| Oracle® Identity Manager Connector Guide for CA Top Secret Advanced Release 9.0.1 Part Number B31113-01 |
|
|
View PDF |
| Oracle® Identity Manager Connector Guide for CA Top Secret Advanced Release 9.0.1 Part Number B31113-01 |
|
|
View PDF |
Deploying the connector in the distributed environment involves the following tasks:
These tasks are performed on the Oracle Identity Manager system where the LDAP Gateway component is installed. The Provisioning and Reconciliation Connectors are installed in the mainframe environment. This is covered in the Chapter 3, "Installation and Configuration: Part 2".
Verify that the following system requirements are met for deploying the Oracle Identity Manager CA Top Secret Advanced Connector. This section describes the platforms, target systems, and versions of Oracle Identity Manager that are compatible with this connector.
| Item | Requirement |
|---|---|
| Oracle Identity Manager Versions | Oracle Identity Manager 8.5.3 or later |
| Target Systems | CA Top Secret Advanced |
| Target Systems Host Platforms | z/OS IBM Mainframe
Supports all z/OS versions |
| Infrastructure Requirements | Provisioning of the Message Transport Layer of MQ Series or TCP/IP |
| Operating System | Systems that support Java v.1.4.2 or later |
| Mainframe Repository | CA TopSecret MVS Release 5.0, genlevel 9702 or later |
| Distributive Environment | Multiplatform Java version 1.4.2 or later |
Between the distributive and mainframe environment, Oracle Identity Manager supports two different secure message transport layers, TCP/IP and IBM MQ Series.
The MQ Series comes with its own internal setup procedures, which are transparent at the LDAP Gateway level. The primary requirement is that port 1414 is used between the Oracle Identity Manager and the mainframe.
Additional configuration is required for the TCP/IP message transport layer. The Oracle Identity Manager reserves the following ports for standard message transport layer communication.
In coordination with an enterprise level architecture, port 5790 is used for the Advanced Provisioning Connector. Between the LDAP Gateway and the Reconciliation Connector, the Oracle Identity Manager reserves ports 5190 through 5199 as a range of ports for multiple LPARs.
The rules for TCP/IP are beyond the scope of this document, but affect the startup and communication sequences. The goal is to establish a stateful connection, allowing the pooling of messages and significantly reducing the load on both the mainframe and the LDAP Gateway server.
The first step is to start up the Oracle Identity Manager LDAP Gateway. This will have been previously configured to connect to CA Top Secret using a given IP address and port number.
Once the LDAP Gateway is started, start the Provisioning Connector started task, which is also preset to establish the TCP/IP connection to the LDAP Gateway on a specified IP address and port number.
The same procedure applies to the Reconciliation Connector. Start the LDAP Gateway, and then initiate the Reconciliation Connector started task.
Copy the following connector files to the destinations indicated in the following table:
| Files | Destination |
|---|---|
xml\oimTopsConnector.xml |
OIM_HOME\xellerate\XLIntegrations\tops\xml\
|
lib\idm.jar |
OIM_HOME\ xellerate\JavaTasks
|
To import the connector XML file into Oracle Identity Manager:
Open the Oracle Identity Manager Administrative and User Console.
Click the Deployment Management link on the left navigation bar.
Click the Import link under Deployment Management. A dialog box for locating files is displayed.
Locate and open the oimTopsConnector.xml file, which is in the OIM_HOME\xellerate\XLIntegrations\tops\xml\ directory. Details of this XML file are shown on the File Preview page.
Click Add File. The Substitutions page is displayed.
Click Next. The Confirmation page is displayed.
Click Next. The Provide IT Resource Instance Data page for the TopSecretResource resource is displayed.
Specify values for the parameters of the TopSecretResource resource. Refer to the table in the Defining IT Resources section for information about the values to be specified.
Click Next. The Provide IT Resource Instance Data page for a new instance of the TopSecretResource IT resource type is displayed.
Click Skip to specify that you do not want to define another IT resource. The Confirmation page is displayed.
See Also:
If you want to define another IT resource, then refer to Oracle Identity Manager Tools Reference Guide for instructions.Click View Selections.
The contents of the XML file are displayed on the Import page. You may see a cross-shaped icon along with some nodes. You must remove these nodes. To do this, right-click each such node and then select Remove.
Click Import. The connector file is imported into Oracle Identity Manager.
