| Oracle® Identity Manager Connector Guide for RSA Authentication Manager Release 9.0.4 Part Number E11207-04 |
|
|
View PDF |
| Oracle® Identity Manager Connector Guide for RSA Authentication Manager Release 9.0.4 Part Number E11207-04 |
|
|
View PDF |
After you deploy the connector, you must test it to ensure that it functions as expected. This chapter discusses the following topics related to connector testing:
You can use the testing utility to identify the cause of problems associated with connecting to the target system and performing basic operations on the target system.
To use the testing utility:
For all supported versions of RSA ACE server, on the target server, add the following lines in the authmgr_home/tests/scripts/runTestServer.bat file:
set JAVA_HOME=jdk_homeset AUTHMGR_HOME=authmgr_homeset XL_REMOTE=xl_remote
For RSA ACE 5.2, add the following line:
set PATH=authmgr_home/lib/ACE52;%PATH%
For RSA Authentication Manager 6.0, add the following line:
set PATH=authmgr_home/lib/AuthMgr60;%PATH%
For RSA Authentication Manager 6.1, add the following line:
set PATH=authmgr_home/lib/AuthMgr61;%PATH%
For Solaris, update the following file:
authmgr_home/tests/scripts/runTestServer.sh
In this file, change the values specified for the following variables:
AUTHMGR_HOME=authmgr_home export AUTHMGR_HOME ACE_INSTALL=ace_installation_home export ACE_INSTALL XL_REMOTE=xl_remote export XL_REMOTE
Run the runTestServer.bat script.
The runTestServer.bat script runs an RMI server on the RSA Authentication Manager. Therefore, when you run this script, you must pass a port number as an argument as shown in the following example:
runTestServer 1001
For Solaris, run the runTestServer.sh script as follows:
./runTestServer.sh 1001
The properties file must be converted to ASCII format for multilanguage support using the native2ascii tool on command console as follows:
native2ascii src.properties dest.properties
For example:
native2ascii config1.properties config.properties
Use the information in the following table to change the default attribute values in the config.properties file.
This file is in the authmgr_home/tests/config directory.
| Attribute | Description | Sample Values |
|---|---|---|
Computer name |
Computer name or IP address of the computer on which RSA Authentication Manager is running | 10.1.1.114 |
port |
Port at which the RMI server is listening | 1001 |
passwd |
RMI password
This password must be the same as the one provided in the RMI server. It is the value of the |
yourpassword |
adminMode |
Administration mode for RSA Authentication Manager (host or remote) | Host |
admin |
User ID part of the remote administrator credentials for RSA Authentication Manager | jdoe |
passcode |
Passcode part of the remote administrator credentials for RSA Authentication Manager | 1234 |
action |
Action to be tested
The value can be any one of the following:
|
createUser |
userID |
User ID | jdoe |
firstName |
First name | Jane |
lastName |
Last name | Doe |
isTemporaryUser |
New user created is temporary user or not | yes or no |
startDate |
If isTemporaryUser is yes, then the format of startDate of user must be "MM/dd/yyyy" |
08/21/2010 |
startTime |
If isTemporaryUser is yes, then the format of startTime of user must be an integer from 0 to 23 hours |
9 |
endDate |
If isTemporaryUser is yes, then the format of endDate of user must be "MM/dd/yyyy" |
08/21/2010 |
endTime |
If isTemporaryUser is yes, then the format of endTime of user must be an integer from 0 to 23 hours
Note: If |
18 |
group |
Group name | John Doe and Sons |
groupLogin |
Group login | jdoeGrp |
tokenSerialNumber |
Token serial number | 10473824 |
pin |
Token PIN | 1234 |
currentTokenCode |
Token code | 796563 |
number |
Number of token codes to be generated | 2 |
lifetime |
Number of hours until emergency access mode expires | 24 |
digits |
Number of digits in the token code to be generated | 6 |
loggerfile |
Log file name with path | ..\logs\Test_ACE.log |
loggerlevel |
Logger level: DEBUG, FATAL, WARN, INFO, or ERROR |
DEBUG |
RevokeFlag |
Revoke token flag | 1 |
fileName |
Name of the software token file | C:\SoftToken\soft18.sdtid |
key |
Encryption key type | 1 |
protect |
Copy protection flag | 0 |
method |
Password usage and interpretation method | 0 |
password |
Password (maximum 8 characters) | welcome1 |
rangeMode |
Criteria used to deploy AES type software tokens | 2 |
endRange |
Ending token serial number | The value must be the same as that in the tokenSerialNumber field |
logFile |
Name of the log file containing the status of the deployment operation | filename.log |
overOption |
Overwrites the output of a previously generated XML file | 1 |
closeOption |
Closing option of the XML file | Do not specify a value for this attribute |
userExtensionData_KeyValue |
Key value for user extension data | EMPID
|
userExtensionData_DataValue |
Data value for user extension data | 416451
|
customQuery |
Custom reconciliation query to run partial user reconciliation | First Name=Test |
StartRecord |
Record number from which the reconciliation for CustomReconQuery and CompareType must begin |
1 |
batchSize |
