Download RSA Identity Governance and Lifecycle Collector Data

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
Document related concepts

Open Database Connectivity wikipedia , lookup

Database wikipedia , lookup

Microsoft Jet Database Engine wikipedia , lookup

Entity–attribute–value model wikipedia , lookup

Oracle Database wikipedia , lookup

Clusterpoint wikipedia , lookup

Extensible Storage Engine wikipedia , lookup

Relational model wikipedia , lookup

Database model wikipedia , lookup

Transcript 
RSA Identity Governance and Lifecycle Collector Data Sheet
for Oracle Database
RSA Identity Governance and Lifecycle Collector Data Sheet for Oracle
Table of Contents
Purpose ............................................................................................................................................................................................. 3
Supported Software .......................................................................................................................................................................... 3
Prerequisites ..................................................................................................................................................................................... 3
Configuration of Collectors ................................................................................................................................................................ 4
Identity Data Collector .......................................................................................................................................................................... 4
Configuration ..................................................................................................................................................................................... 4
Select types of account data to collect .............................................................................................................................................. 5
Mapping for user attributes ............................................................................................................................................................... 5
Account Data Collector .......................................................................................................................................................................... 7
Configuration ..................................................................................................................................................................................... 7
Select types of account data to collect .............................................................................................................................................. 8
Mapping for account attributes ......................................................................................................................................................... 8
Mapping for user account mapping attributes .................................................................................................................................. 9
Mapping for group attributes ............................................................................................................................................................ 9
Mapping for subgroup attributes .................................................................................................................................................... 10
Entitlement Data Collector .................................................................................................................................................................. 11
Configuration ................................................................................................................................................................................... 11
Select types of entitlement data to collect ...................................................................................................................................... 12
Mapping for resource attributes ...................................................................................................................................................... 12
Mapping for resource-action based entitlements ........................................................................................................................... 13
Mapping for application role attributes........................................................................................................................................... 15
Mapping for application role based entitlements ........................................................................................................................... 16
Role Data Collector .............................................................................................................................................................................. 18
Configuration ................................................................................................................................................................................... 18
Select the type of Role data to collect ............................................................................................................................................. 19
Configure how roles are collected ................................................................................................................................................... 19
Configure how role members are collected .................................................................................................................................... 20
Configure how application entitlements are collected .................................................................................................................... 20
Configure how application entitlements are collected .................................................................................................................... 21
Configure how groups are collected ................................................................................................................................................ 22
Configure how roles are collected ................................................................................................................................................... 22
Configure collection of role hierarchy ............................................................................................................................................. 22
SSL Configuration for Oracle Database: ........................................................................................................................................... 24
Troubleshooting: ............................................................................................................................................................................. 26
COPYRIGHTS ...................................................................................................................................................................................... 27
TRADEMARKS ..................................................................................................................................................................................... 27
RSA Identity Governance and Lifecycle 7.0.1
2
RSA Identity Governance and Lifecycle Collector Data Sheet for Oracle
Purpose
This data sheet provides the configuration information required to create a new Account data collector, Entitlement data
collector, Identity data collector and Role data collector for Oracle.
Supported Software
RSA Identity Governance and Lifecycle Version: 6.9.1 and above
Application: Oracle
Collector Type(s): Identity Collector, Account Collector, Entitlement Collector & Role Collector
Prerequisites
certain steps need to be executed before you create the Oracle Collector.
1. Install the Oracle database against which you want to configure a collector
2. Download/get the driver from the respective vendor

For oracle – download ojdbc6.jar
3. Make sure that the downloaded jar should be present at or copied to following respective locations according to
app server on the Aveksa Server or Remote Agent




For JBOSS :- <JBOSS_HOME>/standalone/deployments/aveksa.ear/APP-INF/lib
For Wildfly :- /tmp/repackaged/aveksa.ear/APP-INF/lib
For Websphere :- /opt/IBM/websphere/Apps/profiles/aveksaProfiles/installedApps/<hostnode>/aveksa.ear/APP-INF/lib
For Weblogic :- /home/oracle/ACM-Weblogic
4. Ensure that the drive which contains the .jar file has the driver class file in it as well.
.
