Oracle® Identity Manager Connector Guide for CA Top Secret Advanced Release 9.0.1 Part Number B31113-01 |
|
|
View PDF |
The Oracle Identity Manager CA Top Secret Advanced Connector provides a native interface into z/OS mainframe and the Oracle Identity Manager. The Advanced Connector functions as a trusted virtual administrator on the targeted platform, performing tasks such as creating login IDs, suspending IDs, changing passwords, and performing other functions that administrators usually perform manually.
The Oracle Identity Manager CA Top Secret Advanced Connector enables bi-directional provisioning and reconciliation to CA Top Secret security facilities. This chapter discusses the following topics, and provides an overview of the Oracle Identity Manager CA Top Secret Advanced Connector components and the supported functionality:
The Oracle Identity Manager CA Top Secret Adapter includes the following components:
Oracle Identity Manager Advanced LDAP Gateway: The LDAP Gateway receives instructions from the Oracle Identity Manager server in the same way as any LDAP v3 identity store. These LDAP commands are then converted into native mainframe commands for CA Top Secret and sent to the Provisioning Connector. The response is also native to CA Top Secret, which is then parsed into an LDAP response. After execution, an LDAP-formatted response is returned to the requesting application.
Oracle Identity Manager Provisioning Connector: The Provisioning Connector is a mainframe component, receiving native mainframe CA Top Secret provisioning commands from the LDAP Gateway. These requests are processed against the CA Top Secret authentication repository with the response parsed and returned to the LDAP Gateway.
Oracle Identity Manager Reconciliation Connector: The Oracle Identity Manager Reconciliation Connector captures native mainframe events using advanced exit technology for seamless bidirectional reconciliation to the Oracle Identity Manager through the LDAP Gateway. The Reconciliation Connector captures events occurring from TSO login, command prompt, batch jobs, and other native events, in real time. The Reconciliation Connector captures these events and transforms them into notification messages for the Oracle Identity Manager through the LDAP Gateway.
Message Transport Layer: The message transport layer enables the exchange of messages between the LDAP Gateway and the CA Top Secret Advanced Provisioning and Reconciliation Connector. You can use the following messaging protocols for the message transport layer:
IBM MQ Series
TCP/IP with internal Advanced Encryption Standard (AES) encryption using 128-bit cryptographic keys. The CA Top Secret Advanced connector supports a manually configured message transport layer using the TCP/IP protocol, which is functionally similar to proprietary message transport layer protocols.
In addition, the Advanced connector is engineered for high-performance environments and transactions.
See Also:
For more information on the CA Top Secret Advanced Connector architecture and configuration of the message transport layer, refer to Appendix B, "Connector Architecture"The following feature set lists use cases for the Oracle Identity Manager CA Top Secret Advanced Connector. It is important to note that the LDAP Gateway receives LDAP v.3 and sends CA Top Secret commands to the mainframe through the Provisioning Connector. The return messages are also in CA Top Secret format, which are then returned as LDAP version 3 responses.
The CA Top Secret connector provides the following provisioning functionality:
Change CA Top Secret Password
Reset CA Top Secret Password
Create CA Top Secret User
Modify CA Top Secret User
Revoke CA Top Secret User Account
Add user to CA Top Secret Group
Delete CA Top Secret User
Resume CA Top Secret User Account
List CA Top Secret Users
List CA Top Secret Groups
List CA Top Secret Users By Group
List CA Top Secret Resource Profiles by User
Grant CA Top Secret User Access to Dataset
Grant CA Top Secret User Access to Resource Profile
Grant CA Top Secret User Access to TSO
The CA Top Secret connector provides the following reconciliation functionality:
Detect and Report Native CA Top Secret Password Change Event
Detect and Report Native CA Top Secret Password Reset Event
Detect and Report Native CA Top Secret Create User Data Event
Detect and Report Native CA Top Secret Modify User Data Event
Detect and Report Native CA Top Secret Revoke User Event
Detect and Report Native CA Top Secret Add User to CA Top Secret Group Event
Detect and Report Native CA Top Secret Delete User Event
Detect and Report Native CA Top Secret Resume User Event
The files and directories that comprise this connector are compressed in the following ZIP file on the installation media:
Security Applications\CA Top Secret\CA Top Secret Advanced Rev 1.0.0
The contents of this file are described in brief in the following table:
Files and Directories | Description of Files and Contents |
---|---|
xml\oimTopsConnector.xml |
The XML file that contains component definitions for the connector. |
lib\idm.jar |
The connector JAR file to be deployed on the Oracle Identity Manager system. |
etc\LDAP Gateway\ |
Files required for LDAP Gateway deployment in the distributed environment system. |
etc\Provisioning and Reconciliation Connector\Mainframe_TS\ |
Files required for Provisioning Connector and Reconciliation Connector Deployment on the mainframe end. |
docs\B31113-01.pdf
|
The CA Top Secret Advanced Connector documentation. |