Eloqua Security Cheatsheet

Many clients who purchase products or suites from our SaaS portfolio haven’t fully thought through their security requirements prior to signing up. As such, it is not untypical to find themselves in a quandary as to what they should provision (for free) versus what additional add-ons they should purchase. This blog post is an attempt […]

Loading unique passwords with OIM bulk load

Introduction Using Oracle Identity Manager’s bulk load tool is a great way to load large numbers of user records into OIM in an efficient and performant way. The standard and documented usage of the tool does not make provision for the loading of unique user passwords, though. This article describes an approach that can be […]

Configuring the system for a successful Fusion Application installation – Part 1 – System limits

IntroductionI wanted to share my experience in the installation of Fusion Applications. For those that are not as familiar with it, Fusion application installation goes through several phases after the provisioning plan has been created. These arePr…

Provisioning Users to Google Apps in Five Minutes

One exciting development (at least to me) in OIM is the introduction of the Google Apps connector.Combine this with our existing SSO via Federation, it gives Oracle a nice lifecycle with Google Apps.Here is a quick primer on setting this up and a couple of gotchas on the docs. I wrote this a couple of months ago before the official announcement of the connector, so please correct me if there are any changes since.

There are a few 3rd party libraries from Google required for the connector. It appears that Google has updated its libraries already from what we’ve published in the doc.If you hit the problem described in http://code.google.com/p/googleappengine/issues/detail?id=3008, you probably have a “too current” version of the Google jars.

Here’s the documentation gotcha:In section 2.2.2, there is a note that states:

“Before you run the Connector Installer, you must ensure that all third party jars must be in targetsystems-lib/googleapps-”

The point that is intended here is that the folder structure must match the structure of the connector that is deployed.The distribution is “Google_Apps_11.”, so if you take the docs literally and don’t change the name, things won’t line up.What is happening is that OIM is packaging the necessary 3rd party jars and importing them into the database.It’s important to get this right before installing the connector, or you get to go through a process of removing the jar from the database with scripts, repackaging, and re-importing.

Another confusing point is that the doc references the Java Connector Server.This might be a forthcoming solution, but for the time being, you can just substitute the OIM server anywhere it references the JCS.(This article didn’t have enough three letter acronyms (TLAs)).

Bottom line, what I think the packaging should be before the connector is deployed :


/Oracle_IAM1/server/ConnectorDefaultDirectory/targetsystems-lib/Google_Apps_11.<3rd party jars>

/Oracle_IAM1/server/lib/<3rd party jars>

Deploying the connector from that point is standard fare.Here’s how I configured my IT Resource:


Once I assigned a resource and provisioned it, the user appeared in Google apps and I was able to SSO with that user via OIF immediately. I was also able to de-provision the user from Google by removing the resource entitlement from the user.