2 Deploying the RSA Authentication Manager Connector
The procedure to deploy the connector can be divided into the following stages:
2.1 Preinstallation
Before installing the connector, you must copy the external code files and create a target system account to perform all reconciliation and provisioning operations. This information is divided across the following sections:
2.1.1 Copying the External Code Files
You must perform the following procedure to copy the external code files:
2.1.2 Creating a Target System Account for Connector Operations
As a part of preinstallation, the connector uses a target system account to perform reconciliation and provisioning operations on the target system. To create this account, you must perform the following procedure:
-
Log in to the RSA Security Console.
-
If you want to assign administrative roles to end-users, then use the SuperAdminRole which is present by default in the target system, since only SuperAdminRole (and no custom role) can have permissions over all the administrative roles. If not, to create a role having the minimum permissions required for connector operations, perform the following procedure:
-
Expand the Administration list, select Administrative Roles, and then select Add New.
The following screenshot shows this page:
-
In the Administrative Role Name field, enter a name for the role.
-
Select the Permission Delegation check box.
-
In the Notes field, enter a description for the role.
-
In the Administrative Scope region:
- Select the security domains that you want to include in the scope for connector operations.
- Select the identity source that you want to include in the scope for connector operations.
-
Click Next.
-
In the Manager Policies region of the General Permissions page, select the View check box for the following permissions:
- Password Policies
- Lockout Policies
- Self-Service Troubleshooting Policies
- SecurID Token Policies
- Offline Authentication Policies
-
In the Manage Security Domains region, select the View check box.
-
In the Manage Delegated Administration region, select the following permissions:
- View check box for Administrative Roles
- Assign Administrative Roles check box
-
In the Manage Users region, select the following permissions:
- All, Delete, Add, Edit, and View check boxes for Users
- Console Display check box
-
In the Manage User Groups region, select the View and Assign User Group Membership check boxes.
-
In the Manage Reports region, select the View check box for the Reports permission.
-
Click Next.
-
In the Manage RSA SecurID Tokens region of the Authentication Permissions page, select the following permissions:
- Edit and View check boxes for SecurID Tokens
- Assign Tokens
- Distribute Software Tokens
- View check box for Token Attribute Definitions
- SecurID 800 Smart Card Details
-
In the Manage User Groups region, select the View check box for the User Group Restricted Access permission.
-
In the Manage User Authentication Attributes region, select the following permissions:
- Edit and View check boxes for the Fixed Passcode
- Manage Windows Password Integration
- Manage Incorrect Password Count
- Edit and View check boxes for the Default Shell permission
-
In the Manage Authentication Agents region, select the View check box for the Authentication Agent permission.
-
In the Trusted Realm Management region, select the following check boxes
- View check box for the Trusted Users permission
- View check box for the Trusted User Groups permission
- View check box for the Trusted User Group Restricted Access permission
-
In the Manage RADIUS region, select following permissions:
- View check box for RADIUS Profiles
- Assign User RADIUS Profile check box
-
In the Manage On-Demand Authentication region, select the Manage On-Demand Authentication permission
-
Click Next.
-
On the Self-Service Permissions page, in the Provisioning Requests region, click Next.
-
On the Control/Summary page, review the summary of permissions and then click Save And Finish.
-
-
Create a user and assign the role to the user as follows:
-
Expand the Identity list, select Users, and then select Add New.
The following screenshot shows this page:
-
On the Add New User page, enter the required values and then click Save.
Note:
The user ID and password that you enter on this page must be provided as the values of the Admin UserID and Admin Password IT resource parameters.
In the Account Information region, select the No expiration date check box.
The following screenshot shows this page:
-
Use the Search feature to open the details of the newly created user.
The following screenshot shows this page:
-
Click the arrow displayed next to the user name and then select Assign More.
The following screenshot shows this page:
-
From the list of administrative roles, select the role that you create in Step 2 and then click Assign Role.
