1 About the Connector

Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with third-party applications. The connector for RSA Authentication Manager is used to integrate Oracle Identity Manager with RSA Authentication Manager.

Note:

Oracle Identity Manager connectors were referred to as resource adapters prior to the acquisition of Thor Technologies by Oracle.

This chapter contains the following sections:

Supported Functionality
Multilanguage Support
Reconciliation Module
Files and Directories That Comprise the Connector
Determining the Release Number of the Connector

Supported Functionality

The following table lists the functions that are available with this connector.

Function	Type	Description
Create User	Provisioning	Creates a user
Delete User	Provisioning	Deletes a user This function would not run if the user to be deleted is an administrator.
Enable Token	Provisioning	Enables a disabled token
Disable Token	Provisioning	Disables an existing token
Assign SecurID Tokens to Users	Provisioning	Assigns a token to a user While assigning a software token to the user, the Type of Algorithm field must be filled in the process form. If `SID` is selected in the Type of Algorithm field, then values must be specified for the following fields in the process form: - Software Token File Name: This is the name of the RSA SecurID software token file in which user and token information is saved. You must enter the file name with the full directory path and ensure that the extension is `.sdtid.` - Encryption Key Type - Copy Protection Flag - Password Usage and Interpretation Method - Password - Encryption Key Type - Password Usage and Interpretation Method - Password Note: If these combinations do not matter, then you can accept the default options. If `AES` is specified in the Type of Algorithm field, then: You must enter a value in the Software Token File Name field of the process form. This is the name of the RSA SecurID software token file in which user and token information is saved. You must enter the file name with the full directory path and ensure that the extension is `.sdtid.` The Password field is optional. The following fields can be ignored: - Encryption Key Type - Copy Protection Flag - Password Usage and Interpretation Method
Revoke SecurID Tokens from Users	Provisioning	Revokes a token from a user
Assign Users to RSA Authentication Manager Groups	Provisioning	Assigns a user to a group You must ensure that the following prerequisites are met before you use this function: Valid groups exist in RSA Authentication Manager. The required lookup codes (corresponding to valid group names) are added in the `UD_Lookup.ACE_Group` lookup definition. For example, for a group called `Managers` defined in ACE DB, the following entry must be added as the lookup code: Code Key: `Managers` Decode: `Managers` Lang: `en` Country: `US`
Remove Users from RSA Authentication Manager Groups	Provisioning	Removes a user from a group You must ensure that the following prerequisites are met before you use this function: Valid groups exist in ACE DB. This function is run only after the Assign Users to RSA Authentication Manager Groups function has been run.
Set Token PIN	Provisioning	Updates the configuration of a token according to a change in the PIN attribute
Set PIN to Next Token Code Mode	Provisioning	Sets the PIN to the next token code mode in RSA Authentication Manager
Track Lost Tokens	Provisioning	Updates the configuration of a token according to a change in the Track Lost attribute
Test Login	Provisioning	Verifies the login for a new user to whom a token has been assigned You must ensure that the following prerequisites are met before you use this function: An agent host is defined in the RSA Authentication Manager database. The user for whom the Test Login function is to be implemented is enabled on this agent host. After this is done, the RSA Authentication Manager is restarted (Broker as well as Authentication Server). For software token types, you must enter the passcode, instead of the token code, in the Current Token Code field in the process form. The passcode can be viewed by using the software token application, which is installed on the Oracle Identity Manager server. See Also: The "Installing Software Tokens" section for more information
Update User ID	Provisioning	Updates the configuration of a user according to a change in the User ID attribute

Multilanguage Support

This release of the connector supports the following languages:

English
Brazilian Portuguese
French
German
Italian
Japanese
Korean
Simplified Chinese
Spanish
Traditional Chinese

Reconciliation Module

The reconciliation module extracts the following elements from the target system to construct reconciliation event records:

Default Login
First Name
Last Name
Group Name
Group Login
Token Serial Number
Type of Token

Reconciling Multivalue Attribute Groups

The following are features related to the reconciliation of multivalue attribute groups:

Group names that include the names of sites are entered in the group_name@domain_name format. In Oracle Identity Manager 9.0.3, you can choose not to include the domain name while creating or updating the name of a group. Similarly, regardless of whether or not the name of a group in the target system includes a domain name, it is reconciled in Oracle Identity Manager.

Note:
The term "domain name" in the Oracle Identity Manager context is the same as "site name" in RSA Authentication Manager.
When a user is deleted from a group in ACE, the group is also deleted from the user's ACE process child table.

Provisioning Module

This section discusses the fields that are provisioned.

RSA Authentication Manager User Provisioning

The following fields are provisioned:

Default Login
First Name
Last Name
Group Login
Group Name

RSA Authentication Manager Token Provisioning

The following fields are provisioned:

Token Serial Number
PIN
Current Token Code
Lifetime (hours)
Number of Digits
Type of Token
Copy Protection Flag
Password
Password Usage and Interpretation Method
Software Token File Name
Encryption Key Type
Type of Algorithm

Files and Directories That Comprise the Connector

The files and directories that comprise this connector are compressed in the following directory on the installation media:

Security Applications\RSA Authentication Manager

These files and directories are listed in the following table.

