Oracle® Identity Manager Connector Guide for IBM RACF Advanced, Release 9.0.1 Part Number B31118-01 |
|
|
View PDF |
The Oracle Identity Manager IBM RACF Advanced Connector provides a native interface into z/OS mainframe and the Oracle Identity Manager. The Advanced Connector functions as a trusted virtual administrator on the targeted platform, performing tasks such as creating login IDs, suspending IDs, changing passwords, and performing other functions that administrators usually perform manually.
The Oracle Identity Manager IBM RACF Advanced Connector enables bi-directional provisioning and reconciliation to IBM RACF security facilities. . This chapter also provides an overview of the connector and features of the Advanced Connector.
This chapter discusses the following topics, and provides an overview of the Oracle Identity Manager IBM RACF Advanced Connector components and the supported functionality:
The Oracle Identity Manager IBM RACF Advanced Connector includes the following components:
Oracle Identity Manager Advanced LDAP Gateway: The LDAP Gateway receives instructions from the Oracle Identity Manager server in the same way as any LDAP v3 identity store. These LDAP commands are then converted into native mainframe commands for IBM RACF and sent to the Provisioning Connector. The response is also native to IBM RACF, which is then parsed into an LDAP response. After execution, an LDAP-formatted response is returned to the requesting application.
Oracle Identity Manager Provisioning Connector: The Provisioning Connector is a mainframe component, receiving native mainframe IBM RACF provisioning commands from the LDAP Gateway. These requests are processed against the IBM RACF authentication repository with the response parsed and returned to the LDAP Gateway.
Oracle Identity Manager Reconciliation Connector: The Oracle Identity Manager Reconciliation Connector captures native mainframe events using advanced exit technology for seamless bidirectional reconciliation to the Oracle Identity Manager through the LDAP Gateway. The Reconciliation Connector captures events occurring from TSO login, command prompt, batch jobs, and other native events, in real time. The Reconciliation Connector captures these events and transforms them into notification messages for the Oracle Identity Manager through the LDAP Gateway.
Message Transport Layer: The message transport layer enables the exchange of messages between the LDAP Gateway and the IBM RACF Provisioning and Reconciliation Connector. You can use the following messaging protocols for the message transport layer:
IBM MQ Series
TCP/IP with internal Advanced Encryption Standard (AES) encryption using 128-bit cryptographic keys. The IBM RACF Advanced connector supports a manually configured message transport layer using the TCP/IP protocol, which is functionally similar to proprietary message transport layer protocols.
In addition, the Advanced connector is engineered for high-performance environments and transactions.
See Also:
For more information on the IBM RACF Advanced Connector architecture and configuration of the message transport layer, refer to Appendix B, "Connector Architecture"The following feature set lists use cases for the Oracle Identity Manager IBM RACF Advanced Connector. It is important to note that the LDAP Gateway receives LDAP v.3 and sends IBM RACF commands to the mainframe through the Provisioning Connector. The return messages are also in IBM RACF format, which are then returned as LDAP v.3 responses.
The IBM RACF Advanced connector supports the following provisioning functionality:
Change RACF Password
Reset RACF Password
Create RACF User
Modify RACF User
Revoke RACF User Account
Add user to RACF Group
Delete RACF User
Resume RACF User Account
List RACF Users
List RACF Groups
List RACF Users By Group
List RACF Resource Profiles by User
Grant RACF User Access to Dataset
Grant RACF User Access to Resource Profile
Grant RACF User Access to TSO
The IBM RACF connector provides the following reconciliation functionality:
Detect and Report Native RACF Password Change Event
Detect and Report Native RACF Password Reset Event
Detect and Report Native RACF Create User Data Event
Detect and Report Native RACF Modify User Data Event
Detect and Report Native RACF Revoke User Event
Detect and Report Native RACF Add User to RACF Group Event
Detect and Report Native RACF Delete User Event
Detect and Report Native RACF Resume User Event
The files and directories that comprise this connector are compressed in the following ZIP file on the installation media:
Security Applications\IBM RACF\IBM RACF Advanced Rev 1.0.0.zip
The contents of this file are described in brief in the following table:
File or Directory on the Installation Media | Description of Files and Contents |
---|---|
xml\oimRacfConnector.xml |
The XML file that contains component definitions for the connector. |
lib\idm.jar |
The connector JAR file to be deployed on the Oracle Identity Manager system. |
etc\LDAP Gateway\ |
Files required for LDAP Gateway deployment in the distributed environment system. |
etc\Provisioning and Reconciliation Connector\Mainframe_RACF\ |
Files required for Provisioning Connector and Reconciliation Connector Deployment on the mainframe end. |
docs\B31116-01.pdf
|
Oracle Identity Manager Connector Guide for IBM RACF Advanced |