1 About the Connector

Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with third-party applications. The connector for RSA Authentication Manager is used to integrate Oracle Identity Manager with RSA Authentication Manager.

Note:

Oracle Identity Manager connectors were referred to as resource adapters prior to the acquisition of Thor Technologies by Oracle.

This chapter contains the following sections:

Supported Functionality
Reconciliation Module
Files and Directories That Comprise the Connector

Supported Functionality

The following table lists the functions that are available with this connector.

Function	Type	Description
Create User	Provisioning	Creates a user
Delete User	Provisioning	Deletes a provisioned user This function would not run if the user to be deleted is an administrator.
Enable Token	Provisioning	Enables a disabled token
Disable Token	Provisioning	Disables an existing token
Assign SecurID Tokens to Users	Provisioning	Assigns a token to a user While assigning a software token to the user, the Type of Algorithm field must be filled in the process form. If SID is selected in the Type of Algorithm field, then the following fields must be filled in the process form: Software Token File Name: This is the RSA SecurID software token file in which user and token information is saved. You must enter the file name with the full directory path and ensure that the extension is `.sdtid.` Encryption Key Type Copy Protection Flag Password Usage and Interpretation Method Password Encryption Key Type Password Usage and Interpretation Method Password Note: If these combinations do not matter, then you can accept the default options. If AES is specified In the Type of Algorithm field, then the following fields must be filled in the process form: Software Token File Name: This is the RSA SecurID software token file in which user and token information is saved. You must enter the file name with the full directory path and ensure that the extension is `.sdtid.` The Password field is optional. The following fields can be ignored: Encryption Key Type Copy Protection Flag Password Usage and Interpretation Method
Revoke SecurID Tokens from Users	Provisioning	Revokes a token from a user
Assign users to RSA Authorization Manager groups	Provisioning	Assigns user to a group You must ensure that the following prerequisites are met before you use this function: Valid groups must exist in RSA Authentication Manager. Correct lookup codes (corresponding to valid group names) must be added in the `UD_Lookup.ACE_Group` lookup definition. For example, for a group called `Managers` defined in ACE DB, the following entry must be added as the lookup code: Code Key: `Managers` Decode: `Managers` Lang: `en` Country: `US`
Remove users from RSA Authorization Manager groups	Provisioning	Removes user from a group You must ensure that the following prerequisites are met before you use this function: Valid groups must exist in ACE DB. This function can be run only after the Assign Users to ACE/Server Groups function has been run.
Set Token Pin	Provisioning	Updates the configuration of a token according to a change in the Pin attribute
Set Pin to Next Token Code Mode	Provisioning	Sets the Pin to the next token code mode in RSA Authentication Manager
Track Lost Tokens	Provisioning	Updates the configuration of a token according to a change in the Track Lost attribute
Test Login	Provisioning	Verifies the logging in for a created user with a token assigned You must ensure that the following prerequisites are met before you use this function: An agent host must be in the database. The user (for whom the Test Login function is to be implemented) must be enabled on this agent host. After this is done, the RSA Authentication Manager must be restarted (Broker as well as Authentication Server). For software token types, you must enter the passcode, instead of the token code, in the Current Token Code field on the process form. The passcode can be viewed by using the software token application, which is installed on the Oracle Identity Manager server. See Also: "Software Tokens" for more information
Update User ID	Provisioning	Updates the configuration of a user according to a change in the User Id attribute

Reconciliation Module

The reconciliation module extracts the following elements from the target system to construct a reconciliation event record:

Default Login
First Name
Last Name
Group Name
Group Login
Token Serial Number
Type of Token

Provisioning Module

This section discusses the fields that are provisioned.

