release (7.1.10) |
|
|
|
None
|
|
|
|
Items included in 7.1.9 release |
|
|
|
None
|
|
|
|
Items included in 7.1.8 release |
|
|
|
None |
|
|
|
Items included in 7.1.7 release |
|
|
151782 |
Add Support for Identity Governance and Intelligence (IGI) v5.2.2
This adapter is now designed for use with IBM Security Identity Manager, Privileged Identity Manager, and Identity Governance and Intelligence
Note – PeopleTools adapter does not support adapter inside VA functionality. It can’t be installed inside VA.
|
|
|
|
Items included in 7.0.6 release |
|
|
41825 (84139) |
People Tools 7.0.2 for PeopleSoft 8.55 adapter
|
|
|
|
Items included in 7.0.5 release |
|
|
Bug 1934 (RTC 138246) |
Not able to reconcile role ‘PeopleSoft Administrator’. The adapter now reconciles ‘PeopleSoft Administrator’ role in support data recon.
|
|
|
|
Items included in 7.0.4 release |
|
|
30315 |
PeopleTools 8.53 ISIM Adapter Support Domain Password
Note: Refer to Installation and Configuration Notes section.
|
|
|
|
Items included in 7.0.3 release |
|
|
|
Initial release. |
Closed Issues
|
Internal# |
APAR# |
Case# / Description |
|
|
|
Items closed in current release (10.0.1) |
|
|
|
None |
|
|
|
Items closed in release (7.1.10) |
|
RTC 182520 |
|
As a PS adapter developer, I must ensure that the mapping for dn is correct in attributemapping.def file
|
|
|
|
Items closed in 7.1.9 version |
|
Bug 2363 |
PMR 40717,122,000 |
ConGetUsers fails during recon if "Database Table Owner Name" is specified
|
|
Bug 2466 |
PMR 50562,300,838 |
Recon fails when attempting to use 'database table owner'
|
|
|
|
Items closed in 7.1.8 version |
|
Bug 2231 (RTC 154718) |
PMR 40717,122,000 |
PeopleSoft password change fail with PSTools 8.55 |
|
Bug 2190/2252 (RTC 152471) |
PMR 50562,300,838 |
PeopleSoft adapter always performs a full reconciliation. |
|
|
|
Items closed in 7.1.7 version |
|
|
|
None
|
|
|
|
Items closed in 7.0.6 version |
|
|
|
None
|
|
|
|
Items closed in 7.0.5 version |
|
|
|
None
|
|
|
|
Items closed in 7.0.4 version |
|
|
|
None
|
|
|
|
Items closed in 7.0.3 version |
|
|
|
Initial release
|
Known Issues
|
Internal# |
APAR# |
Case# / Description |
|
N/A |
N/A |
Uninstalling the Adapter Do not use the "-awt" option with the adapter uninstaller in console mode. Uninstaller can be run with "-console" and "-silent" options.
|
|
N/A |
N/A |
Setting Custom ID Type If a custom ID Type defined as "Custom" with 2 attribute say MyCustAttr1 and MyCustAttr2 with MyCustAttr1 as a required attribute and MyCustAttr2 as an optional attribute then two cases arises:
a) When an invalid value is provided for the optional attribute, the user is added on the resource. The value format which goes to the adapter is: Custom#MyCustAttr1$Myvalue1|MyCustAttr2$Myvalue2 Where Myvalue1 and Myvalue2 are values you want to set and Myvalue2 is an invalid value. The resource sets this ID Type with the following structure. PSOPRALIAS - OPRALIASTYPE Custom - PSOPRALIASFIELD [1] -PSOPRALIASNAME MyCustAttr1 -PSOPRALIASVALUE Myvalue1 -PSOPRALIASDESCR - PSOPRALIASFIELD [2] -PSOPRALIASNAME MyCustAttr2 -PSOPRALIASVALUE -PSOPRALIASDESCR
b) When an invalid attribute name is provided in place of the optional attribute, the user is added on the resource. The format which goes to the adapter is: Custom#MyCustAttr1$Myvalue1|MyCust$Myvalue2 Where instead of providing MyCustAttr2 an invalid attribute name is sent The resource sets this ID Type with the following structure. PSOPRALIAS - OPRALIASTYPE Custom - PSOPRALIASFIELD [1] -PSOPRALIASNAME MyCustAttr1 -PSOPRALIASVALUE Myvalue1 -PSOPRALIASDESCR
Note: This issue is applicable to all the PeopleTools versions. This is working as designed. The value sent to adapter is constructed value and there is no provision to inform IBM Security Identity Manager that part of value is failed. After reconciliation or lookup the invalid attribute for an ID type will get cleared.
