2 Deploying the Connector

Deploying the connector involves the following steps:

Step 1: Verifying Deployment Requirements
Step 2: Configuring the Target System
Step 3: Copying the Connector Files
Step 4: Configuring the Oracle Identity Manager Server
Step 5: Importing the Connector XML Files

Depending on the release of Oracle Identity Manager that you use, perform the procedure:

Installing the Connector on Oracle Identity Manager Release 9.1.0 or Later

2.1 Step 1: Verifying Deployment Requirements

The following table lists the deployment requirements for the connector.

Item	Requirement
Oracle Identity Manager	Oracle Identity Manager release 8.5.3.1 or later
Target system and target system host platforms	The target system can be any one of the following: RSA ACE/Server 5.2 on Windows Server 2003, Solaris 8, Solaris 9, Solaris 10 RSA Authentication Manager 6.0 on Windows Server 2003 RSA Authentication Manager 6.1 on Windows Server 2003 RSA Authentication Manager 6.1.2 on Solaris 9
Other systems	JDK The version of JDK on which Oracle Identity Manager server is running must be installed on the ACE server. RSA SecurID software token application See Also: The "Installing Software Tokens" section for more information about the RSA SecurID software token
Remote manager node user account	In Host mode, no credentials are required. In Remote mode, any remote node user account would suffice. Refer to the "Defining IT Resources" section for details. If the specified type of user account is not used, then the following error message is displayed when connector operations are attempted: `Access denied, check administrator credentials`

2.2 Step 2: Configuring the Target System

Configuring the target system involves the following steps:

Setting Up the Remote Manager
Configuring Strong Authentication Between Oracle Identity Manager and the Remote Manager
Configuring SSL Client (Oracle Identity Manager Server) Authentication

2.2.1 Setting Up the Remote Manager

To set up the remote manager on the RSA Authentication Manager server:

Note:

For Solaris, you must create an ACE administrator as a preinstallation requirement for RSA Authentication Manager. This administrator is the file owner of the RSA Authentication Manager installation. Use this ACE administrator account to install the remote manager.

Create the AuthManager directory on the RSA Authentication Manager server.
From the installation media directory, copy the remotePackage directory into the AuthManager directory.

For Solaris

Log in to the Solaris server by using the user credentials of the RSA Authentication Manager File Owner that was created as a preinstallation requirement for RSA Authentication Manager. Then, create the directory into which you copy the remotePackage directory.

Note:
If you copy files from Microsoft Windows to Solaris, all data transfer from the FTP client must be performed in binary mode. In addition, after copying files to the Solaris server, you must check the files for the ^M character pattern.
You must also perform required operations, such as dos2unix. As described earlier, copy all the files while using the ACE administrator credentials.
To update the class files, copy the authmgr_home/lib/xliACERemote.jar file from the installation media directory to the xl_remote/xlremote/JavaTasks directory.

Note:
From this point onward in the guide, the full path of the remotePackage directory on the RSA Authentication Manager server is referred to as authmgr_home.
Update the library files as follows:

On Microsoft Windows:

Use a text editor to open the following file:
```
xl_remote/xlremote/remotemanager.bat
```
In this file, depending on the version of Authentication Manager that you are using, set one of the following as the first line of the file:

For ACE 5.2:
```
set PATH=authmgr_home/lib/ACE52;%PATH%
```
For RSA Authentication Manager 6.0:
```
set PATH=authmgr_home/lib/AuthMgr60;%PATH%
```
For RSA Authentication Manager 6.1:
```
set PATH=authmgr_home/lib/AuthMgr61;%PATH%
```
On Solaris:

For RSA ACE 5.2, add the following lines:
```
LD_LIBRARY_PATH=$ACE_INSTALL/prog:$AUTHMGR_HOME/lib/ACE52Sol
export LD_LIBRARY_PATH
```

2.2.2 Configuring Strong Authentication Between Oracle Identity Manager and the Remote Manager

To configure strong authentication between Oracle Identity Manager and the remote manager, you must import the required certificate from the remote manager keystore to the Oracle Identity Manager server keystore as follows:

From the Oracle Identity Manager server, copy the OIM_HOME/xellerate/config/xlserver.cert file to the AuthManager_home/scripts/config directory on the RSA Authentication Manager server.
Use a text editor to open the authmgr_home/scripts/AuthMgrImportXLCert.bat file.

