> Integrating ALES with Application Environments > AquaLogic Enterprise Security Adapter for Sun Identity Manager

Integrating ALES with Application Environments

     Previous  Next    Open TOC in new window  Open Index in new window  View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

AquaLogic Enterprise Security Adapter for Sun Identity Manager

The AquaLogic Enterprise Security Adapter is a plug-in to the Sun Identity Manager that enables the propagation of users and their attributes between Sun Identity Manager and AquaLogic Enterprise Security in a bi-directional way. The adapter is available with AquaLogic Enterprise Security 2.2 CP4 or higher.

This document contains detailed, step-by-step instructions on how to configure the adapter in Sun Identity Manager, and how to set up active sync from the adapter.

After completing these tasks, the user operations in Sun Identity Manager will take effect in AquaLogic Enterprise Security, and the user operations in the AquaLogic Enterprise Security Administration console will be synced into Sun Identity Manager. The sync interval from AquaLogic Enterprise Security to Sun Identity Manager is configurable.

 

Set Up ALES Resource in Sun Identity Manager

Perform the following steps to set up the adapter as a resource in Sun Identity Manager:

  1. Stop the Sun Identity Manager container.
  2. Copy the following files from ales26-admin to idm/WEB-INF/lib:
    • ales26-admin/lib/asi_classes.jar
    • ales26-admin/lib/asitools.jar
    • ales26-admin/lib/jsafeJCE.jar (WLS 8.x) or jsafeJCEFIPS.jar (WLS 9.x)
    • ales26-admin/lib/log4j.jar
    • ales26-admin/lib/ssladapter.jar
    • ales26-admin/lib/sslplus.jar
    • ales26-admin/lib/webservice.jar
    • ales26-admin/lib/webserviceclient.jar
    • ales26-admin/lib/providers/ojdbc14_g.jar
    • ales26-admin/lib/providers/jconn2.jar
    • ales26-admin/lib/providers/jconn3.jar
    • ales26-admin/data/SunIMAdapter/lib/ALESResourceAdapter.jar
  3. Copy ales26-admin/data/SunIMAdapter/forms/* to idm/sample/forms.
  4. Copy ales26-admin/data/SunIMAdapter/images/ALES.gif to idm/applet/image.
  5. Add execute permission for the following scripts on UNIX platforms:
    • ales26-admin/bin/install_user_change_schema_oracle.sh
    • ales26-admin/bin/install_user_change_schema_sybase.sh
  6. Run the following scripts to set up table space for the ALES UserChangeDBAuditor, which is configured in a subsequent step.

    7. For Oracle, run:

    ales26-admin/bin/install_user_change_schema_oracle.bat|sh

    For Sybase, run:

    ales26-admin/bin/install_user_change_schema_sybase.bat|sh

    You need to supply your ALES database credentials in order for the scripts to make changes to the ALES database.

  7. Start the Sun Identity Manager container.
  8. Log in to the Sun Identity Manager console with the Configurator id. The default password is configurator.
  9. Configure the resource type:
    1. Click Configure at the top of the menu.
    2. Click Managed Resource in the sub-menu.
    3. Click the Add Custom Resource button. Enter com.bea.adapter.ALESResourceAdapter as the Resource Class Path under Custom Resource, and click Save.
  10. Configure the ALES resource:
    1. Click Resource at the top of the menu.
    2. Select New Resource in Resource Type Action from the dropdown list.
    3. Select ALES from the dropdown list of Resource Type, and click New.
    4. In Welcome Create ALES Resource Wizard, click Next.
    5. Enter the ALES resource parameters as follows, and then click Test Configuration. Make sure that the ALES Administration servers are currently running.
      • Host: The host name or IP address of ALES admin server
      • TCP port: The port number for BLM server (default=7011)
      • Username: The user who has privilege to manager users in ALES, e.g. "system"
      • Password: The password of user manager of ALES admin
      • Directory of Keystore: The full path to the ssl dir in the ALES admin. If the IDM is not located on the same machine as ALES admin then the ssl dir should be copied to the IDM machine
    6. If the test configuration is successful, status is displayed as Test connection succeeded for resource(s): ALES. Click Next.

