Resources Reference

Previous Contents Next
Sun Java System Identity Manager 6.0 Resources Reference 2005Q4M3

1

Resources Reference

This chapter describes the resource adapters that are provided with your Identity Manager installation.

The following table lists these adapters (sorted by type) and provides an overview of supported versions, Active Sync support, connection methods, and communication protocols for each adapter:

Resource

Supported Versions

Active Sync Support

Gateway?

Communication Protocols

CRM and ERP Systems

Oracle Applications
(see page 1-193)

Oracle Financials on Oracle Applications 11.5.9, 11.5.10

No

No

JDBC

PeopleSoft Component
(see page 1-227)

PeopleTools
8.1 – 8.42
with HRMS
8.0 – 8.8

Yes
Smart polling, Listener

No

Client connection toolkit (Sync Only)

PeopleSoft
Component Interface

PeopleTools
8.1 through 8.4.

No

No

Client connection toolkit (Read/Write)

SAP (see page 1-257)

SAP R/3
4.5, 4.6, 4.7

No

No

BAPI via SAP Java Connector

SAP HR
4.5, 4.6, 4.7

Yes
Smart polling, Listener

ALE

SAP Enterprise Portal
(see page 1-283)

6.20 SP2+

No

No

SAP User Management Engine

Siebel CRM
(see page 1-323)

6.0, 7.0, 7.7

No

No

Siebel Data API

Databases

DB2 (see page 1-95)

7.0, 7.2, 8.1, 8.2

No

No

JDBC, SSL

Microsoft SQL Server (see page 1-159)

2000

No

No

JDBC, SSL

MySQL
(see page 1-165)

4.1

No

No

JDBC, SSL

Databases (continued)

Oracle
(see page 1-193)

9i, 10g

No

No

JDBC, SSL

Sybase
(see page 1-343)

12.x

No

No

JDBC, SSL

Directories

LDAP (see page 1-141)

3.0

Yes
Smart polling, Listener

No

LDAP v3, JNDI, SSL

Microsoft Active Directory
(see page 1-45)

2000 SP3, 2003

Yes
Smart polling

Yes

ADSI

NetWare NDS
(see page 1-175)

Netware 5.1 SP6

Netware6.0 with eDirectory 8.7.1

Novell SecretStore 3.0

Yes
Smart polling

Yes

NDS Client,
LDAP, SSL

Message Platforms

Lotus Domino Gateway (see page 1-99)

5.0, 6.5

Yes
Smart polling

Yes

RMI, IIOP using Toolkit for Java, CORBA

Microsoft Exchange (see page 1-114)

5.5

No

Yes

ADSI

Note: Support for the Microsoft Exchange 5.5 resource adapter has been deprecated.

Use the Active Directory resource for Exchange 2000/20003, which is integrated with Exchange.

Novell GroupWise
(see page 1-121)

5.5, 6.0

No

Yes

NDS Client,
LDAP, SSL

Miscellaneous

Database Table
(see page 1-89)

Yes
Smart polling

No

JDBC

Flat File ActiveSync (see page 1-115)

Yes
Smart polling (Internal Diff engine)

No

Miscellaneous (continued)

INISafe Nexess
(see page 1-131)

1.1.5

com.initech.eam.api Classes

JMS Listener
(see page 1-135)

1.1 or later

Yes

No

Varies, per resource

Microsoft Identity Integration Server
(see page 1-155)

2003

No

No

JDBC

Remedy Help Desk (see page 1-251)

4.5, 5.0

Yes
Smart polling

Yes

Remedy APIs

Scripted Gateway
(see page 1-287

Not applicable

Yes

Varies, per resource

Scripted Host
(see page 1-293)

Not applicable

No

TN3270

Sun Java™ System Communications Services (see page 1-353)

Yes

No

JNDI over SSL or TCP/IP

Operating Systems

AIX (see page 1-79)

4.3.3, 5.2

No

No

Telnet, SSH

HP-UX
(see page 1-125)

