1 About the Connector

Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with third-party applications. The connector for RSA ClearTrust is used to integrate Oracle Identity Manager with RSA ClearTrust.

Note:

Oracle Identity Manager connectors were referred to as resource adapters prior to the acquisition of Thor Technologies by Oracle.

This chapter contains the following sections:

Supported Functionality
Reconciliation Module
Files and Directories That Comprise the Connector

Supported Functionality

The following table lists the functions that are available with this connector.

Process Task	Type	Description
Create User	Provisioning	Creates a user in RSA ClearTrust with the input values provided
Delete User	Provisioning	Deletes a provisioned user in RSA ClearTrust
Disable User	Provisioning	Disables an existing user in RSA ClearTrust
Enable User	Provisioning	Enables a disabled user in RSA ClearTrust
Update User	Provisioning	updates an existing user in RSA ClearTrust with the input values provided
Set Password	Provisioning	Sets a password when a user is first created in RSA ClearTrust
Change Password	Provisioning	Updates a user's password in RSA ClearTrust
Assign User to a Group	Provisioning	Assigns a user to a group in RSA ClearTrust To map an RSA ClearTrust group to Oracle Identity Manager: Open the Oracle Identity Manager Design Console. Expand the Xellerate Administration folder, and double-click Lookup Definition. The Lookup Definition page is displayed. On the Lookup Definition page, query for the CTGroups record. Click Add. A blank row is displayed on the Lookup Code Information tab. In the Code Key and Decode fields, enter the name of the RSA ClearTrust group. Then, enter `en` in the Language field and us in the Country field. Click Save on the Oracle Identity Manager toolbar. Repeat Steps 4 through 6 to map additional RSA ClearTrust groups to Oracle Identity Manager.
Remove User from a Group	Provisioning	Removes a user from a group in RSA ClearTrust
Assign a Default Group to the User	Provisioning	Assigns a default group to a user in RSA ClearTrust
Update User Property	Provisioning	Assigns or removes a property value If the RSA ClearTrust property type is `Date,` then the corresponding value for the property can only be set by using the Property Value (Date) field in the RSA ClearTrust User Properties form. If the ClearTrust property type is `Boolean,` then the corresponding value for the property can only be set by using the Property Value (Boolean) check box in the ClearTrust User Properties form. To set the value of any other type of property, use the Property Value field.
Trusted Reconciliation for Login	Reconciliation	Creates Xellerate Login accounts with respect to reconciled logins from RSA ClearTrust
Create User	Reconciliation	Reconciles user accounts from RSA ClearTrust
Update User Property	Reconciliation	Reconciles user properties from RSA ClearTrust
Assign User to a Group	Reconciliation	Reconciles user-group association from RSA ClearTrust

Reconciliation Module

The reconciliation module extracts the following elements from the target system to construct reconciliation event records:

UserID
FirstName
LastName
EmailID
StartDate
EndDate
PasswordExpDate
IsPublic
IsUserlocked
PropertyName
PropertyValue
GroupName

You can customize the following reconciliation fields by setting the UseReconFieldMap attribute to true and putting their values in the Lookup.CTReconciliation.FieldMap lookup:

Note:

The userId and lastName fields are mandatory fields and, therefore, they must exist in the lookup.

userId
lastName
islock
firstName
email
startDate
endDate
pwdExpDate
isPublic
properties
groups

Provisioning Module

The following fields of the RSA ClearTrust connector are provisioned.

Name	Data Type
User ID	String
Password	String
Password Expiration Date	Date
First Name	String
Last Name	String
Email Address	String
Start Date	Date
End Date	Date
Lock User	Boolean
Is Public	Boolean
User Group Name	String
Property Value	String
Property Name	String
Property Value (Date)	Date
Property Value (Boolean)	Boolean

Files and Directories That Comprise the Connector

The files and directories that comprise this connector are compressed in the following ZIP file on the installation media:

Web Access Control\RSA ClearTrust\RSA ClearTrust Rev 3.0.0.zip

These files and directories are listed in the following table.

File in the Installation Media Directory	Description
xml\XLIClearTrust_DM.xml xml\XLIClearTrustEntityAdp_DM.xml	These XML files contain the following components of the RSA ClearTrust connector: IT resource type Custom process form Process task and adapters (along with their mappings) Login resource object Provisioning process Pre-populate rules
xml\XLICTAutoSaveAdapter_DM.xml	This XML file contains the code for the adapter that is required to enable the AutoSave feature on the RSA ClearTrust provisioning process form.
xml\XLIClearTrustScheduleTask_DM.xml	This XML file contains the code for the reconciliation scheduled task and its attributes.
lib\xliClearTrust.jar	This JAR file contains the Java classes that are required for provisioning.
test\config\config.properties	This file contains the properties that are used to connect to the RSA ClearTrust server.
test\lib\xlicleartrusttest.jar	This JAR file contains the test classes that can be used to test the functionality of the connector.
docs\B31133_01.pdf docs\html	These are PDF and HTML versions of this guide, which provides instructions to deploy the connector.

Note:

The files in the test directory are used only to run tests on the connector.

The "Step 3: Copying the Connector Files and External Code" section provides instructions to copy these files into the required directories.