Managing an Arcot Endpoint on IM Provisioning Manager (IM r12.6 SP4)

Document created by Yong Li Employee on Mar 9, 2015Last modified by kristen.palazzolo on Dec 17, 2016
Version 8Show Document
  • View in full screen mode

Known Arcot Connector limitations on IM r12.6 SP4

Known enhancement idea

 

Where to download the connector

     The Arcot (CA Strong Authentication) Connector is an OOTB component of the JCS connector installation package since IMr12.6 SP1.If you need the individual copy of the connector, please find it here

 


Acquire an endpoint


     Acquire an endpoint.png

  1. Please confirm WebFort server version and adjust the value on WebFort Server Version field
  2. 9744 is the AuthMinder transaction service port, it has to be configured and opened on Arcot Admin Console
  3. if AuthMinder transaction service port 9744 is working on TCP mode, WebFort Server URL is a HTTP url
  4. if AuthMinder transaction service port 9744 is working on SSL mode,  WebFort Server URL is a HTTPS url
    In such case the Root Certificate of the issuer who signed the AuthMinder server certificate has to be uploaded to jcs trusted certificate store.
    This can be done on JCS Console
    jcs trusted certificate store.png
  5. if UDS Server URL is a HTTPS url, the Root Certificate of the issuer who signed the Arcot Application server certificate has to be uploaded to jcs trusted certificate store.
  6. if AuthMinder or the Arcot Application server enforced 2 way SSL, then jcs' root certificate has to be imported to Aroct Side.

      Reference: How to Connect CA Identity Manager to CA Strong Authentication - CA Identity Management & Governance Connectors - CA Wik…

 

Logs for troubleshooting during Endpoint Acquirement

  1. on jcs machine, turn on the verbose log
    • cd <IM>\Connector Server\etc
    • rename org.ops4j.pax.logging.cfg to org.ops4j.pax.logging.cfg.brief
    • rename org.ops4j.pax.logging.cfg.verbose to org.ops4j.pax.logging.cfg
  2. restart the jcs service via Windows Service Control Panel
  3. on IdentityMinder Provisioning Manager,
    • try to acquire the Arcot endpoint
    • on Endpoint tab, supply all required info; take a screen snapshot
    • on logging tab, enable all Message severity checkboxes on Text file direction
    • click OK to acquire the endpoint and reproduce the issue
  4. please collect the following info
    • the test time and duration
    • the collected screen snapshoot.
    • etatrans log
      Location: <IM>\Provisioning Server\logs\etatransyyyymmdd-hhmm.log
    • jcs log
      Location: <IM>\Connector Server\jcs\logs\jcs_daily.log.yyyymmdd
    • Endpoint log
      Location: <IM>\Connector Server\jcs\logs\Arcot\jcs_conn_*.*
  5. upload the collected info to support.ca.com

Create an Arcot User


      Create an Arcot User.png

 

 

 

Create ArcotID credential

  1. Select Generate ArcotID Action: Create
    Default ArcotID Profile Name: BasicArcotIDProfile
    Create ArcotID credential1.png
  2. Supply Reset ArcotID Validity End Date Time Option: Specific End Date
      Create ArcotID credential2.png
  3. Supply ArcotID Validity End Date time
    Create ArcotID credential3.png
  4. Supply ArcotID password
    Create ArcotID credential4.png

 

 

Typical Account Template

On an Arcot Account Template, the Default Profile Names have to be supplied, for example

    • Default OTP Profile Name: BasicOTPProfile
      Note: Please do not use BasicAroctOTPProfile which is for a different type of credential.
    • Default ArcotID Profile Name: BasicArcotIDProfile
    • Default QnA Profile Name: BasicQnAProfile

Reference: Provision QnA Credentials Using an Account Template - CA Identity Management & Governance Connectors - CA Wiki

Typical Account Template.png

 

 

 

Attachments

    Outcomes