The following screenshot shows this page:
-
2.2 Installation
You must install the RSA Authentication Manager connector in Oracle Identity Manager and in the Connector Server, as described in the following sections:
2.2.1 Understanding Installation
Depending on where you want to run the generated connector, the connector provides the following installation options:
-
If you are using Oracle Identity Manager 11g Release 2 (11.1.2.0.0) and any later BP in this release track, then you must run the connector code remotely in a Connector Server. To do so, perform the procedures described in Installing the Connector in Oracle Identity Manager and Deploying the Connector in a Connector Server.
-
If you are using Oracle Identity Manager 11g Release 2 PS1 (11.1.2.1.0) and any later BP in this release track, Oracle Identity Manager 11g Release 2 PS2 (11.1.2.2.0) and any later BP in this release track, or Oracle Identity Manager 11g Release 2 PS3 (11.1.2.3.0), depending on where you want to run the connector code (bundle), the connector provides the following installation options:
-
To run the connector code locally in Oracle Identity Manager, perform the procedure described in Installing the Connector in Oracle Identity Manager.
-
To run the connector code remotely in a Connector Server, perform the procedures described in Installing the Connector in Oracle Identity Manager and Deploying the Connector in a Connector Server.
-
2.2.2 Installing the Connector in Oracle Identity Manager
To install the connector on Oracle Identity Manager, you must run the installer and configure the IT Resource parameters as described in the following sections:
2.2.2.1 Running the Connector Installer
Note:
In this guide, the term Connector Installer has been used to refer to the Connector Installer feature of the Administrative and User Console.
To run the Connector Installer:
-
Copy the contents of the connector installation media directory into the following directory:
OIM_HOME/server/ConnectorDefaultDirectory
-
Log in to Oracle Identity System Administration.
-
In the left pane, under System Management, click Manage Connector.
-
In the Manage Connector page, click Install.
-
From the Connector List list, select RSAAM Connector RELEASE_NUMBER. This list displays the names and release numbers of connectors whose installation files you copy into the default connector installation directory in Step 1.
If you have copied the installation files into a different directory, then:
-
In the Alternative Directory field, enter the full path and name of that directory.
-
To repopulate the list of connectors in the Connector List list, click Refresh.
-
From the Connector List list, select RSAAM Connector RELEASE_NUMBER.
-
-
Click Load.
-
To start the installation process, click Continue.
The following tasks are performed, in sequence:
-
Configuration of connector libraries
-
Import of the connector XML files (by using the Deployment Manager)
-
Compilation of adapters
On successful completion of a task, a check mark is displayed for the task. If a task fails, then an X mark and a message stating the reason for failure is displayed. Depending on the reason for the failure, make the required correction and then perform one of the following steps:
-
Retry the installation by clicking Retry.
-
Cancel the installation and begin again from Step 1.
-
-
If all three tasks of the connector installation process are successful, then a message indicating successful installation is displayed. In addition, a list of steps that you must perform after the installation is displayed. These steps are as follows:
-
Ensuring that the prerequisites for using the connector are addressed
Note:
At this stage, run the Oracle Identity Manager PurgeCache utility to load the server cache with content from the connector resource bundle in order to view the list of prerequisites. SeeClearing Content Related to Connector Resource Bundles from the Server Cache for information about running the PurgeCache utility.
There are no prerequisites for some predefined connectors.
-
Configuring the IT resource for the connector
The procedure to configure the IT resource is described later in this guide.
-
Configuring the scheduled jobs
The procedure to configure these scheduled jobs is described later in this guide.
-
When you run the Connector Installer, it copies the connector files and external code files to destination directories on the Oracle Identity Manager host computer. These files are listed in Configuring the IT Resource for the Target System.
2.2.2.2 Configuring the IT Resource for the Target System
The IT resource for the target system is created during connector installation. This IT resource contains connection information about the target system. Oracle Identity Manager uses this information during reconciliation and provisioning.