11.0, 11i v1,
11i v2

No

No

Telnet, SSH

OS/400
(see page 1-205)

V4r3, V5r1

No

No

Java toolkit for AS400

Red Hat Linux
(see page 1-245)

Linux 8.0, 9.0

No

No

Telnet, SSH

Advanced Server
2.1, 3.0, 4.0

Solaris
(see page 1-337)

2.7, 7, 8, 9, 10

No

No

Telnet, SSH

SuSE Linux
(see page 1-245)

Enterprise 9

No

No

Telnet, SSH

Windows NT, 2000, and 2003 (see page 1-391)

NT, 2000, 2003

No

Yes

ADSI

Security Managers

ACF2 (see page 1-25)

6.4, 6.5sp2, TSO 5.2, 5.3, CICS 2.2

No

No

Secure TN3270

ActivCard
(see page 1-39)

5.0 (AIMS 3.6)

No

No

AIMS SDK, HTTPS

ClearTrust
(see page 1-85)

5.01

No

No

Server Proxy API, JNDI, SSL

Natural
(see page 1-169)

No

No

Secure TN3270

RACF (see page 1-237)

1.x, 2.x

No

No

Secure TN3270

SecurID ACE/Server
(see page 1-313)

5.0, 6.0 for Windows

No

Yes

SecurID
Admin API

5.1, 6.0 for UNIX

SecurID TCL Interface

Top Secret
(see page 1-375)

5.3

Yes
Smart polling (Filtered TSS Audit Events)

No

Secure TN3270

Web Single Sign On (SSO)

IBM/Tivoli Access Manager
(see page 1-17)

4.1, 5.1

No

No

JNDI, SSL

Netegrity Siteminder (see page 1-331)

Admin 5.5

No

No

Netegrity SDK, JNDI, SSL

LDAP 5.5

JNDI, SSL

Table 5.5

JDBC, JNDI, SSL

Sun Java System Access Manager
(see page 1-343)

Sun ONE Identity Server 6.0, 6.1, 6.2

No

No

JNDI, SSL

Note: Support for the Sun ONE Identity Server resource adapter has been deprecated.

Use the Sun Java System Access Manager resource adapter instead.

Sun Java System Identity Server 2004Q2

No

No

JNDI, SSL

Sun Java System Access Manager
6 2005Q1,
7 2005Q4

Note  The Identity Manager adapters can be often be used in their default state.

To enable an adapter,

Follow the installation and configuration procedures provided in the adapter’s Identity Manager Installation Notes section in this chapter.

Add the resource to Identity Manager by using the Resource Wizard, as described in Sun Java™ System Identity Manager Administration.

Note  See Sun Java™ System Identity Manager Data Loading and Synchronization for information about customizing adapters.

How the Adapter Sections are Organized

The resource adapter sections in this chapter are organized as follows:

Introduction — Lists supported resource versions. (Refer to the Readme file supplied with your latest service pack version for updates to this list.)

Resource Configuration Notes — Lists additional steps you must perform on the resource to allow you to manage the resource from Identity Manager.

Identity Manager Installation Notes — Details the installation and configuration steps that you must follow to work with the resource.

Usage Notes — Lists dependencies and limitations related to using the resource.

Security Notes — Describes the types of connection supported as well as the authorizations needed on the resource to perform basic tasks.

Provisioning Notes — Lists whether the adapter can perform tasks such as enable/disable accounts, rename accounts, and whether it allows pass-through authentication.

Account Attributes — Describes default user attributes supported for the resource.

Resource Object Management — Lists objects the adapter can manage.

Identity Template — Provides notes about how to construct or work with the resource identity template.

Sample Forms — Shows the location of a sample form you can use to construct a custom Create/Update User form. Unless otherwise indicated, sample forms are located in the InstallDir\idm\sample\forms\ directory.

Troubleshooting — Lists the classes that can be used for tracing and debugging.

A detailed description of each topic is provided in the remainder of this section.

