Layer 7 Identity Management

Test Connection from GovernanceMinder to IdentityMinder 

07-13-2015 11:51 AM

For CA support persons this information is available:
RTC: 144709 shows the flow and starts the discussion of test connection
RTC: 147135 Finishes Test connection topics and provides a jar with detailed logging


For customers that are having trouble connecting Gm to IM you can use this information to add logging to IdentityMinder and GovernanceMinder

Home > Administration > Support Tools > Log Settings
GM debug settings:
com.ca.clientconnection.clientapi
com.ca.clientconnection.clientimpl
com.eurekify.connectors.ccl.session
com.eurekify.web.settings.connector


iam_im.ear\config\com\netegrity\config\log4j_<appserver>.properties
IM DEBUG settings:
# IMS logging
log4j.category.ims=debug
log4j.category.im=debug
log4j.category.iamframework.webservices=debug
log4j.category.identitymanager.webservices=debug

 

These tasks need to be added to the  in IdentityManager User making test connections:
Create WebServices Configuration
Delete WebServices Configuration
Modify WebServices Configuration
View WebServices Configuration
change administrator for webservices Configuration
Define CARCM Connection
Delete CARCM Connection

 

If all  seven of the pre-req tasks have been added above, and the smart provsioning roles have been imported.

 

It is important to understand the flow of requests that happen with the products:
GM makes a connection to IM
  It contacts the IME with the userid/password given on the test connection screen
   It reads the endpoint types and create the CARCM webservices definition
  It then reads the corp directory.xml for the managing userid/password
   It then makes an ldap call to that directory to make sure smart provisioning can work
  It then reads the provisioning server directory.xml for the managing userid/password
   It then makes an ldap call to the provisioning server/directory to make sure smart provisioning can work

As long as all of these step can be performed the test connection should be successful.

 

Known issues with the GovernanceMinder 12.6.1, it cannot handle passwords at any of the above steps that have multibyte characters

Other issues that will stop success:
firewalls at any point between GM and the 3 points notes above: IM, Corpstore, Provserver/directory

 

If you are using jboss 6.x for IdentityMinder and the jersey app is less than jersey-server-1.17.1.jar:1.17.1

 

*** The attached Tracing is available for IM 12.6.1 and GM 12.6.1 but CA will not accept responsibility for damages to systems or data caused by the usage of these tracing binaries. they are logging utilities and can be used for these versions (IM 12.6.1 and GM 12.6.1) to see the flow in the GM log of a test connection.

TB_GM_147135.zip

TB_IM_147135.zip

 

This is for IM 12.6.4

TB_IM12.6.4_WebServices.zip

Statistics
0 Favorited
3 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

10-07-2016 03:11 AM

Hi Bill Patton,

 

Can u please help me out how to install Governanceminder with screenshoots.

 

Regars,

Dileep

07-30-2015 12:50 PM

There is has been another issue found. when you delete the IMRCM webservices configuration and your IME is localized it does not delete the IMRCM admin role. It is supposed to delete this admin role automatically when the webservices configuration is deleted but it does not and when the test connection in GM is clicked again the test connection fails creating this object as it already exists.

07-13-2015 11:54 AM

Of course if you have problems with any of these steps above, or find that the tracing reveals an issue that you cannot resolve, please open a support issue and post the link to this thread.

Related Entries and Links

No Related Resource entered.