You must specify values for the parameters of the RSA Server Instance IT resource as follows:
2.2.3 Deploying the Connector in a Connector Server
You can deploy the RSA Authentication Manager connector either locally in Oracle Identity Manager or remotely in the Connector Server. A connector server is an application that enables remote execution of an Identity Connector, such as the RSA Authentication Manager connector.
This section discusses the following topics:
2.2.3.1 About the Connector Server
You can deploy the RSA Authentication Manager connector either locally in Oracle Identity Manager or remotely in the Connector Server. A connector server is an application that enables remote execution of an Identity Connector, such as the RSA Authentication Manager connector.
Note:
To deploy the connector bundle remotely in a Connector Server, you must first deploy the connector in Oracle Identity Manager, as described in Installing the Connector in Oracle Identity Manager.
You can deploy the RSA Authentication Manager connector remotely in the Connector Server. A connector server is a Microsoft Windows application that enables remote execution of an Identity Connector. Connector servers are available in the following two implementations:
-
As a .Net implementation that is used by Identity Connectors implemented in .Net
-
As a Java Connector Server implementation that is used by Java-based Identity Connectors
The RSA Authentication Manager connector is implemented in Java, so you can deploy this connector to a Java Connector Server.
2.2.3.2 Installing and Configuring the Connector Server
Use the following steps to install and configure the Java Connector Server:
Note:
Before you deploy the Java Connector Server, ensure that you install the JDK or JRE on the same computer where you are installing the Java Connector Server and that your JAVA_HOME or JRE_HOME environment variable points to this installation.
Note:
Oracle Identity Manager has no built-in support for connector servers, so you cannot test your configuration.
2.2.3.3 Running the Connector Server
To run the Java Connector Server, use the ConnectorServer.bat script for Windows and use the ConnectorServer.sh script for UNIX as follows:
2.2.3.4 Installing the Connector on the Connector Server
See Also:
Using an Identity Connector Server in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for information about installing and configuring connector server and running the connector server
If you need to deploy the RSA Authentication Manager into the Java Connector Server, then follow these steps:
2.3 Postinstallation
After successfully installing the connector, you must configure Oracle Identity Manager and create an IT Resource for the connector server. The following sections contain detailed information:
2.3.1 Postinstallation on Oracle Identity Manager
Configuring the Oracle Identity Manager involves performing multiple operations. These operations are discussed in detail in the following procedures:
2.3.1.1 Configuring Self-Request Provisioning
To configure self-request provisioning, perform the following procedure:
2.3.1.2 Configuring Oracle Identity Manager
You must create additional metadata such as a UI form and an application instance, and must run entitlement and catalog synchronization jobs. In addition, you must tag some of the fields in the OIM User process form. These procedures are described in the following sections:
Note:
The procedure mentioned in the following sections have to performed for RSA Auth Manager User resource object and RSA Auth Manager Token resource object.
2.3.1.2.1 Creating and Activating a Sandbox
You must create and activate a sandbox to begin using the customization and form management features. You can then publish the sandbox to make the customizations available to other users.
See Creating a Sandbox and Activating and Deactivating a Sandbox in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager.
2.3.1.2.2 Creating a New UI Form
-
In the left pane, under Configuration, click Form Designer.
-
Under Search Results, click Create.
-
Select the resource type for which you want to create the form, for example, RSA Auth Manager User or RSA Auth Manager Token.
-
Enter a form name and click Create.
2.3.1.2.3 Creating an Application Instance
Create an application instance as follows:
- In the System Administration page, under Configuration in the left pane, click Application Instances.
- Under Search Results, click Create.
- Enter appropriate values for the fields displayed on the Attributes form and click Save.
- In the Form drop-down list, select the newly created form and click Apply.
- Publish the application instance to an organization to make the application instance available for requesting and subsequent provisioning to users. See Publishing an Application Instance to Organizations in Oracle Fusion Middleware Administering Oracle Identity Manager.
