1 About the Connector

The Oracle Identity Manager IBM RACF Advanced Connector provides a native interface between IBM RACF installed on z/OS mainframe and Oracle Identity Manager. The Advanced Connector functions as a trusted virtual administrator on the targeted platform, performing tasks such as creating login IDs, suspending IDs, changing passwords, and performing other functions that administrators usually perform manually.

The Oracle Identity Manager IBM RACF Advanced Connector enables provisioning and reconciliation to IBM RACF security facilities. This chapter discusses the following topics:

• Overview of Oracle Identity Manager IBM RACF Advanced Connector

• Supported Functionality

• Multilanguage Support

• Files and Directories That Comprise the Connector

Overview of Oracle Identity Manager IBM RACF Advanced Connector

The Oracle Identity Manager IBM RACF Advanced Connector includes the following components:

• LDAP Gateway: The LDAP Gateway receives instructions from Oracle Identity Manager in the same way as any LDAP version 3 identity store. These LDAP commands are then converted into native mainframe commands for IBM RACF and sent to the Provisioning Agent. The response is also native to IBM RACF, which is then parsed into an LDAP response. After execution, an LDAP-formatted response is returned to the requesting application.

• Provisioning Agent: The Provisioning Agent is a mainframe component, receiving native mainframe IBM RACF provisioning commands from the LDAP Gateway. These requests are processed against the IBM RACF authentication repository with the response parsed and returned to the LDAP Gateway.

• Reconciliation Agent: The Oracle Identity Manager Reconciliation Agent captures native mainframe events using advanced exit technology for seamless reconciliation to Oracle Identity Manager through the LDAP Gateway. The Reconciliation Agent captures events occurring from the TSO logins, command prompt, batch jobs, and other native events in real time. The Reconciliation Agent captures these events and transforms them into notification messages for Oracle Identity Manager through the LDAP Gateway.

• Message Transport Layer: The message transport layer enables the exchange of messages between the LDAP Gateway and the IBM RACF Provisioning and Reconciliation Agent. You can use the following messaging protocols for the message transport layer:

  • IBM MQ Series

  • TCP/IP with internal Advanced Encryption Standard (AES) encryption using 128-bit cryptographic keys. The IBM RACF Advanced connector supports a manually configured message transport layer using the TCP/IP protocol, which is functionally similar to proprietary message transport layer protocols.

In addition, the Advanced connector is engineered for high-performance environments and transactions.

See Also: For more information on the IBM RACF Advanced Connector architecture and configuration of the message transport layer, refer to Appendix B, "Connector Architecture"

Supported Functionality

The following sections list the features supported by the Oracle Identity Manager IBM RACF Advanced Connector.

Provisioning Agent Functionality

The Provisioning Agent provides the following functionality:

• Change passwords

• Reset passwords

• Create users

• Modify users

• Revoke user accounts

• Add user to groups

• Delete users

• Resume user accounts

• List users

• List groups

• List users by groups

• List resource profiles by user

• Grant user access to data sets

• Grant user access to resource profiles

• Grant user access to TSO

Reconciliation Agent Functionality

The Reconciliation Agent provides the following functionality:

• Change passwords

• Password resets

• Create user data

• Modify user data

• Revoke users

• Add users to groups

• Delete users

• Resume users

Multilanguage Support

In addition to English, this release of the connector supports the following languages:

• French

• Japanese

Files and Directories That Comprise the Connector

The files and directories that comprise this connector are compressed in the following ZIP file on the installation media:

Security Applications\IBM RACF\IBM RACF Advanced Rev 1.1.0.zip

Extract the contents of this file to the OIM_HOME directory. The contents of this file are described in brief in the following table:

File or Directory on the Installation Media	Description of Files and Contents
xml\oimRacfConnector.xml	The XML file that contains component definitions for the connector.
lib\idm.jar	The connector JAR file to be deployed on the Oracle Identity Manager system.
etc\LDAP Gateway\	Files required for LDAP Gateway deployment in the Oracle Identity Manager system.
etc\Provisioning and Reconciliation Connector\Mainframe_RACF\	Files required for the deployment of the Provisioning Agent and Reconciliation Agent Deployment on the mainframe.
Files in the resources directory: <connectorName>.properties <connectorName>_fr.properties <connectorName>_ja.properties	Each of these files contain locale-specific information that is used by the connector.
Files in the docs directory: B32186_01.pdf html	Oracle Identity Manager Connector Guide for IBM RACF Advanced

See Also: For more information about copying these files to their respective destinations on the Oracle Identity Manager system or the mainframe, refer to Chapter 2 and Chapter 3.