ALES Integration Guide

     Previous  Next    Open TOC in new window    View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

ALES Adapter for Sun Identity Manager

The AquaLogic Enterprise Security Adapter is a plug-in to the Sun Identity Manager that enables the bi-directional propagation of users and user attributes between Sun Identity Manager and ALES.

This document contains detailed, step-by-step instructions on how to configure the adapter in Sun Identity Manager, and how to set up active sync from the adapter.

After completing these tasks, the user operations in Sun Identity Manager will take effect in ALES, and the user operations in the ALES Administration console will be synced into Sun Identity Manager. The sync interval from ALES to Sun Identity Manager is configurable.

 

Set Up ALES Resource in Sun Identity Manager

Perform the following steps to set up the adapter as a resource in Sun Identity Manager:

  1. Stop the Sun Identity Manager container.
  2. Copy the following files from ales30-admin to idm/WEB-INF/lib:
    • ales30-admin/lib/asi_classes.jar
    • ales30-admin/lib/asitools.jar
    • ales30-admin/lib/jsafeJCE.jar (WLS 8.x) or jsafeJCEFIPS.jar (WLS 9.x)
    • ales30-admin/lib/log4j.jar
    • ales30-admin/lib/ssladapter.jar
    • ales30-admin/lib/sslplus.jar
    • ales30-admin/lib/webservice.jar
    • ales30-admin/lib/webserviceclient.jar
    • ales30-admin/lib/providers/ojdbc14_g.jar
    • ales30-admin/lib/providers/jconn2.jar
    • ales30-admin/lib/providers/jconn3.jar
    • ales30-admin/data/SunIMAdapter/lib/ALESResourceAdapter.jar
  3. Copy ales30-admin/data/SunIMAdapter/forms/* to idm/sample/forms.
  4. Copy ales30-admin/data/SunIMAdapter/images/ALES.gif to idm/applet/image.
  5. Add execute permission for the following scripts on UNIX platforms:
    • ales30-admin/bin/install_user_change_schema_oracle.sh
    • ales30-admin/bin/install_user_change_schema_sybase.sh
  6. Run the following scripts to set up table space for the ALES UserChangeDBAuditor, which is configured in a subsequent step.

    7. For Oracle, run:

    ales30-admin/bin/install_user_change_schema_oracle.bat|sh

    For Sybase, run:

    ales30-admin/bin/install_user_change_schema_sybase.bat|sh

    You need to supply your ALES credentials in order for the scripts to make the necessary changes.

  7. Start the Sun Identity Manager container.
  8. Log in to the Sun Identity Manager console with the Configurator id. The default password is configurator.
  9. Configure the resource type:
    1. Click Configure at the top of the menu.
    2. Click Managed Resource in the sub-menu.
    3. Click the Add Custom Resource button. Enter com.bea.adapter.ALESResourceAdapter as the Resource Class Path under Custom Resource, and click Save.
  10. Configure the ALES resource:
    1. Click Resource at the top of the menu.
    2. Select New Resource in Resource Type Action from the dropdown list.
    3. Select ALES from the dropdown list of Resource Type, and click New.
    4. In Welcome Create ALES Resource Wizard, click Next.
    5. Enter the ALES resource parameters as follows, and then click Test Configuration. Make sure that the ALES Administration servers are currently running.
      • Host: The host name or IP address of ALES admin server
      • TCP port: The port number for BLM server (default=7011)
      • Username: The user who has privilege to manager users in ALES, e.g. “system”
      • Password: The password of user manager of ALES admin
      • Directory of Keystore: The full path to the ssl dir in the ALES admin. If the IDM is not located on the same machine as ALES admin then the ssl dir should be copied to the IDM machine
    6. If the test configuration is successful, status is displayed as Test connection succeeded for resource(s): ALES. Click Next.

      If the test configuration is not successful, an error message is displayed. You need to check the ALES Resource parameters and make sure that the ALES Administration servers started. After you have done this, test again.
    7. Configure user attributes, and click Next.
    8. Accept Identity Template settings, and click Next.
    9. Enter your Resource Name in Identity System Parameters, accept the other default settings, and then click Save.

 

Enable Active Sync for ALES Resource

An ALES Audit provider is used to record user-related operations in the ALES system. This is done so that the adapter for Sun Identity Manager can sync these changes automatically.

The procedure you follow to enable active sync for the ALES resource depends on whether you are using the WebLogic 9.x or WebLogic 8.1 SSM. When you use the WLS 9.x SSM, you configure security providers and other aspects of the SSM in the WebLogic Administration Console, rather than the ALES Administration Console.

Using the WebLogic 9.x SSM

  1. Start the ALES Administration servers.
  2. Log in to the WebLogic Server Administration Console on the system on which the WebLogic 9.x SSM is installed, https://hostname:port/console.
  3. Click Lock and Edit on the left top of the page.
  4. Create an instance of UserChangeDBAuditor. There should be no more than one User Change DB Auditor in one ALES domain.
    1. Click on Security Realms in the left panel.
    2. Click on your configured security realm in the middle of the right main panel.
    3. Click Providers on the top menu of realm.
    4. Click Auditing in the sub menu.
    5. Click New to configure a new Audit provider.
    6. Enter a name and select UserChangeDBAuditor as type, and click OK.
    7. Click the name you entered and go to the provider setting page.
    8. Click the Provider Specific top menu, and enter the JDBC parameters. The values should equal those of the ALES configuration.
    9. Click Save.
  5. Click Release Configuration on left top of page.
  6. Restart the ALES servers to make the UserChangeDBAuditor take effect.

Using the Weblogic 8.1 SSM

  1. Start the ALES Administration Server.
  2. Log in to the ALES Administration Console by entering the following in a browser:
    3. https://<host>:<port>/asi

    where <host> is the server host and <port> is port (default = 7010)

  3. Create a UserChangeDBAuditor as follows:
    1. In the left pane, select the asiadmin SSM under the adminconfig SCM.
    2. Click Providers in the right pane and then select the Auditors tab.
    3. On the Auditors tab, click on Configure a new User Change DBAuditor. Then accept the default name and click Create. Finally, open the Details tab, enter the JDBC parameters, and click Apply.
      4. Note: The JDBC parameter values should equal those of the ALES database configuration.
  4. Return to the left pane and select the Deployment node at the bottom of the tree. Then select the Configuration tab in the right pane.
  5. On the Configuration tab, select the Security Configuration checkbox and then click Distribute Configuration Changes.
  6. Click Refresh until the distribution is 100% complete.
  7. Restart the ALES Administration Server.

 

Set Up Active Sync in Identity Manager

  1. Log in to the Identity Manager console with the Configurator id. The default password is configurator.
  2. Configure Active Sync for the ALES Resource:
    1. Click Resource at the top of the menu.
    2. Select the ALES Resource in Resource List by clicking on the checkbox. Then, select Active Sync Wizard in the -- Resource Actions -- dropdown list.
    3. Select the Use Wizard Generated Input Form ratio button for Input Form Usage. Then, select Advanced for Configuration Mode and click Next.
    4. Configure Active Sync Running Settings on demand.
    5. Configure General Active Sync Settings. Enter JDBC values to match those of the ALES database configuration. Click Next.
    6. On the Event Types page, accept the default values and click Next.
    7. On the Process Selection page, accept the default values and click Next.
    8. On the Target Resources page, add the Identity Manager resources that need to sync with ALES resource to Target Resources.
    9. On the Target Attribute Mappings page, you can use add and remove to set up the mapping between ALES attributes and Identity Manager attributes. After you have finished the attribute-mapping settings, click Save to finish.

  Back to Top       Previous  Next