This chapter provides an overview of the updates made to the software and documentation for the Oracle Identity Manager Advanced Connector for CA Top Secret in release 9.0.4.20.
The updates discussed in this chapter are divided into the following categories:
This section describes updates made to the connector software.
Documentation-Specific Updates
This section describes major changes made to this guide. These changes are not related to software updates.
The following sections discuss software updates:
The following are the software updates in release 9.0.4.20:
From this release onward, the connector no longer supports trusted source reconciliation. Only target resource reconciliation is supported.
From this release onward, the connector can be installed and used on Oracle Identity Manager 11g Release 2 PS3 (11.1.2.3.0).
See Section 1.1, "Certified Components" for the full list of certified Oracle Identity Manager releases.
The following table lists issues resolved in release 9.0.4.20:
Bug Number | Issue | Resolution |
---|---|---|
18962680 | The Code Key and Decode values of the Lookup.ProfileNames lookup definition used a dash (-) instead of a tilde (~). | This issue has been resolved. |
20270833 | CICSOPCLASS mapped incorrectly when reconciled through VOYAGER. | This issue has been resolved. |
The following are the software updates in release 9.0.4.19:
From this release onward, the connector supports the following VOYAGER enhancements:
MSGID01=<YES|NO>,IDMV602E,xx - for LDAP recovery message suppression.
RECOVERY_INTERVAL=xxx,<MINS|SECS> - recovery interval for IP addresses.
DNS_RECOVERY_INTERVAL=xxx,<MINS|SECS> - recovery interval for DNS addresses.
From this release onward, STARTUP and WRAPUP have been added back as the method of creating the Subpool for VOYAGER and deleting the Subpool. The VOYAGER control file parameter (SUBPOOL_SIZE=) is no longer supported.
From this release onward, the connector supports a new PIONEER enhancement. EXPORT_MON=YES, REC=01000 – CFILE transfer monitor while PIONEER is running.
From this release onward, the VOYAGER Audit log, turned on with VOYAGER parameter AUDIT_LOG=YES has been enhanced to show ACID being processed as well as the number of items or messages read from the Subpool.
The following table lists issues resolved in release 9.0.4.19:
Bug Number | Issue | Resolution |
---|---|---|
18950032 | High-availability reconciliation was not supported for users who were deleted from the internal LDAP store. | This issue has been resolved. High-availability reconciliation of deleted internal LDAP users is now supported. |
18231514 | CFILE XML error messages were not logged to the main LDAP gateway log file. | This issue has been resolved. CFILE XML error messages are now logged to both the XML error log and main LDAP gateway log file. |
19239326 | The LDAP Gateway server returned a generic exception when granting a duplicate entitlement to a user. | This issue has been resolved. Support for error code 64, User Already Linked to Group/Profile, has been added to all provisioning functions that grant an entitlement to a user. |
19316338 | The LDAP gateway lacked support for reconciling the display name of a ZONE to which a user belongs. | This issue has been resolved. The LDAP gateway now supports both scheduled task and real-time reconciliation of the ZONE display name attribute and value. |
19308581 | The LDAP gateway did not correctly format a TSOCOMMAND value containing spaces or single quotation marks. | This issue has been resolved. The LDAP gateway now properly formats a TSOCOMMAND value that contains a space character, single quotation mark, or both. |
The following are the software updates in release 9.0.4.18:
From this release onward, the connector can be installed and used on Oracle Identity Manager 11g release 2 (11.1.2.0.1) or later. Where applicable, instructions specific to this Oracle Identity Manager release have been added in the guide.
See Section 1.1, "Certified Components" for the full list of certified Oracle Identity Manager releases.
