Sun Java System Identity Manager 6.0 Resources Reference 2005Q4M3 |
ActivCardThe ActivCard resource adapter is defined in the com.waveset.adapter.ActivCardResourceAdapter class.
This adapter supports the following version of ActivCard AIMS:
Resource Configuration Notes
The paths to the client and root certificate files on the machine running Identity Manager are required, as well as the client certificate passphrase and keystore type. In addition, the following ActivCard configuration information is required:
To view the name of the base node from within the ActivCard Identity Management System, click the Configuration tab, then click the Repositories link. Information about the directory can be displayed by clicking on the View link on that page. To view the User ID attribute, click Configuration, then the Customization link, then select “Directories” from the “Select a Topic” drop down list.
Identity Manager Installation Notes
You must install the ActivCard adapter on one of the following types of application servers:
Identity Manager supports the ActivCard adapter without configuring the System Configuration object if your application server runs on Java 1.4 with JSSE.
If the application server is WebLogic 8, then add the following attribute in the System Configuration object in the top-level System settings (along with the other Attribute definitions).
<Attribute name='httpsHandler' value='com.waveset.util.HttpsUtilImpl_Weblogic8'/>
In a single-server environments, specify the attribute as a top-level setting. In a clustered environment, the httpsHandler attribute can be specified in either location.
Note The value of the httpsHandler attribute can also be com.waveset.util.HttpsUtilImpl_JSSE_1_4. This value is supported by default.
Access to the AIMS server is controlled through certificates that must be installed on the machine running Identity Manager. The client and root certificates are required. Do not move these files without reconfiguring their location in the Identity Manager administrator interface, as the certificates are not copied into the system configuration. Instead, the certificates are accessed when needed.
Certificates must be in the following formats:
Usage Notes
This section lists dependencies and limitations related to using the ActivCard resource adapter.
- The ActivCard adapter accomplishes provisioning by using the ActivCard AIMS-Enterprise SDK, which communicates with a secure web server to send and retrieve information. A certificate with associated operator privileges in ActivCard is used to access the server, and only one connection per certificate is allowed at a time. If the same certificate is used to access the ActivCard operator interface, the adapter will be unable to communicate with the server during that time. It is recommended to have a different certificate for each Identity Manager server accessing ActivCard.
- If the cryptix-jce-api.jar and cryptix-jce-provide.jar files are present %WSHOME%/WEB-INF/lib directory, there may be a problem using the certificate. The test connection might fail with a message to check the paths and passphrase. In this situation, stop the application server, delete these JAR files, and restart the application server.
- Be sure the port number is correct when configuring the resource adapter. If you specify an incorrect port, the test connection will take a long time to fail.
Security Notes
This section provides information about supported connections and privilege requirements.
Supported Connections
Identity Manager uses HTTPS to communicate with ActivCard.
Required Administrative Privileges
Administrators must have operator-level access within ActivCard.
Provisioning Notes
The following table summarizes the provisioning capabilities of this adapter.
Feature
Supported?
Enable/disable account
Yes
Rename account
No
Pass-through authentication
No
Before/after actions
No
Data loading methods
Import directly from resource
Reconcile with resource
Account Attributes
The following attributes are displayed on the Account Attributes page for the ActivCard resource adapters. All attributes are of type String.
Any attribute present in the objectclass specified for the ActivCard adapter to use can also be added. The attribute value is returned from the directory used by ActivCard. ActivCard uses an attribute (configurable within ActivCard) to store the device information, so care must be taken to not overwrite this information by exposing the attribute to update by Identity Manager.
Resource Object Management
Not applicable
Identity Template
$accountId$
Sample Forms
ActivCardUserForm.xml
ActivCardUserViewForm.xml
Troubleshooting
Use the Identity Manager debug pages to set trace options on the following class:
com.waveset.adapter.ActivCardResourceAdapter
Additionally, you can set the following Identity Manager Active Sync logging parameters for the resource instance: