Browse Prior Art Database

CA-ACF2™ Provisioning Through Identity Manager using a JCL based custom adapter

IP.com Disclosure Number: IPCOM000200893D
Publication Date: 2010-Oct-29
Document File: 3 page(s) / 98K

Publishing Venue

The IP.com Prior Art Database

Abstract

We do have a known solution to integrate the Identity Manager with the CA-ACF2 system but that can be achieved only through a CA LDAP interface of ACF2. This solution requires a higher release version of ACF2 systems for a faster and quick response.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 3

CA-ACF2™ Provisioning Through Identity Manager using a JCL based custom adapter

Solution aims in integrating Identity Manager with the ACF2 Systems (of any version in the absence of CA LDAP interface) for the provisioning process of ACF2 accounts which includes the creation, modification and deletion of ACF2 accounts in the ACF2 Mainframe server through a custom adapter. The solution also includes the reconciliation of the ACF2 accounts into the Identity Management system which establishes the account ownership for all the ACF2 Mainframe accounts with the corresponding Person records.

Meta-directory based custom ACF2 adapter in combination with PERL scripts, batch scripts and Managed File Transfer (MFT) was developed to provide the integration. The solution performs the operations on real time basis at ACF2 Mainframe system.

The following flow diagram gives description of the how the invention works, and the detailed steps

Request

1. Manual account operation request to create/modify/delete ACF2 account is raised from a centralized Identity Management System (IdM) web console. This request has all the attributes necessary to perform the operation

2. IdM system invokes Meta-directory based custom adapter using Remote Method Invocation (RMI). The user attributes from person record are mapped or processed to generate ACF2 account related attributes and passed to the custom adapter along with operation request

3. Custom adapter internally invokes PERL scripts which generate Job Control Language (JCL) files with Mainframe commands with values of taken from account attributes

4. Managed File Transfer (MFT) is used to transfer JCL files to Mainframe in a secure and reliable method

5. JCL is executed at Mainframe to perform the account operation on target application (ACF2)

The above user provisioning solution supports the following operations
a) ACF2Add - Used to create ACF2 accounts
b) ACF2Modify - Used to modify ACF2 accounts
c) ACF2Delete - Used to delete ACF2 accounts
d) ACF2Test - Used to validate existence of PERL scripts on the server location The operation code transforms the operation request and executes PERL scripts with its

1

JCL

JCL

MFT

  Identity Management System

RMI

 Meta-directory (Custom Adapter)

JCL file

(PERL)

Generator

CA-ACF2

Mainframe


Page 02 of 3

corresponding parameters that generates JCL files.

For Reconciliation, Mainframe server pushes accounts file (Containing all the accounts details from Mainframe system) to IdM server on daily bases using MFT.

Custom Adaptor reconciliation (search) code parses the file,

processes it and loads it into IdM

2

(This page contains 11 pictures or other non-text object)

(This page contains 09 pictures or other non-text object)

(This page contains 10 pictures or other non-text object)

(This page contains 12 pictures or other non-text object)

(This page contains 13 pictures or other non-text object)

(This page contains 14 p...