In this file, set the following parameters:
```
set JAVA_HOME=jdk_home
set XL_REMOTE=xl_remote
```
For Solaris, set the following parameters in the authmgr_home/scripts/AuthMgrImportXLCert.sh file:
```
XL_REMOTE=xl_remote
export XL_REMOTE
JAVA_HOME=jdk_home
export JAVA_HOME
```
Run the AuthMgrImportXLCert.bat file.

For Solaris, run the AuthMgrImportXLCert.sh file.

2.2.3 Configuring SSL Client (Oracle Identity Manager Server) Authentication

To configure SSL client (Oracle Identity Manager server) authentication:

Open the xl_remote/xlremote/config/xlconfig.xml file.

In the <RMSecurity> section of this file, change the value of the <ClientAuth> element to true.

The following is a code block from the xlconfig.xml file:

<RMSecurity>
  <RMIOverSSL>true</RMIOverSSL>
  <SSLPort>12345</SSLPort>
  <SSLContextAlgorithm>TLS</SSLContextAlgorithm>
  <KeyManagerFactory>SunX509</KeyManagerFactory>
  <BindingPort>12346</BindingPort>
  <ServiceName>RManager</ServiceName>
  <LoggerConfigFilePath>log.conf</LoggerConfigFilePath>
  <ClientAuth>true</ClientAuth>
</RMSecurity>

Multiple Oracle Identity Manager Servers Communicating with a Single Remote Manager

If a setup involves more than one Oracle Identity Manager server communicating with a single remote manager, then you must address the considerations described in this section.

The OIM_HOME/xellerate/config/xlserver.cert certificate for any Oracle Identity Manager installation would have the same dname value. If you import this certificate from one Oracle Identity Manager installation into the target system remote manager keystore, then you cannot directly use the same certificate from another installation for the same purpose and in the same manner.

Therefore, if one Oracle Identity Manager installation is already configured with a particular remote manager and the same is needed for another Oracle Identity Manager installation, then you must first create a certificate with a different DN for the second installation before you can use this new certificate with the remote manager.

Enter the following commands in the specified order.

Generate a new key pair by entering the following command:

jdk_home/jre/bin/keytool -genkey -alias xell2 -keyalg DSA -keysize 1024 -dname "CN=Customer1, OU=Customer, O=Customer, L=City, ST=NY, C=US" -validity 3650 -keypass xellerate -keystore OIM_HOME/xellerate/config/.xlkeystore -storepass xellerate -storetype jks -provider sun.security.provider.Sun

When you run this command, ensure that the dname value specified in the preceding command, is not the same as the default value of dname, for the existing certificates in the Oracle Identity Manager keystore:

OIM_HOME/xellerate/config/.xlkeystore

The default value is as follows:

CN=Customer, OU=Customer, O=Customer, L=City, ST=NY, C=US

Create a certificate request by entering the following command:

jdk_home/jre/bin/keytool -certreq -alias xell2 -file OIM_HOME/xellerate/config/xell1.csr -keypass xellerate -keystore OIM_HOME\/ellerate/config/.xlkeystore -storepass xellerate -storetype jks -provider sun.security.provider.Sun

Export the certificate to a file by entering the following command:

jdk_home/jre/bin/keytool -export -alias xell2 -file OIM_HOME/xellerate/config/xlserver1.cert -keypass xellerate -keystore OIM_HOME/xellerate/config/.xlkeystore -storepass xellerate -storetype jks -provider sun.security.provider.Sun

This command creates the following security certificate:

OIM_HOME/xellerate/config/xlserver1.cert

This is the certificate that you must use for configuration purposes.

Import the certificate into the remote manager keystore by entering the following command:

jdk_home/jre/bin/keytool -import -trustcacerts -alias xel2trusted -noprompt -keystore OIM_HOME/xellerate/config/.xlkeystore -file OIM_HOME/xellerate/config/xlserver1.cert -storepass xellerate

For configuring strong authentication between another Oracle Identity Manager Server installation and the remote manager, use the OIM_HOME/xellerate/config/xlserver1.cert file instead of the xlserver.cert file.

