This section describes how to integrate Radiant Logic RadiantOne FID HDAP Store with RSA Authentication Manager as an identity source.
Configure Radiant Logic RadiantOne FID
Follow the steps below to get the user and group base DN for the sample data in HDAP Store, get the default server SSL certificate included with Radiantone FID required for establishing secure connection and define the sorted index property for attribute mapped to User ID (in this case uid) required by RSA Authentication Manager.
1. Log on to the RadiantOne Main Control Panel as directory administrator.
3. Create a group in the OU and add users to it.
4. Click vds_server on the Main Control Panel bar to open the Server Control Panel.
5. On the Server Control Panel, click on the Settings tab and click on View button to view server certificate.
7. Open up a command prompt on the RadiantOne server system.
8. Navigate to <RLI_HOME>\bin , where RLI_HOME is vds server installation directory.
9. Execute the below command and verify that it returns success.
<RLI_HOME>\bin\vdsconfig.bat set-ctx-prop -namingcontext o=companydirectory -prop sortedIndexes -value uid
10. Go to the RadiantOne Main Control Panel, click on Directory Namespace tab and browse to o=companydirectory(HDAP Store) and click the Re-build Index button.
Note: If sorted index property is not set for the uid attribute, user search fails with "No sorted index found for uid" error for user look up in the RSA Authentication Manager.
Configure RSA Authentication Manager
Follow the steps below to add RadiantOne FID HDAP Store as identity source to RSA Authentication Manager.
1. Log on to the Operations Console of the primary instance.
2. Click Deployment Configuration > Identity Sources > Identity Source Certificates > Add New. If prompted, enter your Super Admin User ID and password. Enter a name for the new identity source certificate, choose the SSL certificate obtained in step 6 in the previous section and click Save.
3. Click Deployment Configuration > Identity Sources > Add New. On the Add New Identity Source page,
a) In the Identity Source Basics section, specify the following:
- Identity Source Name - The name of the identity source that is displayed in the Security Console.
- Type - Oracle Directory Server/Sun Java System Directory Server
b) In the Directory Connection - Primary section, specify the following:
- Directory URL - ldaps://<RadiantOne server machine IP>:636
- Directory User ID - Directory Administrator name
- Directory Password - Directory Administrator password
c) Click Test Connection to ensure that the primary instance can connect to the directory
d) Click Next.
4. On the Add Identity Source - Map page,
a) In Directory Settings sections, specify
- User Base DN : Provide the value of the DN for the sample OU obtained in step 2 in previous section.
- User Group Base DN : Provide the value of the DN for the sample OU obtained in step 2 in previous section.
b) In Directory Configuration - User Tracking Attributes section, specify below attribute mappings and
- User ID: uid
- Unique Identifier:employeeNumber
c) In the Directory Configuration - Users section, change the attribute mappings if required.
d) In the Directory Configuration - User Groups section, keep the default values and click Save.
5. Ignore the warning message related to Directory Type mismatch and click Save.
6. Log on to the Security Console of the primary instance.
7. Click Setup > Identity Sources > Link Identity Source to System.
8. From the list of available identity sources, select the identity source added previously and click the right arrow and then click Save.
9. Go to Identity > Users > Manage Existing, on the Search panel, from the Identity Source drop-down list, select the new identity source configured and click Search. Make sure users present in the directory OU are displayed.
10. Go to Identity > User Groups > Manage Existing, on the search panel, from the Identity Source drop-down list, select the new identity source configured and click Search. Make sure groups present in the directory OU are displayed.
Configuration is complete.
Return to the main page for more certification related information.