Generating an Identity Source User Dependency Report for Authentication Manager 8.6 and above
Originally Published: 2024-07-03
Article Number
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: RSA Authentication Manager
RSA Version/Condition: 8.6 or later
Issue
Resolution
The Linux shell script (called ISdepreport.sh) will display the identity source names found in the Authentication Manager database. An administrator can select an identity source from the menu to generate an Identity Source User Dependency Report. The Identity Source User Dependency Report shows all users associated to the selected identity source.
Installation
- Download and copy the attached 'ISdepreport.sh' shell script into the /tmp folder on the primary instance in the Authentication Manager deployment. Use the procedure at URL https://community.rsa.com/s/article/Enable-Secure-Shell-on-the-Appliance-bf9a6052 to enable secure shell on the Appliance where needed. Where secure shell has been enabled, a secure FTP client, such as WinSCP, can be used to copy the shell script into the /tmp folder on the primary instance.
- Change the permissions of the ISdepreport.sh shell script so it can be executed at the command line:
chmod 755 /tmp/ISdepreport.sh
Usage
- Logon to the Authentication Manger instance with the rsaadmin account, either in an secure shell session or at the local console.
- Elevate the privileges of the rsaadmin account using the command:
sudo su -
- Navigate to the /tmp folder using the command:
cd /tmp
- Run the shell script using the command:
./ISdepreport.sh
Example
rsaadmin@am87-1:~> sudo su -
[sudo] password for rsaadmin:
am87-1:~ # cd /tmp
am87-1:/tmp # ./ISdepreport.sh
- Checking OC credentials..
- Missing OC credentials!
- Please enter OC Administrator username: ocadmin
- Please enter OC Administrator password: ** entered OC password received **
- OC credentials validated.
- Identity Source(s) found: 4
0: ActiveDirectory
1: Internal Database
2: OpenLDAP
3: PingDirectory
Please select an option from the listing:
> 0
- Identity Source Name : ActiveDirectory
- Generating HTML report...
-- Report name : /tmp/ISdepreport_202501310932.html
- Done!
am87-1:/tmp # cat /tmp/ISdepreport_202501310932.html
<!DOCTYPE html><html lang=en>
<head><meta charset=UTF-8><meta name=viewport content=width=device-width, initial-scale=1.0><title>HTML Report</title>
<style>h1,h2 {color: red;text-align: center;} table {width: 60%; border-collapse: collapse; margin: 20px auto;}
th,td {padding: 8px;border: 1px solid #ddd;text-align: left;word-wrap: break-word;}
th {background-color: #f2f2f2;}</style></head>
<body><h1>Identity Source User Dependencies Report</h1><h2>Identity Source - ActiveDirectory</h2>
<table>
<tr><th>User ID</th><th>Security Domain</th><th>Acct Enabled</th><th>Acct Locked</th><th>Admin</th><th>Cloud User</th><th>Token Serial</th><th>New PIN mode</th><th>Auth Bit Flag</th><th>User DN/Identifier</th></tr>
<tr><td>mjones</td><td>SystemDomain</td><td>t</td><td>f</td><td>f</td><td>f</td><td>001922228933</td><td>t</td><td>0101000</td><td> cn=mary jones,ou=internal,ou=human,dc=securid,dc=net</td></tr>
</table></body></html>
am87-1:/tmp #
Viewing ISdepreport_202501310932.html in a web browser:
Notes
The shell script attached to this article does not change any data in Authentication Manager and only does a lookup of data in Authentication Manager to generate an HTML report.