Topic Descriptions

This section describes the information provided for each adapter, and the topics are organized as follows:

Introduction

Resource Configuration Notes

Identity Manager Installation Notes

Usage Notes

Active Sync Configuration

Security Notes

Provisioning Notes

Account Attributes

Resource Object Management

Identity Template

Sample Forms

Troubleshooting

Introduction

The introductory section lists the versions of the resource supported by the adapter. Other versions might be supported, but they have not been tested.

This section also lists the adapter’s Java class name. The class name is always used for tracing. In addition, if the resource is a custom resource, the class name must be specified on the Configure Managed Resources page. See Identity Manager Installation Notes on page 1-7 for more information about custom resources.

Some resources have multiple adapters. For example, Identity Manager provides adapters for Windows Active Directory and Windows Active Directory ActiveSync. In these cases, a table similar to the following is listed in the introductory section:

GUI Name

Class Name

Windows 2000 /
Active Directory

com.waveset.adapter.ADSIResourceAdapter

Windows 2000 / Active Directory ActiveSync

com.waveset.adapter.ActiveDirectoryActiveSyncAdapter

The GUI name is displayed on the drop-down menu on the Resources page. Once the resource has been added to Identity Manager, this name is also displayed in the resource browser.

Resource Configuration Notes

This section lists additional steps you must perform on the resource to allow you to manage the resource from Identity Manager. (It is assumed that the resource is fully functional before you attempt to establish a connection with Identity Manager.) If there are no configuration tasks, the section will be blank or say “None”.

Identity Manager Installation Notes

From an installation perspective, there are two types of adapters:

Identity Manager adapters

Custom adapters

Identity Manager adapters do not require additional installation procedures. Use the following steps to display the resource on the drop-down menu on the Resource page:

From the Identity Manager Administrative interface, click Configure, and then click Managed Resources.

Click the appropriate check boxes in the Identity Manager Resources section.

Click the Save button at the bottom of the page.

Custom adapters require additional installation procedures. Typically, you must copy one or more jar files to the InstallDir\idm\WEB-INF\lib directory and add the adapter’s Java class to the list of adapters. The jar files are usually available on the installation media, or via download on the internet.

The following example from the DB2 resource adapter illustrates this procedure:

Copy the db2java.jar file to the InstallDir\idm\WEB-INF\lib directory.

From the Identity Manager Administrative interface, click Configure, and then click Managed Resources.

Click the Add Custom Resource button near the bottom of the page.

Enter the full class name of the adapter in the bottom text box, such as com.waveset.adapter.DB2ResourceAdapter.

Click the Save button at the bottom of the page.

The following table lists the adapters that require jar files to be installed on the Identity Manager server.

Adapter

Files Required

Access Manager

pd.jar

ACF2

habeans.jar

—OR—

  habase.jar

  hacp.jar

  ha3270.jar

  hassl.jar

  hodbase.jar

ClearTrust

ct_admin_api.jar

If using SSL, these .jar files:

  asn1.jar

  certj.jar

  jce1_2-do.jar

  jcert.jar

  jnet.jar

  jsafe.jar

  jsaveJCE.jar

  jsse.jar

  rsajsse.jar

  sslj.jar

DB2

db2java.jar

INISafe Nexess

  concurrent.jar

  crimson.jar

  external-debug.jar

  INICrypto4Java.jar

  jdom.jar

  log4j-1.2.6.jar

MS SQL Server

  msbase.jar

  mssqlserver.jar

  msutil.jar

Third-party driver required for SQL Server 7.