2.3.1.2.4 Upgrading User Form in Oracle Identity Manager
This connector creates a new OIM user attribute (UDF) RSAAM User GUID. Although this user attribute (UDF) is added to a new User Form version, the User Form from the old version is only used for all operations. To use the latest form version which contains the GUID field, you must customize the associated pages on the interface to upgrade to the latest User Form and add the custom form fields. To do so, perform the following procedure:
2.3.1.2.5 Publishing a Sandbox
To publish the sandbox that you created in Creating and Activating a Sandbox:
- Close all the open tabs and pages.
- From the table showing the available sandboxes in the Manage Sandboxes page, select the sandbox that you created in Creating and Activating a Sandbox.
- On the toolbar, click Publish Sandbox. A message is displayed asking for confirmation.
- Click Yes to confirm. The sandbox is published and the customizations it contained are merged with the main line.
2.3.1.2.7 Updating an Existing Application Instance with a New Form
- Create a sandbox and activate it. See Creating a Sandbox and Activating and Deactivating a Sandbox in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager.
- Create a new UI form for the resource. See Creating Forms By Using the Form Designer in Oracle Fusion Middleware Administering Oracle Identity Manager.
- Open the existing application instance.
- In the Form field, select the new UI form that you created.
- Save the application instance.
- Publish the sandbox. See Publishing a Sandbox in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager.
2.3.1.3 Clearing Content Related to Connector Resource Bundles from the Server Cache
When you deploy the connector, the resource bundles are copied from the resources directory on the installation media into the Oracle Identity Manager database. Whenever you add a new resource bundle to the connectorResources directory or make a change in an existing resource bundle, you must clear content related to connector resource bundles from the server cache.
To clear content related to connector resource bundles from the server cache:
2.3.1.4 Managing Logging for RSA Authentication Manager Connector
You can set a log level based on Oracle Java Diagnostic Logging and enable logging in the Oracle WebLogic Server. The following sections contain detailed information:
2.3.1.4.1 Understanding Log Levels
Oracle Identity Manager uses Oracle Java Diagnostic Logging (OJDL) for logging. OJDL is based on java.util.logger. To specify the type of event for which you want logging to take place, you can set the logs to one of the following available levels:
-
SEVERE.intValue()+100
This level enables logging of information about fatal errors.
-
SEVERE
This level enables logging of information about errors that might allow Oracle Identity Manager to continue running.
-
WARNING
This level enables logging of information about potentially harmful situations.
-
INFO
This level enables logging of messages that highlight the progress of the application.
-
CONFIG
This level enables logging of information about fine-grained events that are useful for debugging.
-
FINE, FINER, FINEST
These levels enable logging of information about fine-grained events, where FINEST logs information about all events.
These log levels are mapped to ODL message type and level combinations as shown in Table 2-1.
Table 2-1 Log Levels and ODL Message Type:Level Combinations
Log Level | ODL Message Type:Level |
---|---|
SEVERE.intValue()+100 |
INCIDENT_ERROR:1 |
SEVERE |
ERROR:1 |
WARNING |
WARNING:1 |
INFO |
NOTIFICATION:1 |
CONFIG |
NOTIFICATION:16 |
FINE |
TRACE:1 |
FINER |
TRACE:16 |
FINEST |
TRACE:32 |
The configuration file for OJDL is logging.xml, which is located at the following path:
DOMAIN_HOME/config/fmwconfig/servers/OIM_SERVER/logging.xml
Here, DOMAIN_HOME and OIM_SERVER are the domain name and server name specified during the installation of Oracle Identity Manager.
