To encrypt the SailPoint IdentityIQ (IIQ) to Oracle database connection via Source XML, remove the (SECURITY=...) block from the TNS string and define encryption parameters within the connectionProperties map, as the JDBC driver parses these directly. The configuration requires setting oracle.net.encryption_client to REQUIRED and specifying oracle.net.encryption_types_client (e.g., AES256) within the application XML to enforce Native Network Encryption (NNE).
In IIQ, encrypting the Oracle DB connection using (SECURITY=...) in the JDBC URL will not work because the Oracle Thin driver ignores those parameters. The correct approach is to configure encryption using Oracle JDBC properties instead of the TNS string.
For IIQ database (not connector), defining oracle.net.encryption_client in application XML or connectionProperties is often not sufficient because IIQ may not pass these properties to the driver.
The reliable solution is to enforce encryption at the JVM level using system properties:
-Doracle.net.encryption_client=REQUIRED
-Doracle.net.encryption_types_client=AES256
-Doracle.net.crypto_checksum_client=REQUIRED
-Doracle.net.crypto_checksum_types_client=SHA256
Also ensure the DB server has SQLNET.ENCRYPTION_SERVER=REQUIRED; otherwise encryption may not be negotiated.
In short: for IIQ internal DB connections, JVM properties or sqlnet.ora are the only consistently working methods, not JDBC URL or XML configuration. Might this can help solve the issue