MySQL

mysqlconnector-java-3.0.x-stable-bin.jar

Natural

habeans.jar

—OR—

  habase.jar

  hacp.jar

  ha3270.jar

  hassl.jar

  hodbase.jar

Oracle and Oracle ERP

oraclejdbc.jar

PeopleSoft Component and PeopleSoft Component Interface

psjoa.jar

RACF

habeans.jar

—OR—

  habase.jar

  hacp.jar

  ha3270.jar

  hassl.jar

  hodbase.jar

SAP

  jco.jar

  sapidoc.jar

SAP HR ActiveSync

  jco.jar

  sapidoc.jar

  sapidocjco.jar

Scripted Host

habeans.jar

—OR—

  habase.jar

  hacp.jar

  ha3270.jar

  hassl.jar

  hodbase.jar

Siebel CRM

Siebel 6:

  SiebelDataBean.jar

  SiebelTC_enu.jar

  SiebelTcCommon.jar

  SiebelTcOM.jar

Siebel 7.0:

  SiebelJI_Common.jar

  SiebelJI_enu.jar

  SiebelJI.jar

Siebel 7.7

  Siebel.jar

  SiebelJI_enu.jar

SiteMinder

  smjavaagentapi.jar

  smjavasdk2.jar

Sun Java System
Access Manager

  am_sdk.jar

  am_services.jar

Sybase

jconn2.jar

Top Secret

habeans.jar

—OR—

  habase.jar

  hacp.jar

  ha3270.jar

  hassl.jar

  hodbase.jar

Usage Notes

This section lists dependencies and limitations related to using the resource. The contents of this section varies between adapters.

Active Sync Configuration

This section provides resource-specific configuration information that can be viewed on the General Active Sync Settings page of the Active Sync Wizard. The following attributes are applicable to most Active Sync adapters.

Parameter

Description

Process Rule

Either the name of a TaskDefinition, or a rule that returns the name of a TaskDefinition, to run for every record in the feed. The process rule gets the resource account attributes in the activeSync namespace, as well as the resource ID and name.

This parameter overrides all others. If this attribute is specified, the process will be run for every row regardless of any other settings on this adapter.

Correlation Rule

If no Identity Manager user's resource info is determined to own the resource account, the Correlation Rule is invoked to determine a list of potentially matching users/accountIDs or Attribute Conditions, used to match the user, based on the resource account attributes (in the account namespace).

The rule returns one of the following pieces of information that can be used to correlate the entry with an existing Identity Manager account:

  Identity Manager user name

  WSAttributes object (used for attribute-based search)

  List of items of type AttributeCondition or WSAttribute (AND-ed attribute-based search)

  List of items of type String (each item is the Identity Manager ID or the user name of an Identity Manager account)

If more than one Identity Manager account can be identified by the correlation rule, a confirmation rule or resolve process rule will be required to handle the matches.

For the Database Table, Flat File, and PeopleSoft Component Active Sync adapters, the default correlation rule is inherited from the reconciliation policy on the resource.

Confirmation Rule

Rule which is evaluated for all users returned by a correlation rule. For each user, the full user view of the correlation Identity Manager identity and the resource account information (placed under the “account.” namespace) are passed to the confirmation rule. The confirmation rule is then expected to return a value which may be expressed like a Boolean value. For example, “true” or “1” or “yes” and “false” or “0” or null.

For the Database Table, Flat File, and PeopleSoft Component Active Sync adapters, the default confirmation rule is inherited from the reconciliation policy on the resource.

Delete Rule

A rule that can expect a map of all values with keys of the form activeSync. or account. A LighthouseContext object (display.session) based on the proxy administrator’s session is made available to the context of the rule. The rule is then expected to return a value which may be expressed like a Boolean value. For example, “true” or “1” or “yes” and “false” or “0” or null.

If the rule returns true for an entry, the account deletion request will be processed through forms and workflow, depending on how the adapter is configured.

Resolve Process Rule

Either the name of the TaskDefinition or a rule that returns the name of a TaskDefinition to run in case of multiple matches to a record in the feed. The Resolve Process rule gets the resource account attributes as well as the resource ID and name.

This rule is also needed if there were no matches and Create Unmatched Accounts is not selected.

This workflow could be a process that prompts an administrator for manual action.

Create Unmatched Accounts

If set to true, creates an account on the resource when no matching Identity Manager user is found. If false, the account is not created unless the process rule is set and the workflow it identifies determines that a new account is warranted. The default is true.

Populate Global

If set to true, populates the global namespace in addition to the activeSync namespace. The default value is false.

