Symantec IGA

  • Private Community
 View Only
Back to discussions
Expand all | Collapse all

Change the BLC Password (after an install) - For CA Identity Manager

  • 1.  Change the BLC Password (after an install) - For CA Identity Manager

    Posted Nov 06, 2015 02:45 PM

    Hello All,

     

    Background:

     

    Customers with password change policies for service accounts, often update / recycle their privileged IDs on a periodic basis.

     

    One component of the IM solution, that needs some additional expansion/clarification is the IM Bulk Loader Client (BLC) for post-password resets.

     

    This is pre-built java module that will use a XML or CSV file to bulk load user data into the IM solution via web services.

    The web services in IM are labeled as TEWS.



    PROCESSES:


    STEP 00:  The TEWS service must be enabled in the IME Management Console & along with the WSDL.  (these are simple checkboxes).

    Login information may be made mandatory using IM only or with Siteminder integrated.



    STEP 01:  To validate that the web service is available, and the WSDL can be view, use the following URI:

     

    J2EE Direct URL (J2EE Hostname + Port: 8080 or 7001)

    http://HOSTNAME:PORT/iam/im/TEWS6/<env_name_here>?wsdl

     

    Via Web Server (or VIP) (Apache/IIS hostname + Port: 443  or 8443

    https://WEB_SERVER_HOSTNAME:PORT/iam/im/TEWS6/<env_name_here>?wsdl

     

     

     

    STEP 02:   On the server with the IM BLC client, create a new file.

     

    # Create INPUT FILE with three (3) tokens and values  (or the file may just have ONLY the password token & value)

    # Password will be clear text; and then converted to CRYPT format

     

    user=idmadmin

    password=Password01

    serverUrl=https://imwa001.im.dom/iam/im/TEWS6/cam

     

     

    STEP 03:  Execute the batch file and switches to pull data from input file and convert/transform it ; then save to the configuration file.

    #imbulkloadclient.bat --storeEndpointInfo --endpointInfoFile I:\im_win_blc\caim-bulk-loader\conf\imblc_input_file.txt


    #IM Bulk Loader invoked ...

    #Loaded configuration options from properties file: I:\im_win_blc\caim-bulk-loader\conf\imblc_input_file.txt

    #Storing server URL: https://imwa001.im.dom/iam/im/TEWS6/cam

    #Storing user name: idmadmin

    #Storing obfuscated password: devrhQ2YEm5RE0IGa3tyoPkiTOe0uYNpgjS1Zlsz9B8=

    #End point information stored in configuration file: ../conf/imbulkloadclient.properties



    STEP 04:  Validate the BLC with the new login ID and Password.


    STEP 05:  Delete the temporary input file (to ensure the clear text Password is not stored)





    A.