000025496 - FIM - How do you access the internal database

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025496
Applies ToFederated Identity Management Module 3.x
Federated Identity Management Module 4.x
Microsoft Windows 2003
IssueFIM - How do you access the internal database
Cause

When you enter configuration information into the FIM administration GUI (at the URI /fimconfig) the information is stored in a private relational database.  The database used is an Apache Derby database and details can be found on page 27 of the RSA Federated Identity Manager 3.1 Planning Guide and page 25 of the RSA Federated Identity Manager 3.0 Planning Guide.

Whilst updates to this database must only be made via the supplied GUI it is possible to do offline read-only access to view data that has been stored.  Support of access to the internal database is not formally supported by RSA and this information is supplied with the intent of being an "as is" supplement to the standard documentation.

The database is not accessible to any other process whilst FIM is running. The Derby database system does have a general purpose client/server configuration but FIM uses its dedicated mode where a single application has access.  So if you would like to read data the FIM server must have been stopped.

You also need to have downloaded Derby database utilities from http://db.apache.org/derby/releases/release-10.2.1.6.html and ensure you have access to derby.jar and derbytools.jar from this distribution.

The following sample command file shows a SQL script being run against the FIM Derby database:

@echo off
setlocal
set JAVA_HOME=C:\jdk1.5
set DERBY_HOME=C:\db-derby-10.2.1.6-bin
set DB=C:\bea\user_projects\domains\fimdomain\rsa-fim-config\demoDB
set CLASSPATH=%DERBY_HOME%\lib\derby.jar;%DERBY_HOME%\lib\derbytools.jar
java -Dij.protocol=jdbc:derby: -Dij.database=%DB% org.apache.derby.tools.ij dump.sql
endlocal

The dump.sql used above had the following content and dumps all the available tables