Security Notes

The Security Notes section provides connection and authorization information.

Supported Connections - Lists the type of connection used to communicate between Identity Manager and the resource. The following types of connections are commonly used:

Sun Identity Manager Gateway

Secure Shell (SSH)

Java Database Connectivity (JDBC) over Secure Sockets Layer (SSL)

Java Naming and Directory Interface (JNDI) over SSL

Telnet/TN3270

Other connection types are possible.

Required Administrative Privileges - Lists the privileges the administrator account must have to create users and perform other tasks from within Identity Manager. The administrator account is specified on the Resource Attributes page.

Provisioning Notes

This section contains a table that summarizes the provisioning capabilities of the adapter. These capabilities include

Enable/Disable Account — The ability to enable and disable user accounts is determined by the resource. For example, on some UNIX systems, an account is disabled by changing the password to a random value.

Rename Account — The ability to rename user accounts is determined by the resource.

Pass-Through Authentication — A Identity Manager feature that enables resource users to login to the Identity Manager User interface.

Before/After Actions — Actions are scripts that run within the context of a managed resource, if native support exists for scripted actions.

For example, on UNIX systems, actions are sequences of UNIX shell commands. In Microsoft Windows environments, actions are DOS-style console commands that can execute within the CMD console.

Data Loading Methods — Indicates how data can be loaded into Identity Manager. The following methods are supported:

ActiveSync — Allows information that is stored in an “authoritative” external resource (such as an application or database) to synchronize with Identity Manager user data. The adapter can push or pull resource account changes into Identity Manager.

Discovery (load from resource) — Initially pulls resource accounts into Identity Manager, without viewing before loading. Resource account information can also be imported from or exported to a file.

Reconciliation — Periodically pull resource accounts into Identity Manager, taking action on each account according to configured policy. Use the reconciliation feature to highlight inconsistencies between the resource accounts on Identity Manager and the accounts that actually exist on a resource, and to periodically correlate account data.

Account Attributes

The account attributes, or schema map, maps Identity Manager account attributes to resource account attributes. The list of attributes varies for each resource. You may remove unused attributes from the schema map page. However, adding attributes might require editing the user forms or other code.

The Identity Manager User Attributes can be used in rules, forms, and other Identity Manager-specific functions. The Resource User Attributes are used only when the adapter communicates with the resource.

Resource Object Management

Lists the objects on the resource that can be managed through Identity Manager.

Identity Template

Defines account name syntax for users. For most resources, the syntax is the same as the account ID. However, the syntax is different if the resource uses hierarchical namespaces.

Sample Forms

A form is an object associated with a page that contains rules about how the browser should display user view attributes on that page. Forms can incorporate business logic and are often used to manipulate view data before it is presented to the user.

Forms can be edited with the Identity Manager Business Process Editor (BPE). The BPE is a standalone, Swing-based Java application that allows you to create and edit forms. By selecting form and field definitions from various dialogs and menus, you can quickly customize the content and appearance of Identity Manager pages. For more information, see the Identity Manager Workflows, Forms, and Views.

Built-In Forms

Some forms are loaded into the Identity Manager repository by default. To view a list of forms in the repository, perform the following steps:

From a web browser, go to http://IdentityManagerHost/idm/debug

The browser displays the System Settings page.

From the options menu adjacent to List Objects, select Type: ResourceForm.

Click List Objects. The List Objects of Type: ResourceForm page is displayed. This page lists all editable forms that reside in the Identity Manager repository.

Also Available

Identity Manager provides many additional forms that are not loaded by default. These forms are located in the InstallDir\idm\sample\forms\ directory.

Troubleshooting

Trace output can be helpful when identifying and resolving problems with any adapter. Generally, these are the steps you will follow when using tracing to help identify and resolve problems:

Turn on tracing.

Reproduce the problem and evaluate the results.

Optionally turn tracing on for additional packages or classes, or turn up the tracing level and repeat steps 2 and 3 as needed.

Turn off tracing.

