Symantec IGA

  • Private Community
 View Only

  • 1.  Where can i find the preconfigured XML files for CA API Gateway Policy Manager?

    Posted Jul 24, 2018 10:36 AM

    We are trying to connect the CA Identity Manager with CA API Gateway according to this guide:

     

    Connecting to CA API Gateway - CA Identity Management & Governance Connectors - CA Technologies Documentation 

     

    In the Import the Endpoint Service in the Policy Manager part, step 7, we need to import the preconfigured xml files, however, we were unable to find theese files, any idea of where can we find them?

     

    Regards,



  • 2.  Re: Where can i find the preconfigured XML files for CA API Gateway Policy Manager?

    Posted Jul 25, 2018 03:08 PM

    We found that in the Box connector page:

    How to Connect to Box - CA Identity Management & Governance Connectors - CA Technologies Documentation 

     

    The preconfigured xml files are located at:

    C:\Program Files (x86)\CA\Identity Manager\Connector Server\jcs\resources\scim\box_policy.xml

     

    However, we could not find the preconfigured xml for Layer 7. So, we took the Box policy file and renamed the paths that are written inside to match our service's path.

    Then, we imported the modified xml in the Policy Manager, changed the default identity provider that wasn't working and finally, we changed the "Route" fragments that call URLs that do not match our Service URLs then the SCIM schema is responding successfully.

     

    We're attaching a screenshot of the folder containing our preconfigured xml files.

    preconfiguredxml

    Inspite of the fact that it worked out, we would like to know where can we find the preconfigured xml files for Layer 7?

     

    Regards,



  • 3.  Re: Where can i find the preconfigured XML files for CA API Gateway Policy Manager?

    Broadcom Employee
    Posted Jul 27, 2018 01:00 AM

    Hi,

    CA Identity Manager provides preconfigured policy XML files only for the supported endpoints (i.e. Azure, Box, Google Apps, Service Now and Zendesk). 

    However, as mentioned in the post, these preconfigured policy XML files could be used to write any new policy as per the requirements.

     

    Thanks & Regards,

    Laxminarayana.



  • 4.  Re: Where can i find the preconfigured XML files for CA API Gateway Policy Manager?

    Posted Jul 27, 2018 12:24 PM

    Hi Laxminarayana, OK. We modified the box policy and we could create the agent. And connect from Provisioning to layer 7.

    We could see the Scemma, and when we create an account from provisioning IDM calls the services that are published in L7.

     

    We modified the policy loaded from BOX example to invoke a REST example we have.in the "BOX V1 : create user" fragment.

     

    That example REST was successfully called from L7 when we create the account from Provisioning.

    We set by step with "Service Debugger" and we could see that the policy finished succesfully.

    BUT...

    Provisioning show us the following error "There is 1 failure during the server operation"

     

    In the connector Server logs we could see:

     

    2018-07-27 13:20:53,857 86642 [ApacheDS Worker-thread-14] Web_Services___Layer_7_DR_ApiUsuarios (MetaConnector.java:613) ERROR - Ignoring resolveObjectClass failure: JCS@prov-jboss-01: SCIM: resolveObjectClass: '' in attribute '' could not be resolved. connector: class com.ca.jcs.scim.SCIMMetaConnector: ApiUsuarios [eTDYNDirectoryName=ApiUsuarios,eTNamespaceName=Web Services - Layer 7-DR,dc=im,dc=etasa]
    2018-07-27 13:20:53,857 86642 [ApacheDS Worker-thread-14] Web_Services___Layer_7_DR_ApiUsuarios (BaseConnector.java:587) WARN - class com.ca.jcs.scim.SCIMMetaConnector: ApiUsuarios [eTDYNDirectoryName=ApiUsuarios,eTNamespaceName=Web Services - Layer 7-DR,dc=im,dc=etasa]: no connection manager registered
    2018-07-27 13:20:53,857 86642 [ApacheDS Worker-thread-14] Web_Services___Layer_7_DR_ApiUsuarios (BaseConnector.java:618) INFO - class com.ca.jcs.scim.SCIMMetaConnector: ApiUsuarios [eTDYNDirectoryName=ApiUsuarios,eTNamespaceName=Web Services - Layer 7-DR,dc=im,dc=etasa]: activating
    2018-07-27 13:20:53,982 86767 [ApacheDS Worker-thread-14] Web_Services___Layer_7_DR_ApiUsuarios (ConnectorAttributesProcessor.java:82) INFO - class com.ca.jcs.scim.SCIMMetaConnector: ApiUsuarios [eTDYNDirectoryName=ApiUsuarios,eTNamespaceName=Web Services - Layer 7-DR,dc=im,dc=etasa]: activated
    2018-07-27 13:20:53,997 86782 [ApacheDS Worker-thread-15] Web_Services___Layer_7_DR_ApiUsuarios (MetaConnector.java:6215) INFO - unknown return attribute 'ref' not allowed to be accepted and mapped by isMapAcceptedUnknownAttrIds()==false
    2018-07-27 13:20:53,997 86782 [ApacheDS Worker-thread-15] Web_Services___Layer_7_DR_ApiUsuarios (MetaConnector.java:6218) INFO - unknown return attribute 'eTAccountResumable'
    2018-07-27 13:20:53,997 86782 [ApacheDS Worker-thread-15] Web_Services___Layer_7_DR_ApiUsuarios (MetaConnector.java:5802) INFO - Ignoring all requested attributes as none are mapped: [ref, eTAccountResumable]

     

     

    Thanks in advance for your help.

     

     

     

     

     



  • 5.  Re: Where can i find the preconfigured XML files for CA API Gateway Policy Manager?
    Best Answer

    Posted Jul 27, 2018 04:52 PM

    Hi, We could solve the problem using "Zendesk - WSL7" policy

    The preconfigured xml files are located at:

    C:\Program Files (x86)\CA\Identity Manager\Connector Server\jcs\resources\scim\

     

    We took the Zendesk policy file and renamed the paths that are written inside to match our service's path.

    Then, we imported the modified xml in the Policy Manager,  we changed the "Route" fragments that call URLs that do not match our Service URLs then the SCIM schema is responding successfully.

     

    regards