Symantec IGA

  • Private Community

  • 1.  CA Directory EndPoint in Connector Xpress

    Posted Mar 18, 2019 01:41 PM

    Hello community

     

    I need to create in connector Xpress a new type of EndPoint that allows me to connect to a CA Directory, there is some guide, document or precedence about it that can share with me



  • 2.  Re: CA Directory EndPoint in Connector Xpress
    Best Answer

    Posted Mar 19, 2019 11:13 AM

    CA Directory is essentially a standard LDAP endpoint. You would create a new JNDI Endpoint using Connector Xpress to define the required attribute mappings for the User and related Group definitions. You can locate the latest documents on using CX here. Drill down into the topics on Creating Connectors for more details.



  • 3.  Re: CA Directory EndPoint in Connector Xpress

    Posted Mar 22, 2019 05:17 PM

    Hi Enrique

     

    Thanks by you answer, i have created the EndPoint sucessfully and sincronice(Acquire EndPoint) with the EndPoint, but this is not visible in the Identity Manager option EndPoint/Create New EndPoint. 

     

    I Require additional steps?

     

     

    Julian



  • 4.  Re: CA Directory EndPoint in Connector Xpress

    Posted Mar 22, 2019 06:26 PM

    Julian,

     

    You will need to follow the steps in the How You Generate User Console Account Screens topic to create the DYN Connector .jar file so you can import the RoleDef.xml file using the IM Management Console. You will then see the Endpoint Type based on the Connector Name you added to the Provisioning Server using Connector Xpress. If you are using the Virtual Appliance, you should read the Import Custom Connector Role Definition topic to place the generated .jar file in the custom folder for IM.



  • 5.  Re: CA Directory EndPoint in Connector Xpress

    Posted Mar 22, 2019 06:47 PM

    Hi Enrique

     

    Thank you so much by your answer

     

    According to the documentation sent by you i have run the following comand

     

     

    ./RoleDefGenerator.sh -h localhost -u etaadmin -l

     

    but this generate the followin error

     

    om.ca.iam.model.IAMCommunicationException: javax.naming.CommunicationException: simple bind failed: localhost:20390 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching localhost found]
    at com.ca.iam.model.impl.IAMServerImpl.namingExceptionToIAMException(IAMServerImpl.java:340)
    at com.ca.iam.model.impl.IAMServerImpl.translateNamingException(IAMServerImpl.java:375)
    at com.ca.iam.model.impl.ETAServer.init(ETAServer.java:92)
    at com.ca.iam.model.IAMServer.newInstance(IAMServer.java:545)
    at com.ca.iam.roledefgen.RoleDefGenerator.main(RoleDefGenerator.java:368)
    Caused by: javax.naming.CommunicationException: simple bind failed: localhost:20390 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching localhost found]

     

     

    I try with several options of this command but the result is equal.

     

    This vapp was deployed at AWS and the hostname is in ip-10-10-14-78 format. I have replaced the value of localhost with the one assigned by aws, but the error continues



  • 6.  Re: CA Directory EndPoint in Connector Xpress

    Posted Mar 25, 2019 03:51 PM

    If I understand the AWS naming convention correctly (AWS ECS Set Host Name) the resolution would be to add a custom record into the vApp /etc/hosts file in the format ... 127.0.0.1 ip-10-10-14-78 ... so your AWS-hosted vApp would require adding a custom host record following the steps shown in the linked topic. I assume you ran the RoleDefGenerator script from the vApp connected as the config user. If that is true, localhost should resolve to 127.0.0.1 based on the deployed /etc/hosts.

     

    You may need to open a ticket on the CA Support site to get further to resolve the AWS issue.