Skip Headers
Oracle® Identity Manager Connector Guide for RSA ClearTrust
Release 9.0.4

Go to Documentation Home
Go to Book List
Book List
Go to Table of Contents
Go to Index
Go to Feedback page
Contact Us

Go to previous page
Go to next page
PDF · Mobi · ePub

5 Testing and Troubleshooting

After you deploy the connector, you must test it to ensure that it functions as expected. This chapter discusses the following topics related to connector testing:

5.1 Running Connector Tests

You can use the testing utility to identify the cause of problems associated with connecting to the target system and performing basic operations on the target system.

To use the testing utility:

  1. Copy the contents of the tests directory on the installation media to the OIM_HOME/xellerate/XLIntegrations/ClearTrust/tests/config directory.

  2. Modify the CLASSPATH environment variable to include the following:

    • For Oracle Identity Manager releases 9.0.1 through and 9.1.0.x:

    • For Oracle Identity Manager release 11.1.1:

  3. Use the information in the following table to modify the default attributes given in the file. This file is in the XLIntegrations/ClearTrust/tests/config directory in the Oracle Identity Manager home directory.

    Attribute Name Description Default/Sample Value
    machinename Host name or IP address of the computer on which the RSA ClearTrust Entitlements Server is running
    port Port at which the RSA ClearTrust Entitlements Server is listening 5601
    sslmode Secure Sockets Layer (SSL) mode that the Entitlements Server is using: CLEAR, SSL_ANON, or SSL_AUTH SL_ANON
    timeout Timeout interval (in milliseconds) for connecting to the RSA ClearTrust Entitlements Server 10000
    admingroup Name of the default RSA ClearTrust Administrative group Default Administrative Group
    adminrole Name of the default RSA ClearTrust Administrative role Default Administrative Role
    action Action that is to be tested when Oracle Identity Manager connects to RSA ClearTrust

    The action can be connect, createuser, modifyattributes, getattributes, or deleteuser.

    userid User ID

    You must ensure that the ID does not exist in the RSA ClearTrust database.

    password User's password password
    firstname User's first name Jane
    lastname User's last name Doe
    email User's e-mail address
    startdate User's date of hire

    All dates should be in the following format:


    enddate User's account termination date 2005-02-28
    password expirationdate Date on which the user's password expires 2005-02-28
    islock Specifies whether or not the user is locked in RSA ClearTrust

    If the action attribute is set to connect, then this attribute does not apply.

    loggerfile Name and location of the log file logs/Test_CTConnect.log
    loggerlevel Level of logging that is required

    The level can be one of the log levels discussed in the "Enabling Logging" section.


  4. Enter a command similar to the following to run the CTConnectTest Java class file:

    java com.thortech.xl.integration.ct.tests.CTConnectTest FULL_PATH_OF_CONFIG.PROPERTIES_FILE ctadmin ctpassword

    For example:

    java com.thortech.xl.integration.ct.tests.CTConnectTest 
    OIM_HOME/xellerate/XLIntegrations/ClearTrust/tests/config/  admin admin
  5. To verify that the designated action (for example, creating a user in RSA ClearTrust) is successful, check the log file specified in the file.

    The following is sample output displayed in the log file:

    29 Mar 2004 15:32:19 INFO Constructor: logs/Test_CTConnect.log DEBUG 
    29 Mar 2004 15:33:08 INFO Constructor: logs/Test_CTConnect.log DEBUG 
    29 Mar 2004 15:33:32 INFO Constructor: logs/Test_CTConnect.log DEBUG 
    29 Mar 2004 15:33:32 INFO CT_CONNECTION_SUCCESS 
    29 Mar 2004 15:36:46 INFO Constructor: logs/Test_CTConnect.log DEBUG 
    29 Mar 2004 15:36:46 INFO CT_CONNECTION_SUCCESS 
    29 Mar 2004 15:36:46 INFO CT_USERCREATION_SUCCESS 

5.2 Troubleshooting

Table 5-1 lists solutions to some commonly encountered errors associated with the connector.

Table 5-1 Commonly Encountered Errors

Problem Solution

Oracle Identity Manager cannot establish a connection with RSA ClearTrust.

  • Ensure that the RSA ClearTrust Entitlements Server is running.

  • Check the port on which the RSA ClearTrust Entitlements Server is running. Ensure that the same port number is specified in the Port parameter.

  • Validate the administrator's user ID, password, group, and role by using the Oracle Identity Manager Administrative and User Console.

  • Ensure that the SSL mode in which the Entitlements Server is running is the same as the SSL mode that is specified in the SSLMode parameter of the RSA ClearTrust IT resource.

  • Ensure that all required RSA ClearTrust JAR files are present in the ext directory on the Oracle Identity Manager host computer.

Oracle Identity Manager cannot modify a user ID.

The user ID must be unique in RSA ClearTrust. Ensure that no other user has the same distinguished name.

An incompatible version is found for some classes.

Ensure that Oracle Identity Manager is using JDK 1.4.2 or later.

Oracle Identity Manager cannot provision a user with RSA ClearTrust. In addition, the following error message is displayed:

Data validation failed.

  • Ensure that the AutoSave feature of the RSA ClearTrust provisioning process is enabled.

  • Ensure that the CTPrepopServerInfo adapter is compiled and assigned to the custom process form.

  • Ensure that the run-time and return variables of the connector are mapped properly.

Oracle Identity Manager cannot assign a default group to the user who has been provisioned with RSA ClearTrust. In addition, the following error message is displayed:

ct user group object not found fail

Ensure that the default group specified in the RSA ClearTrust IT resource matches the group created in RSA ClearTrust.