Number of records to be reconciled in a batch | 1000 |
CompareType |
Type of comparison used in the query condition of CustomReconQuery |
Equals To |
NumberOfCharactersInEachUser |
Memory allocated for each user in C code | 500 |
TokenforGroup |
Tokenizes the groups provided in the CustomReconQuery |
$ |
Update the following file on the Oracle Identity Manager server:
OIM_HOME/xellerate/XLIntegrations/AuthManager/tests/scripts/runTestClient.bat
In this file, add the following lines:
XELLERATE_HOME/xellerate=OIM_HOME/xellerate JAVA_HOME=jdk_home
Run the runTestClient.bat file.
For Solaris:
Update the following file:
OIM_HOME/xellerate/XLIntegrations/AuthManager/tests/scripts/runTestClient.sh
Add the following lines:
XELLERATE_HOME/xellerate=OIM_HOME/xellerate JAVA_HOME=jdk_home
Run the runTestClient.sh file.
After the script is run, the output is written to a log file. The log file is located in the following directory:
OIM_HOME/xellerate/XLIntegrations/AuthManager/tests/logs
The following are sample contents of this log file:
03 Dec 2004 16:52:45 INFO Constructor: ../logs/Test_ACE.log DEBUG 03 Dec 2004 16:52:45 INFO You want to add a user!! 03 Dec 2004 16:52:45 INFO result-->ACE_USERCREATION_SUCCESS
To test limited reconciliation, you can specify various types of query conditions as values for the CustomReconQuery parameter. To do this, refer to the "Limited Reconciliation" section.
The following table lists solutions to some commonly encountered errors associated with the connector.
| Problem Description | Solution |
|---|---|
| Process definition: ACEUser
Process task: Create User Returned Error Message: Access denied, check administrator credentials Returned Error Code:
|
Check the administrator credentials specified in the IT resource definition. |
| Process definition: ACEUser
Process task: Create User Returned Error Message: Could not communicate with authentication server, RSA ACE authentication server is not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
| Process definition: ACEUser
Process task: Create User Returned Error Message: Could not connect to RSA ACE database, RSA ACE Broker is not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
| Process definition: ACEUser
Process task: Create User Returned Error Message User already exists in database Returned Error Code
|
Check the user ID that you have specified. A user with this ID already exists in ACE. |
| Process definition: ACEUser
Process task: Delete User Returned Error Message: Access denied, check administrator credentials Returned Error Code:
|
Check the administrator credentials specified in the IT resource definition. |
| Process definition: ACEUser
Process task: Delete User Returned Error Message: Could not communicate with authentication server, RSA ACE authentication server not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
| Process definition: ACEUser
Process task: Delete User Returned Error Message: Could not connect to RSA ACE database, RSA ACE Broker is not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
| Process definition: ACEUser
Process task: Delete User Returned Error Message: User does not exist Returned Error Code:
|
Check the user ID that you have specified. A user with this ID does not exist in ACE. |
| Process definition: ACEUser
Process task: Delete User Returned Error Message: User is an administrator Returned Error Code:
|
Check the user ID that you have specified. The user with this ID is an administrator. If you still want to delete it, then you must first revoke the administrator role. |
| Process definition: ACEUser
Process task: Assign users to ACE groups Returned Error Message: Access denied, check administrator credentials Returned Error Code:
|
Check the administrator credentials specified in the IT resource definition. |
| Process definition: ACEUser
Process task: Assign users to ACE groups Returned Error Message: Could not communicate with authentication server, RSA ACE authentication server is not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
| Process definition: ACEUser
Process task: Assign users to ACE groups Returned Error Message: Could not connect to RSA ACE database, RSA ACE Broker is not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
| Process definition: ACEUser
Process task: Assign users to ACE groups Returned Error Message: User does not exist Returned Error Code:
|
Check the user ID that you have specified. A user with this ID does not exist in ACE. |
| Process definition: ACEUser
Process task: Assign users to ACE groups Returned Error Message: Group does not exist Returned Error Code:
|
Check the group name that you have specified. A group with this name does not exist in ACE. |
| Process definition: ACEUser
Process task: Remove users from ACE groups Returned Error Message: Access denied, check administrator credentials Returned Error Code:
|
Check the administrator credentials specified in the IT resource definition. |
| Process definition: ACEUser
Process task: Remove users from ACE groups Returned Error Message: Could not communicate with authentication server, RSA ACE authentication server is not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
