000011571 - AM 7.1 and APP 3.X - how connect to the backend oracle database to work with custom queries

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000011571
Applies ToAuthentication Manager 7.1X and APP 3.0X
All platforms
IssueAM 7.1 and APP 3.X - how connect to the backend oracle database
ResolutionWindows:

1) The tablespace definitions are provided in the AM 7.1 sdk from sp3 onward.  The sp3 sdk can be pulled down here:
   
https://sftp.rsa.com/human.aspx?Username=support&password=Password1&arg01=690413008&arg12=downloaddirect&transaction=signon&quiet=true

This is documentation only, you can unzip this on any machine, windows or unix.  Unzip it and relative to the directory it was unzipped in, browse to <path>/sdk/docs/guide/auth_manager_developer_guide.html

This will expose the main page of the sdk developers doc. Click on "SQL Access to the RSA Authentication Manager Database".  Under here, you will find the schema reference for the oracle backend server relevant to AM 7.1 under the heading "RSA Authentication Manager Internal Database Public Schema"

2) We provide oracle's sqlplus with the product.

3) The user credential to access the db instance as the dba will always be sysdba, but the password to access the database is hashed on a per instance basis.  It can be obtained using rsautil providing you know the master password of the instance. This is created at installation time.  You will need that, and also the login credentials of the windows user you run AM 7.1 under. Before beginning, locate that information.

4) the default installation path for AM 7.1 is c:\program files\rsa security\rsa authentication manager.  If you have used a different installation path, you will need reflect that in your syntax

5) log in as the account you run AM 7.1 under, and go to the c prompt. 

6) cd c:\program files\rsa security\rsa authentication manager\utils

7) at the c:\prompt, type rsaenv.cmd

8) type the following command:

    rsautil manage-secrets -a get com.rsa.db.root.password

    It will prompt you for the master password, enter that..

    Enter Master password: ***********

Then it will display something like this, this is your db password, noting yours will
differ from this output 

    com.rsa.db.root.password: YMax1EZ3yG


9) What is displayed for the value of the com.rsa.db.root.password is *your* db password

10) Where noted in the above password, replace it with your output, and then you can test access to the db using the native tool:

    sqlplus sys/YMax1EZ3yG as sysdba

11) if you have connected properly, you will see this:

SQL*Plus: Release 10.2.0.4.0 - Production on Thur Mar 3 15:07:10 2011

Copyright (c) 1982, 2007, Oracle.  All Rights Reserved.


Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Production
With the Partitioning, Data Mining and Real Application Testing options

12) Now you can quit to get out
SQL> quit
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Production

The specifics of using your specific 3rd party tool with oracle would need to come from the vendor, however you can leverage this information for the connection or use sqlplus that is bundled with AM 7.1.

Unix:

1) The tablespace definitions are provided in the AM 7.1 sdk from sp3 onward.  The sp3 sdk can be pulled down here:
   
https://sftp.rsa.com/human.aspx?Username=support&password=Password1&arg01=690413008&arg12=downloaddirect&transaction=signon&quiet=true

This is documentation only, you can unzip this on any machine, windows or unix.  Unzip it and relative to the directory it was unzipped in, browse to <path>/sdk/docs/guide/auth_manager_developer_guide.html

This will expose the main page of the sdk developers doc. Click on "SQL Access to the RSA Authentication Manager Database".  Under here, you will find the schema reference for the oracle backend server relevant to AM 7.1 under the heading "RSA Authentication Manager Internal Database Public Schema"

2) We provide oracle's sqlplus with the product.

3) The user credential to access the db instance as the dba will always be sysdba, but the password to access the database is hashed on a per instance basis.  It can be obtained using rsautil providing you know the master password of the instance. This is created at installation time.  You will need that, and also the login credentials of the windows user you run AM 7.1 under. Before beginning, locate that information.

