Oracle® Identity Manager Connector Guide for CA ACF2 Advanced Release 9.0.1 Part Number B31112-01 |
|
|
View PDF |
The Oracle Identity Manager CA ACF2 Advanced Connector provides a native interface into z/OS mainframe and the Oracle Identity Manager. The Advanced Connector functions as a trusted virtual administrator on the targeted platform, performing tasks such as creating login IDs, suspending IDs, changing passwords, and performing other functions that administrators usually perform manually.
The Oracle Identity Manager CA ACF2 Advanced Connector enables bi-directional provisioning and reconciliation to CA ACF2 security facilities. This chapter discusses the following topics, and provides an overview of the Oracle Identity Manager CA ACF2 Advanced Connector components and the supported functionality:
The Oracle Identity Manager CA ACF2 Advanced Connector includes the following components:
Oracle Identity Manager Advanced LDAP Gateway: The LDAP Gateway receives instructions from the Oracle Identity Manager server in the same way as any LDAP v3 identity store. These LDAP commands are then converted into native mainframe commands for CA ACF2 and sent to the Provisioning Connector. The response is also native to CA ACF2, which is then parsed into an LDAP response. After execution, an LDAP-formatted response is returned to the requesting application.
Oracle Identity Manager Provisioning Connector: The Provisioning Connector is a mainframe component, receiving native mainframe CA ACF2 provisioning commands from the LDAP Gateway. These requests are processed against the CA ACF2 authentication repository with the response parsed and returned to the LDAP Gateway.
Oracle Identity Manager Reconciliation Connector: The Oracle Identity Manager Reconciliation Connector captures native mainframe events using advanced exit technology for seamless bidirectional reconciliation to the Oracle Identity Manager through the LDAP Gateway. The Reconciliation Connector captures events occurring from TSO login, command prompt, batch jobs, and other native events, in real time. The Reconciliation Connector captures these events and transforms them into notification messages for the Oracle Identity Manager through the LDAP Gateway.
Message Transport Layer: The message transport layer enables the exchange of messages between the LDAP Gateway and the CA ACF2 Provisioning and Reconciliation Connector. You can use the following messaging protocols for the message transport layer:
IBM MQ Series
TCP/IP with internal Advanced Encryption Standard (AES) encryption using 128-bit cryptographic keys. The CA ACF2 Advanced connector supports a manually configured message transport layer using the TCP/IP protocol, which is functionally similar to proprietary message transport layer protocols.
In addition, the Advanced connector is engineered for high-performance environments and transactions.
See Also:
For more information on the CA ACF2 Advanced Connector architecture and configuration of the message transport layer, refer to Appendix B, "Connector Architecture"The following feature set lists use cases for the Oracle Identity Manager CA ACF2 Advanced Connector. It is important to note that the LDAP Gateway receives LDAP v.3 and sends CA ACF2 commands to the mainframe through the Provisioning Connector. The return messages are also in CA ACF2 format, which are then returned as LDAP version 3 responses.
The CA ACF2 connector provides the following provisioning functionality:
Change CA ACF2 Password
Reset CA ACF2 Password
Create CA ACF2 User
Modify CA ACF2 User
Revoke CA ACF2 User Account
Add user to CA ACF2 Group
Delete CA ACF2 User
Resume CA ACF2 User Account
List CA ACF2 Users
List CA ACF2 Groups
List CA ACF2 Users By Group
List CA ACF2 Resource Profiles by User
Grant CA ACF2 User Access to Dataset
Grant CA ACF2 User Access to Resource Profile
Grant CA ACF2 User Access to TSO
The CA ACF2 connector provides the following reconciliation functionality:
Detect and Report Native CA ACF2 Password Change Event
Detect and Report Native CA ACF2 Password Reset Event
Detect and Report Native CA ACF2 Create User Data Event
Detect and Report Native CA ACF2 Modify User Data Event
Detect and Report Native CA ACF2 Revoke User Event
Detect and Report Native CA ACF2 Add User to CA ACF2 Group Event
Detect and Report Native CA ACF2 Delete User Event
Detect and Report Native CA ACF2 Resume User Event
The files and directories that comprise this connector are compressed in the following ZIP file on the installation media:
Security Applications\CA ACF2\CA ACF2 Advanced Rev 1.0.0.zip
The contents of this file are described in brief in the following table:
Files and Directories | Description of Files and Contents |
---|---|
xml\oimAcf2Connector.xml |
The XML file that contains component definitions for the connector. |
lib\idm.jar |
The connector JAR file to be deployed on the Oracle Identity Manager system. |
etc\LDAP Gateway\ |
Files required for LDAP Gateway deployment in the distributed environment system. |
etc\Provisioning and Reconciliation Connector\Mainframe_ACF2\ directory files |
Files required for Provisioning Connector and Reconciliation Connector Deployment on the mainframe end. |
docs\B31112-01.pdf
|
The CA ACF2 Advanced Connector documentation. |