select * from FIM.ABSTRACTDESCRIPTOR;
select * from FIM.ADDITIONALMETADATALOCATION;
select * from FIM.AFFILIATION;
select * from FIM.AFFILIATION_KEYS;
select * from FIM.ASSOCIATION;
select * from FIM.ASSOCIATION_ALLOWEDCONSENTS;
select * from FIM.ASSOCIATION_APATTRIBUTEPLUGINS;
select * from FIM.ASSOCIATION_NAMEIDMAPPERPLUGINCONFIGMAP;
select * from FIM.ASSOCIATION_RPATTRIBUTEPLUGINS;
select * from FIM.ASSOCIATION_SUPPORTEDNONPSEUDONAMEDIDNQS;
select * from FIM.ATTRAUTHORITYPOLICY;
select * from FIM.ATTRAUTHORITYSETTINGS;
select * from FIM.ATTRAUTHORITYSETTINGS_ALLOWEDATTRIBUTES;
select * from FIM.ATTRIBUTE;
select * from FIM.ATTRIBUTE_ATTRIBUTEVALUES;
select * from FIM.ATTRIBUTEAUTHORITY;
select * from FIM.ATTRIBUTEAUTHORITY_ASSERTIONIDREQUESTSERVICES;
select * from FIM.ATTRIBUTEAUTHORITY_ATTRIBUTEPROFILES;
select * from FIM.ATTRIBUTEAUTHORITY_ATTRIBUTES;
select * from FIM.ATTRIBUTEAUTHORITY_ATTRIBUTESERVICES;
select * from FIM.ATTRIBUTEAUTHORITY_NAMEIDFORMATS;
select * from FIM.ATTRIBUTECONFIG;
select * from FIM.ATTRIBUTECONSUMINGSERVICE;
select * from FIM.ATTRIBUTECONSUMINGSERVICE_REQUESTEDATTRIBUTES;
select * from FIM.ATTRIBUTECONSUMINGSERVICE_SERVICEDESCRIPTIONS;
select * from FIM.ATTRIBUTECONSUMINGSERVICE_SERVICENAMES;
select * from FIM.ATTRIBUTESET;
select * from FIM.ATTRIBUTESET_ATTRIBUTECONFIGS;
select * from FIM.ATTRIBUTEVALUE;
select * from FIM.ATTRQUERYCLIENTPOLICY;
select * from FIM.ATTRQUERYCLIENTSETTINGS;
select * from FIM.AUTHNAUTHORITY;
select * from FIM.AUTHNAUTHORITY_ASSERTIONIDREQUESTSERVICES;
select * from FIM.AUTHNAUTHORITY_AUTHNQUERYSERVICES;
select * from FIM.AUTHNAUTHORITY_NAMEIDFORMATS;
select * from FIM.AUTHNAUTHORITYPOLICY;
select * from FIM.AUTHNAUTHORITYSETTINGS;
select * from FIM.AUTHNCONTEXTCLASSCONFIG;
select * from FIM.AUTHNCONTEXTCONFIG;
select * from FIM.AUTHNCONTEXTDECLARATIONCONFIG;
select * from FIM.AUTHNCONTEXTPOLICY;
select * from FIM.AUTHNCONTEXTPOLICY_LOCALAUTHNURLMAP;
select * from FIM.AUTHNCONTEXTPOLICY_LOCALTOSAMLAUTHNCONTEXTMAPPING;
select * from FIM.AUTHNCONTEXTPOLICY_SAMLTOLOCALAUTHNCONTEXTMAPPING;
select * from FIM.AUTHNQUERYCLIENTPOLICY;
select * from FIM.AUTHNQUERYCLIENTSETTINGS;
select * from FIM.CONTACTPERSON;
select * from FIM.CONTACTPERSON_EMAILADDRESSES;
select * from FIM.CONTACTPERSON_TELEPHONENUMBERS;
select * from FIM.CRYPTOSTOREENTRY;
select * from FIM.DOMAINOBJECT;
select * from FIM.ENABLEDROLES;
select * from FIM.ENDPOINT;
select * from FIM.ENTITY;
select * from FIM.ENTITY_ADDITIONALMETADATALOCATIONS;
select * from FIM.ENTITY_ATTRIBUTEAUTHORITIES;
select * from FIM.ENTITY_AUTHNAUTHORITIES;
select * from FIM.ENTITY_CONTACTPERSONS;
select * from FIM.ENTITY_IDPSSOS;
select * from FIM.ENTITY_PDPS;
select * from FIM.ENTITY_SPSSOS;
select * from FIM.ENTITYID;
select * from FIM.FIMCONFIG;
select * from FIM.FIMCONFIG_ASSOCIATIONS;
select * from FIM.FIMCONFIG_ATTRAUTHORITYPOLICIES;
select * from FIM.FIMCONFIG_ATTRAUTHORITYSETTINGS;
select * from FIM.FIMCONFIG_ATTRIBUTESETS;
select * from FIM.FIMCONFIG_AUTHNCONTEXTCLASSCONFIGS;
select * from FIM.FIMCONFIG_AUTHNCONTEXTDECLARATIONCONFIGS;
select * from FIM.FIMCONFIG_AUTHNCONTEXTPOLICIES;
select * from FIM.FIMCONFIG_FIMSAMLPOLICIES;
select * from FIM.FIMCONFIG_IDPSSOPOLICIES;
select * from FIM.FIMCONFIG_IDPSSOSETTINGS;
select * from FIM.FIMCONFIG_KEYSTOREENTRIES;
select * from FIM.FIMCONFIG_MYENTITIES;