The following table lists issues resolved in release 9.0.4.18:
Bug Number | Issue | Resolution |
---|---|---|
16828743 | Users reconciled to Oracle Identity Manager using the CFILE XML processing feature did not include all permission data needed to certify in accordance with SOX. | This issue has been resolved. Users and profiles reconciled using the CFILE XML processing feature will now include all necessary permission data required to certify in accordance with SOX. |
17628090 | Mainframe agent log messages did not contain a date, timestamp, or message code. Messages produced by the mainframe were not described in the documentation. | This issue has been resolved. Documentation has been updated to better describe mainframe log messages. Where applicable, date, timestamp, and message codes have been added to the mainframe log messages. |
16925326 | The 9.0.4.17 connector XML throws an error when importing the connector. | This issue has been resolved. The 9.0.4.18 XML no longer throws any errors during connector import or connector upgrade operations. |
16855865 | The run script used to start the LDAP gateway did not add the correct Oracle Identity Manager libraries to the classpath. | This issue has been resolved. The LDAP gateway run script now adds the correct Weblogic and Oracle Identity Manager libraries to the classpath. |
The following are the software updates in release 9.0.4.17:
Support for Scheduled Task – Reconcile Deleted Users to Oracle Identity Manager
Support for Scheduled Task – Reconcile Users to Internal LDAP
Support for Scheduled Task – Reconcile LDAP Users to Oracle Identity Manager
Support for LU6.2 Attributes During Provisioning and Reconciliation Operations
Support for Configurable Property for Revoking PSUSPEND Users
Support for Configurable Lookup Code Name in Scheduled Tasks
Support for Pioneer and Voyager Parameters in a Control File
From this release onward, the connector supports an additional scheduled task for reconciling deleted users on the target system. This task retrieves a list of users from the target system and compares that list with a list of users from Oracle Identity Manager. If a user is found to exist within Oracle Identity Manager, but not on the target system, then a delete reconciliation event for the user is sent to Oracle Identity Manager. See Section 4.4.2.2, "Top Secret Reconcile Deleted Users to OIM" for more details.
From this release onward, the connector supports an additional scheduled task for reconciling users on the target system to the internal LDAP store. This task retrieves a list of users and their profiles from the target system and reconciles each user to the internal LDAP gateway metastore. See Section 4.4.2.3, "Top Secret Reconcile Users to Internal LDAP" for more details.
From this release onward, the connector supports an additional scheduled task for reconciling users from the internal LDAP store to Oracle Identity Manager. This task retrieves a list of users from the internal LDAP store and reconciles those users to Oracle Identity Manager. See Section 4.4.2.4, "Top Secret Reconcile All LDAP Users" for more details.
From this release onward, the connector supports provisioning and reconciliation of LU6.2 attributes. Specifically, support for the #APPL, #ENTITY, BC1CHAIN, BC2CHAIN, SET1DISP, and SET2DISP attributes has been added to TSS CREATE, ADDTO, REPLACE, REMOVE, and LIST commands.
From this release onward, the connector supports the RENAME Top Secret operation. See Section 1.5.1, "Supported Functions for Target Resource Reconciliation" and Section 1.5.2, "Supported Functions for Provisioning" for more details.
From this release onward, the connector supports provisioning of the GENCERT Top Secret operation. See Section 1.5.2, "Supported Functions for Provisioning" and Section 1.5.9, "Provisioning GENCERT Operations" for more details.
From this release onward, the connector supports provisioning of the GENREQ Top Secret operation. See Section 1.5.2, "Supported Functions for Provisioning" and Section 1.5.10, "Provisioning GENREQ Operations" for more details.
From this release onward, the connector properties file includes a configurable property for revoking users with the PSUSPEND attribute. See Section 2.6, "Installing and Configuring the LDAP Gateway" for more details.
From this release onward, the FindAllResources, FindAllDatasets, FindAllProfiles, and FindAllFacilities scheduled tasks include a property called Lookup Code Names. This property is used to specify the lookup code name where results of the task should be stored. See Section 4.2, "Scheduled Tasks for Lookup Field Synchronization" for more details.
Support for all Pioneer and Voyager parameters are now contained in a parameter or control file pointed to by "//PARMFLE" ddname on both PIONEER and Voyager. This file can be a QSAM (recfm=f,lrecl=80,blksize=80,dsorg=ps) or a pds member. See Section 3.8, "Configuring the Started Tasks" for more details.
A full export of Top-Secret CFILE data will now be done through a conversion utility provided converting it to XML for input into Pioneer. This XML data will be sent to the LDAP on-demand.