5. Now restart ACM. (Make sure that you do not have any requests in the queue)
6. Define the collector to use the database driver. If the driver is not in the available entries of the Database Type;
then choose OTHER. Define the Driver Class and provide the URL of the given new driver
RSA Identity Governance and Lifecycle 7.0.1
3
RSA Identity Governance and Lifecycle Collector Data Sheet for Oracle
Configuration of Collectors
Identity Data Collector
Configuration
The configuration of the Identity data Collector is completed through a number of screens. This section helps you to fill in
the values for each screen.
Collector Description
The following table lists the parameters on the “Collector Description” screen, while creating the Collector.
Field Name
Value
Collector Name
Oracle Identity Collector
Description
N/A
Data Source Type
Database
Agent
AveksaAgent
Directory
N/A
Status
Active
Copy from
N/A
Scheduled
N/A
Configuration Information
The following table lists the parameters on the “Configuration Information” screen, while creating the Collector.
Field Name
Value
DB Type
Choose DB type as a database configured in prerequisites steps if it is present in the
RSA Identity Governance and Lifecycle 7.0.1
4
RSA Identity Governance and Lifecycle Collector Data Sheet for Oracle
already defined list else select “Custom”
Driver Class
You can get this information from the documentation of this driver i.e. jar file downloaded for
this collector. For e.g. oracle.jdbc.driver.OracleDriver
URL
Syntax is like jdbc:[subprotocol]: [subsubprotocol:][databasename][;attributes].
For any database you need to provide the schema or database name and the port assigned
to this one at the time of its creation. For e.g. jdbc:oracle:thin:@//<Hostname where
database is running>:<Database port>/<Database name>
User Name
Username to login to database (Make sure that this user has all privileges on these tables
for e.g. “sys as sysdba”)
Password
Password to login to database
Select types of account data to collect
Select ‘Users’ as identity data type as applicable
Mapping for user attributes
User Data
The following table lists the parameters on the “Map Collector Attributes to User Attributes” screen, while creating the
Collector.
Field Name
Value
Users Data Query
(Required). Query to return user attribute values. The column names resulting from the
query will be used in the fields. Example: select user_id, first_name, last_name, email,
supervisor from t_users
User ID
(Required). User ID column name resulting from <Users Data Query>.
Admin
Admin column name resulting from <Users Data Query>. And select respective value is
User ID, Name, Title etc. of User
Business Unit Id
Business Unit Id column name resulting from <Users Data Query>. And select Business Unit
Id value is Name or Backup Business Owner or Backup Technical Owner of Business Unit
RSA Identity Governance and Lifecycle 7.0.1
5
RSA Identity Governance and Lifecycle Collector Data Sheet for Oracle
from drop down
Backup Supervisor
Backup Supervisor column name resulting from <Users Data Query>. And select respective
value is User ID, Name, Title etc. of User
Business Unit Admin
Business Unit Admin column name resulting from <Users Data Query>. And select
respective value is User ID, Name, Title etc. of User
Department
Department column name resulting from <Users Data Query>.
Email Address
Email Address column name resulting from <Users Data Query>.
First Name
First Name column name resulting from <Users Data Query>.
Is Terminated
Is Terminated column name resulting from <Users Data Query>.
Job Code
Job code column name resulting from <Users Data Query>.
Job Status
Job Status column name resulting from <Users Data Query>.
Join Date
Join Date column name resulting from <Users Data Query>.
Last Name
Last Name column name resulting from <Users Data Query>.
Location
Location column name resulting from <Users Data Query>.
Supervisor
Supervisor column name resulting from <Users Data Query>.
Technical Advisor
Technical Advisor column name resulting from <Users Data Query>. And select respective
value is User ID, Name, Title etc. of User
Termination Date
Termination Date column name resulting from <Users Data Query>.
Title
Title column name resulting from <Users Data Query>.
Unique ID
Unique ID column name resulting from <Users Data Query>.
RSA Identity Governance and Lifecycle 7.0.1
6
RSA Identity Governance and Lifecycle Collector Data Sheet for Oracle
Account Data Collector
Configuration
The configuration of the Account data Collector is completed through a number of screens. This section helps you to fill in
the values for each screen
Collector Description
The following table lists the parameters on the “Collector Description” screen, while creating the Collector.