File in the Installation Media Directory	Description
lib\xliACE.jar	This file contains the Java classes that are required for provisioning in RSA Authentication Manager.
remotePackage\config\xl.policy	This file contains the security configuration that is required for the RMI server codebase for running calls on RSA Authentication Manager for reconciliation.
remotePackage\lib\ACE50\ACEUser.dll	This file contains the shared library that is required to support provisioning in RSA ACE Server 5.0.
remotePackage\lib\ACE52\ACEUser.dll	This file contains the shared library that is required to support provisioning in RSA ACE Server 5.2.
remotePackage\lib\ACE52Sol\libACEUser.so	This file contains the shared library that is required to support provisioning in RSA Authentication Manager.
remotePackage\lib\AuthMgr60\ACEUser.dll	This file contains the shared library that is required to support provisioning in RSA Authentication Manager 6.0.
remotePackage\lib\AuthMgr60Sol\libACEUser.so	This file contains the shared library that is required to support provisioning in RSA Authentication Manager 6.0, on Solaris.
remotePackage\lib\xliACE.jar	This file contains the Java classes that are required for provisioning in RSA Authentication Manager.
remotePackage\scripts\AuthMgrImportXLCert.bat	This file contains the script for importing the required security certificate into the remote manager keystore (`.xlkeystore`).
remotePackage\scripts\AuthMgrImportXLCert.sh	This file contains the script for importing the required security certificate into the remote manager keystore (`.xlkeystore`) on Solaris.
remotePackage\tests\config\xl.policy	This file contains the security configuration required for the RMI server codebase to run test calls on RSA Authentication Manager.
remotePackage\tests\lib\xliACETestServer.jar	This file contains the Java classes that are required to run the RMI server for running test calls on RSA Authentication Manager.
remotePackage\tests\logs	This directory is used by the connector test suite to log the results of the tests. The log files are created in this directory.
remotePackage\tests\scripts\runTestServer.bat	This file contains the script that is required to run the RMI server for running test calls on RSA Authentication Manager.
remotePackage\tests\scripts\runTestServer.sh	This file contains the script that is required to run the RMI server for running test calls on RSA Authentication Manager, on Solaris.
Files in the `resources` directory	Each of these resource bundle files contains language-specific information that is used by the connector. Note: A resource bundle is a file containing localized versions of the text strings that are displayed on the user interface of Oracle Identity Manager. These text strings include GUI element labels and messages displayed on the Administrative and User Console.
scripts\AuthMgrImportRMCert.bat	This file contains the script for importing the required security certificate in the Oracle Identity Manager server keystore (`.xlkeystore`).
scripts\AuthMgrImportRMCert.sh	This file contains the script for importing the required security certificate in the Oracle Identity Manager server keystore (`.xlkeystore`) on Solaris.
tests\config\config.properties	This file contains the properties required by the RMI client for running test calls from the Oracle Identity Manager server.
tests\lib\xliACETestClient.jar	This file contains the Java classes required to run the RMI client for running test calls from the Oracle Identity Manager server.
tests\logs	This directory is used by the connector test suite to log the results of the tests. The log files are created in this directory.
tests\scripts\runTestClient.bat	This file contains the script required to run the RMI client for running test calls from the Oracle Identity Manager Server, for Microsoft Windows.
tests\scripts\runTestClient.sh	This file contains the script required to run the RMI client for running test calls from the Oracle Identity Manager Server, for Solaris.
xml\xliAuthMgrScheduledTask_DM.xml	This file contains definitions for the components required for reconciliation.
xml\xliAuthMgrToken_DM.xml	This file contains definitions for the following ACE Token components of the connector: ACE Token IT resource type Custom process form Process task and rule-generator adapters (along with their mappings) Resource object Provisioning process Pre-populate rules that are used with this connector
xml\xliAuthMgrTrusted.xml	This file contains configuration parameters for the Xellerate User. You must import this file only if you plan to use the connector in trusted source reconciliation mode.
xml\xliAuthMgrUser_DM.xml	This file contains definitions for the following ACE User components of the connector: IT resource type Custom process form Process task and rule-generator adapters (along with their mappings) Resource object Provisioning process Pre-populate rules that are used with this connector

Note:

The files in the tests directory are used only to run tests on the connector.

The "Step 3: Copying the Connector Files" section provides instructions to copy these files into the required directories.

Determining the Release Number of the Connector

To determine the release number of the connector that you have deployed:

Extract the contents of the xliACE.jar file. For a connector that has been deployed, this file is in the following directory:
```
OIM_home\xellerate\JavaTasks
```
Open the manifest.mf file in a text editor. The manifest.mf file is one of the files bundled inside the xliACE.jar file.

In the manifest.mf file, the release number of the connector is displayed as the value of the Version property.