STARTUP and WRAPUP have been removed. Their functions have been incorporated into Voyager. Voyager has a new SUBPOOL_SIZE= parameter that is used to allocate the CACHE (Subpool) for reconciliation messages.
A new parameter has been added to Voyager, "PIONEER_DELETE_MSGS=YES" or "PIONEER_DELETE_MSGS=NO". This new parameter will force Voyager to process or not process messages originating from Pioneer.
The following table lists issues resolved in release 9.0.4.17:
Bug Number | Issue | Resolution |
---|---|---|
16236789 | Updates to the UserLogin attribute fails. | This issue has been resolved. Support for the TSS RENAME command is now included. |
16266065 | Updates to the UserLogin attribute fails. | This issue has been resolved. Support for the TSS RENAME command is now included. |
16515205 | Single-use password with EXPIRE does not work. | This issue has been resolved. EXPIRE is now a supported attribute in provisioning and reconciliation functions. |
16510636 | Connector does not include support for both GROUPS and PROFILES operations. | This issue has been resolved. Users can now be provisioned and removed from TSS GROUPS and PROFILES, and their group and profile memberships are now supported during reconciliation. |
16240718 | Updates to the FullName attribute in OIM are not successfully committed to the mainframe. | This issue has been resolved. The Full Name attribute is now successfully updated in provisioning operations. |
15958873 | The "Reconcile All Users" scheduled task is not working. | This issue has been resolved. All reconciliation scheduled task functions are now working. |
13419640 | Maclib.xmi is referenced in the documentation but is not included in the installation media. | This issue has been resolved. Maclib.xmi has been removed from the installation media and is no longer referenced in the documentation. |
12675647 | Maclib.xmi is referenced in the documentation but is not included in the installation media. | This issue has been resolved. Maclib.xmi has been removed from the installation media and is no longer referenced in the documentation. |
The following are the software updates in release 9.0.4.16:
From this release onwards, the connector supports the new All Users scheduled task properties. The TSS Reconcile All Users scheduled task properties have been updated. Users can now customize the UID case during reconciliation, and reconciliation of individual users through the scheduled task is now supported. See Table 4-3 for more details.
From this release onwards, the connector supports a new feature. The Oracle Identity Manager reconciliation feature ignoreEvent() is now included. The LDAP Gateway will now confirm whether a reconciliation event should be ignored before creating the event in Oracle Identity Manager. Both real-time reconciliation and full reconciliation utilize this feature. See Section 1.3.2.1, "Full Reconciliation Process" and Section 1.3.2.3, "Incremental (Real-Time) Reconciliation Process" for more details.
The following table lists issues resolved in release 9.0.4.16:
Bug Number | Issue | Resolution |
---|---|---|
14048660 | The Oracle Identity Manager CA Top Secret connector is unable to reconcile attribute values containing "=" character. | This issue has been resolved. Now the Oracle Identity Manager CA Top Secret connector is allowing "=" characters to be parsed in INSTALLATION-DATA field. |
13682327 | The reconciliation class name for full user reconciliation is identical for both RACF and Top Secret full user reconciliation. | This issue has been resolved. The reconciliation class name for full user reconciliation can now use with other mainframe connectors. |
11795039 | The Oracle Identity Manager CA Top Secret connector is unable to reconcile profiles correctly. | This issue has been resolved. The Oracle Identity Manager CA Top Secret connector now allows profiles to be reconciled per user on the child-form. |
7359488 | The logging is inconsistent in the Oracle Identity Manager CA Top Secret connector. | This issue has been resolved. All logging is using OIM logger in adapters. |
The following are the software updates in release 9.0.4.15:
A new Pioneer Control File Parameter QUEUE_DSN= has been added.
The value of JWAIT= parameter has been changed.
The value of RWAIT= parameter has been changed.
See Section 3.8, "Configuring the Started Tasks" for more details.
