RSA 8.4
The RSA connector allows data synchronization between RAC/M Identity and RSA Authentication Manager.
The connector has been tested with version 8.4. According to the RSA documentation, the connector should work with versions 8.6 and 8.7 SP2, but this has not been tested.
Jar
This configuration is based on the ICF connector rsa-8.4-1.0.0.0.jar.
Configuration
| Configuration | Description | Example |
|---|---|---|
| securityDomain | Defines the security domain used for user authentication and authorization. | SystemDomain |
| userMgrPrincipal | The service account used to manage users within the specified security domain. This account has the necessary permissions to perform user management operations. | svc_rsa_admin |
| userMgrPwd | The service account password. This password is used to authenticate to RSA during operations. | ******** |
| namingProviderUrl | The URL of the naming provider used to establish a connection to the LDAP server or another naming service. This includes the protocol (e.g., t3s), the IP address or domain name, and the port. | t3s://xxx.xxx.xx.xxx:7002 |
| cmdClientUser | The username of the (JNDI) client for administrative commands. This account is used to execute commands via the RSA connector. | svc_rsa_cmd |
| cmdClientPwd | The password associated with the command client. This password is used to authenticate the client when executing administrative commands. | ******** |
| cmdClientProviderURL | The URL of the provider for administrative commands. This includes the protocol, the IP address or domain name, and the port used for administrative communications. | t3s://xxx.xxx.xx.xxx:7022 |
| imsSslClientIdentityKeystoreFileName | The path RAC\M ICF to the keystore file containing the client's RSA SSL identity (https RSA Certificate). This file stores the certificates required to establish a secure SSL connection. | D:/RACM Identity/ICF/security/keystore.jks |
| imsSslClienIdentityKeyAlias | The alias of the RSA SSL identity key in the keystore. This alias specifically identifies the private key used by the SSL client for authentication. | client_key_alias |
| imsSslClientRootCaAlias | The alias of the root CA used to validate the server's RSA SSL certificate. This ensures that the SSL connection is established with a trusted server. | rsa_am_ca |
| rsaSslClientIdKeyPwd | The password for the RSA SSL identity key. This password protects the private key used for SSL authentication. | ******** |
| rsaSslClientIdStorePwd | The password for the keystore containing the RSA SSL identity. This password protects the entire keystore where the SSL certificates are stored. | ******** |
| IdentitySourceName | The name of the identity source used to synchronize user data. It's RSA internal user. | Internal Database |
Note
The parameters imsHttpinvokerClientProviderUrl and imsSslClientProviderUrl are not used by RAC/M Identity, even though they are present in the connector configuration.
Certificate
Addition
Add the root and RSA certificate to the ICF truststore with the correct alias. Suggested aliases are "rsa-ca" and "rsa" respectively, but any alias can be used.
Alias
The connector provides access to a variable alias. This is used to load the certificates into the ICF connector.
imsSslClientIdentityKeyAlias = client_key_aliasimsSslClientRootCaAlias = rsa_am_ca
Restart
When making changes to the truststore or the connector configuration, restarting the RACM service is mandatory.
Test
You can test the RSA ICF connector by using the TEST button. A rsa-config.properties file will be generated at the root of RACM installation folder after the connection test. It could be used to debug the connection if necessary.
Example
Here is an example of configuring an RSA ICF connector
Configuration 
Import
Account Mapping
Group Mapping
Member Mapping
Materialization
The materialization of the RSA ICF connector
Modify / Create
No example
Activate
No example
Terminate
No example
Deactivate
No example
Provisioning
Provisioning of the RSA ICF connector
Account Provisioning
No example
Group Provisioning
No example