2.2.4 Configuring Strong Authentication Between the Remote Manager and the Oracle Identity Manager Server

To set up the remote manager as a trusted source for Oracle Identity Manager:

On the RSA Authentication Manager server, copy the xl_remote/xlremote/config/xlserver.cert file into the following directory:
```
OIM_HOME/xellerate/XLIntegrations/AuthManager/scripts/config
```
Use a text editor to open the following file:
```
OIM_HOME/xellerate/XLIntegrations/AuthManager/scripts/AuthMgrImportRMCert.bat
```
In this file, edit the following lines to specify the path to the JDK and Oracle Identity Manager installation directories:
```
set JAVA_HOME = jdk_home
set XELLERATE_HOME = OIM_HOME
```
For Oracle Identity Manager installed on Solaris, open the following file in a text editor:
```
OIM_HOME/xellerate/XLIntegrations/AuthManager/scripts/AuthMgrImportRMCert.sh
```
In this file, edit the following lines to specify the path to the JDK and Oracle Identity Manager installation directories:
```
JAVA_HOME = jdk_home
export JAVA_HOME
XELLERATE_HOME = OIM_HOME
export XELLERATE_HOME
```
Run the AuthMgrImportRMCert.bat file.

For Oracle Identity Manager installed on Solaris, run the AuthMgrImportRMCert.sh file.

2.3 Step 3: Copying the Connector Files

The connector files to be copied and the directories to which you must copy them are given in the following table.

Note:

The directory paths given in the first column of this table correspond to the location of the connector files in the following directory on the installation media:

Security Applications/RSA Authentication Manager

Refer to the "Files and Directories That Comprise the Connector" section for more information about these files.

File in the Installation Media Directory	Destination Directory
lib/xliACE.jar	OIM_HOME/xellerate/JavaTasks
lib/xliACERecon.jar	OIM_HOME/xellerate/ScheduleTask
Directories and files in the `remotePackage` directory	OIM_HOME/xellerate/XLIntegrations/AuthManager/remotePackage Note: You do not need to copy this directory if you already performed the procedure described in the "Setting Up the Remote Manager" section.
Files in the `resources` directory	OIM_HOME/xellerate/connectorResources
Directories and files in the `scripts` directory	OIM_HOME/xellerate/XLIntegrations/AuthManager/scripts
Directories and files in the `tests` directory	OIM_HOME/xellerate/XLIntegrations/AuthManager/tests
Files in the `xml` directory	OIM_HOME/xellerate/XLIntegrations/AuthManager/xml

Note:

While installing Oracle Identity Manager in a clustered environment, you copy the contents of the installation directory to each node of the cluster. Similarly, you must copy the connectorResources directory and the JAR files to the corresponding directories on each node of the cluster.

2.4 Step 4: Configuring the Oracle Identity Manager Server

Configuring the Oracle Identity Manager server involves performing the following procedures:

Note:

In a clustered environment, you must perform this step on each node of the cluster.

Changing to the Required Input Locale
Clearing Content Related to Connector Resource Bundles from the Server Cache
Enabling Logging

2.4.1 Changing to the Required Input Locale

Changing to the required input locale (language and country setting) involves installing the required fonts and setting the required input locale.

You may require the assistance of the system administrator to change to the required input locale.

2.4.2 Clearing Content Related to Connector Resource Bundles from the Server Cache

While performing the instructions described in the "Step 3: Copying the Connector Files" section, you copy files from the resources directory on the installation media into the OIM_HOME/xellerate/connectorResources directory. Whenever you add a new resource bundle in the connectorResources directory or make a change in an existing resource bundle, you must clear content related to connector resource bundles from the server cache.

To clear content related to connector resource bundles from the server cache:

In a command window, change to the OIM_HOME/xellerate/bin directory.
Note:
You must perform Step 1 before you perform Step 2. If you run the command described in Step 2 as follows, then an exception is thrown:
```
OIM_HOME/xellerate/bin/batch_file_name
```
Enter one of the following commands:
- On Microsoft Windows:
```
PurgeCache.bat ConnectorResourceBundle
```
- On UNIX:
```
PurgeCache.sh ConnectorResourceBundle
```
Note:
You can ignore the exception that is thrown when you perform Step 2.