Field Name
Value
Collector Name
(Required).<Name for Oracle Account Collector>
Description
N/A
Business Source
<Select Directory or Application>
Data Source Type
Database
Agent
AveksaAgent
Status
Active
Copy from
N/A
Scheduled
N/A
Configuration Information
The following table lists the parameters on the “Configuration Information” screen, while creating the Collector.
Field Name
Value
DB Type
Choose DB type as a database configured in prerequisites steps if it is present in the
already defined list else select “Custom”
RSA Identity Governance and Lifecycle 7.0.1
7
RSA Identity Governance and Lifecycle Collector Data Sheet for Oracle
Driver Class
You can get this information from the documentation of this driver i.e. jar file downloaded for
this collector. For e.g. oracle.jdbc.driver.OracleDriver
URL
Syntax is like jdbc:[subprotocol]: [subsubprotocol:][databasename][;attributes].
For any database you need to provide the schema or database name and the port assigned
to this one at the time of its creation. For e.g. jdbc:oracle:thin:@//<Hostname where
database is running>:<Database port>/<Database name>
User Name
Username to login to database (Make sure that this user has all privileges on these tables
for e.g. “sys as sysdba”)
Password
Password to login to database
Select types of account data to collect
You can select multiple account data types such as Accounts, User Account Mappings, Groups and Sub Groups as
applicable.
Mapping for account attributes
Account Data
The following table lists the parameters on the “Mapping for Account Attributes” screen, while creating the Collector.
Field Name
Value
Accounts Data Query
(Required). Query to return account data. The column names resulting from the query will be
used in the fields. Example: select account,last_login_date from t_accounts
Account ID/Name
(Required). Account ID or Name column name resulting from <Accounts Data Query>.
Last Login Date
Last Login Date column name resulting from <Accounts Data Query>.
Expiration Date
Expiration Date column name resulting from <Accounts Data Query>.
RSA Identity Governance and Lifecycle 7.0.1
8
RSA Identity Governance and Lifecycle Collector Data Sheet for Oracle
Mapping for user account mapping attributes
User Account Mappings Data
The following table lists the parameters on the “Mapping for User Account mapping Attributes” screen, while creating the
Collector
Field Name
Value
User Account
Mappings Data Query
(Required). Query to return user account mapping data. The column names resulting from
the query will be used in the fields. Example: select account,user from
t_user_account_mappings
User ID
(Required). User ID column name resulting from User <Account Mappings Data Query>.
Account ID/Name
Account ID or Name column name resulting from User <Account Mappings Data Query>.
Mapping for group attributes
Group Data
The following table lists the parameters on the “Mapping for group attributes” screen, while creating the Collector.
Field Name
Value
Groups Data Query
(Required). Query to return group attribute values. The column names resulting from the
query will be used in the fields. Example: select group_id, description from t_groups
Group ID/ Name
(Required). Group ID or Name column name resulting from <Groups Data Query>.
Group admin
Group admin column name resulting from <Groups Data Query>.
Owner
(Required). Owner column name resulting from <Groups Data Query>.
Account Membership Data
The following table lists the parameters on the “Account Membership data” screen, while creating the Collector.
RSA Identity Governance and Lifecycle 7.0.1
9
RSA Identity Governance and Lifecycle Collector Data Sheet for Oracle
Field Name
Value
Account Membership
Query
(Required). Query to return account members of groups. The column names resulting from
the query will be used in the fields. Example: select account_id, group_id from
t_group_memberships where type = 'account'.
Account ID/Name
(Required). Account ID or Name column name resulting from <Account Membership
Query>.
Group ID/ Name
(Required). Group ID or Name column name resulting from <Account Membership Query>.
Mapping for subgroup attributes
Subgroup Data
The following table lists the parameters on the “Mapping for subgroup attributes” screen, while creating the Collector.
Field Name
Value
Subgroup Membership
Query
(Required). Query to return sub-group members of groups. The column names resulting
from the query will be used in the fields. Example: select sub_grp_id, group_id from
t_group_memberships where type = 'group'
Subgroup ID/Name
(Required). Subgroup ID or Name column name resulting from <Subgroup Membership
Query>.
Group ID/ Name
(Required). Group ID or Name column name resulting from <Subgroup Membership Query>.