select * from FIM.FIMCONFIG_PARTNERENTITIES;
select * from FIM.FIMCONFIG_PLUGINCONFIGS;
select * from FIM.FIMCONFIG_SPRESOURCECONFIGS;
select * from FIM.FIMCONFIG_SPSSOPOLICIES;
select * from FIM.FIMCONFIG_SPSSOSETTINGS;
select * from FIM.FIMCONFIG_TRUSTSTOREENTRIES;
select * from FIM.FIMENTITY;
select * from FIM.FIMSAMLPOLICY;
select * from FIM.FIMSAMLPOLICY_AUTHNCONTEXTCLASSCONFIGS;
select * from FIM.FIMSAMLPOLICY_AUTHNCONTEXTDECLARATIONCONFIGS;
select * from FIM.FIMSYSTEMSETTINGS;
select * from FIM.FIMSYSTEMSETTINGS_SUPPORTEDSAMLAUTHNMETHODSMAP;
select * from FIM.IDP_SSO;
select * from FIM.IDP_SSO_ASSERTIONIDREQUESTSERVICES;
select * from FIM.IDP_SSO_ATTRIBUTEPROFILES;
select * from FIM.IDP_SSO_ATTRIBUTES;
select * from FIM.IDP_SSO_NAMEIDMAPPINGSERVICES;
select * from FIM.IDP_SSO_SINGLESIGNONSERVICES;
select * from FIM.IDPSSOPOLICY;
select * from FIM.IDPSSOSETTINGS;
select * from FIM.IDPSSOSETTINGS_ATTRIBUTESETPUSHED;
select * from FIM.IDPSSOSETTINGS_ENABLEDACSCOLLECTION;
select * from FIM.INDEXEDENDPOINT;
select * from FIM.JPOX_TABLES;
select * from FIM.KEYDESCRIPTOR;
select * from FIM.KEYDESCRIPTOR_ENCRYPTIONMETHODS;
select * from FIM.KEYSTOREENTRY;
select * from FIM.LOCALIZEDNAME;
select * from FIM.LOCALIZEDURI;
select * from FIM.MYENTITY;
select * from FIM.MYENTITY_ATTRIBUTESETSFORACS;
select * from FIM.MYENTITY_IDPSSOPUSHATTRIBUTES;
select * from FIM.MYENTITY_SPRESOURCECONFIGS;
select * from FIM.NAMEDDOMAINOBJECT;
select * from FIM.NCNAME;
select * from FIM.ORGANIZATION;
select * from FIM.ORGANIZATION_DISPLAYNAMES;
select * from FIM.ORGANIZATION_NAMES;
select * from FIM.ORGANIZATION_URLS;
select * from FIM.PARTNERENTITY;
select * from FIM.PDP;
select * from FIM.PDP_ASSERTIONIDREQUESTSERVICES;
select * from FIM.PDP_AUTHZSERVICES;
select * from FIM.PDP_NAMEIDFORMATS;
select * from FIM.PLUGINCONFIG;
select * from FIM.PLUGINCONFIG_ENCRYPTEDDATA;
select * from FIM.PLUGINCONFIG_KEYSTOREENTRYDATA;
select * from FIM.PLUGINCONFIG_TRUSTSTOREENTRYDATA;
select * from FIM.PLUGINCONFIG_UNENCRYPTEDDATA;
select * from FIM.POLICY;
select * from FIM.QNAME;
select * from FIM.REQUESTEDATTRIBUTE;
select * from FIM.ROLE;
select * from FIM.ROLE_CONTACTPERSONS;
select * from FIM.ROLE_KEYS;
select * from FIM.ROLE_PROTOCOLSUPPORTENUMERATION;
select * from FIM.SEQUENCE_TABLE;
select * from FIM.SOAPCONNECTIONSETTINGS;
select * from FIM.SP_SSO;
select * from FIM.SP_SSO_ASSERTIONCONSUMERSERVICES;
select * from FIM.SP_SSO_ATTRIBUTECONSUMINGSERVICES;
select * from FIM.SPRESOURCECONFIG;
select * from FIM.SPSSOPOLICY;
select * from FIM.SPSSOSETTINGS;
select * from FIM.SPSSOSETTINGS_SPSSOALLOWEDPUSHEDATTRIBUTES;
select * from FIM.SSO;
select * from FIM.SSO_ARTIFACTRESOLUTIONSERVICES;
select * from FIM.SSO_MANAGENAMEIDSERVICES;
select * from FIM.SSO_NAMEIDFORMATS;
select * from FIM.SSO_SINGLELOGOUTSERVICES;
select * from FIM.SSOSETTINGS;
select * from FIM.TRUSTSTOREENTRY;

A variety of manuals are referenced in this solution, copies are supplied with the software and online copies are available in RSA SecurCare Online.

 

RSA Federated Identity Manager 3.0 Planning Guide

https://knowledge.rsasecurity.com/docs/rsa_fim/fim30/plan.pdf

 

RSA Federated Identity Manager 3.1 Planning Guide

https://knowledge.rsasecurity.com/docs/rsa_fim/fim31/plan.pdf 

Legacy Article IDa37494

Attachments

    Outcomes