In this command, ConnectorResourceBundle is one of the content categories that you can remove from the server cache. Refer to the following file for information about the other content categories:
```
OIM_HOME/xellerate/config/xlConfig.xml
```

2.4.3 Enabling Logging

When you enable logging, Oracle Identity Manager automatically stores in a log file information about events that occur during the course of provisioning and reconciliation operations. To specify the type of event for which you want logging to take place, you can set the log level to one of the following:

ALL

This level enables logging for all events.
DEBUG

This level enables logging of information about fine-grained events that are useful for debugging.
INFO

This level enables logging of messages that highlight the progress of the application at a coarse-grained level.
WARN

This level enables logging of information about potentially harmful situations.
ERROR

This level enables logging of information about error events that may allow the application to continue running.
FATAL

This level enables logging of information about very severe error events that could cause the application to stop functioning.
OFF

This level disables logging for all events.

The file in which you set the log level and the log file path depend on the application server that you use:

BEA WebLogic Server

To enable logging:
1. Add the following lines in the OIM_HOME/xellerate/config/log.properties file:
```
log4j.logger.XELLERATE=log_level
log4j.logger.XL_INTG.RSA_ACE=log_level
```
2. In these lines, replace log_level with the log level that you want to set.
  
  For example:
```
log4j.logger.XELLERATE=INFO
log4j.logger.XL_INTG.RSA_ACE=INFO
```
After you enable logging, the log information is written to the following file:
```
WebLogic_home/user_projects/domains/domain_name/server_name/server_name.log
```
IBM WebSphere Application Server

To enable logging:
1. Add the following lines in the OIM_HOME/xellerate/config/log.properties file:
```
log4j.logger.XELLERATE=log_level
log4j.logger.XL_INTG.RSA_ACE=log_level
```
2. In these lines, replace log_level with the log level that you want to set.
  
  For example:
```
log4j.logger.XELLERATE=INFO
log4j.logger.XL_INTG.RSA_ACE=INFO
```
After you enable logging, the log information is written to the following file:
```
WebSphere_home/AppServer/logs/server_name/startServer.log
```

JBoss Application Server

To enable logging:

In the JBoss_home/server/default/conf/log4j.xml file, locate or add the following lines:

<category name="XELLERATE">
   <priority value="log_level"/>
</category>

<category name="XL_INTG.RSA_ACE">
   <priority value="log_level"/>
</category>

In the second XML code line of each set, replace log_level with the log level that you want to set. For example:

<category name="XELLERATE">
   <priority value="INFO"/>
</category>

<category name="XL_INTG.RSA_ACE">
   <priority value="INFO"/>
</category>

After you enable logging, the log information is written to the following file:

JBoss_home/server/default/log/server.log

Oracle Application Server

To enable logging:
1. Add the following lines in the OIM_HOME/xellerate/config/log.properties file:
```
log4j.logger.XELLERATE=log_level
log4j.logger.XL_INTG.RSA_ACE=log_level
```
2. In these lines, replace log_level with the log level that you want to set.
  
  For example:
```
log4j.logger.XELLERATE=INFO
log4j.logger.XL_INTG.RSA_ACE=INFO
```
After you enable logging, the log information is written to the following file:
```
OC4J_home/opmn/logs/default_group~home~default_group~1.log
```

2.4.3.1 Enabling Logging for the Remote Manager

To enable logging for the Remote Manager:

Add the following lines in the RemoteManager_home/xlremote/config/log.properties file:

log4j.rootLogger=WARN,stdout,logfile
log4j.appender.logfile.File=log_file_path_and_name
log4j.logger.XELLERATE=log_level
log4j.logger.XL_INTG.RSA_ACE=log_level

In these lines, replace log_file_path_and_name with the full path and name of the log file and log_level with the log level that you want to set.

For example:

log4j.rootLogger=WARN,stdout,logfile
log4j.appender.logfile.File=c:/rm_rsa_ace_connector.log
log4j.logger.XELLERATE=INFO
log4j.logger.XL_INTG.RSA_ACE=INFO

After you enable logging, log information is written to the file that you specify as the value of the log4j.appender.logfile.File attribute.

2.5 Step 5: Importing the Connector XML Files

As mentioned in the "Files and Directories That Comprise the Connector" section, the connector XML file contains definitions of the components of the connector. By importing the connector XML file, you create these components in Oracle Identity Manager.

