Symantec Privileged Access Management

Here are two sample custom connectors that can be used to manage password synchronization with Oracle Enterprise Manager from CA Privileged Access Manager.

The Oracle Enterprise Manager custom connector is used to manage administrator credentials while the Oracle EM Named Credential custom connector is used to manage named credentials.

In simple terms, administrator credentials are used for logging in to the Oracle Enterprise Manager console while named credentials are primarily used for performing operations such as running jobs, patching and other system management tasks on target systems managed by Oracle Enterprise Manager.

Note: The Oracle EM Named Credential connector does not support password verification.  However, this has no impact on the password synchronization.

Disclaimer
This software is provided without warranty of any kind, including without limitation, any implied warranties of merchantability or fitness for a particular purpose. In no event will CA be liable to the end user or any third party for any loss or damage, direct or indirect, from the use of this software, including without limitation, lost profits, business interruption, goodwill, or lost data, even if CA is expressly advised of such loss or damage.

Prerequisites
The following conditions must be satisfied in order to use the custom connector:

• Privileged Access Manager version 3.3 or later.
• Install the Custom Connector Server. For installation instructions, see the CA Privileged Access Manager documentation.

Deploy the Target Connector
Follow these steps:

1. On the Tomcat Custom Connector Server, download, extract and copy the oem.war and oemnc.war files to the webapps_targetconnectors directory.

Deploy the Oracle Enterprise Manager Command Line Interface
Follow these steps:

1. Download the EM CLI client kit from Oracle Enteprise Manager console.
   https://<your_em_host:port>/em/public_lib_download/emcli/kit/emcliadvancedkit.jar
   
   
2. Install the EM CLI advanced kit into any directory.
   java -jar emcliadvancedkit.jar -install_dir=<em_cli_home_dir>
   
   
3. Navigate to the <em_cli_home_dir> directory where EM CLI is installed, then execute the following command to configure the EM CLI client.
   emcli sync -url="https://<your_em_host:port>/em" -username=<em_console_username> -trustall -novalidate
   
   
4. Set the EMCLI_HOME environment variable to the <em_cli_home_dir> directory. Note: this configuration is required for the custom connectors.

Configure the Custom Connector Configuration
Follow these steps:

1. Log in the CA Privileged Access Manager UI.
2. In the UI, select Credentials, CA Modules, Custom Connectors.
3. From the Custom Connector Details page, specify a higher value for the Update Timeout.
   
     
4. Select SAVE.

Specify a Remote Target Server
Follow these steps:

1. In the UI, select Devices, Manage Devices.
2. From the Devices page, select ADD.
3. In the Add Device dialog, complete the required fields in the Basic Info tab. This device is the Oracle Management Service (OMS) server.
4. For the Device Type, select the Password Management checkbox. Keep the Access checkbox selected.
5. Go to the Access Methods tab and specify an access protocol, such as SSH. The appliance uses the access method to contact the remote target server.
6. Select SAVE AND ADD TARGET APPLICATIONS to complete the configuration.
   
   
     

Add the Oracle Enterprise Manager Application
Follow these steps:

1. Select or enter values for the Application Name field.
2. In the Application Type field, select Oracle Enterprise Manager.
3. A new tab labelled Oracle Enterprise Manager is displayed.
   
   
   
   
4. On the Oracle Enterprise Manager tab, specify values for the following fields:
   - Server Port: Specify the port that the Oracle Enterprise Manager server listens on. Default: 7803.
   - Trust all certificates (EMCLI_TRUSTALL): Specify whether to accept and trust the server certificate.
   
    
5. Select OK.

 
Add the Oracle EM Named Credential Application
Follow these steps:

1. From the Target Applications page, select ADD.
   
    
2. Select or enter values for the Application Name field.
3. In the Application Type field, select Oracle EM Named Credential.
4. A new tab labelled Named Credential is displayed.
   