The following table lists issues resolved in release 9.0.4.15:
Bug Number | Issue | Resolution |
---|---|---|
13696296 | The connector dataset name should be customizable. | This issue has been resolved. You need to customize the CLIST.DONE.FILE dataset name in order to get the Oracle Identity Manager Top Secret Advanced connector up and running. |
13828279 | The user is generating an exception crash during reconciliation. | This issue has been resolved. The user can now successfully run the reconciliation. |
13847821 | The RWAIT parameter is not being honored by the pioneer agent before sending to LDAP. | This issue has been resolved. The RWAIT parameter is now successfully honored by the pioneer agent before sending to LDAP. |
The following are the software updates in release 9.0.4.14:
Support for Voyager and Pioneer Parameters Using a Control File
Support for Post-processing within Pioneer Based on Top-Secret Command
Support for ALIAS Processing within Pioneer Based on LDAP Command
From this release onward, the connector includes scheduled tasks for storing all resources, profiles, facilities, and datasets in lookup definitions. These lookups are used during the provisioning process, allowing the user to select an existing profile, resource, facility, or dataset from a lookup list, instead of manually entering the name in the provisioning form.
See Section 1.5, "Connector Objects Used During Reconciliation and Provisioning" for more information.
From this release onward, new provisioning functions are supported by the connector.
See Section 1.5.2, "Supported Functions for Provisioning" for more details.
From this release onward, new IT resource parameters are supported by the connector.
See Section 2.3, "Configuring the IT Resource" for more information.
From this release onward, SSL configuration in LDAP Gateway has been supported.
SeeSection 2.6, "Installing and Configuring the LDAP Gateway" for more information.
From this release onward, the Voyager STC will not pass any STC parameters. They are now contained in a QSAM file pointed to by the PARMFLE "DD" statement. Pioneer will now only pass four parameters, TCPN, IPAD, PORT, and DEBUG. All other parameters are passed through the control file.
In this release, new set of commands for Pioneer and Voyager are included.
See Chapter 3, "Connector Deployment on the Mainframe" for more information.
In this release, ability for Pioneer to post-process with the usage of one of the three Top-Secret commands, Create, Addto, and Remove commands, has been introduced. The format and functionally is explained in Chapter 3, "Connector Deployment on the Mainframe". The output of the Post-Processing, where it worked or not, is the responsibility of the installation and not Pioneer.
In this release, ability for Pioneer process LDAP ALIAS Defines and Deletes, has been introduced. The ALIAS request will come into Pioneer and Pioneer using the INJCLR "DD" submits the DEFINE or DELETE with the INJCLR JCl wrapped around it. The output is sent back to the LDAP. The "JWAIT= parameter" is new and is used as a wait timer for the job to finish completion.
See Section 3.8, "Configuring the Started Tasks" for more information.
From this release onward, a set of new scheduled task configurations have been supported.
See Table 4-0, "Scheduled Tasks for Lookup Field Synchronization" for more information.
From this release onward, initial reconciliation is no longer performed using the topsecret-initial-recon-adapter deployment. Instead, initial reconciliation is supported through the TopSecret Reconcile All Users scheduled task.
See Section 5.4, "Removing Attributes Mapped for Target Resource Reconciliation" for more details.
The following table lists issues resolved in release 9.0.4.14:
Bug Number | Issue | Resolution |
---|---|---|
12977414 | No support for expiration dates when modifying a user (TSS ADDTO) | This issue has been resolved. All ADDTO attributes, including FIRST, AFTER, and BEFORE, are now supported. |
The following are the software updates in release 9.0.4.13:
From this release onward, the connector can be installed and used on Oracle Identity Manager 11g release 1 (11.1.1). Where applicable, instructions specific to this Oracle Identity Manager release have been added in the guide.
See Section 1.1, "Certified Components" for the full list of certified Oracle Identity Manager releases.
From this release onward, the connector provides support for request-based provisioning on Oracle Identity Manager 11g release 1 (11.1.1).
See Section 4.7.2, "Request-Based Provisioning" for more information.