In case ‘a’: after reconciliation the IBM Security Identity Manager will show the following in the values field of the ID Type subform. MyCustAttr1$Myvalue1|MyCustAttr2$ Instead of MyCustAttr1$Myvalue1|MyCustAttr2$Myvalue2
In case ‘b’: after reconciliation the IBM Security Identity Manager will show the following in the values field of the ID Type subform MyCustAttr1$Myvalue1|MyCustAttr2$ Instead of MyCustAttr1$Myvalue1|MyCust2$Myvalue2
Possible workaround: No workaround is available. This is a PeopleTools resource API behavior.
|
|
N/A |
N/A |
Reconciliation of Disabled ID Type If a user with a set ID Type is reconciled and that ID Type is disabled on the resource then the subform displays the ID Type instead of the ID Type Description.
For example : If the ID Type Emp which has the description as Employee is disabled on the resource then the subform will show Emp instead of Employee in the ID Type column of the sub form.
Possible workaround: this is expected behavior.
|
See the Installation and Configuration guide for IBM Security Identity Adapter for PeopleTools for detailed instructions.
The PeopleSoft Adapter Installation and Configuration Guide can be obtained from the IBM Knowledge Center.
Corrections to Installation Guide
Following changes should go to the installation guide in this release:
On page 6 -
In table 3. Prerequisites to install the adapter,
1. Change Description for PeopleTools Software from Version 8.50, Version 8.51 and Version8.52 to Version 8.54, Version 8.55 and Version 8.56.
|
PeopleTools Software
|
Versions 8.54 Version 8.55 Version 8.56 Version 8.58
|
2. Add one more row as follows after:
|
Tivoli Directory Integrator adapters solution directory |
A Security Directory Integrator adapters solution directory is a Security Directory Integrator work directory for IBM Security Verify Manager adapters. For more information, see, the Dispatcher Installation and Configuration Guide.
|
|
SQLPLUS client (When PeopelSoft uses database as Oracle)
Note: Version of SQLPLUS client and SQL Database server should be in sync
|
To connect to the resource it is essential to install SQLPLUS client on the machine where TDI resides. Add an entry for the PeopelSoft database in tnsnames.ora file in client installation directory (<SQLPLUS_client_Install_Dir>\dbhome_2\NETWORK\ADMIN\tnsnames.ora).
|
                                                                     Â
On page 19 –
Add following before See “JDBC type 4 driver JAR file� on page 14 for more information and after
jdbc:db2://10.77.68.37:50000/PTDB
jdbc:db2://ip address:port/database name.
the connectivity JDBC URL for MS SQL Server database:
jdbc:sqlserver://9.37.23.53\SQL2012;instanceName=MSSQLSERVERE2012;SelectMethod=cursor;DatabaseName=PSDB
jdbc:sqlserver://IP_Address\SQL2012;instanceName=SQL_Server_Instance;SelectMethod=cursor;DatabaseName=Database_Name
the connectivity JDBC URL for Oracle database:
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=psoracle.rtp.raleigh.ibm.com)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=PSDEMO)))
jdbc:oracle:Database_Type:@Net_Service_name
3. Please add new section “Installing ILMT-Tags“ File under the section Installingà Installing ILMT-Tags in install guide. Under Installing ILMT-Tags specify below steps.
Before you begin:
· The Dispatcher must be installed
Procedure:
· copy the files in the ILMT-Tags folder to the specified lo cation:
              1. Windows: <SDI-HOME>/swidtag
              2. Unix/Linux: <SDI-HOME>/swidtag
Configuration Notes
IBM Security Identity Adapter for PeopleTools does not install inside the Identity Governance and Intelligence VA.
IBM Security Identity Server adapters can be customized and/or extended. The type and method of this customization may vary from adapter to adapter.
Refer to the ‘IBM Security Verify Adapter Development and Customization Guide’
Support for Customized Adapters
The integration to IBM Security Verify Server "the adapter framework" is supported. However, IBM does not support the customizations, scripts, or other modifications. If you experience a problem with a customized adapter, IBM Support may require the problem to be demonstrated on the GA version of the adapter before a Case is opened.