RSA Authentication Manager User Provisioning

The following fields are provisioned:

Default Login
First Name
Last Name
Group Login
Group Name

RSA Authentication Manager Token Provisioning

The following fields are provisioned:

Token Serial Number
Pin
Current Token Code
Lifetime (Hours)
Number of Digits
Type of Token
Copy Protection Flag
Password
Password Usage and Interpretation Method
Software Token File Name
Encryption Key Type
Type of Algorithm

Files and Directories That Comprise the Connector

The files and directories that comprise this connector are compressed in the following ZIP file on the installation media:

Security Applications\RSA Authentication Manager\RSA Authentication Manager Rev 4.1.0.zip

These files and directories are listed in the following table.

File Name with Path	Description
xml\xliAuthMgrUser_DM.xml	This file contains the following ACE User components of the connector: IT resource type Custom process form Process task and rule-generator adapters (along with their mappings) Resource object Provisioning process Pre-populate rules that are used with this connector
xml\xliAuthMgrToken_DM.xml	This file contains the following ACE Token components of the connector: ACE Token IT resource type Custom process form Process task and rule-generator adapters (along with their mappings) Resource object Provisioning process Pre-populate rules that are used with this connector
xml\xliAuthMgrScheduledTask_DM.xml	This file contains the components required for reconciliation.
lib\xliACE.jar	This file contains the Java classes that are required for provisioning in RSA Authentication Manager.
remotePackage\lib\ACE50\ACEUser.dll	This file contains the shared library that is required to support provisioning in RSA Authentication Manager.
remotePackage\lib\ACE52\ACEUser.dll	This file contains the shared library that is required to support provisioning in RSA ACE Server 5.2.
remotePackage\lib\AuthMgr60\ACEUser.dll	This file contains the shared library that is required to support provisioning in RSA Authentication Manager 6.0.
remotePackage\lib\ACE52Sol\libACEUser.so	This file contains the shared library that is required to support provisioning in RSA Authentication Manager.
remotePackage\lib\AuthMgr60Sol\libACEUser.so	This file contains the shared library that is required to support provisioning in RSA Authentication Manager 6.0 installed on Solaris.
remotePackage\scripts\AuthMgrImportXLCert.bat	This file contains the script for importing the required security certificate in the remote manager keystore (`.xlkeystore`).
remotePackage\scripts\AuthMgrImportXLCert.sh	This file contains the script for importing the required security certificate in the remote manager keystore (`.xlkeystore`) on Solaris.
remotePackage\tests\config\xl.policy	This file contains the security configuration required for the RMI server codebase to run test calls on RSA Authentication Manager.
remotePackage\tests\lib\xliACETestServer.jar	This file contains the Java classes that are required to run the RMI server for running test calls on RSA Authentication Manager.
remotePackage\tests\scripts\runTestServer.bat	This file contains the script that is required to run the RMI server for running test calls on RSA Authentication Manager.
remotePackage\tests\scripts\runTestServer.sh	This file contains the script that is required to run the RMI server for running test calls on RSA Authentication Manager, on Solaris.
remotePackage\config\xl.policy	This file contains the security configuration that is required for the RMI server codebase for running calls on RSA Authentication Manager for reconciliation.
scripts\AuthMgrImportXLCert.bat	This file contains the script for importing the required security certificate in the Oracle Identity Manager server keystore (`.xlkeystore`).
scripts\AuthMgrImportXLCert.sh	This file contains the script for importing the required security certificate in the Oracle Identity Manager server keystore (`.xlkeystore`) on Solaris.
tests\config\config.properties	This file contains the properties required by the RMI client for running test calls from the Oracle Identity Manager server.
tests\lib\xliACETestClient.jar	This file contains the Java classes required to run the RMI client for running test calls from the Oracle Identity Manager server.
tests\scripts\runTestClient.bat	This file contains the script required to run the RMI client for running test calls from the Oracle Identity Manager Server.
docs\B31132_01.pdf docs\html	These are PDF and HTML versions of this guide, which provides instructions to deploy the connector.

Note:

The files in the tests directory are used only to run tests on the connector.

The "Step 3: Copying the Connector Files" section provides instructions to copy these files into the required directories.