For CA support persons this information is available:
RTC: 144709 shows the flow and starts the discussion of test connection
RTC: 147135 Finishes Test connection topics and provides a jar with detailed logging
For customers that are having trouble connecting Gm to IM you can use this information to add logging to IdentityMinder and GovernanceMinder
Home > Administration > Support Tools > Log Settings
GM debug settings:
com.ca.clientconnection.clientapi
com.ca.clientconnection.clientimpl
com.eurekify.connectors.ccl.session
com.eurekify.web.settings.connector
iam_im.ear\config\com\netegrity\config\log4j_<appserver>.properties
IM DEBUG settings:
# IMS logging
log4j.category.ims=debug
log4j.category.im=debug
log4j.category.iamframework.webservices=debug
log4j.category.identitymanager.webservices=debug
These tasks need to be added to the in IdentityManager User making test connections:
Create WebServices Configuration
Delete WebServices Configuration
Modify WebServices Configuration
View WebServices Configuration
change administrator for webservices Configuration
Define CARCM Connection
Delete CARCM Connection
If all seven of the pre-req tasks have been added above, and the smart provsioning roles have been imported.
It is important to understand the flow of requests that happen with the products:
GM makes a connection to IM
It contacts the IME with the userid/password given on the test connection screen
It reads the endpoint types and create the CARCM webservices definition
It then reads the corp directory.xml for the managing userid/password
It then makes an ldap call to that directory to make sure smart provisioning can work
It then reads the provisioning server directory.xml for the managing userid/password
It then makes an ldap call to the provisioning server/directory to make sure smart provisioning can work
As long as all of these step can be performed the test connection should be successful.
Known issues with the GovernanceMinder 12.6.1, it cannot handle passwords at any of the above steps that have multibyte characters
Other issues that will stop success:
firewalls at any point between GM and the 3 points notes above: IM, Corpstore, Provserver/directory
If you are using jboss 6.x for IdentityMinder and the jersey app is less than jersey-server-1.17.1.jar:1.17.1
*** The attached Tracing is available for IM 12.6.1 and GM 12.6.1 but CA will not accept responsibility for damages to systems or data caused by the usage of these tracing binaries. they are logging utilities and can be used for these versions (IM 12.6.1 and GM 12.6.1) to see the flow in the GM log of a test connection.
TB_GM_147135.zip
TB_IM_147135.zip
This is for IM 12.6.4
TB_IM12.6.4_WebServices.zip