Hello All,
Background:
Customers with password change policies for service accounts, often update / recycle their privileged IDs on a periodic basis.
One component of the IM solution, that needs some additional expansion/clarification is the IM Bulk Loader Client (BLC) for post-password resets.
This is pre-built java module that will use a XML or CSV file to bulk load user data into the IM solution via web services.
The web services in IM are labeled as TEWS.
PROCESSES:
STEP 00: The TEWS service must be enabled in the IME Management Console & along with the WSDL. (these are simple checkboxes).
Login information may be made mandatory using IM only or with Siteminder integrated.
STEP 01: To validate that the web service is available, and the WSDL can be view, use the following URI:
J2EE Direct URL (J2EE Hostname + Port: 8080 or 7001)
http://HOSTNAME:PORT/iam/im/TEWS6/<env_name_here>?wsdl
Via Web Server (or VIP) (Apache/IIS hostname + Port: 443 or 8443
https://WEB_SERVER_HOSTNAME:PORT/iam/im/TEWS6/<env_name_here>?wsdl
STEP 02: On the server with the IM BLC client, create a new file.
# Create INPUT FILE with three (3) tokens and values (or the file may just have ONLY the password token & value)
# Password will be clear text; and then converted to CRYPT format
user=idmadmin
password=Password01
serverUrl=https://imwa001.im.dom/iam/im/TEWS6/cam
STEP 03: Execute the batch file and switches to pull data from input file and convert/transform it ; then save to the configuration file.
#imbulkloadclient.bat --storeEndpointInfo --endpointInfoFile I:\im_win_blc\caim-bulk-loader\conf\imblc_input_file.txt
#IM Bulk Loader invoked ...
#Loaded configuration options from properties file: I:\im_win_blc\caim-bulk-loader\conf\imblc_input_file.txt
#Storing server URL: https://imwa001.im.dom/iam/im/TEWS6/cam
#Storing user name: idmadmin
#Storing obfuscated password: devrhQ2YEm5RE0IGa3tyoPkiTOe0uYNpgjS1Zlsz9B8=
#End point information stored in configuration file: ../conf/imbulkloadclient.properties
STEP 04: Validate the BLC with the new login ID and Password.
STEP 05: Delete the temporary input file (to ensure the clear text Password is not stored)
A.