000031346 - Running RSA Authentication Manager 8.1 Bulk Administration (AMBA) using --ini parameter

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 6Show Document
  • View in full screen mode

Article Content

Article Number000031346
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1 SP1
IssueThis article provides an example of how to use Authentication Manager Bulk Administration (AMBA) with the --ini parameter using a simple example of adding a user to the internal database and assigning a token to this new user where the token already exists in the Authentication Manager database.
TasksThe home directory of RSA Authentication Manager 8.1 is /opt/rsa/am and will be referred to as <AMHOME> in this article. Authentication Manager Bulk Administration (AMBA) is a .jar file called AMBulkAdmin.jar and this file is located in the <AMHOME>/utils/lib folder with rsaadmin ownership and group permissions (i. e., -rw-------).
 
Where the AMBulkAdmin.jar is missing from the <AMHOME>/utils/lib folder, please contact RSA Customer Support for AMBA version 1.5.0 (supported with Authentication Manager 8.1) or AMBA version 1.6.0, supported with Authentication Manager 8.2. The RSA Authentication Manager 8.1 Bulk Administration 1.5.0 Custom Application Guide (AMBA) and the RSA Authentication Manager 8.2 Bulk Administration 1.6.0 Custom Application Guide (AMBA) provides installation and operating instructions.
 

AMBA requires a valid license file for its operation, usually named AMBAlicense.dat. A good practice is to place the AMBA license in a new folder called <AMHOME>/utils/AMBA and use the same folder to store any related AMBA shell scripts, data files or log files.
ResolutionAMBA has a requirement that the RSA Authentication Manager primary instance is running before using this utility. To use AMBA, an administrator would logon to the command line with the rsaadmin account, navigate to the <AMHOME>/utils folder and use the command:
./rsautil AMBulkAdmin [options]

AMBA particular usage using --ini <inifile> parameter


  1. In the <AMHOME>/utils/AMBA folder, create a new file called AMBAparams01.ini and add a line the following line, substituting the [SC_administrator] and [SC_administrator_password] for the appropriate values relating to the Authentication Manager deployment.  
-i AMBAdata01.dat -o AMBDAlogfile01.log -a [SC_administrator] -P [SC_administrator_password]

  1. Should the AMBA license have a different file name to AMBAlicense.dat then an extra parameter '--lic [license_filename]' is required in the AMBAparams01.ini file.  For example, 
-i AMBA/AMBAdata01.data -o AMBA/AMBAlogfile.log -a ocadmin -P password00! --lic AMBA/AMBAlicense.dat

  1. When this AMBAparams.ini file is used for the first time, AMBA encrypts the file so it is recommended to make a copy of AMBAparams.ini while in development.
  2. In the <AMHOME>/utils/AMBA folder, create a new file called AMBAdata01.ini and add the appropriate functions you want AMBA to perform. Refer to the RSA Authentication Manager - Bulk Administration - AMBulkAdmin (AMBA) User Guide for a list of functions AMBA can perform and the syntax of those functions.   As an example, the code below adds a user called rsatest and assigns a token with serial number 212085009.  This example assumes the token has already been imported into the Authentication Manager database.
Action,IdentitySource,DefLogin,LastName,ReplTokSerial,TokEnabled,PinMode
AU,internal database,rsatest,test
ATU,internal database,rsatest,,212085009,1,1

  • The required fields for the AU (Add User) action are LastName and DefLogin.
  • The required fields for the ATU (Add Token to User) action are DefLogin or TokSerial, ReplTokSerial and TokEnabled.  ATU does not require a last name which is why this has been left blank on the third line of AMBAdata01.dat
  1. Run AMBA from the <AMHOME>/utils folder with the command:
./rsautil AMBulkAdmin --ini AMBA/AMBAparams01.ini

  1. Expected results in the AMBAlogfile01.log are as follows:
BOJ    : 2015-09-28 16:54:18 - 1.5.0 Build 105 - License expires at midnight on 2035-12-31 - Input = AMBA/AMBAdata01.dat
Info   : 2015-09-28 16:54:18 - License Number: 11307-2014 - Issued To: RSA CS APJ - Issued On: 03/23/2014
Info   :                                                                -Output Log File Opened        
Success: 2015-09-28 16:54:19 : Line     2 - addUser                     -rsatest, test                 
Info   :                                                                -000132251663 assigned to rsatest
Info   :                       Line     3 - addTokenToUser              -000132251663, , 1 : New pin mode set
Success: 2015-09-28 16:54:21 : Line     3 - addTokenToUser              -000132251663 assigned to rsatest
Info   :                                                                -Closing input file            
Info   :                                                                -Closing rejected actions file 
Info   :                                                                -Closing unsupported actions file 
Info   :                                                                -Log File Closed               
Info   :                                                                -Exit code: 0
EOJ    : 2015-09-28 16:54:21 - Terminating

Outcomes