You must specify values for the TopSecretResource IT resource parameters listed in the following table.
| Parameter Name | Parameter Value (Default) |
|---|---|
| Resource Asset Name | TopSecretResource |
| Resource Asset Type | LDAP Server |
| Admin Id | uid=idfTopsAdmin,ou=People,dc=tops,dc=com |
| Admin Password | idfTopsPwd |
| Server Address | localhost |
| Root DN | dc=tops,dc=com |
| Port | 5389 |
| Is the resource asset to be used to call a method on an API, which resides on a machine that is external to Xellerate? | No |
After you specify values for these IT resource parameters, go to Step 9 of the procedure to import connector XML files.
The following adapters are imported into Oracle Identity Manager when you import the connector XML file. You must compile these adapters before you can use them to provision accounts on the target system.
CreateTopsUser
ResetTopsPassword
ChangeTopsUserPassword
DeleteTopsUser
RevokeTopsUser
ResumeTopsUser
GrantTsoTopsUser
AddTopsUserToGroup
RemoveTopsUserFromGroup
AddTopsUserToDataset
RemoveTopsUserFromDataset
AddTopsUserToFacility
RemoveTopsUserFromFacility
ModifyTopsUser
To compile adapters by using the Adapter Manager form:
Open the Adapter Manager form.
To compile all the adapters that you have imported into the current database, select the Compile All option.
To compile multiple (but not all) adapters, select the adapters you want to compile. Then, select the Compile Selected option.
Click Start. Oracle Identity Manager compiles the adapters that you specify.
To view detailed information about an adapter:
Highlight the adapter in the Adapter Manager form.
Double-click the row header of the adapter, or right-click the adapter.
Select Launch Adapter from the shortcut menu that is displayed. Details of the adapter are displayed.
Note:
To compile multiple adapters simultaneously, use the Adapter Manager form. To compile one adapter at a time, use the Adapter Factory form. Refer to Oracle Identity Manager Tools Reference Guide for information about how to use these forms.To install the LDAP Gateway
Edit the run.cmd or run.sh file located under <install directory>/bin directory, set the JAVA_HOME variable to match your install JAVA install directory, and save the file.
Windows: set JAVA_HOME=\software\j2sdk1.4.2_08
Unix: JAVA_HOME=/software/j2sdk1.4.2_08
Extract the oimserver.jar file and edit the beans.xml file located under <install directory>/dist/. Edit the port property of the server:
<bean id="listener" class= "com.identityforge.ximserver.nio.Listener"> <constructor-arg><ref bean="bus"/></constructor-arg> <property name="admin"><value>false</value></property> <property name="config"> <value>../conf/listener.xml</value></property> <property name="port" value="389"/> </bean>
Open the ximserver.jar and edit the beans.xml file located under <install directory>/dist/ximserver.jar.
Find the <bean name="Tops"> tag and edit the information highlighted in bold in the code:
<bean name="TOPS" singleton="true" class="com.identityforge.ximserver.backend.TOPS.TopsModule">
<!-- The following change is optional. If you make this change, also edit
metaengine.xml-->
<property name="suffix" value="dc=Tops,dc=com"/>
<property name="workingDirectory" value="../TOPS"/>
<!-- The following change is optional -->
<property name="adminUserDN" value="cn=ximTopsAdmin,dc=TOPS,dc=com"/>
<property name="adminUserPassword" value="ximTOPSPwd"/>
<property name="allowAnonymous" value="true"/>
<property name="entryCacheSize" value="1000"/>
<property name="defaultUacc" value="read"/>
<property name="defaultDelete" value="revoke"/>
<property name="batchUser" value="false"/>
<property name="idRules">
<map>
<entry key="length" value="7"/>
</map>
</property>
<property name="pwdRules">
<map>
<entry key="length" value="8"/>
</map>
</property>
<property name="schema" ref="schemas"/>
<property name="metaBackend"><ref bean="hpbe"/>
</property>
<property name="transport">
<map>
<!-- For IBM MQ Series set _type_ value to MQ -->
<entry key="_type_" value="socket"/>
<!-- Set _isencrypted_ to true for 128-bit AES encryption -->
<entry key="_isencrypted_" value="false"/>
<entry key="_host_" value="Top Secret system IP Address"/>
<entry key="_port_" value="5790"/>
<entry key="_qcontext_" value=""/>
<entry key="_qfactory_" value=""/>
<entry key="_qname_" value=""/>
<entry key="_qreplyname_" value=""/>
</map>
</property>
<property name="Connector" value="false"/>
</bean>
If the domain partition was changed from the default "dc=TOPS,dc=com," open the metaengine.xml file located under <install directory>/conf.
Replace all occurrences of the domain partition "dc=TOPS,dc=com" with the domain partition that was chosen for your installation.
Save the file.