RSA Identity Governance and Lifecycle 7.0.1
10
RSA Identity Governance and Lifecycle Collector Data Sheet for Oracle
Entitlement Data Collector
Configuration
The configuration of the Entitlement data Collector is completed through a number of screens. This section helps you to fill
in the values for each screen.
Collector Description
The following table lists the parameters on the “Collector Description” screen, while creating the Collector.
Field Name
Value
Collector Name
(Required).<Name for Oracle Entitlement Collector>
Description
N/A
Data Source Type
Database
Agent
AveksaAgent
Status
Active
Copy from
N/A
Scheduled
N/A
Configuration Information
The following table lists the parameters on the “Configuration Information” screen, while creating the Collector.
Field Name
Value
DB Type
Choose DB type as a database configured in prerequisites steps if it is present in the
already defined list else select “Custom”
Driver Class
You can get this information from the documentation of this driver i.e. jar file
downloaded for this collector. For e.g. oracle.jdbc.driver.OracleDriver
URL
Syntax is like jdbc:[subprotocol]: [subsubprotocol:][databasename][;attributes].
RSA Identity Governance and Lifecycle 7.0.1
11
RSA Identity Governance and Lifecycle Collector Data Sheet for Oracle
For any database you need to provide the schema or database name and the port
assigned to this one at the time of its creation. For e.g. jdbc:oracle:thin:@//<Hostname
where database is running>:<Database port>/<Database name>
User Name
Username to login to database (Make sure that this user has all privileges on these
tables for e.g. “sys as sysdba”)
Password
Password of login to database
Select types of entitlement data to collect
Collect resource-action entitlements for Available entitlements - data type for this option are Groups, Accounts
and Users. You can select multiple entitlements data type for this option as applicable.
Collect application role entitlements for Available entitlements - data type for this option are Groups, Accounts and
Users. You can select multiple entitlements data type for this option as applicable.
Define General Column Names
The following table lists the parameters on the “Define General Column Name” screen, while creating the Collector.
Field Name
Value
User Reference ID/Name
Common User Reference ID or Name, column name returned by several queries
Resource Fully Qualified
Name
Common Resource Fully Qualified Name
Action ID/Name
Common Action ID or Name, column name returned by several queries
Application Role ID/Name
Common Application Role ID or Name column name, returned by several queries
Mapping for resource attributes
Resource Data
The following table lists the parameters on the “Mapping for the resource attributes” screen, while creating the Collector.
Field Name
Value
RSA Identity Governance and Lifecycle 7.0.1
12
RSA Identity Governance and Lifecycle Collector Data Sheet for Oracle
Resources Data Query
Query to return resource attribute values for resource-action entitlements. The column
names resulting from the query will be used in the fields below. Example: select resource
as FQN, Owner, Location from t_resources
Resource ID/Name
Resource ID or Name column name resulting from <Resources Data Query>.
Resource Fully Qualified
Name
Resource Fully Qualified Name defined in Generic Column Names
Mapping for resource-action based entitlements
Resource Entitlement Data
The following table lists the parameters on the “Mapping for resource-action based entitlements” screen, while creating
the Collector.
Field Name
Value
Resource Entitlements
Query
Query to return entitlement attribute values for resource-action entitlements. Example:
select distinct resource as FQN, action from t_resource_ents
Resource Fully Qualified
Name
Resource Fully Qualified Name defined in Generic Column Names.
Action ID/Name
Action ID/Name defined in Generic Column Names.
User Data
The following table lists the parameters on the “Mapping for User data” screen, while creating the Collector.
Field Name
Value
Ents. for Users Query
Query to return resource-action entitlements granted to users. Example: select resource
as FQN, action, user_id from t_resource_ents where type = 'user'
Entitled User
User Reference ID/Name defined in Generic Column Names
RSA Identity Governance and Lifecycle 7.0.1
13
RSA Identity Governance and Lifecycle Collector Data Sheet for Oracle
Resource Fully Qualified
Name
Resource Fully Qualified Name defined in Generic Column Names.
Action ID/Name
Action ID/Name defined in Generic Column Names.
Group Data
The following table lists the parameters on the “Mapping for Group data” screen, while creating the Collector.
