Alan Baugher

Change the BLC Password (after an install) - For CA Identity Manager

Discussion created by Alan Baugher Employee on Nov 6, 2015

Hello All,

 

Background:

 

Customers with password change policies for service accounts, often update / recycle their privileged IDs on a periodic basis.

 

One component of the IM solution, that needs some additional expansion/clarification is the IM Bulk Loader Client (BLC) for post-password resets.

 

This is pre-built java module that will use a XML or CSV file to bulk load user data into the IM solution via web services.

The web services in IM are labeled as TEWS.



PROCESSES:


STEP 00:  The TEWS service must be enabled in the IME Management Console & along with the WSDL.  (these are simple checkboxes).

Login information may be made mandatory using IM only or with Siteminder integrated.



STEP 01:  To validate that the web service is available, and the WSDL can be view, use the following URI:

 

J2EE Direct URL (J2EE Hostname + Port: 8080 or 7001)

http://HOSTNAME:PORT/iam/im/TEWS6/<env_name_here>?wsdl

 

Via Web Server (or VIP) (Apache/IIS hostname + Port: 443  or 8443

https://WEB_SERVER_HOSTNAME:PORT/iam/im/TEWS6/<env_name_here>?wsdl

 

 

 

STEP 02:   On the server with the IM BLC client, create a new file.

 

# Create INPUT FILE with three (3) tokens and values  (or the file may just have ONLY the password token & value)

# Password will be clear text; and then converted to CRYPT format

 

user=idmadmin

password=Password01

serverUrl=https://imwa001.im.dom/iam/im/TEWS6/cam

 

 

STEP 03:  Execute the batch file and switches to pull data from input file and convert/transform it ; then save to the configuration file.

#imbulkloadclient.bat --storeEndpointInfo --endpointInfoFile I:\im_win_blc\caim-bulk-loader\conf\imblc_input_file.txt


#IM Bulk Loader invoked ...

#Loaded configuration options from properties file: I:\im_win_blc\caim-bulk-loader\conf\imblc_input_file.txt

#Storing server URL: https://imwa001.im.dom/iam/im/TEWS6/cam

#Storing user name: idmadmin

#Storing obfuscated password: devrhQ2YEm5RE0IGa3tyoPkiTOe0uYNpgjS1Zlsz9B8=

#End point information stored in configuration file: ../conf/imbulkloadclient.properties



STEP 04:  Validate the BLC with the new login ID and Password.


STEP 05:  Delete the temporary input file (to ensure the clear text Password is not stored)





A.

Outcomes