| Process definition: ACEUser
Process task: Remove users from ACE groups Returned Error Message: Could not connect to RSA ACE database, RSA ACE Broker is not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
| Process definition: ACEUser
Process task: Remove users from ACE groups Returned Error Message: User does not exist Returned Error Code:
|
Check the user ID that you have specified. A user with this ID does not exist in ACE. |
| Process definition: ACEUser
Process task: Remove users from ACE groups Returned Error Message: Group does not exist Returned Error Code:
|
Check the group name that you have specified. A group with this name does not exist in ACE. |
| Process definition: ACE Token
Process task: Assign SecurID tokens to users Returned Error Message: Access denied, check administrator credentials Returned Error Code:
|
Check the administrator credentials specified in the IT resource definition. |
| Process definition: ACE Token
Process task: Assign SecurID tokens to users Returned Error Message: Could not communicate with authentication server, RSA ACE authentication server is not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
| Process definition: ACE Token
Process task: Assign SecurID tokens to users Returned Error Message: Could not connect to RSA ACE database, RSA ACE Broker is not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
| Process definition: ACE Token
Process task: Assign SecurID tokens to users Returned Error Message: Token Serial Number is invalid Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number does not exist in ACE. |
| Process definition: ACE Token
Process task: Assign SecurID tokens to users Returned Error Message: Token is already assigned Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number is already assigned to another user in ACE. |
| Process definition: ACE Token
Process task: Assign SecurID tokens to users Returned Error Message: Maximum number of tokens already assigned to this user Returned Error Code:
|
Check the user to whom you have assigned the token. The maximum number (three) of SecurID tokens has already been assigned to this user in ACE. |
| Process definition: ACE Token0
Process task: Disable Token Returned Error Message: Access denied, check administrator credentials Returned Error Code:
|
Check the administrator credentials specified in the IT resource definition. |
| Process definition: ACE Token
Process task: Disable Token Returned Error Message: Could not communicate with authentication server, RSA ACE authentication server is not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
| Process definition: ACE Token
Process task: Disable Token Returned Error Message: Could not connect to RSA ACE database, RSA ACE Broker is not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
| Process definition: ACE Token
Process task: Disable Token Returned Error Message: Token Serial Number is invalid Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number does not exist in ACE. |
| Process definition: ACE Token
Process task: Disable Token Returned Error Message: Token is not assigned Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number is not assigned to any user in ACE. |
| Process definition: ACE Token
Process task: Enable Token Returned Error Message: Access denied, check administrator credentials Returned Error Code:
|
Check the administrator credentials specified in the IT resource definition. |
| Process definition: ACE Token
Process task: Enable Token Returned Error Message: Could not communicate with authentication server, RSA ACE authentication server is not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
| Process definition: ACE Token
Process task: Enable Token Returned Error Message: Could not connect to RSA ACE database, RSA ACE Broker is not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
| Process definition: ACE Token
Process task: Enable Token Returned Error Message: Token Serial Number is invalid Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number does not exist in ACE. |
| Process definition: ACE Token
Process task: Enable Token Returned Error Message: Token is not assigned Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number is not assigned to any user in ACE. |
| Process definition: ACE Token
Process task: Set PIN Updated Returned Error Message: Access denied, check administrator credentials Returned Error Code:
|
Check the administrator credentials specified in the IT resource definition. |
| Process definition: ACE Token
Process task: Set PIN Updated Returned Error Message: Could not communicate with authentication server, RSA ACE authentication server is not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
| Process definition: ACE Token
Process task: Set PIN Updated Returned Error Message: Could not connect to RSA ACE database, RSA ACE Broker is not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
| Process definition: ACE Token
Process task: Set PIN Updated Returned Error Message: Token Serial Number is invalid Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number does not exist in ACE. |