To import the connector XML files into Oracle Identity Manager:

Open the Oracle Identity Manager Administrative and User Console.
Click the Deployment Management link on the left navigation bar.
Click the Import link under Deployment Management. A dialog box for locating files is displayed.
Locate and open the RSAAuthManagerResourceObject.xml file, which is in the OIM_HOME/xellerate/XLIntegrations/AuthManager/xml directory. Details of this XML file are shown on the File Preview page.
Click Add File. The Substitutions page is displayed.
Click Next. The Confirmation page is displayed.
Click Next. The Provide IT Resource Instance Data page for the ACE Remote Manager IT resource is displayed.
Specify values for the parameters of the ACE Remote Manager IT resource. Refer to the table in the "IT Resource: ACE Remote Manager" section for information about the values to be specified.
Click Next. The Provide IT Resource Instance Data page for a new instance of the Remote Manager IT resource type is displayed.
Click Skip to specify that you do not want to define another IT resource. The Provide IT Resource Instance Data page for the ACE Server Remote IT resource is displayed.

See Also:
If you want to define another IT resource, then refer to Oracle Identity Manager Administrative and User Console Guide for instructions.
Specify values for the parameters of the ACE Server Remote IT resource. Refer to the table in the "IT Resource: ACE Server Remote" section for information about the values to be specified.
Click Next. The Provide IT Resource Instance Data page for a new instance of the ACE Server IT resource type is displayed.
Click Skip to specify that you do not want to define another IT resource. The Confirmation page is displayed.
Click View Selections.

The contents of the XML file are displayed on the Import page. You may see a cross-shaped icon along with some nodes. These nodes represent Oracle Identity Manager entities that are redundant. Before you import the connector XML file, you must remove these entities by right-clicking each node and then selecting Remove.
Click Import. The connector XML file is imported into Oracle Identity Manager.

After you import the connector XML files, proceed to the next chapter.

2.5.1 Configuring RSA Authentication Manager Connector in Remote Mode

The RSA Authentication Manager connector can be configured in remote mode by setting the IT Resource parameter ACEAdminPassCode with one of the following values:

Dynamic Passcode
Static Password

2.5.1.1 Configuring Using Dynamic Passcode

To configure using Dynamic Passcode:

Create a user in ACE server. For example, remoteAdminUser in host mode.
From the User menu in RSA Authentication Manager, click Edit User and select the user created in Step 1.
Click Administrative Role.
In the Change Administrative Role pop-up window, select Administrator as user type and click OK.
From the System menu, click Edit System Configuration, and then click Edit System Parameter.
In the Administration Authentication Methods of the System Parameters window, select Secure ID Software Tokens and click OK.
Assign the token to remoteAdminUser by performing the following steps:
1. From the token menu, select Issue Software Tokens.
2. Select the appropriate algorithm. For example, SID SDTID Algorithm.
3. In the Password Protect field, select Static Password and enter the password.
4. Enter the target directory path and file name where SDTID file has to be generated and click Next. The file name extension should be .sdtid.
5. In the RSA SecureID Software Token Selection Users pop-up window, select the user and click Next.
6. In the Select User window, select remoteAdminUser and click OK.
7. In the Verify RSA SecureID Software Token Issuing List window, click Next.
8. In the RSA SecureID Software Token window, select User authenticate with passcode and click Next.
9. In the Continue Issuing RSA SecureID Software Tokens pop-up window, click Yes.
10. In the Save Software Token pop-up window, click Yes and provide the path to save. If you do not want to save, click No.
Launch the SecureID Software Tokens by clicking Start, All Programs, SecureID Software Token.
From the SecureID Software Token, select File Menu and then click Import Tokens.
Locate the stdid file that you created in step D of step 7.
Enter the password that you provided in step C of step 7 and click OK.
Select the token and click Transfer Selected Token to Hardware Drive.
In the Software Token API pop-up window, click Yes.
In the Token List Box of Select Token popup window, select software token of remoteAdminUser and click OK. An eight digit token codes that changes every 60 seconds in RSA SecureID is displayed.
From the View menu, select Advance View in RSA SecureID.
From RSA SecureID, copy the current Tokencode.
In the user menu of RSA Authentication Manager, click Edit User.
Select remoteAdminUser and click OK.
In the Tokens textbox, double-click on the token assigned to the user.
In the Edit Token window, click Set PIN to Next Tokencode.
Enter the token code that you copied in step 16 and click OK.
Note the first four digits of the next token code as this is the PIN of RSA SecureID.
Enter the PIN value that you noted in RSA SecureID and click Apply Pin. SecureID Software Token starts generating the passcode values.
Copy the current PASSCODE.
Launch the RSA Authentication Manager in the Database Administrator Remote Mode by clicking Start, All Programs, RSA Authentication Manager.
In the Select Server to Administer window, click Ok.
Enter remoteAdminUser as user login ID.
Enter the passcode value that is copied in the step 24 and click OK. A user authentication successful message is displayed.

