Oracle® Identity Manager Connector Guide for RSA Authentication Manager Release 9.0.1 Part Number B31132-01 |
|
|
View PDF |
After you deploy the connector, you must test it to ensure that it functions as expected.
Note:
In earlier releases of this guide, the connector was referred to as the integration.This chapter contains the following sections:
This section discusses test cases that you can perform by using the troubleshooting utility.
You can use the troubleshooting utility to directly use the connector for identifying the cause of problems associated with connecting to the target system server and performing basic operations on the target system.
Before you can use the troubleshooting utility, you must set the required values in the config.properties
file. This file is in the xellerate_home
/xellerate/XLIntegrations/AuthManager/tests/config/config.properties
directory.
After you specify the required values in the config.properties
file, perform the following steps to run the test cases:
For RSA ACE Server 5.0:
On the target server, copy the ACE_INSTALLATION
\AuthManager\utils\toolkit\apidemon.exe
file to the authmgr_home
\tests\scripts
directory.
For all other versions of RSA ACE server:
Update the following file on the target server:
authmgr_home\tests\scripts\runTestServer.bat
In this file, add the following lines:
set JAVA_HOME=JAVA_HOME set AUTHMGR_HOME=authmgr_home set XL_REMOTE=XL_REMOTE
For RSA ACE 5.0, add the following line:
set PATH=authmgr_home\lib\ACE50;%PATH%
For RSA ACE 5.2, add the following line:
set PATH=authmgr_home\lib\ACE52;%PATH%
For RSA Authentication Manager 6.0, add the following line:
set PATH=authmgr_home\lib\ AuthMgr60;%PATH%
For Solaris 9, update the following file:
authmgr_home\tests\scripts\runTestServer.sh
In this file, add the following lines:
export AUTHMGR_HOME=authmgr_home export ACE_INSTALL=ACE_INSTALL export XL_REMOTE=XL_REMOTE
Run the runTestServer.bat
script.
The runTestServer.bat
script runs an RMI server on the RSA Authentication Manager. Therefore, when you run this script, pass a port number as an argument.
For example:
runTestServer 1001
For Solaris 9, run the runTestServer.sh
script as follows:
./runTestServer.sh 1001
On the Oracle Identity Manager server, use the following table to modify the default attributes of the config.properties file.
This file is in the xellerate_home
\xellerate\XLIntegrations\AuthManager\tests\config\
directory.
Name | Description | Default Values |
---|---|---|
Computer name |
Computer name or IP address of the computer on which RSA Authentication Manager is running | 10.1.1.114 |
port |
Port at which the RMI server is listening | 1001 |
passwd |
RMI password
This password must be the same as the one provided in the RMI server. Check for the value of the |
yourpassword |
adminMode |
Administration mode for the RSA Authentication Manager (host or remote) | Host |
admin |
Remote administration credentials for the RSA Authentication Manager and admin ID | jdoe |
passcode |
Remote administration credentials for the RSA Authentication Manager and the passcode for the admin ID | 1234 |
action |
Action to be tested
The value can be any one of the following:
|
createUser |
userID |
User ID | jdoe |
firstName |
Represents the user attributes and first name | Jane |
lastName |
Represents the user attributes and last name | Doe |
group |
Represents the group attributes and group name | John Doe and Sons |
groupLogin |
Represents the group attributes and group login | jdoeGrp |
tokenSerialNumber |
Represents the token attributes and token Serial Number. | 10473824 |
pin |
Represents the token attributes and token PIN | 1234 |
currentTokenCode |
Represents the token attributes and token code | 796563 |
number |
Represents the token attributes and number of token codes to generate | 2 |
lifetime |
Represents the token attributes and the number of hours until emergency access mode expires. | 24 |
digits |
Represents the token attributes and the number of digits in the token code to be generated | 6 |
loggerfile |
Represents the log file name with path | ..\logs\Test_ACE.log |
loggerlevel |
Represents the Logger properties and Logger level: DEBUG, FATAL, WARN, INFO, or ERROR |
DEBUG |
RevokeFlag |
Revoke Token Flag | 1 |
fileName |
Software token file name | C:\SoftToken\soft18.sdtid |
key |
Encryption key type | 1 |
protect |
Copy protection flag | 0 |
method |
Password usage and interpretation method | 0 |
password |
Password (maximum 8 characters) | welcome1 |
rangeMode |
Criteria used to deploy AES type software tokens | 2 |
endRange |
Ending token serial number | The value must be the same as that in the tokenSerialNumber field |
logFile |
Name of the log file containing the status of deployment operation | filename .log |
overOption |
Overwrites the output of a previously generated XML file | 1 |
closeOption |
Closing option of XML File | Leave this blank |
Update the following file on the Oracle Identity Manager server:
xellerate_home\xellerate\XLIntegrations\AuthManager\tests\scripts\runTestClient.bat
In this file, add the following lines:
XELLERATE_HOME\xellerate=xellerate_home\xellerate JAVA_HOME=jdk_home
Run the runTestClient.bat
file.