2.3.1.4.2 Enabling Logging
To enable logging in Oracle WebLogic Server:
-
Edit the logging.xml file as follows:
-
Add the following blocks in the file:
<log_handler name='rsaam-handler' level='[LOG_LEVEL]' class='oracle.core.ojdl.logging.ODLHandlerFactory'> <property name='logreader:' value='off'/> <property name='path' value='[FILE_NAME]'/> <property name='format' value='ODL-Text'/> <property name='useThreadName' value='true'/> <property name='locale' value='en'/> <property name='maxFileSize' value='5242880'/> <property name='maxLogSize' value='52428800'/> <property name='encoding' value='UTF-8'/> </log_handler>
<logger name="ORG.IDENTITYCONNECTORS.RSAAM" level="[LOG_LEVEL]" useParentHandlers="false"> <handler name="rsaam-handler"/> <handler name="console-handler"/> </logger>
-
Replace both occurrences of
[LOG_LEVEL]
with the ODL message type and level combination that you require. Table 2-1 lists the supported message type and level combinations.Similarly, replace
[FILE_NAME]
with the full path and name of the log file in which you want log messages specific to connector operations to be recorded.The following blocks show sample values for
[LOG_LEVEL]
and[FILE_NAME]
:<log_handler name='rsaam-handler' level='NOTIFICATION:1' class='oracle.core.ojdl.logging.ODLHandlerFactory'> <property name='logreader:' value='off'/> <property name='path' value=/scratch/RSA/Logs/RSA.log> <property name='format' value='ODL-Text'/> <property name='useThreadName' value='true'/> <property name='locale' value='en'/> <property name='maxFileSize' value='5242880'/> <property name='maxLogSize' value='52428800'/> <property name='encoding' value='UTF-8'/> </log_handler> <logger name="ORG.IDENTITYCONNECTORS.RSAAM" level="NOTIFICATION:1" useParentHandlers="false"> <handler name="rsaam-handler"/> <handler name="console-handler"/> </logger>
With these sample values, when you use Oracle Identity Manager, all messages generated for this connector that are of a log level equal to or higher than the
NOTIFICATION:1
level are recorded in the specified file. -
-
Save and close the file.
-
Set the following environment variable to redirect the server logs to a file:
For Microsoft Windows:
set WLS_REDIRECT_LOG=FILENAME
For UNIX:
export WLS_REDIRECT_LOG=FILENAME
Replace FILENAME with the location and name of the file to which you want to redirect the output.
-
Restart the application server.
2.3.1.5 Setting up the Lookup Definition for Connection Pooling
Connection pooling allows reuse of physical connections and reduced overhead for your application. This procedure of setting up the lookup definition for connector pooling can be divided into the following sections:
2.3.1.5.1 Understanding Connection Pooling Properties
By default, this connector uses the ICF connection pooling. Connection Pooling Properties lists the connection pooling properties, their description, and default values set in ICF:
Table 2-2 Connection Pooling Properties
Property | Description |
---|---|
Pool Max Idle |
Maximum number of idle objects in a pool. Default value: |
Pool Max Size |
Maximum number of connections that the pool can create. Default value: |
Pool Max Wait |
Maximum time, in milliseconds, the pool must wait for a free object to make itself available to be consumed for an operation. Default value: |
Pool Min Evict Idle Time |
Minimum time, in milliseconds, the connector must wait before evicting an idle object. Default value: |
Pool Min Idle |
Minimum number of idle objects in a pool. Default value: |
2.3.1.6 Setting up the Lookup Definition for Different Time Zones
Based on your requirement, the time zone property can be configured to define the time zone in which connector operations are performed. This information can be divided into the following sections:
Note:
Perform the following procedure only if Oracle Identity Manager and RSA Authentication Manger are in different time zones.
2.3.1.6.1 Time Zone Properties
Table 2-3 lists the time zone properties, their code and decode values along with respective descriptions:
Table 2-3 Time Zone Properties
Code Key | Decode | Description |
---|---|---|
sourceTimeZone |
For the decode value, refer the format of the timeZone present in the following URL:
|
This entry is not present by default, and has to be added only if Oracle Identity Manager and RSA Authentication Manger are in different time zones. If this entry is not defined, then the connector retrieves the default time zone from the location where the connector is running (can be either from the Oracle Identity Manager server or the connector server). |
targetTimeZone |
For the decode value, refer the format of the timeZone present in the following URL:
|
This entry is not present by default, and has to be added only if Oracle Identity Manager and RSA Authentication Manger are in different time zones. If this entry is not defined, then the connector retrieves the default time zone from the location where the connector is running (can be either from the Oracle Identity Manager server or the connector server). |
2.3.1.7 Localizing Field Labels in UI Forms
To localize field label that you add to in UI forms:
-
Log in to Oracle Enterprise Manager.