      If the test configuration is not successful, an error message is displayed. You need to check the ALES Resource parameters and make sure that the ALES Administration servers started. After you have done this, test again.
    7. Configure user attributes, and click Next.
    8. Accept Identity Template settings, and click Next.
    9. Enter your Resource Name in Identity System Parameters, accept the other default settings, and then click Save.

 

Enable Active Sync for ALES Resource

An ALES Audit provider is used to record every user-related operation in the ALES system to the ALES database. This is done so that the adapter for Sun Identity Manager can sync these changes automatically.

The procedure you follow to enable active sync for the ALES resource depends on whether you are using the WebLogic 9.x or WebLogic 8.1 SSM. When you use the WLS 9.x SSM, you configure security providers and other aspects of the SSM in the WebLogic Administration Console, rather than the ALES Administration Console.

Using the WebLogic 9.x SSM

  1. Start the ALES Administration servers.
  2. Log in to the WebLogic Server Administration Console on the system on which the WebLogic 9.x SSM is installed, https://hostname:port/console.
  3. Click Lock and Edit on the left top of the page.
  4. Create an instance of UserChangeDBAuditor. There should be no more than one User Change DB Auditor in one ALES domain.
    1. Click on Security Realms in the left panel.
    2. Click on your configured security realm in the middle of the right main panel.
    3. Click Providers on the top menu of realm.
    4. Click Auditing in the sub menu.
    5. Click New to configure a new Audit provider.
    6. Enter a name and select UserChangeDBAuditor as type, and click OK.
    7. Click the name you entered and go to the provider setting page.
    8. Click the Provider Specific top menu, and enter the JDBC parameters. The values should equal those of the ALES database configuration.
    9. Click Save.
  5. Click Release Configuration on left top of page.
  6. Restart the ALES servers to make the UserChangeDBAuditor take effect.

Using the Weblogic 8.x SSM

  1. Start the ALES Administration servers.
  2. Log in to the ALES admin console, https://hostname:port/asi.
  3. Create UserChangeDBAuditor. There should be no more than one User Change DB Auditor in one ALES domain.
    1. Click on Security Configuration.
    2. Click Security Control Managers.
    3. Click asiadmin node under adminconfig.
    4. On the Providers tab of the asiadmin configuration, click the Auditors tab.
    5. Click Configure a new User Change DBAuditor.
    6. Accept the default name and click Create.
    7. Click on the Details tab and enter the JDBC parameters. The values should equal those of the ALES database configuration.
    8. Click Apply.
  4. On the tree menu on the left side of console, Click on Deployment.
  5. Click on the Configuration tab.
  6. Check the Security Configuration changes check box, and then click Distribution Configuration changes.
  7. Click Refresh until this distribution is 100% complete.
  8. Restart the ALES Administration server to make the UserChangeDBAuditor take effect.

 

Set Up Active Sync in Identity Manager

  1. Log in to the Identity Manager console with the Configurator id. The default password is configurator.
  2. Configure Active Sync for the ALES Resource:
    1. Click Resource at the top of the menu.
    2. Select the ALES Resource in Resource List by clicking on the checkbox. Then, select Active Sync Wizard in the -- Resource Actions -- dropdown list.
    3. Select the Use Wizard Generated Input Form ratio button for Input Form Usage. Then, select Advanced for Configuration Mode and click Next.
    4. Configure Active Sync Running Settings on demand.
    5. Configure General Active Sync Settings. Enter JDBC values to match those of the ALES database configuration. Click Next.
    6. On the Event Types page, accept the default values and click Next.
    7. On the Process Selection page, accept the default values and click Next.
    8. On the Target Resources page, add the Identity Manager resources that need to sync with ALES resource to Target Resources.
    9. On the Target Attribute Mappings page, you can use add and remove to set up the mapping between ALES attributes and Identity Manager attributes. After you have finished the attribute-mapping settings, click Save to finish.

  Back to Top       Previous  Next