Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun[TM] Identity Manager 8.0 Resources Reference 

ClearTrust

The ClearTrust resource adapter is defined in the com.waveset.adapter.ClearTrustResourceAdapter class.

Resource Configuration Notes

You must edit the ClearTrust eserver.conf file to configure SSL mode. Change the cleartrust.eserver.api_port.use_ssl setting.

For more information, refer to ClearTrust documentation.

Identity Manager Installation Notes

The ClearTrust resource adapter is a custom adapter. You must perform the following steps to complete the installation process:

  1. To add this resource to the Identity Manager resources list, you must add the following value in the Custom Resources section of the Configure Managed Resources page.

    2. com.waveset.adapter.ClearTrustResourceAdapter

  2. Copy the ct_admin_api.jar file from your Clear Trust installation CD to the WEB-INF\lib directory.
  3. If using SSL, copy the following files to the WEB-INF\lib directory.

    4. Note

    If you are provisioning to an RSA Clear Trust 5.5.2 resource, additional libraries are not required for SSL communication.

    • asn1.jar
    • certj.jar
    • jce1_2-do.jar
    • jcert.jar
    • jnet.jar
    • jsafe.jar
    • jsaveJCE.jar
    • jsse.jar
    • rsajsse.jar
    • sslj.jar

Usage Notes

The ClearTrust API is split for users and administrators. (Users are not granted access to servers; administrators are users with administrative rights to the ClearTrust server.) Identity Manager does not create or manage ClearTrust administrative users.

There are three types of entitlements in ClearTrust: Application, Application Function and URL. Identity Manager supports Application Function only; other entitlements are ignored. Entitlements should be assigned to groups and the groups assigned to the user (which is supported by the adapter).

Security Notes

This section provides information about supported connections and privilege requirements.

Supported Connections

Identity Manager uses JNDI over SSL to communicate with the ClearTrust adapter.

Required Administrative Privileges

None

Provisioning Notes

The following table summarizes the provisioning capabilities of this adapter.

Feature

Supported?

Enable/disable account

Yes

Rename account

 

Pass-through authentication

Yes

Before/after actions

No

Data loading methods

  • Reconciliation
  • Import from resource

Account Attributes

The following table provides information about ClearTrust account attributes.

Identity Manager User Attribute

Resource User Attribute

Description

accountId

accountName

Required. The unique account ID for this user.

isAdminLockout

isAdminLockout

Boolean.

externalDN

externalDN

The external domain name for this user.

email

emailAddress

The user’s email address.

endDate

endDate

The end date for this user.

startDate

startDate

The start date for the user.

firstname

firstName

The user’s first name.

lastname

lastName

The user’s last name.

userGroup

userGroup

The groups assigned to the user.

Resource Object Management

None

Identity Template

$accountId$

Sample Forms

ClearTrustUserForm.xml

Troubleshooting

Use the Identity Manager debug pages to set trace options on the following class:

com.waveset.adapter.ClearTrustResourceAdapter



Previous      Contents      Index      Next     

.   Copyright 2008 Sun Microsystems, Inc. All rights reserved.