The following table lists issues resolved in release 9.0.4.13:
Bug Number | Issue | Resolution |
---|---|---|
6361887 | The Out of Disk Space error was not handled correctly. | This issue has been resolved. The Out of Disk Space error is now handled correctly. |
9704749 | The maclib.xmi file was missing from the Mainframe_TS.zip file on the installation media. | This issue has been resolved. The maclib.xmi file is now bundled in the Mainframe_TS.zip file on the installation media. |
9735838 | During reconciliation, CPU utilization by the LDAP Gateway reached very high levels. | This issue has been resolved. CPU utilization by the LDAP Gateway now remains within acceptable levels. |
The following are software updates in release 9.0.4.12:
With the DEBUG log level, the connector can now record log messages that describe issues related to storing of user records in the internal meta-store. See Section 1.3.2, "Connector Operations" for information about the internal meta-store.
The connector can recognize and prevent the recording of invalid encrypted messages in the log files.
The following are software updates in release 9.0.4.11:
From this release onward, the connector supports the SOURCE multivalued attribute for reconciliation and provisioning operations. See Section 1.5.6, "SOURCE Attributes for Provisioning" for information about attribute mappings for this multivalued attribute.
The following are software updates in release 9.0.4.6:
The connector now supports provisioning operations corresponding to the following target system functions:
TSS ADD(acid) ASUSPEND UNTIL(DATE): An administrative user suspends a user either indefinitely (no date is entered) or up to a specified date.
TSS REMOVE(acid) ASUSPEND UNTIL(): An administrative user unsuspends a user.
TSS ADD(acid) SUSPEND UNTIL(DATE): A user suspends another user either indefinitely (no date is entered) or up to a specified date.
TSS REMOVE(acid) SUSPEND UNTIL(): A user unsuspends another user.
Note:
For a Suspend operation, you cannot specify the current date. The date specified must be either the next day or a future date.The following are issues resolved in release 9.0.4.6:
Bug Number | Issue | Resolution |
---|---|---|
8582428 | During provisioning operations, assignment of a group to a user failed. | This issue was resolved in release 9.0.4.5. Group assignment to a user does not fail during provisioning operations. |
8909417 | The connector allows you to create and use multiple resource objects to represent multiple user types in your organization. This is described in the "Configuring Limited Reconciliation" section of the connector guide. In earlier releases, changes to the Enabled/Disabled/Revoked status of users on the target system were not reconciled if you used multiple resource objects. | This issue has been resolved. Changes in user status are reconciled into Oracle Identity Manager even when you configure multiple resource objects. |
The following are issues resolved in release 9.0.4.5:
Bug Number | Issue | Resolution |
---|---|---|
8715777 | During a reconciliation run, a parsing error was encountered if there was no data between the PROFILES and INSTDATA segments fetched from the target system. | This issue has been resolved. Data is always present between the PROFILES and INSTDATA segments during a reconciliation run. |
The following are software updates in release 9.0.4.4:
If you use multiple resource objects for reconciliation with the target system, then from this release onward you can specify the resource objects with which you want to associate records of specific user types from the target system. See "Configuring Limited Reconciliation" for more information about this feature.
The following are issues resolved in release 9.0.4.3:
Bug Number | Issue | Resolution |
---|---|---|
7583557 | Passwords were specified in unencrypted format in the beans.xml file, which is a configuration file used by the connector. |
This issue has been resolved. You can now use the propertyEncrypt script to encrypt passwords before you copy them into the beans.xml file.
See "Encrypting Passwords Used in the beans.xml File" for information about the procedure. |
The following are software updates up to release 9.0.4.2:
The IBM MQ Series protocol for the message transport layer is no longer supported for this connector. All content related to this protocol has been removed from the guide.
CA Top Secret user, group, facility, and data set and resource profile commands supported by the Provisioning Agent have been added in "Functionality Supported by the Pioneer Provisioning Agent" on page 1-6.
The list of functions supported by the Provisioning Agent has been updated in "Functionality Supported for Provisioning" on page 1-7.
The commands supported by the Reconciliation Agent have been added in "Functionality Supported by the Voyager Reconciliation Agent" on page 1-7.
The list of functions supported by the Reconciliation Agent has been updated in "Functionality Supported for Reconciliation" on page 1-7.
The list of fields reconciled between Oracle Identity Manager and CA Top Secret has been updated in "Target System Fields Used for Reconciliation and Provisioning" on page 1-8.
