This content has been marked as final. Show 4 replies
Because it is an improvement over using OIM APIs because SPML is an exposed service...
Support for Password Propagation through SPML Web Service
In earlier releases, the connector used the Oracle Identity Manager APIs for password propagation from Active Directory to Oracle Identity Manager. From this release onward, the connector uses SPML Web service for password propagation to Oracle Identity Manager.
I get this part. What I am asking in particular is, How does switching to SPML help the Password Synchronisation? This may sound silly, but I really want to understand. Ofcourse using exposed SPML services would come handy and flexible, but wouldn't it be nice to have it via Xellerate API as well?
What exactly is password propagation? Is the password stored in AD sent over to OIM?
There are DLLs on the domain controllers that pick up a change in the password of a user. During the change, the password is available and sent to the SPML service which then changes the OIM password. This password can then be propagated based on the trigger Change User Password of other event handlers.