Field Name
Value
Ents. For Groups Query
Query to return resource-action entitlements granted to groups. Example: select resource
as FQN, action, user_id from t_resource_ents where type = 'group'
Entitled Group
User Reference ID/Name defined in Generic Column Names
Resource Fully Qualified
Name
Resource Fully Qualified Name defined in Generic Column Names.
Action ID/Name
Action ID/Name defined in Generic Column Names.
Account Data
The following table lists the parameters on the “Mapping for Account data” screen, while creating the Collector.
Field Name
Value
Ents. For Accounts Query
Query to return resource-action entitlements granted to user accounts. Example: select
resource as FQN, action, user_id from t_resource_ents where type = 'account'
Entitled Account
User Reference ID/Name defined in Generic Column Names
Resource Fully Qualified
Name
Resource Fully Qualified Name defined in Generic Column Names.
Action ID/Name
Action ID/Name defined in Generic Column Names.
RSA Identity Governance and Lifecycle 7.0.1
14
RSA Identity Governance and Lifecycle Collector Data Sheet for Oracle
Mapping for application role attributes
Application Role Data
The following table lists the parameters on the “Mapping for Application role attributes” screen, while creating the
Collector.
Field Name
Value
Application Roles Query
Query to return application role attribute values for application-role entitlements.
Example: select distinct approle from t_approle_defs
Application Role ID/Name
Application Role ID/Name defined in Generic Column Names
Resource-Action Entitlements Data
The following table lists the parameters on the “Mapping for Resource-action Entitlements data” screen, while creating the
Collector.
Field Name
Value
Resource-Action
Entitlements of App Roles
Query
Query to return resource-action entitlement sub-components of application role
entitlements that were collected above. Example: select approle_parent as approle,
resource as FQN, action from t_approle_members where type = 'resource'
Application Role ID/Name
Application Role ID/Name defined in Generic Column Names
Resource Fully Qualified
Name
Resource Fully Qualified Name defined in Generic Column Names.
Action ID/Name
Action ID/Name defined in Generic Column Names.
RSA Identity Governance and Lifecycle 7.0.1
15
RSA Identity Governance and Lifecycle Collector Data Sheet for Oracle
Child Application Roles Data
The following table lists the parameters on the “Child Application Roles Data” screen, while creating the Collector.
Field Name
Value
Child App Roles of App
Roles Query Query
Query to return application role entitlement children of application role entitlements that
were collected above. Example: select approle_parent as approle, approle_child from
t_approle_members where type = 'app-role'
Child Application Role
ID/Name
Child Application Role ID or Name column name resulting from Child App Roles of App
Roles Query Query
Application Role ID/Name
Application Role ID/Name defined in Generic Column Names
Mapping for application role based entitlements
Group Data
The following table lists the parameters on the “Mapping for application role based entitlements for Group data” screen,
while creating the Collector.
Field Name
Value
App Roles for Groups
Query
Query to return application role entitlements granted to groups. Example: select approle,
user_id from t_approle_ents where type = 'group'
Entitled Group
User Reference ID/Name defined in Generic Column Names
Application Role ID/Name
Application Role ID/Name defined in Generic Column Names
Account Data
The following table lists the parameters on the “Mapping for application role based entitlements for Account data” screen,
while creating the Collector.
Field Name
Value
App Roles for Accounts
Query
Query to return application role entitlements granted to user accounts. Example: select
approle, user_id from t_approle_ents where type = 'account'
RSA Identity Governance and Lifecycle 7.0.1
16
RSA Identity Governance and Lifecycle Collector Data Sheet for Oracle
Entitled Account
User Reference ID/Name defined in Generic Column Names
Application Role ID/Name
Application Role ID/Name defined in Generic Column Names
User Data
The following table lists the parameters on the “Mapping for application role based entitlements for User data” screen,
while creating the Collector.
Field Name
Value
App Roles for Users
Query
Query to return application role entitlements granted to users. Example: select approle,
user_id from t_approle_ents where type = 'user'
Entitled User
User Reference ID/Name defined in Generic Column Names
Application Role ID/Name
Application Role ID/Name defined in Generic Column Names
RSA Identity Governance and Lifecycle 7.0.1
17
RSA Identity Governance and Lifecycle Collector Data Sheet for Oracle
Role Data Collector
Configuration
The configuration of the Role data Collector is completed through a number of screens. This section helps you to fill in the
values for each screen.