2.5.1.2 Configuring RSA Authentication Manager Connector in remote mode by using Static Password

To configure using Static Password:

Create a user in ACE server. For example, remoteAdminUser in host mode.
From the User menu in RSA Authentication Manager, click Edit User and select the user created in Step 1.
Click Administrative Role.
In the Change Administrative Role pop-up window, select Administrator as user type and click OK.
From the System menu, click Edit System Configuration, and then click Edit System Parameter.
In the Administration Authentication Methods of the System Parameters window, select User Password and click OK.
In the Confirmation pop-up window, click Yes.
In the User menu, click Edit User and then select remoteAdminUser.
In the Edit User window, click Set/Change User Password.
In the Enter New User Password popup window, enter the password and click OK.
In the Enter New User Password pop-up window, click Ok.
In the Edit User window, click Ok.
Open RSA Auth Manager in the Database Administrator Remote Mode.
In the Select Server to Administrator window, click Ok.
In the Administrator Authentication pop-up window, enter user login and passcode that you created in step 11 and click OK.
In the Do you want the system to generate your new PIN? [y/n] dialog box, enter n and click OK.
Enter the new PIN between 4 to 8 digits and click on Ok.
In the Confirm PIN field, reenter the new PIN and Ok. A user authentication successful message is displayed.

2.5.2 Providing Minimum Access Rights to RSA Authentication User in Remote Mode

To provide minimum access rights to RSA authentication user:

Create a user in ACE server. For example, remoteAdminUser in host mode.
From the User menu in RSA Authentication Manager, click Edit User and select the user created in Step 1.
Click Administrative Role.
In the Change Administrative Role pop-up window, select Administrator as user type and click OK.
Go to Define Task List tab and click New.
In the Task List field, enter the name of the task.
From Available Tasks list on the left tab, select privileges, which you want to assign the user and click on right arrow to add and left arrow to remove the tasks.
Click OK.
Select the task that you have created from the list.
In the ChangeAdministrativeRole window, click OK.
In the Edit User window, click Set/Change User Password.
In the Enter New User Password popup window, enter the password and click OK.
In the Edit User window, click OK.
Go to System menu of ACE Server, select Edit System Configuration, Edit System Parameter.
Check the User Password under Administration Authentication Methods and click OK in the System Parameters window.

Note:
To reconcile/provision a user, provide this static Passcode in IT Resource (ACE Server Remote) attribute "ACEAdminPassCode" and perform operations such as Create User, Reconciliation, through connector.
In the Confirmation popup window, click Yes.
From the User menu click Edit user, and then select remoteAdminUser.
Open the RSA ACE Server in Database Administrator-Remote Mode (RSA Authentication Manager RemoteMode).
In the Select Server to Administer window, click OK.
Enter user Login and passcode created in Step 12 and click OK in the Administrator Authentication popup window. The system will prompt whether you want to generate a new PIN. Enter "n" and then click OK.
Enter a new PIN between four to eight digits and click OK.
Re-enter the new PIN to confirm and click OK.
Enter same pin given in previous step and click OK.
A user authentication successful message is displayed.

2.5.3 Defining IT Resources

This section provides information about defining the following IT resources.

2.5.3.1 IT Resource: ACE Remote Manager

You must specify values for the ACE Remote Manager IT resource parameters listed in the following table.

Parameter	Description
`service name`	Remote manager service name `RManager`
`url`	Remote manager URL For example: `rmi://10.1.1.114:12346`

After you specify values for these IT resource parameters, proceed to Step 9 of the procedure to import connector XML files.

2.5.3.2 IT Resource: ACE Server Remote

You must specify values for the ACE Server Remote IT resource parameters listed in the following table.