-
In the left pane, expand Application Deployments and then select oracle.iam.console.identity.sysadmin.ear.
-
In the right pane, from the Application Deployment list, select MDS Configuration.
-
On the MDS Configuration page, click Export and save the archive to the local computer.
-
Extract the contents of the archive, and open one of the following files in a text editor:
-
For Oracle Identity Manager 11g Release 2 PS2 (11.1.2.2.0) and later:
SAVED_LOCATION\xliffBundles\oracle\iam\ui\runtime\BizEditorBundle_en.xlf
-
For releases prior to Oracle Identity Manager 11g Release 2 PS2 (11.1.2.2.0):
SAVED_LOCATION\xliffBundles\oracle\iam\ui\runtime\BizEditorBundle.xlf
-
-
Edit the BizEditorBundle.xlf file in the following manner:
-
Search for the following text:
<file source-language="en" original="/xliffBundles/oracle/iam/ui/runtime/BizEditorBundle.xlf" datatype="x-oracle-adf">
-
Replace with the following text:
<file source-language="en" target-language="LANG_CODE" original="/xliffBundles/oracle/iam/ui/runtime/BizEditorBundle.xlf" datatype="x-oracle-adf">
In this text, replace LANG_CODE with the code of the language that you want to localize the form field labels. The following is a sample value for localizing the form field labels in Japanese:
<file source-language="en" target-language="ja" original="/xliffBundles/oracle/iam/ui/runtime/BizEditorBundle.xlf" datatype="x-oracle-adf">
-
Search for the application instance code. This procedure shows a sample edit for RSA application instance. The original code is:
<trans-unit id="${adfBundle['oracle.adf.businesseditor.model.util.BaseRuntimeResourceBundle']['persdef.sessiondef.oracle.iam.ui.runtime.form.model.user.entity.userEO.UD_AMUSER_FIRST_NAME__c_description']}"> <source>First Name</source> <target/> </trans-unit> <trans-unit id="sessiondef.oracle.iam.ui.runtime.form.model.RSAForm.entity.RSAFormEO.UD_AMUSER_FIRST_NAME__c_LABEL"> <source>First Name</source> <target/> </trans-unit>
-
Open the resource file from the connector package, for example RSA-AuthManager_ja.properties, and get the value of the attribute from the file, for example, global.udf.UD_AMUSER_FIRST_NAME=\u540D.
-
Replace the original code shown in Step 6.c with the following:
<trans-unit id="${adfBundle['oracle.adf.businesseditor.model.util.BaseRuntimeResourceBundle']['persdef.sessiondef.oracle.iam.ui.runtime.form.model.user.entity.userEO.UD_AMUSER_FIRST_NAME__c_description']}"> <source>First Name</source> <target>\u540D</target> </trans-unit> <trans-unit id="sessiondef.oracle.iam.ui.runtime.form.model.RSAForm.entity.RSAFormEO.UD_AMUSER_FIRST_NAME__c_LABEL"> <source>First Name</source> <target>\u540D</target> </trans-unit>
-
Repeat Steps 6.a through 6.d for all attributes of the process form.
-
Save the file as BizEditorBundle_LANG_CODE.xlf. In this file name, replace LANG_CODE with the code of the language to which you are localizing.
Sample file name: BizEditorBundle_ja.xlf.
-
-
Repackage the ZIP file and import it into MDS.
See Also:
Deploying and Undeploying Customizations in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for more information about exporting and importing metadata files
-
Log out of and log in to Oracle Identity Manager.