Collector Description
The following table lists the parameters on the “Collector Description” screen, while creating the Collector.
Field Name
Value
Collector Name
(Required).<Name for Oracle Role Collector>
Description
N/A
Role Set
(Required). <Select Role Set from dropdown>
Data Source Type
Database
Agent
AveksaAgent
Status
Active
Copy from
N/A
Has Data
N/A
Scheduled
N/A
Configuration Information
The following table lists the parameters on the “Configuration Information” screen, while creating the Collector.
Field Name
Value
DB Type
Choose DB type as a database configured in prerequisites steps if it is present in the
already defined list else select “Custom”
Driver Class
You can get this information from the documentation of this driver i.e. jar file
RSA Identity Governance and Lifecycle 7.0.1
18
RSA Identity Governance and Lifecycle Collector Data Sheet for Oracle
downloaded for this collector. For e.g. oracle.jdbc.driver.OracleDriver
URL
Syntax is like jdbc:[subprotocol]: [subsubprotocol:][databasename][;attributes].
For any database you need to provide the schema or database name and the port
assigned to this one at the time of its creation. For e.g. jdbc:oracle:thin:@//<Hostname
where database is running>:<Database port>/<Database name>
User Name
Username to login to database (Make sure that this user has all privileges on these
tables for e.g. “sys as sysdba”)
Password
Password to login to database
Select the type of Role data to collect
Roles
You can select the Roles as role data to collect as applicable
Role Memberships
You can select the Users as role data to collect as applicable
Role Entitlements
You can select the Application Entitlements, Application Roles, Group Entitlements, Roles role data to collect as
applicable
Hierarchy
You can use Parent Roles as role data to collect as applicable
Configure how roles are collected
Roles
The following table lists the parameters on the “Configure how roles are collected” screen, while creating the Collector.
Field Name
Value
Roles Query
(Required) Query to return role data. The Columns resulting from the query will be used in
the fields below Example : select role_name, role_owner, role_backup_owner from t_roles
RSA Identity Governance and Lifecycle 7.0.1
19
RSA Identity Governance and Lifecycle Collector Data Sheet for Oracle
Role Name
(Required). Role Name column name resulting from <Roles Query>.
Role Owner
Role Owner column name resulting from <Roles Query>.
Backup Role Owner
Backup Role Owner name resulting from <Roles Query>.
Configure how role members are collected
Role Members
The following table lists the parameters on the “Configure how role members are collected” screen, while creating the
Collector.
Field Name
Value
User Membership
Query
(Required) Query to return user membership data. The Columns resulting from the query will
be used in the fields below Example : select role_name, user_id from
user_role_membership
Role Name
Role Name column name resulting from <User Membership Query>.
User ID
(Required) User ID column name resulting from <User Membership Query>.
Configure how application entitlements are collected
Role Entitlements: Application Entitlements
The following table lists the parameters on the “Configure how application entitlements are collected” screen, while
creating the Collector.
Field Name
Value
Application
Entitlements Query
(Required) Query to return role to application entitlement mapping data. The column names
resulting from the query will be used in the fields below. Example: select role_name,
ent_name, action_name from t_role_entitlements
RSA Identity Governance and Lifecycle 7.0.1
20
RSA Identity Governance and Lifecycle Collector Data Sheet for Oracle
Role Name
Role Name column name resulting from <Application Entitlements Query>.
Application
(Required) Application column name resulting from <Application Entitlements Query>.
Resource Name
(Required) Resource Name column name resulting from <Application Entitlements Query>.
Action Name
(Required) Action Name column name resulting from <Application Entitlements Query>.
Configure how application entitlements are collected
Role Entitlements: Application Roles
The following table lists the parameters on the “Configure how application entitlements are collected” screen, while
creating the Collector.
Field Name
Value
Application Roles
Query
(Required) Query to return role to application role mapping data. The column names
resulting from the query will be used in the fields below. Example: select role_name,
approle_name from t_role_entitlements
Role Name
Role Name column name resulting from <Application Roles Query>.
Application
Application column name resulting from <Application Roles Query>.
Application Role Name
(Required) Application Role Name column name resulting from <Application Roles Query>.