Parameter	Description
`ACEAdminMode`	Admin mode through which the connector connects to RSA Authentication Manager for provisioning and reconciliation The value can be `Host` or `Remote`. Note: If the value is Remote, then remote manager service will login to RSA Authentication Manager using the user credentials ACEAdminPassCode and `ACEAdminUserId`. If `ACEAdminMode` is in Host mode and if Remote Manager is started as Windows service, then that service has to be run under OS user who has installed RSA Authentication Manager. If `ACEAdminMode` is in Host mode, then Remote Manager starts with OS user who has installed RSA Authentication Manager.
`ACEAdminPassCode`	Admin passcode, which is required only when the admin mode is `Remote` This value is encrypted after it is saved. Sample value: `123456` This value is encrypted after it is saved.
`ACEAdminUserId`	Admin user ID, which is required when the admin mode is either `Remote` or `Host`.
`Target Locale: Country`	Country code Default value: `US` Note: You must specify the value in uppercase.
`Target Locale: Language`	Language code You can select one of the following: English: `en` Japanese: `jp` French: `fr` Note: You must specify the value in lowercase.

After you specify values for these IT resource parameters, proceed to Step 12 of the procedure to import connector XML files.

2.6 Installing the Connector on Oracle Identity Manager Release 9.1.0 or Later

Note:

In this guide, the term Connector Installer has been used to refer to the Connector Installer feature of the Oracle Identity Manager Administrative and User Console.

Installing the connector on Oracle Identity Manager release 9.1.0 or later involves the procedure described in the following section. See Running the Connector Installer for more information.

2.6.1 Running the Connector Installer

To run the Connector Installer:

Copy the contents of the connector installation media into the following directory:
```
OIM_HOME/xellerate/ConnectorDefaultDirectory
```
Log in to the Administrative and User Console by using the user account described in the "Creating the User Account for Installing Connectors" section of Oracle Identity Manager Administrative and User Console Guide.
Click Deployment Management, and then click Install Connector.
From the Connector List list, select RSA Authentication Manager RELEASE_NUMBER. This list displays the names and release numbers of connectors whose installation files you copy into the default connector installation directory:
```
OIM_HOME/xellerate/ConnectorDefaultDirectory 
```
If you have copied the installation files into a different directory, then:
1. In the Alternative Directory field, enter the full path and name of that directory.
2. To repopulate the list of connectors in the Connector List list, click Refresh.
3. From the Connector List list, select RSA Authentication Manager RELEASE_NUMBER.
Click Load.
To start the installation process, click Continue.

The following tasks are performed in sequence:
1. Configuration of connector libraries
2. Import of the connector Target Resource user configuration XML file (by using the Deployment Manager). If you want to import the target system as a trusted source for reconciliation, then see "Configuring Trusted Source Reconciliation" for more information.
3. Compilation of adapters
On successful completion of a task, a check mark is displayed for the task. If a task fails, then an X mark and a message stating the reason for failure are displayed. Depending on the reason for the failure, make the required correction and then perform one of the following steps:
- Retry the installation by clicking Retry.
- Cancel the installation and begin again from Step 1.
If all three tasks of the connector installation process are successful, then a message indicating successful installation is displayed. In addition, a list of the steps that you must perform after the installation is displayed. These steps are as follows:
1. Ensuring that the prerequisites for using the connector are addressed
  
  Note:
  At this stage, run the PurgeCache utility to load the server cache with content from the connector resource bundle in order to view the list of prerequisites. Refer to "Clearing Content Related to Connector Resource Bundles from the Server Cache" for information about running the PurgeCache utility.
  There are no prerequisites for some predefined connectors.
2. Configuring the IT resource for the connector
  
  Record the name of the IT resource displayed on this page. The procedure to configure the IT resource is described later in this guide.
3. Configuring the scheduled tasks that are created when you installed the connector
  
  Record the names of the scheduled tasks displayed on this page. The procedure to configure these scheduled tasks is described later in this guide.

When you run the Connector Installer, it copies the connector files and external code files to destination directories on the Oracle Identity Manager host computer. These files are listed in Table 1-1.

Installing the Connector in an Oracle Identity Manager Cluster

While installing Oracle Identity Manager in a clustered environment, you must copy all the JAR files and the contents of the connectorResources directory into the corresponding directories on each node of the cluster. See Table 1-1 for information about the files that you must copy and their destination locations on the Oracle Identity Manager server.