For Solaris:
Update the following file:
xellerate_home/xellerate/XLIntegrations/AuthManager/tests/scripts/runTestClient.sh
Add the following lines:
XELLERATE_HOME/xellerate=xellerate_home/xellerate JAVA_HOME=jdk_home
Run the runTestClient.sh
file.
After the script is run, you must get the relevant output in a log file. The log file is located in the following directory:
xellerate_home\xellerate\XLIntegrations\AuthManager\tests\logs\
The following are sample contents of this file:
03 Dec 2004 16:52:45 INFO Constructor: ..\logs\Test_ACE.log DEBUG 03 Dec 2004 16:52:45 INFO You want to add a user!! 03 Dec 2004 16:52:45 INFO result-->ACE_USERCREATION_SUCCESS
The following table lists solutions to some commonly encountered issues associated with the connector.
Problem Description | Solution |
---|---|
Process definition: ACEUser
Process task: Create User Returned Error Message: Access Denied. Check admin credentials. Returned Error Code:
|
Check the admin credentials specified in the IT resource definition. |
Process definition: ACEUser
Process task: Create User Returned Error Message: Unable to communicate with Authentication Server, RSA ACE Authentication Server not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
Process definition: ACEUser
Process task: Create User Returned Error Message: Failed to Connect to server DB, RSA ACE Broker not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
Process definition: ACEUser
Process task: Create User Returned Error Message User already exists in db Returned Error Code
|
Check the user ID that you have specified. A user with this ID already exists in ACE. |
Process definition: ACEUser
Process task: Delete User Returned Error Message: Access Denied. Check admin credentials. Returned Error Code:
|
Check the admin credentials specified in the IT resource definition. |
Process definition: ACEUser
Process task: Delete User Returned Error Message: Unable to communicate with Authentication Server, RSA ACE Authentication Server not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
Process definition: ACEUser
Process task: Delete User Returned Error Message: Failed to connect to serv DB, RSA ACE Broker not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
Process definition: ACEUser
Process task: Delete User Returned Error Message: User is invalid Returned Error Code:
|
Check the user ID that you have specified. A user with this ID does not exist in ACE. |
Process definition: ACEUser
Process task: Delete User Returned Error Message: User is invalid Returned Error Code:
|
Check the user ID that you have specified. A user with this ID is an administrator. If you still want to delete it, revoke the Admin role. |
Process definition: ACEUser
Process task: Assign users to ACE groups Returned Error Message: Access denied, check admin credentials Returned Error Code:
|
Check the admin credentials specified in the IT resource definition. |
Process definition: ACEUser
Process task: Assign users to ACE groups Returned Error Message: Unable to communicate with Authentication Server, RSA ACE Authentication Server not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
Process definition: ACEUser
Process task: Assign users to ACE groups Returned Error Message: Failed to Connect to serv DB, RSA ACE Broker not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
Process definition: ACEUser
Process task: Assign users to ACE groups Returned Error Message: User is invalid Returned Error Code:
|
Check the user ID that you have specified. A user with this ID does not exist in ACE. |
Process definition: ACEUser
Process task: Assign users to ACE groups Returned Error Message: Group is invalid Returned Error Code:
|
Check the group name that you have specified. A group with this name does not exist in ACE. |
Process definition: ACEUser
Process task: Remove users from ACE groups Returned Error Message: Access Denied. Check admin credentials. Returned Error Code:
|
Check the admin credentials specified in the IT resource definition. |
Process definition: ACEUser
Process task: Remove users from ACE groups Returned Error Message: Unable to communicate with Authentication Server, RSA ACE Authentication Server not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
Process definition: ACEUser
Process task: Remove users from ACE groups Returned Error Message: Failed to connect to serv DB, RSA ACE Broker not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
Process definition: ACEUser
Process task: Remove users from ACE groups Returned Error Message: User is invalid Returned Error Code:
|
Check the user ID that you have specified. A user with this ID does not exist in ACE. |
Process definition: ACEUser