To turn tracing on, follow these steps:

Log in to Identity Manager as the Configurator account

Go to the Debug page: http://IdentityManagerHost/idm/debug

Click Show Trace

Ensure that Trace Enabled is checked

Enter the full class name in the Method/Class text box.

Enter a trace level (1-4). Each level captures different types of information:

1 – Entry and exit of public methods, plus major exceptions.

2 – Entry and exit of all methods.

3 – Significant informational displays (such as the value of variables that control flow) that occur only once per method invocation.

4 – Informational displays that occur n times per method invocation.

Fill out the rest of the page as desired. Click Save when you are ready to begin tracing.

To disable tracing, either deselect the Show Trace option, or delete the class name from the Method/Class text box.

Previous      Contents      Next

Copyright 2006 Sun Microsystems, Inc. All rights reserved.

Resource	Supported Versions	Active Sync Support	Gateway?	Communication Protocols
CRM and ERP Systems
Oracle Applications (see page 1-193)	Oracle Financials on Oracle Applications 11.5.9, 11.5.10	No	No	JDBC
PeopleSoft Component (see page 1-227)	PeopleTools 8.1 – 8.42 with HRMS 8.0 – 8.8	Yes Smart polling, Listener	No	Client connection toolkit (Sync Only)
PeopleSoft Component Interface	PeopleTools 8.1 through 8.4.	No	No	Client connection toolkit (Read/Write)
SAP (see page 1-257)	SAP R/3 4.5, 4.6, 4.7	No	No	BAPI via SAP Java Connector
SAP (see page 1-257)	SAP HR 4.5, 4.6, 4.7	Yes Smart polling, Listener	No	ALE
SAP Enterprise Portal (see page 1-283)	6.20 SP2+	No	No	SAP User Management Engine
Siebel CRM (see page 1-323)	6.0, 7.0, 7.7	No	No	Siebel Data API
Databases
DB2 (see page 1-95)	7.0, 7.2, 8.1, 8.2	No	No	JDBC, SSL
Microsoft SQL Server (see page 1-159)	2000	No	No	JDBC, SSL
MySQL (see page 1-165)	4.1	No	No	JDBC, SSL
Databases (continued)
Oracle (see page 1-193)	9i, 10g	No	No	JDBC, SSL
Sybase (see page 1-343)	12.x	No	No	JDBC, SSL
Directories
LDAP (see page 1-141)	3.0	Yes Smart polling, Listener	No	LDAP v3, JNDI, SSL
Microsoft Active Directory (see page 1-45)	2000 SP3, 2003	Yes Smart polling	Yes	ADSI
NetWare NDS (see page 1-175)	Netware 5.1 SP6 Netware6.0 with eDirectory 8.7.1 Novell SecretStore 3.0	Yes Smart polling	Yes	NDS Client, LDAP, SSL
Message Platforms
Lotus Domino Gateway (see page 1-99)	5.0, 6.5	Yes Smart polling	Yes	RMI, IIOP using Toolkit for Java, CORBA
Microsoft Exchange (see page 1-114)	5.5	No	Yes	ADSI
Microsoft Exchange (see page 1-114)	Note: Support for the Microsoft Exchange 5.5 resource adapter has been deprecated. Use the Active Directory resource for Exchange 2000/20003, which is integrated with Exchange.
