Alan Baugher

3rd Party Service Tools used for Identity Suite's connectors/PX Rules

Discussion created by Alan Baugher Employee on May 26, 2017

Team,

 

Enclosing processes used to lower the duration of turn-around to build/validate a connectors (via CX, OOTB, or PX)

 

 

 

ItemConnector TypeFeedback Tool  / ProcessesDescription / Cost
1Active Directory / LDAP / Mainframe (TSS/ACF2/RACF via LDAP Server for Z/OS), JNDIStep 1:  Jxplorer, Apache Directory Studio, SoftTerra LDAPbrowser/SoftTerra LDAPadmin validate service ID permissions/password to TCP 389 port.
Step 2:  Openssl s_client -connect hostname:636 -showcerts
Validate AD DC has a public CA root certificates (not a self-signed cert)
Step 3: certlm.msc (open on any server/workstation in the domain, to export the CA public cert)
Export the public CA root certificate
Step 4:  openssl s_client -connect hostname:636 -showcerts -CAfile public_CA_cert_file_HERE.pem
Validate that the exported public CA root cert, is the correct one being offered by the endpoint
Free tools (Apache Directory Studio, Jxplorer, openssl, SoftTerra LDAPbrowser,MS certlm.msc)

Paid tools (SoftTerra LDAPadmin)
2CX JNDI Dynamic Connector: LDAPStep 1:    Jxplorer, Apache Directory Studio, SoftTerra LDAPbrowser/SoftTerra LDAPadmin as a feedback tool.
View the schema, and then open the CX UI to build the new LDAP dynamic connector.
Estimate 2 hours to build a LDAP connector
Free tools (Apache Directory Studio, Jxplorer, openssl, SoftTerra LDAPbrowser)

Paid tools (SoftTerra LDAPadmin)
3ODBC ConnectorStep 1:  Validate if the DB is using the standard USERS TABLE, where DB User exists.  
Step 2:  Validate access with Dbvisualizer for service ID and password
 If so, then use the OOTB ODBC connector. 
If not, then use CX UI to JDBC
Free tools (Dbvisualizer,openssl)

Paid tools (Dbvisualizer)
4CX JDBC Dynamic Connector: DBStep 1:  Validate if the DB is NOT using the standard USERS TABLE.
Use Dbvisualizer (30 days free), to build and monitor the database for updates for CrUD use-cases to see which tables are in use.
Step 2: Confirm Reverse Engineering process with GRAPH in the DBvisualizer tool.
Identify the TABLES and/or STORED PROCEDURES to use.
Step 3: Focus on the following ORDER:  
View Profile, View MemberOf, Delete Profile, Delete MemberOf, Create, Create MemberOf, Modify Profile, Modify MemberOf
Step 4:  Test each use-case multiple times.    Use Jmeter tool.
Free tools (Dbvisualizer,openssl)

Paid tools (Dbvisualizer)
5SOAP / RESTStep 1:   Validate with SOAPUI, if WSDL is available, if able to submit a request.
Step 2:   Validate if authentication is:   Anonymous, BASIC (bind), WSEE (if WSEE and using PX Rules, adjust the authentication as part of the BODY, and change the PX Rule to Anonymous Bind)
Step 3:  If SOAP call is to IME TEWS, use the IME VST as part of the feedback process to monitor success.
Step 4:  Monitor with ims.policyxpress = DEBUG, via the -D JVM switch OR logging.jsp page
Step 5:  If SOAP/REST is not to IME but a remote system; contact the remote admin resource, to work with you during the testing exercise.
Step 6: Or determine if there is a native UI, with a service ID that can be used as part of the feedback process.
Free tools (SOAPUI,openssl)

Paid tools (SOAPUI PRO)
6SOAP / REST SCIM ProtocolStep 1:   Validate with SOAPUI, if WSDL is available, if able to submit a request.
Step 2:   Validate if authentication is:   Anonymous, BASIC (bind), WSEE
Step 3:  If SOAP/REST call is to internal or cloud web application with provisioning, use the API GW to build the process.
Step 4:  Monitor with ims.policyxpress = DEBUG, via the -D JVM switch OR logging.jsp page
Step 5:  If SOAP/REST call is to internal or cloud webapplication; contact the remote admin resource, to work with you during the testing exercise.   
Step 6: Or determine if there is a native UI, with a service ID that can be used as part of the feedback process.
Free tools (SOAPUI,openssl)

Paid tools (SOAPUI PRO)
7All Connectors - PerformanceStep 1:  Use Jmeter to build a test plan to use LDAP to the IMPS Provisioning Server TCP 20389.
Step 2:  Adjust the Jmeter test plan to test "through" the IMPS server, down to the connector tier, and then to the newly managed endpoints.
Step 3:  Add in queries for 1000 entries of user profiles, Add in queries for 1000 entries of group objects, Add in queries for user profile with membership, Add in exact queries to single user profile, Add in update to single user profile, Add in MASS CHANGE update to all selected user identities are updated.
Free tools (Jmeter,SOAPUI,openssl)

Paid tools (SOAPUI PRO)

Service Tool (Blazemeter)

 

 

If you have examples, I would like to hear what has worked for you.

 

 

 

Cheers,

 

A.

Outcomes