1 About the Connector

The Oracle Identity Manager CA Top Secret Advanced Connector provides an interface between CA Top Secret installed on z/OS mainframe and Oracle Identity Manager. The CA Top Secret Advanced Connector functions as a trusted virtual administrator on the targeted platform, performing tasks such as creating login IDs, suspending IDs, changing passwords, and performing other functions that administrators usually perform manually.

The Oracle Identity Manager CA Top Secret Advanced Connector enables provisioning and reconciliation to CA Top Secret security facilities. This chapter discusses the following topics:

• Overview of Oracle Identity Manager CA Top Secret Advanced Connector

• Supported Functionality

• Multilanguage Support

• Files and Directories That Comprise the Connector

Overview of Oracle Identity Manager CA Top Secret Advanced Connector

The Oracle Identity Manager CA Top Secret Advanced Connector includes the following components:

• LDAP Gateway: The LDAP Gateway receives instructions from Oracle Identity Manager in the same way as any LDAP version 3 identity store. These LDAP commands are then converted into native mainframe commands for CA Top Secret and sent to the Provisioning Agent. The response is also native to CA Top Secret, which is then parsed into an LDAP response. After execution, an LDAP-formatted response is returned to the requesting application.

• Provisioning Agent: The Provisioning Agent is a mainframe component, receiving native mainframe CA Top Secret provisioning commands from the LDAP Gateway. These requests are processed against the CA Top Secret authentication repository with the response parsed and returned to the LDAP Gateway.

• Reconciliation Agent: The Oracle Identity Manager Reconciliation Agent captures native mainframe events using advanced exit technology for seamless reconciliation to Oracle Identity Manager through the LDAP Gateway. The Reconciliation Agent captures events occurring from the TSO logins, command prompt, batch jobs, and other native events in real time. The Reconciliation Agent captures these events and transforms them into notification messages for Oracle Identity Manager through the LDAP Gateway.

• Message Transport Layer: The message transport layer enables the exchange of messages between the LDAP Gateway and the Provisioning and Reconciliation Agent. You can use the following messaging protocols for the message transport layer:

  • IBM MQ Series

  • TCP/IP with internal Advanced Encryption Standard (AES) encryption using 128-bit cryptographic keys. The CA Top Secret Advanced Connector supports a manually configured message transport layer using the TCP/IP protocol, which is functionally similar to proprietary message transport layer protocols.

In addition, the CA Top Secret Advanced connector is engineered for high-performance environments and transactions.

See Also: For more information on the CA Top Secret Advanced Connector architecture and configuration of the message transport layer, refer to Appendix B, "Connector Architecture"

Supported Functionality

The following sections list the functionality available with the Oracle Identity Manager CA Top Secret Advanced Connector.

Provisioning Agent Functionality

The Provisioning Agent provides the following functionality:

• Change passwords

• Reset passwords

• Create users

• Modify users

• Revoke user accounts

• Add user to groups

• Delete users

• Resume user accounts

• List users

• List groups

• List users by groups

• List resource profiles by user

• Grant user access to datasets

• Grant user access to resource profiles

• Grant user access to TSO

Reconciliation Agent Functionality

The Reconciliation Agent provides the following functionality:

• Change passwords

• Password resets

• Create user data

• Modify user data

• Revoke users

• Add users to groups

• Delete users

• Resume users

Multilanguage Support

In addition to English, this release of the connector supports the following languages:

• French

• Japanese

Files and Directories That Comprise the Connector

The files and directories that comprise this connector are compressed in the following ZIP file on the installation media:

Security Applications\CA Top Secret\CA Top Secret Advanced Rev 1.1.0.zip

Extract the contents of this file to the OIM_HOME directory. The contents of this file are described in brief in the following table:

Files and Directories	Description of Files and Contents
xml\oimTopsConnector.xml	The XML file that contains component definitions for the connector.
lib\idm.jar	The connector JAR file to be deployed on the Oracle Identity Manager system.
etc\LDAP Gateway\	Files required for LDAP Gateway deployment on the Oracle Identity Manager system.
etc\Provisioning and Reconciliation Connector\Mainframe_TS\	Files required for installing the Provisioning Agent and Reconciliation Agent on the mainframe.
Files in the resources directory: <connectorName>.properties <connectorName>_fr.properties <connectorName>_ja.properties	Each of these files contain locale-specific information that is used by the connector.
Files in the docs directory: B32152_01.pdf html	The CA Top Secret Advanced Connector documentation.

See Also: For more information on copying these files to the required destinations for connector deployment, refer to Chapter 2 and Chapter 3.