| Oracle® Identity Manager Connector Guide for RSA Authentication Manager Release 9.0.4 Part Number E10168-01 |
|
|
View PDF |
| Oracle® Identity Manager Connector Guide for RSA Authentication Manager Release 9.0.4 Part Number E10168-01 |
|
|
View PDF |
Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with third-party applications. The connector for RSA Authentication Manager is used to integrate Oracle Identity Manager with RSA Authentication Manager.
Note:
Oracle Identity Manager connectors were referred to as resource adapters prior to the acquisition of Thor Technologies by Oracle.This chapter contains the following sections:
Note:
At some places in this guide, RSA Authentication Manager has been referred to as the target system.Reconciliation involves duplicating in Oracle Identity Manager additions of and modifications to user accounts on the target system. It is an automated process initiated by a scheduled task that you configure.
See Also:
The "Deployment Configurations of Oracle Identity Manager" section in Oracle Identity Manager Connector Framework Guide for conceptual information about reconciliation configurationsThe following target system fields are reconciled:
Default Login
First Name
Last Name
Group Name
Group Login
Key Value
Data Value
Token Serial Number
Type of Token
The following target system fields are reconciled only if trusted source reconciliation is implemented:
User ID
First Name
Last Name
Employee Type
User Type
Organization
The following are features related to the reconciliation of multivalue attribute groups:
Group names that include the names of sites are entered in the group_name@domain_name format. In Oracle Identity Manager 9.0.3, you can choose not to include the domain name while creating or updating the name of a group. Similarly, regardless of whether or not the name of a group in the target system includes a domain name, it is reconciled in Oracle Identity Manager.
Note:
The term "domain name" in the Oracle Identity Manager context is the same as "site name" in RSA Authentication Manager.When a user is deleted from a group in ACE, the group is also deleted from the user's ACE process child table.
Provisioning involves creating or modifying a user's account information on the target system through Oracle Identity Manager. You use the Administrative and User Console to perform provisioning operations.
See Also:
The "Deployment Configurations of Oracle Identity Manager" section in Oracle Identity Manager Connector Framework Guide for conceptual information about provisioningFor this target system, provisioning is divided into the following types:
In this provisioning type, you can specify values for the following fields:
Default Login
First Name
Last Name
Group Login
Group Name
Key Value
Data Value
In this provisioning type, you can specify values for the following fields:
Token Serial Number
PIN
Current Token Code
Lifetime (hours)
Number of Digits
Type of Token
Copy Protection Flag
Password
Password Usage and Interpretation Method
Software Token File Name
Encryption Key Type
Type of Algorithm
The following table lists the functions that are available with this connector.
| Function | Type | Description |
|---|---|---|
| Create User | Provisioning | Creates a user |
| Delete User | Provisioning | Deletes a user
This function would not run if the user to be deleted is an administrator. |
| Enable Token | Provisioning | Enables a disabled token |
| Disable Token | Provisioning | Disables an existing token |
| Assign SecurID Tokens to Users | Provisioning | Assigns a token to a user
While assigning a software token to the user, the Type of Algorithm field must be filled in the process form.
|
| Revoke SecurID Tokens from Users | Provisioning | Revokes a token from a user |
| Assign Users to RSA Authentication Manager Groups | Provisioning | Assigns a user to a group
You must ensure that the following prerequisites are met before you use this function:
|
| Remove Users from RSA Authentication Manager Groups | Provisioning | Removes a user from a group
You must ensure that the following prerequisites are met before you use this function:
|
| Set Token PIN | Provisioning | Updates the configuration of a token according to a change in the PIN attribute |
| Set PIN to Next Token Code Mode | Provisioning | Sets the PIN to the next token code mode in RSA Authentication Manager |
| Track Lost Tokens | Provisioning | Updates the configuration of a token according to a change in the Track Lost attribute |
| Test Login | Provisioning | Verifies the login for a new user to whom a token has been assigned
You must ensure that the following prerequisites are met before you use this function:
For software token types, you must enter the passcode, instead of the token code, in the Current Token Code field in the process form. The passcode can be viewed by using the software token application, which is installed on the Oracle Identity Manager server. See Also: The "Installing Software Tokens" section for more information |
| Add key-data pairs to user extension data | Provisioning | Adds a key-data pair to user extension data
Before you use this function, you must ensure that the following prerequisite is met: User must not have user extension data with the same key before provisioning to the target system. |
| Update key-data pairs in user extension data | Provisioning | Update a key-data pair in user extension data
Before you use this function, you must ensure that the following prerequisites are met:
|
| Delete key-data pairs from user extension data | Provisioning | Delete a key-data pair user extension data
Before you use this function, you must ensure that the following prerequisite is met: User must have user extension data with the same key value before provisioning to the target system. |
The connector supports the following languages:
Chinese Simplified
Chinese Traditional
English
French
German
Italian
Japanese
Korean
Portuguese (Brazilian)
Spanish
See Also:
Oracle Identity Manager Globalization Guide for information about supported special charactersThe files and directories that comprise this connector are in the following directory on the installation media:
Security Applications/RSA Authentication Manager
These files and directories are listed in the following table.