2.3.1.8 Addressing Prerequisites for Using the Java API of RSA Authentication Manager
To enable the connector to work with the Java API of the target system, perform the following procedures:
2.3.1.8.1 Required Java System Properties
Perform the procedure described in the "Required Java System Properties" section of the RSA Authentication Manager Developer's Guide.
2.3.1.8.2 Exporting and Importing the Server Root Certificate
To export and then import the server root certificate:
- To export the certificate from RSA Authentication Manager, perform the procedure described in the "Making the RSA Root Certificate Available for API Clients (Java)" section of the RSA Authentication Manager Developer's Guide.
- To import the certificate exported in Step 1 into your Application Server (IBM Websphere, JBoss or Oracle Weblogic), follow the procedure described in the "Import the Server Root Certificate" section of the RSA Authentication Manager Developer's Guide. Import the certificate into the same keystore defined by the Java property in the previous section depending upon the type of connection with the target system.
2.3.2 Creating the IT Resource for the Connector Server
Note:
Perform the procedure described in this section only if you have deployed the connector bundle remotely in a Connector Server.
To create the IT resource for the Connector Server:
-
Log in to Oracle Identity System Administration.
-
In the left pane, under Configuration, click IT Resource.
-
In the Manage IT Resource page, click Create IT Resource.
-
On the Step 1: Provide IT Resource Information page, perform the following steps:
-
IT Resource Name: Enter a name for the IT resource.
-
IT Resource Type: Select Connector Server from the IT Resource Type list.
-
Remote Manager: Do not enter a value in this field.
-
-
Click Continue. Figure 2-3 shows the IT resource values added on the Create IT Resource page.
Figure 2-3 Step 1: Provide IT Resource Information
Description of "Figure 2-3 Step 1: Provide IT Resource Information" -
On the Step 2: Specify IT Resource Parameter Values page, specify values for the parameters of the IT resource and then click Continue. Figure 2-4 shows the Step 2: Specify IT Resource Parameter Values page.
Figure 2-4 Step 2: Specify IT Resource Parameter Values
Description of "Figure 2-4 Step 2: Specify IT Resource Parameter Values"Table 2-4 provides information about the parameters of the IT resource.
Table 2-4 Parameters of the IT Resource for the Connector Server
Parameter Description Host
Enter the host name or IP address of the computer hosting the connector server.
Sample value:
RManager
Key
Enter the key for the Java connector server.
Port
Enter the number of the port at which the connector server is listening.
Default value:
8759
Timeout
Enter an integer value which specifies the number of milliseconds after which the connection between the connector server and Oracle Identity Manager times out.
Sample value:
300
UseSSL
Enter
true
to specify that you will configure SSL between Oracle Identity Manager and the Connector Server. Otherwise, enterfalse.
Default value:
false
Note: It is recommended that you configure SSL to secure communication with the connector server. To configure SSL, run the connector server by using the /setKey [
key
] option. The value of this key must be specified as the value of the Key IT resource parameter of the connector server.To use SSL, you must set the value of connectorserver.usessl property to
true,
and then set the value of connectorserver.certifacatestorename to the certificate store name. -
On the Step 3: Set Access Permission to IT Resource page, the
SYSTEM ADMINISTRATORS
group is displayed by default in the list of groups that have Read, Write, and Delete permissions on the IT resource that you are creating.Note:
This step is optional.
If you want to assign groups to the IT resource and set access permissions for the groups, then:
-
Click Assign Group.
-
For the groups that you want to assign to the IT resource, select Assign and the access permissions that you want to set. For example, if you want to assign the
ALL USERS
group and set the Read and Write permissions to this group, then you must select the respective check boxes in the row, as well as the Assign check box, for this group. -
Click Assign.
-
-
On the Step 3: Set Access Permission to IT Resource page, if you want to modify the access permissions of groups assigned to the IT resource, then:
Note:
-
This step is optional.
-
You cannot modify the access permissions of the
SYSTEM ADMINISTRATORS
group. You can modify the access permissions of only other groups that you assign to the IT resource.
-
Click Update Permissions.