   
   
   
5. On the Named Credential tab, specify values for the following fields:
   - Server Port: Specify the port that the Oracle Enterprise Manager server listens on. Default: 7803.
   - Trust all certificates (EMCLI_TRUSTALL): Specify whether to accept and trust the server certificate.
   
    
6. Select OK.

Add the Administrator Account
Follow these steps:

1. Select Credentials, Manage Targets, Accounts.
2. Select ADD.
3. Complete the required fields:
   - Application Name: Select the Oracle Enterprise Manager application name that you configured in the previous procedure.
   - Account Name: Enter the user name of the credential owner or administrator who has been granted with the privilege to modify the named credential.
   - Password: The password of the user account at the remote target server.
4. On the Password tab, select Update both the Password Authority Server and the target system.
5. On the Oracle Enterprise Manager tab, specify values for the following fields:
   - Master Account: Specify whether to use the existing target account or an alternative account to change the password.
6. Select OK to save the account.

Add the Named Credential Account
Follow these steps:

1. From the Target Accounts page, select ADD.
2. Complete the required fields:
   - Application Name: Select the Oracle EM Named Credential application name that you configured in the previous procedure.
   - Account Name: Enter the user name of the named credential.
   - Password: The password of the user account at the remote target server.
   
    
3. Note: Do not select Update both the Password Authority Server and the target system in the Password tab.
4. On the Named Credential tab, specify values for the following fields:
   - Credential Owner: Select or specify the user created in the previous step.
   - Credential Name Specify the name of the named credential for Oracle Enterprise Manager.
   
   
    
5. Select OK to save the account.

Modify the Named Credential Account
Follow these steps:

1. From the Target Accounts page, double click the named credential created in the previous step.
2. On the Password tab, select Update both the Password Authority Server and the target system.
3. Select OK to save the account.
   
   
    
4. From the Oracle Enterprise Manager console, you can verify that the named credential has been updated.
   
   

#targetconnector​​

Thank you for sharing this tip with the community!

------------------------------
Chris Hackett
Community Manager, Broadcom Enterprise Software Division
Broadcom Inc.
------------------------------

Original Message:
Sent: 10-10-2019 07:17 AM
From: Soon Leong Yap
Subject: Custom Connector for Oracle Enterprise Manager and Named Credential

Here are two sample custom connectors that can be used to manage password synchronization with Oracle Enterprise Manager from CA Privileged Access Manager.

The Oracle Enterprise Manager custom connector is used to manage administrator credentials while the Oracle EM Named Credential custom connector is used to manage named credentials.

In simple terms, administrator credentials are used for logging in to the Oracle Enterprise Manager console while named credentials are primarily used for performing operations such as running jobs, patching and other system management tasks on target systems managed by Oracle Enterprise Manager.

Note: The Oracle EM Named Credential connector does not support password verification.  However, this has no impact on the password synchronization.

Disclaimer
This software is provided without warranty of any kind, including without limitation, any implied warranties of merchantability or fitness for a particular purpose. In no event will CA be liable to the end user or any third party for any loss or damage, direct or indirect, from the use of this software, including without limitation, lost profits, business interruption, goodwill, or lost data, even if CA is expressly advised of such loss or damage.

Prerequisites
The following conditions must be satisfied in order to use the custom connector:

• Privileged Access Manager version 3.3 or later.
• Install the Custom Connector Server. For installation instructions, see the CA Privileged Access Manager documentation.

Deploy the Target Connector
Follow these steps:

1. On the Tomcat Custom Connector Server, download, extract and copy the oem.war and oemnc.war files to the webapps_targetconnectors directory.

Deploy the Oracle Enterprise Manager Command Line Interface
Follow these steps:

1. Download the EM CLI client kit from Oracle Enteprise Manager console.
   https://<your_em_host:port>/em/public_lib_download/emcli/kit/emcliadvancedkit.jar
   
   
2. Install the EM CLI advanced kit into any directory.
   java -jar emcliadvancedkit.jar -install_dir=<em_cli_home_dir>
   
   
3. Navigate to the <em_cli_home_dir> directory where EM CLI is installed, then execute the following command to configure the EM CLI client.
   emcli sync -url="https://<your_em_host:port>-1909081.dhcp.broadcom.net:7803/em" -username=<em_console_username> -trustall -novalidate
   
   
4. Set the EMCLI_HOME environment variable to the <em_cli_home_dir> directory. Note: this configuration is required for the custom connectors.