RSA Identity Governance and Lifecycle 7.0.1
21
RSA Identity Governance and Lifecycle Collector Data Sheet for Oracle
Configure how groups are collected
Role Entitlements: Groups
The following table lists the parameters on the “Configure how groups are collected” screen, while creating the Collector.
Field Name
Value
Groups Query
(Required) Query to return role to group entitlement mapping data. The column names
resulting from the query will be used in the fields below. Example: select role_name,
group_name from t_role_entitlements
Role Name
Role Name column name resulting from <Groups Query>.
Application
Application column name resulting from <Groups Query>.
Entitled Group
(Required) Entitled Group column name resulting from <Groups Query>.
Configure how roles are collected
Role Entitlements: Roles
The following table lists the parameters on the “Configure how roles are collected” screen, while creating the Collector.
Field Name
Value
Roles Query
(Required) Query to return role to role entitlement mapping data. The column names
resulting from the query will be used in the fields below. Example: select role_name,
subrole_name from t_role_entitlements
Role Name
Role Name column name resulting from <Roles Query>.
Role Name of
Entitlement
(Required) Role Name of Entitlement column name resulting from <Roles Query>.
Configure collection of role hierarchy
Role Hierarchy
The following table lists the parameters on the “Configure collection of role hierarchy” screen, while creating the Collector.
RSA Identity Governance and Lifecycle 7.0.1
22
RSA Identity Governance and Lifecycle Collector Data Sheet for Oracle
Field Name
Value
Parent Roles Query
(Required) Query to return role to parent role definition mapping data. The column names
resulting from the query will be used in the fields below. Example: select role_name,
parentrole_name from t_role_entitlements
Role Name
Role Name column name resulting from <Parent Roles Query>.
Parent Role
Parent Role column name resulting from <Parent Roles Query>.
RSA Identity Governance and Lifecycle 7.0.1
23
RSA Identity Governance and Lifecycle Collector Data Sheet for Oracle
SSL Configuration for Oracle Database:
For the collector, import the SSL certificates in default trust store of RSA Identity Governance and Lifecycle server.
Follow the steps mentioned below for adding certificates to the trust stores of WebSphere, WebLogic and Wild Fly
application servers.
a. WebSphere Application Server:
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
Log in to WebSphere Administrative console (http://<HOST_NAME>:9060/ibm/console/login.do)
In left panel, expand Security menu.
Click on SSL certificate and then click the key management link.
Under Configuration Settings, click the Manage endpoint security configurations link.
Select outbound properties for the appropriate node.
Click on appropriate node link to get the properties.
Under Related Items, click Key stores and certificates and then click the ‘NodeDefaultTrustStore’ key
store.
Under Additional Properties, click Signer certificates and then click Retrieve from Port.
In the Host field, enter <host_name>, enter 443 in the Port field, and oracle_cert in the Alias field
Click Retrieve Signer Information.
Verify that the certificate information is for a certificate that you can trust.
Click Apply and then click Save.
Now, create oracle collectors using mentioned steps (refer section ‘Configuration of collectors’) for
creating the collectors. Even after following all 12 steps mentioned above, if collectors don’t work as
expected and show SSL certificate issue, the authority certificate must be added in the keystore.
Now, again go to Key stores and certificates and click the Aveksa Keystore.
Under Additional Properties, click Signer certificates and then click Retrieve from Port.
In the Host field, enter authority url, 443 in the Port field, and authority_cert in the Alias field.
Click Retrieve Signer Information.
Verify that the certificate information is for the certificate that you can trust.
Click Apply and then click Save.
Login into WebSphere machine using SSH (e.g. putty).
On command prompt, run : /home/oracle/AFX/afx stop
On command prompt, run : /opt/IBM/WebSphere/AppServer/bin/stopServer.sh server1
On command prompt, run : /opt/IBM/WebSphere/AppServer/bin/startServer.sh server1
On command prompt, run : /home/oracle/AFX/afx start
b. WebLogic Application Server:
1. Download/retrieve the Oracle Certificate SSL certificate in PEM format e.g.oracle.pem and save them at
location /home/oracle.