| Process definition: ACE Token
Process task: Set PIN Updated Returned Error Message: PINS do not match Returned Error Code:
|
Check the PIN that you have specified and then reentered. The PINs do not match. |
| Process definition: ACE Token
Process task: Set PIN to NTC Updated Returned Error Message: Access denied, check administrator credentials Returned Error Code:
|
Check the administrator credentials specified in the IT resource definition. |
| Process definition: ACE Token
Process task: Set PIN to NTC Updated Returned Error Message: Could not communicate with authentication server, RSA ACE authentication server is not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
| Process definition: ACE Token
Process task: Set PIN to NTC Updated Returned Error Message: Could not connect to RSA ACE database, RSA ACE Broker is not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
| Process definition: ACE Token
Process task: Set PIN to NTC Updated Returned Error Message: Token Serial Number is invalid Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number does not exist in ACE. |
| Process definition: ACE Token
Process task: Set PIN to NTC Updated Returned Error Message: Current Token Code is invalid Returned Error Code:
|
Check the token code that you have specified. It is invalid. Ensure that the token code does not change until the API call reaches RSA Authentication Manager. |
| Process definition: ACE Token
Process task: Set PIN to NTC Updated Returned Error Message: Token is not assigned Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number is not assigned to any user in ACE. |
| Process definition: ACE Token
Process task: Set Lost Updated Returned Error Message: Access denied, check administrator credentials Returned Error Code:
|
Check the administrator credentials specified in the IT resource definition. |
| Process definition: ACE Token
Process task: Set Lost Updated Returned Error Message: Could not communicate with authentication server, RSA ACE authentication server is not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
| Process definition: ACE Token
Process task: Set Lost Updated Returned Error Message: Could not connect to RSA ACE database, RSA ACE Broker is not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
| Process definition: ACE Token
Process task: Set Lost Updated Returned Error Message: Token Serial Number is invalid Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number does not exist in ACE. |
| Process definition: ACE Token
Process task: Test Login Updated Returned Error Message: Access denied, check administrator credentials Returned Error Code:
|
Check the administrator credentials specified in the IT resource definition. |
| Process definition: ACE Token
Process task: Test Login Updated Returned Error Message: Could not communicate with authentication server, RSA ACE authentication server is not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
| Process definition: ACE Token
Process task: Test Login Updated Returned Error Message: Could not connect to RSA ACE database, RSA ACE Broker is not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
| Process definition: ACE Token
Process task: Test Login Updated Returned Error Message: User does not exist Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number does not exist in ACE. |
| Process definition: ACE Token
Process task: Test Login Updated Returned Error Message: Current token code is missing Returned Error Code:
|
Check if you have entered the token code. |
| Process definition: ACE Token
Process task: Test Login Updated Returned Error Message: Passcode is invalid Returned Error Code:
|
Check the token code that you have specified. It is invalid. Ensure that the token code does not change until the API call reaches the RSA Authentication Manager. |
| Process definition: ACE Token
Process task: Revoke SecurID tokens from users Returned Error Message: Access denied, check administrator credentials Returned Error Code:
|
Check the administrator credentials specified in the IT resource definition. |
| Process definition: ACE Token
Process task: Revoke SecurID tokens from users Returned Error Message: Could not communicate with authentication server, RSA ACE authentication server not running Returned Error Code:
|
Start the service for RSA ACE Authentication Server. |
| Process definition: ACE Token
Process task: Revoke SecurID tokens from users Returned Error Message: Could not connect to RSA ACE database, RSA ACE Broker is not running Returned Error Code:
|
Start the service for RSA ACE Broker. |
| Process definition: ACE Token
Process task: Revoke SecurID tokens from users Returned Error Message: Token Serial Number is invalid Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number does not exist in ACE. |
| Process definition: ACE Token
Process task: Revoke SecurID tokens from users Returned Error Message: Token is not assigned Returned Error Code:
|
Check the token serial number that you have specified. A token with this serial number is not assigned to any user in ACE. |
|
 Copyright © 2009, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|