Novell GroupWise (see page 1-121)	5.5, 6.0	No	Yes	NDS Client, LDAP, SSL
Miscellaneous
Database Table (see page 1-89)		Yes Smart polling	No	JDBC
Flat File ActiveSync (see page 1-115)		Yes Smart polling (Internal Diff engine)	No
Miscellaneous (continued)
INISafe Nexess (see page 1-131)	1.1.5		com.initech.eam.api Classes
JMS Listener (see page 1-135)	1.1 or later	Yes	No	Varies, per resource
Microsoft Identity Integration Server (see page 1-155)	2003	No	No	JDBC
Remedy Help Desk (see page 1-251)	4.5, 5.0	Yes Smart polling	Yes	Remedy APIs
Scripted Gateway (see page 1-287	Not applicable		Yes	Varies, per resource
Scripted Host (see page 1-293)	Not applicable		No	TN3270
Sun Java™ System Communications Services (see page 1-353)		Yes	No	JNDI over SSL or TCP/IP
Operating Systems
AIX (see page 1-79)	4.3.3, 5.2	No	No	Telnet, SSH
HP-UX (see page 1-125)	11.0, 11i v1, 11i v2	No	No	Telnet, SSH
OS/400 (see page 1-205)	V4r3, V5r1	No	No	Java toolkit for AS400
Red Hat Linux (see page 1-245)	Linux 8.0, 9.0	No	No	Telnet, SSH
Red Hat Linux (see page 1-245)	Advanced Server 2.1, 3.0, 4.0	No	No	Telnet, SSH
Solaris (see page 1-337)	2.7, 7, 8, 9, 10	No	No	Telnet, SSH
SuSE Linux (see page 1-245)	Enterprise 9	No	No	Telnet, SSH
Windows NT, 2000, and 2003 (see page 1-391)	NT, 2000, 2003	No	Yes	ADSI
Security Managers
ACF2 (see page 1-25)	6.4, 6.5sp2, TSO 5.2, 5.3, CICS 2.2	No	No	Secure TN3270
ActivCard (see page 1-39)	5.0 (AIMS 3.6)	No	No	AIMS SDK, HTTPS
ClearTrust (see page 1-85)	5.01	No	No	Server Proxy API, JNDI, SSL
Natural (see page 1-169)		No	No	Secure TN3270
RACF (see page 1-237)	1.x, 2.x	No	No	Secure TN3270
SecurID ACE/Server (see page 1-313)	5.0, 6.0 for Windows	No	Yes	SecurID Admin API
SecurID ACE/Server (see page 1-313)	5.1, 6.0 for UNIX	No	SecurID TCL Interface	SecurID Admin API
Top Secret (see page 1-375)	5.3	Yes Smart polling (Filtered TSS Audit Events)	No	Secure TN3270
Web Single Sign On (SSO)
IBM/Tivoli Access Manager (see page 1-17)	4.1, 5.1	No	No	JNDI, SSL
Netegrity Siteminder (see page 1-331)	Admin 5.5	No	No	Netegrity SDK, JNDI, SSL
	LDAP 5.5			JNDI, SSL
	Table 5.5			JDBC, JNDI, SSL
Sun Java System Access Manager (see page 1-343)	Sun ONE Identity Server 6.0, 6.1, 6.2	No	No	JNDI, SSL
	Sun ONE Identity Server 6.0, 6.1, 6.2	Note: Support for the Sun ONE Identity Server resource adapter has been deprecated. Use the Sun Java System Access Manager resource adapter instead.
	Sun Java System Identity Server 2004Q2	No	No	JNDI, SSL
	Sun Java System Access Manager 6 2005Q1, 7 2005Q4	No	No	JNDI, SSL

