RSA Federated Identity Manager 4.0
RSA Access Manager 6.x used as WAM
The FIM 4.1 Install_Config.pdf guide references the following additions be made to LDAP for Federated mapping to Access Manager (AxM)
For the mapping inside the AxM user store FIM install guide on page 79 states that following lines need to be added to ldap.conf:
cleartrust.data.ldap.libertystore:
cleartrust.data.ldap.libertystore.basedn:
Since ClearTrust 5.5.2 ( Former Access Manager Product Name), the LDAP parameters have changed names to reflect a broader support of the OASIS SAML specification.
Excerpt from the 5.5.2 config_parameters_553 text file
###############################################################################
#
# Replace these parameters in your ldap.conf with the new ones provided below:
#
# cleartrust.data.ldap.libertystore
# cleartrust.data.ldap.libertystore.basedn
#
# Please ensure that you carry over your current settings for the replaced
# parameters.
#
###############################################################################
# Establishes the primary LDAP directory server that will be used to store
# identity mapping data. In order to utilize the identity mapping APIs on an
# LDAP store, you will need to:
#
# a) Create an organizational unit on your directory store for
# storing the data. The suggested name is
# "ctscLibertyFederatedMappingRepository".
# b) Set the cleartrust.data.ldap.identity_mapping_store parameter.
# Set the cleartrust.data.ldap.identity_mapping_store.basedn parameter.
#
# Allowed Values:
# The primary LDAP server name that this Entitlements Server or
# Authorization Server should access for identity mapping data.
#
# Dependencies:
# The name entered here must first be declared using the directory_name
# parameter.
#
#cleartrust.data.ldap.identity_mapping_store :<current value of cleartrust.data.ldap.libertystore>
# In the LDAP directory specified for storing identity mapping data, this is
# the Base DN (or highest node in your directory tree), where RSA ClearTrust
# should initiate searches for identity mappings.
#
# Allowed Values:
# A valid LDAP DN.
#
# Dependencies:
# You can specify only one Base DN for identity mapping data.
#
#cleartrust.data.ldap.identity_mapping_store.basedn :<current value of cleartrust.data.ldap.libertystore.basedn>
If LDAP has failover implemented for the Access Manager datastores, a failover group should be assigned to the cleartrust.data.ldap.identity_mapping_store. The failover group for the user store would be the most likely choice except in the case of an AD-ADAM installation where this data would be found on the ADAM datastore.
Example:
cleartrust.data.ldap.failover_group.iplanet_failover :iplanet-primary,iplanet-secondary
...
cleartrust.data.ldap.userstore :iplanet_failover
...
cleartrust.data.ldap.identity_mapping_store :iplanet_failover
Documentation Defect SAML-4044
Related Articles
JavaDoc documentation for the Administration API Number of Views Version 7.2.0 documentation references the incorrect file locations for script files in RSA Identity Governance & Lifecycle Number of Views Documentation shows attributes that are unavailable in the Application Metadata Collector definition in RSA Identity Gover… Number of Views RSA Product Documentation Number of Views RSA Governance & Lifecycle Data Access Governance (DAG) Documentation and Content Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Governance & Lifecycle 8.0.0 Administrators Guide RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide
