| Oracle® Identity Manager Connector Guide for RSA Authentication Manager Release 9.0.3 Part Number B32366-01 |
|
|
View PDF |
| Oracle® Identity Manager Connector Guide for RSA Authentication Manager Release 9.0.3 Part Number B32366-01 |
|
|
View PDF |
After you deploy the connector, you must test it to ensure that it functions as expected. This chapter discusses the following topics related to connector testing:
You can use the troubleshooting utility to identify the cause of problems associated with connecting to the target system and performing basic operations on the target system.
To use the troubleshooting utility:
For RSA ACE Server 5.0:
On the target server, copy the ace_installation\AuthManager\utils\toolkit\apidemon.exe file to the authmgr_home\tests\scripts directory.
For all other versions of RSA ACE server, on the target server, add the following lines in the authmgr_home\tests\scripts\runTestServer.bat file:
set JAVA_HOME=jdk_home set AUTHMGR_HOME=authmgr_home set XL_REMOTE=xl_remote
For RSA ACE 5.0, add the following line:
set PATH=authmgr_home\lib\ACE50;%PATH%
For RSA ACE 5.2, add the following line:
set PATH=authmgr_home\lib\ACE52;%PATH%
For RSA Authentication Manager 6.0, add the following line:
set PATH=authmgr_home\lib\AuthMgr60;%PATH%
For Solaris 9, update the following file:
authmgr_home\tests\scripts\runTestServer.sh
In this file, change the values specified for the following variables:
export AUTHMGR_HOME=authmgr_home export ACE_INSTALL=ace_install export XL_REMOTE=xl_remote
Run the runTestServer.bat script.
The runTestServer.bat script runs an RMI server on the RSA Authentication Manager. Therefore, when you run this script, you must pass a port number as an argument as shown in the following example:
runTestServer 1001
For Solaris 9, run the runTestServer.sh script as follows:
./runTestServer.sh 1001
Use the information in the following table to change the default attribute values in the config.properties file.
This file is in the authmgr_home\tests\config directory.
| Attribute | Description | Sample Values |
|---|---|---|
Computer name |
Computer name or IP address of the computer on which RSA Authentication Manager is running | 10.1.1.114 |
port |
Port at which the RMI server is listening | 1001 |
passwd |
RMI password
This password must be the same as the one provided in the RMI server. It is the value of the |
yourpassword |
adminMode |
Administration mode for RSA Authentication Manager (host or remote) | Host |
admin |
User ID part of the remote administrator credentials for RSA Authentication Manager | jdoe |
passcode |
Passcode part of the remote administrator credentials for RSA Authentication Manager | 1234 |
action |
Action to be tested
The value can be any one of the following:
|
createUser |
userID |
User ID | jdoe |
firstName |
First name | Jane |
lastName |
Last name | Doe |
group |
Group name | John Doe and Sons |
groupLogin |
Group login | jdoeGrp |
tokenSerialNumber |
Token serial number | 10473824 |
pin |
Token PIN | 1234 |
currentTokenCode |
Token code | 796563 |
number |
Number of token codes to be generated | 2 |
lifetime |
Number of hours until emergency access mode expires | 24 |
digits |
Number of digits in the token code to be generated | 6 |
loggerfile |
Log file name with path | ..\logs\Test_ACE.log |
loggerlevel |
Logger level: DEBUG, FATAL, WARN, INFO, or ERROR |
DEBUG |
RevokeFlag |
Revoke token flag | 1 |
fileName |
Name of the software token file | C:\SoftToken\soft18.sdtid |
key |
Encryption key type | 1 |
protect |
Copy protection flag | 0 |
method |
Password usage and interpretation method | 0 |
password |
Password (maximum 8 characters) | welcome1 |
rangeMode |
Criteria used to deploy AES type software tokens | 2 |
endRange |
Ending token serial number | The value must be the same as that in the tokenSerialNumber field |
logFile |
Name of the log file containing the status of the deployment operation | filename.log |
overOption |
Overwrites the output of a previously generated XML file | 1 |
closeOption |
Closing option of the XML file | Do not specify a value for this attribute |
Update the following file on the Oracle Identity Manager server:
OIM_home\xellerate\XLIntegrations\AuthManager\tests\scripts\runTestClient.bat
In this file, add the following lines:
XELLERATE_HOME\xellerate=OIM_home\xellerate JAVA_HOME=jdk_home
Run the runTestClient.bat file.
For Solaris:
Update the following file:
OIM_home/xellerate/XLIntegrations/AuthManager/tests/scripts/runTestClient.sh
Add the following lines:
XELLERATE_HOME/xellerate=OIM_home/xellerate JAVA_HOME=jdk_home
Run the runTestClient.sh file.
After the script is run, the output is written to a log file. The log file is located in the following directory:
OIM_home\xellerate\XLIntegrations\AuthManager\tests\logs
The following are sample contents of this log file:
03 Dec 2004 16:52:45 INFO Constructor: ..\logs\Test_ACE.log DEBUG 03 Dec 2004 16:52:45 INFO You want to add a user!! 03 Dec 2004 16:52:45 INFO result-->ACE_USERCREATION_SUCCESS
The following table lists solutions to some commonly encountered errors associated with the connector.
| Problem Description | Solution |
|---|---|
| Process definition: ACEUser
Process task: Create User Returned Error Message: Access Denied. Check admin credentials. Returned Error Code:
|
Check the administrator credentials specified in the IT resource definition. |
| Process definition: ACEUser
Process task: Create User Returned Error Message: Unable to communicate with Authentication Server, RSA ACE Authentication Server not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
| Process definition: ACEUser
Process task: Create User Returned Error Message: Failed to Connect to server DB, RSA ACE Broker not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
| Process definition: ACEUser
Process task: Create User Returned Error Message User already exists in the DB Returned Error Code
|
Check the user ID that you have specified. A user with this ID already exists in ACE. |
| Process definition: ACEUser
Process task: Delete User Returned Error Message: Access Denied. Check admin credentials. Returned Error Code:
|
Check the administrator credentials specified in the IT resource definition. |
| Process definition: ACEUser
Process task: Delete User Returned Error Message: Unable to communicate with Authentication Server, RSA ACE Authentication Server not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
| Process definition: ACEUser
Process task: Delete User Returned Error Message: Failed to connect to server DB, RSA ACE Broker not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
| Process definition: ACEUser
Process task: Delete User Returned Error Message: User is invalid Returned Error Code:
|
Check the user ID that you have specified. A user with this ID does not exist in ACE. |
| Process definition: ACEUser
Process task: Delete User Returned Error Message: User is invalid Returned Error Code:
|
Check the user ID that you have specified. The user with this ID is an administrator. If you still want to delete it, then you must first revoke the administrator role. |
| Process definition: ACEUser
Process task: Assign users to ACE groups Returned Error Message: Access denied, check admin credentials Returned Error Code:
|
Check the administrator credentials specified in the IT resource definition. |
| Process definition: ACEUser
Process task: Assign users to ACE groups Returned Error Message: Unable to communicate with Authentication Server, RSA ACE Authentication Server not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
| Process definition: ACEUser
Process task: Assign users to ACE groups Returned Error Message: Failed to Connect to server DB, RSA ACE Broker not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
| Process definition: ACEUser
Process task: Assign users to ACE groups Returned Error Message: User is invalid Returned Error Code:
|
Check the user ID that you have specified. A user with this ID does not exist in ACE. |
| Process definition: ACEUser
Process task: Assign users to ACE groups Returned Error Message: Group is invalid Returned Error Code:
|
Check the group name that you have specified. A group with this name does not exist in ACE. |
| Process definition: ACEUser
Process task: Remove users from ACE groups Returned Error Message: Access Denied. Check admin credentials. Returned Error Code:
|
Check the administrator credentials specified in the IT resource definition. |
| Process definition: ACEUser
Process task: Remove users from ACE groups Returned Error Message: Unable to communicate with Authentication Server, RSA ACE Authentication Server not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
| Process definition: ACEUser
Process task: Remove users from ACE groups Returned Error Message: Failed to connect to server DB, RSA ACE Broker not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
| Process definition: ACEUser
Process task: Remove users from ACE groups Returned Error Message: User is invalid Returned Error Code:
|
Check the user ID that you have specified. A user with this ID does not exist in ACE. |
| Process definition: ACEUser
Process task: Remove users from ACE groups Returned Error Message: Group is invalid Returned Error Code:
|
Check the group name that you have specified. A group with this name does not exist in ACE. |
| Process definition: ACE Token
Process task: Assign SecurID tokens to users Returned Error Message: Access Denied. Check admin credentials. Returned Error Code:
|
Check the administrator credentials specified in the IT resource definition. |
| Process definition: ACE Token
Process task: Assign SecurID tokens to users Returned Error Message: Unable to communicate with Authentication Server, RSA ACE Authentication Server not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
| Process definition: ACE Token
Process task: Assign SecurID tokens to users Returned Error Message: Failed to Connect to server DB, RSA ACE Broker not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
| Process definition: ACE Token
Process task: Assign SecurID tokens to users Returned Error Message: Token Serial Number is Invalid Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number does not exist in ACE. |
| Process definition: ACE Token
Process task: Assign SecurID tokens to users Returned Error Message: Token is already assigned Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number is already assigned to another user in ACE. |
| Process definition: ACE Token
Process task: Assign SecurID tokens to users Returned Error Message: Maximum number of users already assigned to this user Returned Error Code:
|
Check the user to whom you have assigned the token. The maximum number (three) of SecurID tokens has already been assigned to this user in ACE. |
| Process definition: ACE Token0
Process task: Disable Token Returned Error Message: Access Denied. Check admin credentials. Returned Error Code:
|
Check the administrator credentials specified in the IT resource definition. |
| Process definition: ACE Token
Process task: Disable Token Returned Error Message: Unable to communicate with Authentication Server, RSA ACE Authentication Server not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
| Process definition: ACE Token
Process task: Disable Token Returned Error Message: Failed to Connect to server DB, RSA ACE Broker not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
| Process definition: ACE Token
Process task: Disable Token Returned Error Message: Token Serial Number is Invalid Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number does not exist in ACE. |
| Process definition: ACE Token
Process task: Disable Token Returned Error Message: Token is not assigned Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number is not assigned to any user in ACE. |
| Process definition: ACE Token
Process task: Enable Token Returned Error Message: Access Denied, check admin credentials Returned Error Code:
|
Check the administrator credentials specified in the IT resource definition. |
| Process definition: ACE Token
Process task: Enable Token Returned Error Message: Unable to communicate with Authentication Server, RSA ACE Authentication Server not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
| Process definition: ACE Token
Process task: Enable Token Returned Error Message: Failed to Connect to server DB, RSA ACE Broker not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
| Process definition: ACE Token
Process task: Enable Token Returned Error Message: Token Serial Number is Invalid Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number does not exist in ACE. |
| Process definition: ACE Token
Process task: Enable Token Returned Error Message: Token is not assigned Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number is not assigned to any user in ACE. |
| Process definition: ACE Token
Process task: Set PIN Updated Returned Error Message: Access Denied, please check admin credentials Returned Error Code:
|
Check the administrator credentials specified in the IT resource definition. |
| Process definition: ACE Token
Process task: Set PIN Updated Returned Error Message: Unable to communicate with Authentication Server, RSA ACE Authentication Server not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
| Process definition: ACE Token
Process task: Set PIN Updated Returned Error Message: Failed to Connect to server DB, RSA ACE Broker not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
| Process definition: ACE Token
Process task: Set PIN Updated Returned Error Message: Token Serial Number is Invalid Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number does not exist in ACE. |
| Process definition: ACE Token
Process task: Set PIN Updated Returned Error Message: PINs Do Not Match Returned Error Code:
|
Check the PIN that you have specified and then reentered. The PINs do not match. |
| Process definition: ACE Token
Process task: Set PIN to NTC Updated Returned Error Message: Access Denied, please check admin credentials Returned Error Code:
|
Check the administrator credentials specified in the IT resource definition. |
| Process definition: ACE Token
Process task: Set PIN to NTC Updated Returned Error Message: Unable to communicate with Authentication Server, RSA ACE Authentication Server not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
| Process definition: ACE Token
Process task: Set PIN to NTC Updated Returned Error Message: Failed to Connect to server DB, RSA ACE Broker not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
| Process definition: ACE Token
Process task: Set PIN to NTC Updated Returned Error Message: Token Serial Number is Invalid Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number does not exist in ACE. |
| Process definition: ACE Token
Process task: Set PIN to NTC Updated Returned Error Message: Current Token Code is Invalid Returned Error Code:
|
Check the token code that you have specified. It is invalid. Ensure that the token code does not change until the API call reaches RSA Authentication Manager. |
| Process definition: ACE Token
Process task: Set PIN to NTC Updated Returned Error Message: Token is not assigned Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number is not assigned to any user in ACE. |
| Process definition: ACE Token
Process task: Set Lost Updated Returned Error Message: Access Denied, check admin credentials Returned Error Code:
|
Check the administrator credentials specified in the IT resource definition. |
| Process definition: ACE Token
Process task: Set Lost Updated Returned Error Message: Unable to communicate with Authentication Server, RSA ACE Authentication Server not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
| Process definition: ACE Token
Process task: Set Lost Updated Returned Error Message: Failed to Connect to server DB, RSA ACE Broker not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
| Process definition: ACE Token
Process task: Set Lost Updated Returned Error Message: Token Serial Number is Invalid Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number does not exist in ACE. |
| Process definition: ACE Token
Process task: Test Login Updated Returned Error Message: Access Denied, please check admin credentials Returned Error Code:
|
Check the administrator credentials specified in the IT resource definition. |
| Process definition: ACE Token
Process task: Test Login Updated Returned Error Message: Unable to communicate with Authentication Server, RSA ACE Authentication Server not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
| Process definition: ACE Token
Process task: Test Login Updated Returned Error Message: Failed to Connect to server DB, RSA ACE Broker not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
| Process definition: ACE Token
Process task: Test Login Updated Returned Error Message: Token Serial Number is Invalid Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number does not exist in ACE. |
| Process definition: ACE Token
Process task: Test Login Updated Returned Error Message: Current Token Code is Invalid Returned Error Code:
|
Check if you have entered the token code. |
| Process definition: ACE Token
Process task: Test Login Updated Returned Error Message: Passcode is invalid Returned Error Code:
|
Check the token code that you have specified. It is invalid. Ensure that the token code does not change until the API call reaches the RSA Authentication Manager. |
| Process definition: ACE Token
Process task: Revoke SecurID tokens from users Returned Error Message: Access Denied, please check admin credentials Returned Error Code:
|
Check the administrator credentials specified in the IT resource definition. |
| Process definition: ACE Token
Process task: Revoke SecurID tokens from users Returned Error Message: Unable to communicate with Authentication Server, RSA ACE Authentication Server not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
| Process definition: ACE Token
Process task: Revoke SecurID tokens from users Returned Error Message: Failed to Connect to server DB, RSA ACE Broker not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
| Process definition: ACE Token
Process task: Revoke SecurID tokens from users Returned Error Message: Token Serial Number is Invalid Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number does not exist in ACE. |
| Process definition: ACE Token
Process task: Revoke SecurID tokens from users Returned Error Message: Token is not assigned Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number is not assigned to any user in ACE. |
