Known Arcot Connector limitations on IM r12.6 SP4
- It only supports AuthMinder 6.2.x and 7.1.x
- It doesn't support LDAP organizations
It's able to acquire an Arcot Endpoint with LDAP organizations, but basically the endpoint will be read-only.
Arcot Connector throws an exception if you try to generate any kind of credential on such endpoint.
- It's unable to manage Certificate Profile though the GUI presents that.
Known enhancement idea
Where to download the connector
The Arcot (CA Strong Authentication) Connector is an OOTB component of the JCS connector installation package since IMr12.6 SP1.If you need the individual copy of the connector, please find it here
- The latest version: ftp://ftp.ca.com/pub/CloudMinder/Connectors/CA%20Arcot/ca-arcot.zip
- Older versions: ftp://ftp.ca.com/pub/CloudMinder/Connectors/CA%20Arcot/
Acquire an endpoint
- Please confirm WebFort server version and adjust the value on WebFort Server Version field
- 9744 is the AuthMinder transaction service port, it has to be configured and opened on Arcot Admin Console
- if AuthMinder transaction service port 9744 is working on TCP mode, WebFort Server URL is a HTTP url
- if AuthMinder transaction service port 9744 is working on SSL mode, WebFort Server URL is a HTTPS url
In such case the Root Certificate of the issuer who signed the AuthMinder server certificate has to be uploaded to jcs trusted certificate store.
This can be done on JCS Console
- if UDS Server URL is a HTTPS url, the Root Certificate of the issuer who signed the Arcot Application server certificate has to be uploaded to jcs trusted certificate store.
- if AuthMinder or the Arcot Application server enforced 2 way SSL, then jcs' root certificate has to be imported to Aroct Side.
Logs for troubleshooting during Endpoint Acquirement
- on jcs machine, turn on the verbose log
- cd <IM>\Connector Server\etc
- rename org.ops4j.pax.logging.cfg to org.ops4j.pax.logging.cfg.brief
- rename org.ops4j.pax.logging.cfg.verbose to org.ops4j.pax.logging.cfg
- restart the jcs service via Windows Service Control Panel
- on IdentityMinder Provisioning Manager,
- try to acquire the Arcot endpoint
- on Endpoint tab, supply all required info; take a screen snapshot
- on logging tab, enable all Message severity checkboxes on Text file direction
- click OK to acquire the endpoint and reproduce the issue
- please collect the following info
- the test time and duration
- the collected screen snapshoot.
- etatrans log
Location: <IM>\Provisioning Server\logs\etatransyyyymmdd-hhmm.log
- jcs log
Location: <IM>\Connector Server\jcs\logs\jcs_daily.log.yyyymmdd
- Endpoint log
Location: <IM>\Connector Server\jcs\logs\Arcot\jcs_conn_*.*
- upload the collected info to support.ca.com
Create an Arcot User
Create ArcotID credential
- Select Generate ArcotID Action: Create
Default ArcotID Profile Name: BasicArcotIDProfile
- Supply Reset ArcotID Validity End Date Time Option: Specific End Date
- Supply ArcotID Validity End Date time
- Supply ArcotID password
Typical Account Template
On an Arcot Account Template, the Default Profile Names have to be supplied, for example
- Default OTP Profile Name: BasicOTPProfile
Note: Please do not use BasicAroctOTPProfile which is for a different type of credential.
- Default ArcotID Profile Name: BasicArcotIDProfile
- Default QnA Profile Name: BasicQnAProfile