Process task: Remove users from ACE groups Returned Error Message: Group is invalid Returned Error Code:
|
Check the Group name that you have specified. A group with this name does not exist in ACE. |
Process definition: ACE Token
Process task: Assign SecurID tokens to users Returned Error Message: Access Denied. Check admin credentials. Returned Error Code:
|
Check the admin credentials specified in the IT resource definition. |
Process definition: ACE Token
Process task: Assign SecurID tokens to users Returned Error Message: Unable to communicate with Authentication Server, RSA ACE Authentication Server not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
Process definition: ACE Token
Process task: Assign SecurID tokens to users Returned Error Message: Failed to Connect to serv DB, RSA ACE Broker not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
Process definition: ACE Token
Process task: Assign SecurID tokens to users Returned Error Message: Token Serial Number is Invalid Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number does not exist in ACE. |
Process definition: ACE Token
Process task: Assign SecurID tokens to users Returned Error Message: Token is already assigned Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number is already assigned to another user in ACE. |
Process definition: ACE Token
Process task: Assign SecurID tokens to users Returned Error Message: Maximum number of users already assigned to this user Returned Error Code:
|
Check the user to whom you have assigned the token. The maximum number (3) is already assigned to this user in ACE. |
Process definition: ACE Token
Process task: Disable Token Returned Error Message: Access Denied. Check admin credentials. Returned Error Code:
|
Check the admin credentials specified in the IT resource definition. |
Process definition: ACE Token
Process task: Disable Token Returned Error Message: Unable to communicate with Authentication Server, RSA ACE Authentication Server not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
Process definition: ACE Token
Process task: Disable Token Returned Error Message: Failed to Connect to serv DB, RSA ACE Broker not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
Process definition: ACE Token
Process task: Disable Token Returned Error Message: Token Serial Number is Invalid Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number does not exist in ACE. |
Process definition: ACE Token
Process task: Disable Token Returned Error Message: Token is not assigned Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number is not assigned to any user in ACE. |
Process definition: ACE Token
Process task: Enable Token Returned Error Message: Access Denied, check admin credentials Returned Error Code:
|
Check the admin credentials specified in the IT resource definition. |
Process definition: ACE Token
Process task: Enable Token Returned Error Message: Unable to communicate with Authentication Server, RSA ACE Authentication Server not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
Process definition: ACE Token
Process task: Enable Token Returned Error Message: Failed to Connect to serv DB, RSA ACE Broker not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
Process definition: ACE Token
Process task: Enable Token Returned Error Message: Token Serial Number is Invalid Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number does not exist in ACE. |
Process definition: ACE Token
Process task: Enable Token Returned Error Message: Token is not assigned Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number is not assigned to any user in ACE. |
Process definition: ACE Token
Process task: Set Pin Updated Returned Error Message: Access Denied, please check admin credentials Returned Error Code:
|
Check the admin credentials specified in the IT resource definition. |
Process definition: ACE Token
Process task: Set Pin Updated Returned Error Message: Unable to communicate with Authentication Server, RSA ACE Authentication Server not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
Process definition: ACE Token
Process task: Set Pin Updated Returned Error Message: Failed to Connect to serv DB, RSA ACE Broker not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
Process definition: ACE Token
Process task: Set Pin Updated Returned Error Message: Token Serial Number is Invalid Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number does not exist in ACE. |
Process definition: ACE Token
Process task: Set Pin Updated Returned Error Message: PINS Do Not Match Returned Error Code:
|
Check the PIN that you have specified and then reentered. The PINs do not match. |