2. Log in to WebLogic Administrative console.
(http://<HOST_NAME>.aveksa.local:7001/console/login/LoginForm.jsp)
3. Under Domain Configurations, in the Environement section, click Servers link.
4. Click aveksaServer link.
5. Click the SSL tab
6. Click Advanced link
7. Select HostName as Verification = None.
8. Save the settings.
RSA Identity Governance and Lifecycle 7.0.1
24
RSA Identity Governance and Lifecycle Collector Data Sheet for Oracle
9. Login into WebLogic machine using SSH (e.g. putty).
10. cd /home/oracle/
11. Add oracle.pem certificate in server.keystore by using keytool :
Run : keytool -import -file oracle.pem -alias oracle-keystore server.keystore
Run: keytool -import -file <authority_certificate> -alias <alias> -keystore server.keystore
12. It will ask for keystore password. Default keystore password is Av3k5a15num83r0n3
13. Restart SSL on WebLogic Server as described below:
a. Go to Servers > Controls tab.
b. Select/check aveksaServer(admin) and then click Restart SSL
14. Restart the server.
a. /home/oracle/AFX/afx stop
b. Run: /home/oracle/wls/12.1.3.0/user_projects/domains/aveksaDomain/bin/stopWebLogic.sh
c. Run:/home/oracle/wls/12.1.3.0/user_projects/domains/aveksaDomain/bin/startWebLogic.sh
d. /home/oracle/AFX/afx start
c.
WildFly Application Server:
1. Download/retrieve the Oracle SSL certificate in PEM format e.g. erpm.pem and save at some location.
2. cd <$JAVA_HOME>/jre/lib/security.
3. Add certificates in cacerts by using keytool:
keytool -import -file oracle.pem -alias oracle -keystore cacerts
4. Password for keystore (unless you have made any changes) : changeit
5. Restart the server:
a. Run : afx stop
b. Run : acm stop
c. Run : acm start
d. Run : afx start
RSA Identity Governance and Lifecycle 7.0.1
25
RSA Identity Governance and Lifecycle Collector Data Sheet for Oracle
Troubleshooting:
Problem: Account Data Collector Test Connection is failing with the following error if RSA Identity G&L running on WAS
Application Server.
Error: The SSL protocol specified is not supported. Caused by java.lang.IllegalArgumentException: SSLv2Hello
Root Cause: SSLv2 is not supported anymore in RSA Identity G&L. WAS starts SSL handshake with SSLv2 which is not
supported in RSA, hence communication between RSA Identity G&L and Oracle DB Server fails.
Resolution:
1. Login to WAS Application Server
2. Go to Servers > Server Types > WebSphere application servers > Server1.
3. In Server Infrastructure, Expand Java and Process Management > Process Defination > Java Virtual Machine.
4. Provide the following argument in Generic JVM argument:
-Doracle.net.ssl_version=1.0
5. Click on OK button and save to master configuration.
6. Restart WAS Server using following commnad.
/opt/IBM/WebSphere/AppServer/bin/stopServer.sh server1
/opt/IBM/WebSphere/AppServer/bin/startServer.sh server1
RSA Identity Governance and Lifecycle 7.0.1
26
RSA Identity Governance and Lifecycle Collector Data Sheet for Oracle
COPYRIGHTS
Copyright © 2015 EMC Corporation. All Rights Reserved. Published in the USA.
TRADEMARKS
RSA, the RSA Logo, and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other
countries. All other trademarks used herein are the property of their respective owners. For a list of EMC trademarks, go to
www.rsa.com/legal/trademarks_list.pdf.
RSA Identity Governance and Lifecycle 7.0.1
27
Related documents
Introduction to MS Access - San Francisco State University
Introduction to MS Access - San Francisco State University
Introduction to MS Access - San Francisco State University
Introduction to MS Access - San Francisco State University
The Gaian Database: a Dynamic Distributed Federated Database
The Gaian Database: a Dynamic Distributed Federated Database
Chapter 1 - High Point University
Chapter 1 - High Point University
Database Modeling and Implementation
Database Modeling and Implementation
CSE 510 Database Management System Implementation
CSE 510 Database Management System Implementation
Link - Faculty
Link - Faculty
4a-SQL-Select
4a-SQL-Select
Database Intro Test
Database Intro Test
Exam Review - Oracle Academy
Exam Review - Oracle Academy
6.897 Advanced Data Structures (Spring`05) Prof. Erik Demaine
6.897 Advanced Data Structures (Spring`05) Prof. Erik Demaine
basing a forms data block on a join
basing a forms data block on a join