| File in the Installation Media Directory | Description |
|---|---|
lib/xliACE.jar |
This file contains the Java classes that are required for provisioning in RSA Authentication Manager. |
remotePackage/config/xl.policy |
This file contains the security configuration that is required for the RMI server codebase for running calls on RSA Authentication Manager for reconciliation. |
remotePackage/lib/ACE52/ACEUser.dll |
This file contains the shared library that is required to support provisioning in RSA ACE Server 5.2. |
remotePackage/lib/ACE52Sol/libACEUser.so |
This file contains the shared library that is required to support provisioning in RSA Authentication Manager. |
remotePackage/lib/AuthMgr60/ACEUser.dll |
This file contains the shared library that is required to support provisioning in RSA Authentication Manager 6.0. |
remotePackage/lib/AuthMgr61/ACEUser.dll |
This file contains the shared library that is required to support provisioning in RSA Authentication Manager 6.1, on Microsoft Windows. |
remotePackage/lib/xliACE.jar |
This file contains the Java classes that are required for provisioning in RSA Authentication Manager. |
remotePackage/scripts/AuthMgrImportXLCert.bat |
This file contains the script for importing the required security certificate into the remote manager keystore (.xlkeystore). |
remotePackage/scripts/AuthMgrImportXLCert.sh |
This file contains the script for importing the required security certificate into the remote manager keystore (.xlkeystore) on Solaris. |
remotePackage/tests/config/xl.policy |
This file contains the security configuration required for the RMI server codebase to run test calls on RSA Authentication Manager. |
remotePackage/tests/lib/xliACETestServer.jar |
This file contains the Java classes that are required to run the RMI server for running test calls on RSA Authentication Manager. |
remotePackage/tests/logs |
This directory is used by the connector test suite to log the results of the tests. The log files are created in this directory. |
remotePackage/tests/scripts/runTestServer.bat |
This file contains the script that is required to run the RMI server for running test calls on RSA Authentication Manager. |
remotePackage/tests/scripts/runTestServer.sh |
This file contains the script that is required to run the RMI server for running test calls on RSA Authentication Manager, on Solaris. |
Files in the resources directory |
Each of these resource bundle files contains language-specific information that is used by the connector.
Note: A resource bundle is a file containing localized versions of the text strings that are displayed on the user interface of Oracle Identity Manager. These text strings include GUI element labels and messages displayed on the Administrative and User Console. |
scripts/AuthMgrImportRMCert.bat |
This file contains the script for importing the required security certificate in the Oracle Identity Manager server keystore (.xlkeystore). |
scripts/AuthMgrImportRMCert.sh |
This file contains the script for importing the required security certificate in the Oracle Identity Manager server keystore (.xlkeystore) on Solaris. |
tests/config/config.properties |
This file contains the properties required by the RMI client for running test calls from the Oracle Identity Manager server. |
tests/lib/xliACETestClient.jar |
This file contains the Java classes required to run the RMI client for running test calls from the Oracle Identity Manager server. |
tests/logs |
This directory is used by the connector test suite to log the results of the tests. The log files are created in this directory. |
tests/scripts/runTestClient.bat |
This file contains the script required to run the RMI client for running test calls from the Oracle Identity Manager Server, for Microsoft Windows. |
tests/scripts/runTestClient.sh |
This file contains the script required to run the RMI client for running test calls from the Oracle Identity Manager Server, for Solaris. |
xml/xliAuthMgrScheduledTask_DM.xml |
This file contains definitions for the components required for reconciliation. |
xml/xliAuthMgrToken_DM.xml |
This file contains definitions for the following ACE Token components of the connector:
|
xml/xliAuthMgrTrusted.xml |
This file contains configuration parameters for the Xellerate User. You must import this file only if you plan to use the connector in trusted source reconciliation mode. |
xml/xliAuthMgrUser_DM.xml |
This file contains definitions for the following ACE User components of the connector:
|
Note:
The files in the
tests directory are used only to run tests on the connector.The "Step 3: Copying the Connector Files" section provides instructions to copy these files into the required directories.
You can use any one of the following methods to determine the release number of the connector.
To determine the release number of a connector before you deploy it:
Extract the contents of the xliACE.jar file. This file is in the following directory on the installation media:
Security Applications/RSA Authentication Manager/lib
Open the manifest.mf file in a text editor. The manifest.mf file is one of the files bundled inside the xliACE.jar file.
In the manifest.mf file, the release number of the connector is displayed as the value of the Version property.
Note:
If you maintain a copy of thexliACE.jar file after deployment, then you can use this method to determine the release number of the connector at any stage. After you deploy the connector, it is recommended that you use the "After Deployment" method, which is described in the following section.To determine the release number of a connector that has already been deployed:
See Also:
Oracle Identity Manager Design Console GuideOpen the Oracle Identity Manager Design Console.
In the Form Designer, open the process form. The release number of the connector is the value of the Version field.