The IT resource parameters and their corresponding descriptions and sample values have been updated in "Importing the Connector XML File" on page 2-6.
The procedure to configure the connector for multiple installations of the target system has been added in "Configuring the Connector for Multiple Installations of the Target System" on page 2-14.
Information about reconciliation based on user status has been added in "Configuring Account Status Reconciliation".
Steps to add a new field for provisioning have been added in "Adding New Fields for Provisioning" on page 4-5.
Known issues related to the following bugs have been added in Chapter 7, "Known Issues and Workarounds":
6668844
6904041
7033009
Information about integrating the Reconciliation Agent exit with existing Top Secret exits has been added in "Installing or Integrating the Reconciliation Agent Exit".
The following sections discuss documentation-specific updates:
The following documentation-specific updates have been made in revision "23" of release 9.0.4.20:
References pertaining to topsecret-agent-recon, VOYAGER_ID.properties, RECOVERY_INTERVAL, and DNS-RECOVERY_INTERVAL have been removed throughout the document as they are no longer used.
The "omvsoefilep" entry in the LDAP Gateway Name column of Table 1-5, "Unmapped User Attributes for Target Resource Reconciliation and Provisioning" has been updated.
A "Note" on obtaining TSSINSTX exit source code through Oracle Support has been removed from Section 3.2, "Deploying the Reconciliation Agent and Provisioning Agent" as it is no longer supported.
Table 3-13, "Voyager Control File Parameters" has been modified as follows:
The "CONNECT-MSGS" parameter has been changed to "CONNECT_MSGS."
The "CONNECT_INTV=nn" and "CONNECT_RETRY=nnn" parameters have been added.
Description of the "CACHE_DELAY=" parameter has been modified in Table 3-13, "Voyager Control File Parameters".
The following documentation-specific updates have been made in revision "22" of release 9.0.4.20:
Updates to Appendix F, "LOADDSN Member and the File Contents" section.
Updates to Appendix G, "Reconciliation Agent (Voyager) Messages" section
Updates to Appendix H, "Provisioning Agent (Pioneer) Messages" section
Updates to Appendix J, "Pioneer and Voyager LONG_FDTNAME=Y Processing" section
The following documentation-specific updates have been made in revision "21" of release 9.0.4.20:
The following rows have been added:
Row "rexxlib.xmi" to Table 3-1, "JES2 XMIT Files".
Row "rexxlib.xmi" to Table 3-2, "File name on the Client Machine and on the Mainframe Host".
Row "REXXLIB.XMIT" to Table 3-3, "XMIT File Names and PDS Names".
Rows "IEBCPYRX" and "REXXCL" to Table 3-4, "JCLLIB members and their description".
Row "IOException:" to Table 6-1, "Troubleshooting Tips".
The following information has been added:
The following information has been modified:
The "Oracle Identity Manager" row of Table 1-1, "Certified Components".
Table 1-5, "Unmapped User Attributes for Target Resource Reconciliation and Provisioning"
Section 1.5.3, "User Attributes for Target Resource Reconciliation and Provisioning"
Section 3.2, "Deploying the Reconciliation Agent and Provisioning Agent"
Section 3.6, "Creating a CA Top Secret Account for Connector Operations"
Rows "PSAMPLE" and "VSAMPLE" of Table F-1, "Steps of LOADDSN Member and File Contents".
Removed references to trusted source reconciliation. Trusted source reconciliation is no longer supported.
The following documentation-specific updates have been made in revision "20" of release 9.0.4.19:
In Table 2-6, "Properties in the tops.properties File" rows for configDNames and configAttrs have been updated for latest information.
Section 5.3, "Adding Custom Fields for Provisioning" has been updated for latest information.
Section 5.7, "Initial LDAP Gateway Population and Full Reconciliation" has been updated for latest information.
In Table 6-1, "Troubleshooting Tips" an additional entry has been added.
In Appendix C, "Top Secret CFILE -> LDAP Attribute Mapping" a note on user's profiles and facilities child data has been added.
The following documentation-specific updates have been made in revision "19" of release 9.0.4.19:
In Table 1-1, "Certified Components" a note on prerequisites for the connector has been added.
