Symantec IGA

Change the BLC Password (after an install) - For CA Identity Manager

  • 1.  Change the BLC Password (after an install) - For CA Identity Manager

    Posted 11-06-2015 02:45 PM

    Hello All,




    Customers with password change policies for service accounts, often update / recycle their privileged IDs on a periodic basis.


    One component of the IM solution, that needs some additional expansion/clarification is the IM Bulk Loader Client (BLC) for post-password resets.


    This is pre-built java module that will use a XML or CSV file to bulk load user data into the IM solution via web services.

    The web services in IM are labeled as TEWS.


    STEP 00:  The TEWS service must be enabled in the IME Management Console & along with the WSDL.  (these are simple checkboxes).

    Login information may be made mandatory using IM only or with Siteminder integrated.

    STEP 01:  To validate that the web service is available, and the WSDL can be view, use the following URI:


    J2EE Direct URL (J2EE Hostname + Port: 8080 or 7001)



    Via Web Server (or VIP) (Apache/IIS hostname + Port: 443  or 8443





    STEP 02:   On the server with the IM BLC client, create a new file.


    # Create INPUT FILE with three (3) tokens and values  (or the file may just have ONLY the password token & value)

    # Password will be clear text; and then converted to CRYPT format







    STEP 03:  Execute the batch file and switches to pull data from input file and convert/transform it ; then save to the configuration file.

    #imbulkloadclient.bat --storeEndpointInfo --endpointInfoFile I:\im_win_blc\caim-bulk-loader\conf\imblc_input_file.txt

    #IM Bulk Loader invoked ...

    #Loaded configuration options from properties file: I:\im_win_blc\caim-bulk-loader\conf\imblc_input_file.txt

    #Storing server URL:

    #Storing user name: idmadmin

    #Storing obfuscated password: devrhQ2YEm5RE0IGa3tyoPkiTOe0uYNpgjS1Zlsz9B8=

    #End point information stored in configuration file: ../conf/

    STEP 04:  Validate the BLC with the new login ID and Password.

    STEP 05:  Delete the temporary input file (to ensure the clear text Password is not stored)