Symantec IGA

  • 1.  imbulkloadclient password obfuscation

    Posted Jan 12, 2018 11:17 AM

    I'm trying to fill the password parameter of imbulkloadclient.properties file about CA IM Bulk Load Client

    In my understading the password must be obfuscated and for this reason I used the IM Password Tool:

     

    cd /opt/CA/IdentityManager/IAM_Suite/IdentityManager/tools/PasswordTool
    ./pwdtools.sh -JSAFE -p Password1
    --------------------------------------------------
    Your JAVA_HOME is currently set to /opt/CA/jdk1.8.0_71/
    --------------------------------------------------
    Encrypting your password ...
    ******************************************
    Plain Text: Password1
    Encrypted value: {PBES}:B8+4u/F3aiZ4+YhJ7l50hw==
    ******************************************

     The imbulkloadclient.properties file looks like the following:

    serverUrl=http\://192.168.195.140\:8080/iam/im/TEWS6/identityEnv
    uniqueIdentifierAttrName=%EMPLOYEE_NUMBER%
    actionToTaskMapping= create.Employee Creation from Feed
    primaryObject=USER
    user=imadmin
    feederParserClass=com.ca.identitymanager.feeder.parser.CSVParser
    actionAttrName=action
    isProtectedBySiteMinder=false
    password=E1ltdd4PQHJtJm01p4vlGg\=\=
    but I get the following error during the run:
    IM Bulk Loader invoked ...
    Loaded configuration options from properties file: imbulkloadclient.properties
    Input file name: CreateEmployeeFromFeed.csv
    Input file format: CSV
    Transformation of input file finished successfully
    Password obfuscation/de-obfuscation failed:Given final block not properly padded

    I have also tried with 

    password=E1ltdd4PQHJtJm01p4vlGg==
    but I get have the same issue.


    May you help?
    Gabriele


  • 2.  Re: imbulkloadclient password obfuscation

    Posted Jan 12, 2018 02:37 PM

    Have your tried adding back in the {PBES}: in the front?



  • 3.  Re: imbulkloadclient password obfuscation
    Best Answer

    Posted Jan 13, 2018 11:50 PM

    You should be using the imbulkloadclient from command line to obfuscate the password. 

    Use the -S Option.

     

    Command Line Options - CA Identity Management & Governance Connectors - CA Technologies Documentation 

    -S, --storeEndpointInfo

    Stores the specified server URL and the Admin user name and password in the configuration file (-c, --configFile). The password is obfuscated before it is stored. The information that is going to be stored can be provided through the endpointInfoFile option.

     

    Thanks,

    Ranga Vinjamuri

    rvinjamu@yasas.biz