Table 1-4, "Mapped User Attributes for Target Resource Reconciliation and Provisioning" has been updated.
Table 1-5, "Unmapped User Attributes for Target Resource Reconciliation and Provisioning" has been updated.
Section 5.1.2, "Adding Custom Fields to Oracle Identity Manager" has been updated.
Section 5.3, "Adding Custom Fields for Provisioning" has been updated.
Table C-1, "CFILE LDAP Attribute Mapping" has been updated.
The following documentation-specific updates have been made in revision "18" of release 9.0.4.19:
In Table 1-1, "Certified Components" the "Oracle Identity Manager" row has been modified, and the "LDAP Gateway requirements" row has been added.
Table 1-5, "Unmapped User Attributes for Target Resource Reconciliation and Provisioning" has been added for the information on unmapped user attributes for Target Resource Reconciliation and Provisioning.
In Section 1.4.4, "High Availability Feature of the Connector" a note has been added on shutdown for scenario 2 and scenario 3.
Section 1.5.4, "PROFILE Attributes for Target Resource Reconciliation and Provisioning" has been modified.
Section 1.5.5, "GROUP Attributes for Target Resource Reconciliation and Provisioning" has been modified.
Section 1.5.6, "SOURCE Attributes for Provisioning" has been modified.
Section 1.5.7, "FACILITY Attributes for Target Resource Reconciliation and Provisioning" has been modified.
Table 2-1, "Files and Directories That Comprise the Connector" been updated with latest information on files and directories.
Table 2-6, "Properties in the tops.properties File" has been updated for new properties.
Section 3.1, "Reviewing Deployment Requirements" and Section 3.2, "Deploying the Reconciliation Agent and Provisioning Agent" have been updated for latest information.
Section "Before Running the Connector Installer" has been removed from the guide as it is no longer required.
Table 3-4, "JCLLIB members and their description" has been updated for new member names.
Table 3-6, "Voyager DDs and their corresponding CREATDSN DD entries" has been updated for CACHESAV row.
Section 3.8, "Configuring the Started Tasks" has been modified for the latest information.
Section 3.10, "Starting Up and Shutting Down the Reconciliation Agent" has been updated for latest information.
In Table 3-11, "CREATEXP (Optional CFILE) Variables and Values" CREATEXP (Optional CFILE) variables and values have been added with steps.
Table 3-12, "Pioneer Control File Parameters" has been updated with new parameters.
MSGID01 usage is documented in Table 3-13, "Voyager Control File Parameters".
PIONEER and VOYAGER Operator Commands F PIONEER,JWAIT=999 row has been removed from Table 3-14, "Pioneer and Voyager Operator Commands".
Section 5.8, "Configuring Windows Service" has been added to include Windows Service instructions in the doc.
Appendix A, "Authorized Libraries" has been updated for latest information.
Appendix B, "AES 128 User Key Definition and Usage" has been added.
Appendix D, "Top-Secret CFILE Processing" has been updated for latest information.
Appendix F, "LOADDSN Member and the File Contents" has been updated for latest information.
Appendix I, "Pioneer Searches – Initiated from the LDAP" has been added.
The information related to trusted reconciliation has been removed from the entire guide as it is not supported.
The following are the documentation-specific updates in this release:
Table 1-1 has been updated for certified components.
Section 1.3.2.4, "Provisioning Process" has been updated for provisioning process.
Section 1.5.3, "User Attributes for Target Resource Reconciliation and Provisioning" has been updated for user attributes.
Section 1.5.4, "PROFILE Attributes for Target Resource Reconciliation and Provisioning" has been updated for profile provisioning operations.
Section 1.5.5, "GROUP Attributes for Target Resource Reconciliation and Provisioning" has been added for group provisioning operations.
Section 1.5.6, "SOURCE Attributes for Provisioning" has been updated for source provisioning operations.
Section 1.5.7, "FACILITY Attributes for Target Resource Reconciliation and Provisioning" has been updated for facility provisioning operations.
Section 1.5.8, "DATASET Attributes for Provisioning" has been updated for dataset provisioning operations.