GUI Name	Class Name
Windows 2000 / Active Directory	com.waveset.adapter.ADSIResourceAdapter
Windows 2000 / Active Directory ActiveSync	com.waveset.adapter.ActiveDirectoryActiveSyncAdapter

Adapter	Files Required
Access Manager	pd.jar
ACF2	habeans.jar —OR— habase.jar hacp.jar ha3270.jar hassl.jar hodbase.jar
ClearTrust	ct_admin_api.jar If using SSL, these .jar files: asn1.jar certj.jar jce1_2-do.jar jcert.jar jnet.jar jsafe.jar jsaveJCE.jar jsse.jar rsajsse.jar sslj.jar
DB2	db2java.jar
INISafe Nexess	concurrent.jar crimson.jar external-debug.jar INICrypto4Java.jar jdom.jar log4j-1.2.6.jar
MS SQL Server	msbase.jar mssqlserver.jar msutil.jar Third-party driver required for SQL Server 7.
MySQL	mysqlconnector-java-3.0.x-stable-bin.jar
Natural	habeans.jar —OR— habase.jar hacp.jar ha3270.jar hassl.jar hodbase.jar
Oracle and Oracle ERP	oraclejdbc.jar
PeopleSoft Component and PeopleSoft Component Interface	psjoa.jar
RACF	habeans.jar —OR— habase.jar hacp.jar ha3270.jar hassl.jar hodbase.jar
SAP	jco.jar sapidoc.jar
SAP HR ActiveSync	jco.jar sapidoc.jar sapidocjco.jar
Scripted Host	habeans.jar —OR— habase.jar hacp.jar ha3270.jar hassl.jar hodbase.jar
Siebel CRM	Siebel 6: SiebelDataBean.jar SiebelTC_enu.jar SiebelTcCommon.jar SiebelTcOM.jar Siebel 7.0: SiebelJI_Common.jar SiebelJI_enu.jar SiebelJI.jar Siebel 7.7 Siebel.jar SiebelJI_enu.jar
SiteMinder	smjavaagentapi.jar smjavasdk2.jar
Sun Java System Access Manager	am_sdk.jar am_services.jar
Sybase	jconn2.jar
Top Secret	habeans.jar —OR— habase.jar hacp.jar ha3270.jar hassl.jar hodbase.jar

Parameter	Description
Process Rule	Either the name of a TaskDefinition, or a rule that returns the name of a TaskDefinition, to run for every record in the feed. The process rule gets the resource account attributes in the activeSync namespace, as well as the resource ID and name. This parameter overrides all others. If this attribute is specified, the process will be run for every row regardless of any other settings on this adapter.
Correlation Rule	If no Identity Manager user's resource info is determined to own the resource account, the Correlation Rule is invoked to determine a list of potentially matching users/accountIDs or Attribute Conditions, used to match the user, based on the resource account attributes (in the account namespace). The rule returns one of the following pieces of information that can be used to correlate the entry with an existing Identity Manager account: Identity Manager user name WSAttributes object (used for attribute-based search) List of items of type AttributeCondition or WSAttribute (AND-ed attribute-based search) List of items of type String (each item is the Identity Manager ID or the user name of an Identity Manager account) If more than one Identity Manager account can be identified by the correlation rule, a confirmation rule or resolve process rule will be required to handle the matches. For the Database Table, Flat File, and PeopleSoft Component Active Sync adapters, the default correlation rule is inherited from the reconciliation policy on the resource.
Confirmation Rule	Rule which is evaluated for all users returned by a correlation rule. For each user, the full user view of the correlation Identity Manager identity and the resource account information (placed under the “account.” namespace) are passed to the confirmation rule. The confirmation rule is then expected to return a value which may be expressed like a Boolean value. For example, “true” or “1” or “yes” and “false” or “0” or null. For the Database Table, Flat File, and PeopleSoft Component Active Sync adapters, the default confirmation rule is inherited from the reconciliation policy on the resource.
Delete Rule	A rule that can expect a map of all values with keys of the form activeSync. or account. A LighthouseContext object (display.session) based on the proxy administrator’s session is made available to the context of the rule. The rule is then expected to return a value which may be expressed like a Boolean value. For example, “true” or “1” or “yes” and “false” or “0” or null. If the rule returns true for an entry, the account deletion request will be processed through forms and workflow, depending on how the adapter is configured.
Resolve Process Rule	Either the name of the TaskDefinition or a rule that returns the name of a TaskDefinition to run in case of multiple matches to a record in the feed. The Resolve Process rule gets the resource account attributes as well as the resource ID and name. This rule is also needed if there were no matches and Create Unmatched Accounts is not selected. This workflow could be a process that prompts an administrator for manual action.
Create Unmatched Accounts	If set to true, creates an account on the resource when no matching Identity Manager user is found. If false, the account is not created unless the process rule is set and the workflow it identifies determines that a new account is warranted. The default is true.
Populate Global	If set to true, populates the global namespace in addition to the activeSync namespace. The default value is false.