Configure the Custom Connector Configuration
Follow these steps:

1. Log in the CA Privileged Access Manager UI.
2. In the UI, select Credentials, CA Modules, Custom Connectors.
3. From the Custom Connector Details page, specify a higher value for the Update Timeout.
   
     
4. Select SAVE.

Specify a Remote Target Server
Follow these steps:

1. In the UI, select Devices, Manage Devices.
2. From the Devices page, select ADD.
3. In the Add Device dialog, complete the required fields in the Basic Info tab. This device is the Oracle Management Service (OMS) server.
4. For the Device Type, select the Password Management checkbox. Keep the Access checkbox selected.
5. Go to the Access Methods tab and specify an access protocol, such as SSH. The appliance uses the access method to contact the remote target server.
6. Select SAVE AND ADD TARGET APPLICATIONS to complete the configuration.
   
   
     

Add the Oracle Enterprise Manager Application
Follow these steps:

1. Select or enter values for the Application Name field.
2. In the Application Type field, select Oracle Enterprise Manager.
3. A new tab labelled Oracle Enterprise Manager is displayed.
   
   
   
   
4. On the Oracle Enterprise Manager tab, specify values for the following fields:
   - Server Port: Specify the port that the Oracle Enterprise Manager server listens on. Default: 7803.
   - Trust all certificates (EMCLI_TRUSTALL): Specify whether to accept and trust the server certificate.
   
    
5. Select OK.

 
Add the Oracle EM Named Credential Application
Follow these steps:

1. From the Target Applications page, select ADD.
   
    
2. Select or enter values for the Application Name field.
3. In the Application Type field, select Oracle EM Named Credential.
4. A new tab labelled Named Credential is displayed.
   
   
   
   
5. On the Named Credential tab, specify values for the following fields:
   - Server Port: Specify the port that the Oracle Enterprise Manager server listens on. Default: 7803.
   - Trust all certificates (EMCLI_TRUSTALL): Specify whether to accept and trust the server certificate.
   
    
6. Select OK.

Add the Administrator Account
Follow these steps:

1. Select Credentials, Manage Targets, Accounts.
2. Select ADD.
3. Complete the required fields:
   - Application Name: Select the Oracle Enterprise Manager application name that you configured in the previous procedure.
   - Account Name: Enter the user name of the credential owner or administrator who has been granted with the privilege to modify the named credential.
   - Password: The password of the user account at the remote target server.
4. On the Password tab, select Update both the Password Authority Server and the target system.
5. On the Oracle Enterprise Manager tab, specify values for the following fields:
   - Master Account: Specify whether to use the existing target account or an alternative account to change the password.
6. Select OK to save the account.

Add the Named Credential Account
Follow these steps:

1. From the Target Accounts page, select ADD.
2. Complete the required fields:
   - Application Name: Select the Oracle EM Named Credential application name that you configured in the previous procedure.
   - Account Name: Enter the user name of the named credential.
   - Password: The password of the user account at the remote target server.
   
    
3. Note: Do not select Update both the Password Authority Server and the target system in the Password tab.
4. On the Named Credential tab, specify values for the following fields:
   - Credential Owner: Select or specify the user created in the previous step.
   - Credential Name Specify the name of the named credential for Oracle Enterprise Manager.
   
   
    
5. Select OK to save the account.

Modify the Named Credential Account
Follow these steps:

1. From the Target Accounts page, double click the named credential created in the previous step.
2. On the Password tab, select Update both the Password Authority Server and the target system.
3. Select OK to save the account.
   
   
    
4. From the Oracle Enterprise Manager console, you can verify that the named credential has been updated.
   
   

#targetconnector​​