Section 2.1, "Files and Directories That Comprise the Connector" has been updated for latest files and directories.
Section 3.7, "Summary of the Deployment Procedure" has been updated for procedure to deploy the connector components on the target system.
In Section 3.1, "Reviewing Deployment Requirements," a note on APF Authorization has been updated.
Section 3.2, "Deploying the Reconciliation Agent and Provisioning Agent" has been updated for reconciliation agent and provisioning agent process.
Section 3.3, "Editing the Mainframe Batch Job Files" has been updated for information on editing the mainframe batch job files.
Section 3.8, "Configuring the Started Tasks" has been updated for started tasks.
Section 4.2, "Scheduled Tasks for Lookup Field Synchronization" has been added for the scheduled tasks for lookup field synchronization.
Section 4.4, "Configuring Reconciliation" has been added for configuring reconciliation.
Section 5.2, "Adding Custom Multivalued Fields for Reconciliation" has been added for information on custom multivalued fields for reconciliation.
Section 5.3, "Adding Custom Fields for Provisioning" has been updated for additional attributes for provisioning.
Section 5.7, "Initial LDAP Gateway Population and Full Reconciliation" has been added for the information on initial LDAP gateway population and full reconciliation.
Appendix G, "Reconciliation Agent (Voyager) Messages" has been updated for new messages.
Appendix C, "Top Secret CFILE -> LDAP Attribute Mapping" has been added.
Instructions specific to Oracle Identity Manager release 11.1.2.x have been added in the following sections:
There are no documentation-specific updates in this release.
There are no documentation-specific updates in this release.
The following is the documentation-specific update in this release:
In Section 3.10, "Starting Up and Shutting Down the Reconciliation Agent", a note on Voyager Agent has been updated for Pioneer Agent and Startup procedure.
The following are the documentation-specific updates in this release.
In Table 1-4, "Mapped User Attributes for Target Resource Reconciliation and Provisioning", changes have been made in the user attributes.
A note has been added on the number of characters allowed in the text field for the SingleValueAttributes. See Table 4-3, "Attributes of the Top Secret Reconcile All Users Scheduled Task" for more information.
In the entire document, the name of the scheduled task, "TSS Reconcile All Users scheduled task" has been changed to "TopSecret Reconcile All Users scheduled task".
There are no documentation-specific updates in this release.
The following sections discuss documentation-specific updates have been made in releases 9.0.4.2 to 9.0.4.12:
The user attribute mappings and resource profile field mappings between Oracle Identity Manager and the target system have been added in "Target System Fields Used for Reconciliation and Provisioning" on page 1-8. Appendix A, "Attribute Mapping Between CA Top Secret and Oracle Identity Manager" has been removed.
The components of the CA Top Secret Advanced connector and the connector architecture for reconciliation and provisioning have been added in "Connector Architecture". Appendix B, "Connector Architecture" has been removed.
Guidelines that were earlier documented in Chapter 7, "Known Issues and Workarounds" have been moved to "Guidelines on Using the Connector" on page 6-2.
Information about enabling logging on the LDAP Gateway server has been added in "Installing and Configuring the LDAP Gateway".
In the "Functionality Supported for Reconciliation" section, the following functions have been added:
Suspend users until
UnSuspend uses until
In the "User Field Mapping" section, the defaultGroup field has been removed.
Some corrections have been made in the following sections:
Environmental Settings and Requirements
Configuring the TCP/IP Connection and Started Tasks
In the "Certified Languages" section, Arabic has been added to the list of languages that the connector supports.
In Table 1-1, "Certified Components", changes have been made in the Target Systems row. Information about certified deployment configurations has been removed from "Reviewing Deployment Requirements".
Major changes have been made in the structure of the guide. In addition, in Section 1.1, "Certified Components," CA Top Secret r14 has been added to the list of certified target systems.
In Table 1-1, "Certified Components", the minimum Oracle Identity Manager release has been changed to 9.1.0.1 and the JDK requirement of release 1.5 or later has been added.
Section 5.6, "Configuring the Generation of Single-Use Passwords for the Reset Password Operation" has been added.