Sun Identity Manager 8.1 Resources Reference

Adapter Details

Resource Configuration Notes

You must edit the ClearTrust eserver.conf file to configure SSL mode. Change the cleartrust.eserver.api_port.use_ssl setting.

For more information, refer to ClearTrust documentation.

Identity Manager Installation Notes

The ClearTrust resource adapter is a custom adapter. You must perform the following steps to complete the installation process:

ProcedureInstalling the ClearTrust Resource Adapter

  1. To add this resource to the Identity Manager resources list, you must add the following value in the Custom Resources section of the Configure Managed Resources page.


    com.waveset.adapter.ClearTrustResourceAdapter
  2. Copy the ct_admin_api.jar file from your Clear Trust installation CD to the WEB-INF\lib directory.

Usage Notes

The ClearTrust API is split for users and administrators. (Users are not granted access to servers; administrators are users with administrative rights to the ClearTrust server.) Identity Manager does not create or manage ClearTrust administrative users.

There are three types of entitlements in ClearTrust: Application, Application Function and URL. Identity Manager supports Application Function only; other entitlements are ignored. Entitlements should be assigned to groups and the groups assigned to the user (which is supported by the adapter).

Security Notes

This section provides information about supported connections and privilege requirements.

Supported Connections

Identity Manager uses JNDI over SSL to communicate with the ClearTrust adapter.

Required Administrative Privileges

None

Provisioning Notes

The following table summarizes the provisioning capabilities of this adapter.

Feature  

Supported?  

Enable/disable account 

Yes 

Rename account 

No 

Pass-through authentication 

Yes 

Before/after actions 

No 

Data loading methods 

  • Reconciliation

  • Import from resource

Account Attributes

The following table provides information about ClearTrust account attributes.

Identity Manager User Attribute

Resource User Attribute  

Description  

accountId 

accountName 

Required. The unique account ID for this user. 

isAdminLockout 

isAdminLockout 

Boolean. 

externalDN 

externalDN 

The external domain name for this user. 

email 

emailAddress 

The user’s email address. 

endDate 

endDate 

The end date for this user. 

startDate 

startDate 

The start date for the user. 

firstname 

firstName 

The user’s first name. 

lastname 

lastName 

The user’s last name. 

userGroup 

userGroup 

The groups assigned to the user. 

Resource Object Management

None

Identity Template

$accountId$

Sample Forms

ClearTrustUserForm.xml

Troubleshooting

Use the Identity Manager debug pages to set trace options on the following class:

com.waveset.adapter.ClearTrustResourceAdapter