4) the default installation path for AM 7.1 is /usr/local/RSASecurity/RSAAuthenticationManager.  If you have used a different installation path, you will need reflect that in your syntax

5) log in as the account you run AM 7.1 under

6) cd /usr/local/RSASecurity/RSAAuthenticationManager/utils

7) at the unix prompt type . ./rsaenv (noting there is a space in between the two periods, i.e. . ./  - this is not a typo)

8) type the following command:

    rsautil manage-secrets -a get com.rsa.db.root.password

    It will prompt you for the master password, enter that..

    Enter Master password: ***********

Then it will display something like this, this is your db password, noting yours will
differ from this output 

    com.rsa.db.root.password: YMax1EZ3yG


9) What is displayed for the value of the com.rsa.db.root.password is *your* db password

10) Where noted in the above password, replace it with your output, and then you can test access to the db using the native tool:

    sqlplus sys/YMax1EZ3yG as sysdba

11) if you have connected properly, you will see this:

SQL*Plus: Release 10.2.0.4.0 - Production on Thur Mar 3 15:07:10 2011

Copyright (c) 1982, 2007, Oracle.  All Rights Reserved.


Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Production
With the Partitioning, Data Mining and Real Application Testing options

12) Now you can quit to get out
SQL> quit
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Production
Appliance 3.0:

1) The tablespace definitions are provided in the AM 7.1 sdk from sp3 onward.  The sp3 sdk can be pulled down here:
   
https://sftp.rsa.com/human.aspx?Username=support&password=Password1&arg01=690413008&arg12=downloaddirect&transaction=signon&quiet=true

This is documentation only, you can unzip this on any machine, windows or unix.  Unzip it and relative to the directory it was unzipped in, browse to <path>/sdk/docs/guide/auth_manager_developer_guide.html

This will expose the main page of the sdk developers doc. Click on "SQL Access to the RSA Authentication Manager Database".  Under here, you will find the schema reference for the oracle backend server relevant to AM 7.1 under the heading "RSA Authentication Manager Internal Database Public Schema"

2) We provide oracle's sqlplus with the product.

3) The user credential to access the db instance as the dba will always be sysdba, but the password to access the database is hashed on a per instance basis.  It can be obtained using rsautil providing you know the master password of the instance. This is created at installation time.  You will need that, and also the login credentials of the windows user you run AM 7.1 under. Before beginning, locate that information.

4) The fixed installation path for the app 3.0 is /usr/local/RSASecurity/RSAAuthenticationManager.

5) SSH to the appliance as emcsrv, then become rsaadmin by typing
        sudo su rsaadmin
        <enter password>

6) cd /usr/local/RSASecurity/RSAAuthenticationManager/utils

7) at the unix prompt type . ./rsaenv (noting there is a space in between the two periods, i.e. . ./  - this is not a typo)

8) type the following command:

    rsautil manage-secrets -a get com.rsa.db.root.password

    It will prompt you for the master password, enter that..

    Enter Master password: ***********

Then it will display something like this, this is your db password, noting yours will
differ from this output 

    com.rsa.db.root.password: YMax1EZ3yG


9) What is displayed for the value of the com.rsa.db.root.password is *your* db password

10) Where noted in the above password, replace it with your output, and then you can test access to the db using the native tool:

    sqlplus sys/YMax1EZ3yG as sysdba

11) if you have connected properly, you will see this:

SQL*Plus: Release 10.2.0.4.0 - Production on Thur Mar 3 15:07:10 2011

Copyright (c) 1982, 2007, Oracle.  All Rights Reserved.


Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Production
With the Partitioning, Data Mining and Real Application Testing options

12) Now you can quit to get out
SQL> quit
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Production
NotesRSA DISCLAIMER: RSA does not encourage direct interaction with the oracle database, as incorrect operation can and will result in irreversible damage to the database.  If you choose to interact directly with the database, understand this risk.  Only experienced Oracle DBAs should attempt communicating directly with Oracle.  This information is provided as a courtesy only, with no implied or expressed warranties.
Legacy Article IDa54168

Attachments

    Outcomes