Process definition: ACE Token
Process task: Set Pin to NTC Updated Returned Error Message: Access Denied, please check admin credentials Returned Error Code:
|
Check the admin credentials specified in the IT resource definition. |
Process definition: ACE Token
Process task: Set Pin to NTC Updated Returned Error Message: Unable to communicate with Authentication Server, RSA ACE Authentication Server not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
Process definition: ACE Token
Process task: Set Pin to NTC Updated Returned Error Message: Failed to Connect to serv DB, RSA ACE Broker not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
Process definition: ACE Token
Process task: Set Pin to NTC Updated Returned Error Message: Token Serial Number is Invalid Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number does not exist in ACE. |
Process definition: ACE Token
Process task: Set Pin to NTC Updated Returned Error Message: Current Token Code is Invalid Returned Error Code:
|
Check the token code that you have specified. It is invalid. Ensure that the token code does not change until the API call reaches the RSA Authentication Manager. |
Process definition: ACE Token
Process task: Set Pin to NTC Updated Returned Error Message: Token is not assigned Returned Error Code:
|
Check the token serial number that you have specified. A token with this token serial number is not assigned to any user in ACE. |
Process definition: ACE Token
Process task: Set Lost Updated Returned Error Message: Access Denied, check admin credentials Returned Error Code:
|
Check the admin credentials specified in the IT resource definition. |
Process definition: ACE Token
Process task: Set Lost Updated Returned Error Message: Unable to communicate with Authentication Server, RSA ACE Authentication Server not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
Process definition: ACE Token
Process task: Set Lost Updated Returned Error Message: Failed to Connect to serv DB, RSA ACE Broker not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
Process definition: ACE Token
Process task: Set Lost Updated Returned Error Message: Token Serial Number is Invalid Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number does not exist in ACE. |
Process definition: ACE Token
Process task: Test Login Updated Returned Error Message: Access Denied, please check admin credentials Returned Error Code:
|
Check the admin credentials specified in the IT resource definition. |
Process definition: ACE Token
Process task: Test Login Updated Returned Error Message: Unable to communicate with Authentication Server, RSA ACE Authentication Server not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
Process definition: ACE Token
Process task: Test Login Updated Returned Error Message: Failed to Connect to serv DB, RSA ACE Broker not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
Process definition: ACE Token
Process task: Test Login Updated Returned Error Message: Token Serial Number is Invalid Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number does not exist in ACE. |
Process definition: ACE Token
Process task: Test Login Updated Returned Error Message: Current Token Code is Invalid Returned Error Code:
|
Check if you have entered the token code. |
Process definition: ACE Token
Process task: Test Login Updated Returned Error Message: Passcode is invalid Returned Error Code:
|
Check the token code that you have specified. It is invalid. Ensure that the token code does not change until the API call reaches the RSA Authentication Manager. |
Process definition: ACE Token
Process task: Revoke SecurID tokens from users Returned Error Message: Access Denied, please check admin credentials Returned Error Code:
|
Check the admin credentials specified in the IT resource definition. |
Process definition: ACE Token
Process task: Revoke SecurID tokens from users Returned Error Message: Unable to communicate with Authentication Server, RSA ACE Authentication Server not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
Process definition: ACE Token
Process task: Revoke SecurID tokens from users Returned Error Message: Failed to Connect to serv DB, RSA ACE Broker not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
Process definition: ACE Token
Process task: Revoke SecurID tokens from users Returned Error Message: Token Serial Number is Invalid Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number does not exist in ACE. |
Process definition: ACE Token
Process task: Revoke SecurID tokens from users Returned Error Message: Token is not assigned Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number is not assigned to any user in ACE. |