I have followed the below steps to enable access roles for use with siteminder.
Follow these steps:
Post this, i have added the IDM environment in the domains>policy, but i am unable to see the access roles from CA IDM.
Am i missing anything here ?
Attached the snapshot below.
I have noticed this behavior if you have created IDM roles before enabling the EnableSMRBAC.
Can you create new role now and check whether it is reflecting or not?
Additionally, you can verify SM database table for IM related stuff.
i.e. IMSROLE6 , IMSTASK6 and IMSROLETASK6 Role table has the entries related to your IDM task.
Check the following image here "IMSROLE6 " and "IMSTASK6" has entries but Role and TAsk mapping table "IMSROLETASK6 " were missing those entries.
Either you create these missing entry manually or recreate those roles and task again in IM console.
Also, verify that In "CA Identity Manager Environments screen" make sure you have unchecked "Disable Policy Store Update" checkbox before you start creating new IDM role and task.
I was able to see the IDM roles after creating the new one. Is this a bug ?
Also, can we also use CA IDM provisioning roles in the CA SSO or we can only use CA IDM access roles in CA SSO ?
I think this behavior is based on design than a bug. Access role and Task mapping should be published after you enable the "Policy Store Update" flag. Having said that you should still open an enhancement request for the reconciliation of Role and Task mapping and I do see a value of such a functionality especially in the scenarios where SSO integration pitched in IDM solution later on.
CA SSO uses access role than the provisioning role.
Reson: Access Role and Task need to be correlated via Application ID and This application ID is used by SSO to evaluate the access role & task for an application.