Installation Platform
The IBM Security Verify Adapter for PeopleTools was built and tested on the following product versions.
Adapter Installation Platform
Due to continuous Java security updates that may be applied to your IBM Security Verify servers, the following SDI releases are the officially supported versions:
  · Security Directory Integrator 7.2 + FP6 + 7.2.0-ISS-SDI-LA0019
Earlier versions of SDI that are still supported may function properly, however to resolve any communication errors, you must upgrade your SDI releases to the officially supported versions by the adapters. Please refer to the adapters installation and configuration guides for the latest update on IBM Security Directory Integrator versions and fix packs.
Managed Resource
· PeopleSoft PeopleTools v8.54
· PeopleSoft PeopleTools v8.55
·     PeopleSoft PeopleTools v8.56
·     PeopleSoft PeopleTools v8.58
IBM Security Verify Manager:
IBM Security Verify Manager v6.0.x
IBM Security Verify Manager v7.0.x
IBM Security Privileged Identity Manager :
IBM Security Privileged Identity Manager v2.x
IBM Security Verify Governance and Intelligence :
IBM Security Identity Governance and Intelligence v5.2.x
IBM Security Verify Governance v10.0
IBM Security Verify Governance v10.0
This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not
intended to state or imply that only that IBM product,
program, or service may be used. Any functionally equivalent product, program,
or service that does not infringe any IBM intellectual property right may be
used instead. However, it is the user's responsibility to evaluate and verify
the operation of any non-IBM product, program, or service.
IBM may have patents or
pending patent applications covering subject matter described in this document.
The furnishing of this document does not give you any license to these patents.
You can send license inquiries, in writing, to:
IBM
Director of Licensing
IBM Corporation
North Castle Drive
Armonk, NY 10504-1785 U.S.A.
For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to:
Intellectual
Property Licensing
Legal and Intellectual Property Law
IBM Japan, Ltd.
1623-14, Shimotsuruma, Yamato-shi
Kanagawa 242-8502 Japan
This
information could include technical inaccuracies or typographical errors.
Changes are periodically made to the information herein; these changes will be
incorporated in new editions of the publication. IBM may make improvements
and/or changes in the product(s) and/or the program(s) described in this
publication at any time without notice.
Any references in this
information to non-IBM Web sites are provided for convenience only and do not
in any manner serve as an endorsement of those Web sites. The materials at
those Web sites are not part of the materials for this IBM product and use of
those Web sites is at your own risk.
IBM may use or distribute any of the information you supply in any way it
believes appropriate without incurring any obligation to you.
Licensees of this program who wish to have information about it for the purpose
of enabling: (i) the exchange of information between independently created
programs and other programs (including this one) and (ii) the mutual use of the
information which has been exchanged should contact:
IBM
Corporation
2ZA4/101
11400 Burnet Road
Austin, TX 78758 U.S.A.
Such
information may be available, subject to appropriate terms and conditions,
including in some cases, payment of a fee.
The licensed program described in this information and all licensed material
available for it are provided by IBM under terms of the IBM Customer Agreement,
IBM International Program License Agreement, or any equivalent agreement
between us.
Any performance data contained herein was determined in a controlled
environment. Therefore, the results obtained in other operating environments
may vary significantly. Some measurements may have been made on
development-level systems and there is no guarantee that these measurements
will be the same on generally available systems. Furthermore, some measurements
may have been estimated through extrapolation. Actual results may vary. Users
of this document should verify the applicable data for their specific
environment.
Information concerning non-IBM products was obtained from the suppliers
of those products, their published announcements or other publicly available
sources. IBM has not tested those products and cannot confirm the accuracy of
performance, compatibility or any other claims related to non-IBM products.
Questions on the capabilities of non-IBM products should be addressed to the
suppliers of those products.
Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of
International Business Machines Corp., registered in many jurisdictions
worldwide. Other product and service names might be trademarks of IBM or other
companies. A current list of IBM trademarks is available on the Web at
"Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.
Microsoft, Windows, and the Windows logo are trademarks of Microsoft
Corporation in the United States, other countries, or both.
Java and all Java-based trademarks and logos are trademarks or registered
trademarks of Oracle and/or its affiliates
End of Release Notes