-
Depending on whether you want to set or remove specific access permissions for groups displayed on this page, select or deselect the corresponding check boxes.
-
Click Update.
-
-
On the Step 3: Set Access Permission to IT Resource page, if you want to unassign a group from the IT resource, then:
Note:
-
This step is optional.
-
You cannot unassign the
SYSTEM ADMINISTRATORS
group. You can unassign only other groups that you assign to the IT resource.
-
Select the Unassign check box for the group that you want to unassign.
-
Click Unassign.
-
-
Click Continue. Figure 2-5 shows the Step 3: Set Access Permission to IT Resource page.
Figure 2-5 Step 3: Set Access Permission to IT Resource
Description of "Figure 2-5 Step 3: Set Access Permission to IT Resource" -
On the Step 4: Verify IT Resource Details page, review the information that you provided on the first, second, and third pages. If you want to make changes in the data entered on any page, click Back to revisit the page and then make the required changes.
-
To proceed with the creation of the IT resource, click Continue. Figure 2-6 shows Step 4: Verify IT Resource Details page.
Figure 2-6 Step 4: Verify IT Resource Details
Description of "Figure 2-6 Step 4: Verify IT Resource Details" -
The Step 5: IT Resource Connection Result page displays the results of a connectivity test that is run using the IT resource information. If the test is successful, then click Continue. If the test fails, then you can perform one of the following steps:
-
Click Back to revisit the previous pages and then make corrections in the IT resource creation information.
-
Click Cancel to stop the procedure, and then begin from the first step onward.
Figure 2-7 shows the Step 5: IT Resource Connection Result page.
Figure 2-7 Step 5: IT Resource Connection Result
Description of "Figure 2-7 Step 5: IT Resource Connection Result"
-
-
Click Finish. Figure 2-8 shows the IT Resource Created page.
2.4 About Upgrading the RSA Authentication Manager Connector
Upgrading to this release of the connector from earlier releases is not supported.
2.5 Postcloning the RSA Authentication Manager
If you clone the connector, a copy of the connector is created. Once this is completed, some of the connector objects that might contain the details of the old connector must be modified as a part of postcloning. The following sections contain detailed information:
2.5.1 About Postcloning
You can clone the RSA Authentication Manager connector by setting new names for some of the objects that comprise the connector. The outcome of the process is a new connector XML file. Most of the connector objects, such as Resource Object, Process Definition, Process Form, IT Resource Type Definition, IT Resource Instances, Lookup Definitions, Adapters, Reconciliation Rules and so on in the new connector XML file have new names.
After a copy of the connector is created by setting new names for connector objects, some objects might contain the details of the old connector objects. Therefore, you must modify the following Oracle Identity Manager objects to replace the base connector artifacts or attribute references with the corresponding cloned artifacts or attributes:
-
Localization Properties
You must update the resource bundle of a user locale with new names of the process form attributes for proper translations after cloning the connector. You can modify the properties file of your locale in the resources directory of the connector bundle.
-
Lookup Definition
In the cloned lookup definition for provisioning attribute map, if the code key entries specific to groups and roles contain the old process form details, then you must modify them to reflect the cloned form name.
For example, consider Lookup.RSAAM.UM.ProvAttr1 and UD_AMROLE1 to be the cloned versions of the Lookup.RSAAM.UM.ProvAttrMap lookup definition and UD_AMROLE child form, respectively.
After cloning, the Lookup.RSAAM.UM.ProvAttrMap1 lookup definition contains Code Key entries that correspond to the fields of the old child form UD_AMROLE. To ensure that the Code Key entries point to the fields of the cloned child form (UD_AMROLE1), specify UD_AMROLE1~Role Name[LOOKUP] in the corresponding Code Key column. Similarly, you can specify UD_AMGROUP1~Group Name[LOOKUP] in the Code Key column for groups.
-
Child Table
As a result of a change in the name of the child table, you must modify the corresponding mappings for the child table operations to work successfully.