This article provides an example of how to use Authentication Manager Bulk Administration (AMBA) with the --ini parameter using a simple example of adding a user to the internal database and assigning a token to this new user where the token already exists in the Authentication Manager database.
The home directory of RSA Authentication Manager 8.1 is /opt/rsa/am and will be referred to as <AMHOME> in this article. Authentication Manager Bulk Administration (AMBA) is a .jar file called AMBulkAdmin.jar and this file is located in the <AMHOME>/utils/lib folder with rsaadmin ownership and group permissions (i. e., -rw-------).
AMBA requires a valid license file for its operation, usually named AMBAlicense.dat. A good practice is to place the AMBA license in a new folder called <AMHOME>/utils/AMBA and use the same folder to store any related AMBA shell scripts, data files or log files.
AMBA has a requirement that the RSA Authentication Manager primary instance is running before using this utility. To use AMBA, an administrator would logon to the command line with the rsaadmin account, navigate to the <AMHOME>/utils folder and use the command:
./rsautil AMBulkAdmin [options]
AMBA particular usage using --ini <inifile> parameter
In the <AMHOME>/utils/AMBA folder, create a new file called AMBAparams01.ini and add a line the following line, substituting the [SC_administrator] and [SC_administrator_password] for the appropriate values relating to the Authentication Manager deployment.
-i AMBAdata01.dat -o AMBDAlogfile01.log -a [SC_administrator] -P [SC_administrator_password]
Should the AMBA license have a different file name to AMBAlicense.dat then an extra parameter '--lic [license_filename]' is required in the AMBAparams01.ini file. For example,
-i AMBA/AMBAdata01.data -o AMBA/AMBAlogfile.log -a ocadmin -P password00! --lic AMBA/AMBAlicense.dat
When this AMBAparams.ini file is used for the first time, AMBA encrypts the file so it is recommended to make a copy of AMBAparams.ini while in development.
In the <AMHOME>/utils/AMBA folder, create a new file called AMBAdata01.ini and add the appropriate functions you want AMBA to perform. Refer to the RSA Authentication Manager - Bulk Administration - AMBulkAdmin (AMBA) User Guide for a list of functions AMBA can perform and the syntax of those functions. As an example, the code below adds a user called rsatest and assigns a token with serial number 212085009. This example assumes the token has already been imported into the Authentication Manager database.
The required fields for the AU (Add User) action are LastName and DefLogin.
The required fields for the ATU (Add Token to User) action are DefLogin or TokSerial, ReplTokSerial and TokEnabled. ATU does not require a last name which is why this has been left blank on the third line of AMBAdata01.dat
Run AMBA from the <AMHOME>/utils folder with the command:
./rsautil AMBulkAdmin --ini AMBA/AMBAparams01.ini
Expected results in the AMBAlogfile01.log are as follows:
BOJ : 2015-09-28 16:54:18 - 1.5.0 Build 105 - License expires at midnight on 2035-12-31 - Input = AMBA/AMBAdata01.dat
Info : 2015-09-28 16:54:18 - License Number: 11307-2014 - Issued To: RSA CS APJ - Issued On: 03/23/2014
Info : -Output Log File Opened
Success: 2015-09-28 16:54:19 : Line 2 - addUser -rsatest, test
Info : -000132251663 assigned to rsatest
Info : Line 3 - addTokenToUser -000132251663, , 1 : New pin mode set
Success: 2015-09-28 16:54:21 : Line 3 - addTokenToUser -000132251663 assigned to rsatest
Info : -Closing input file
Info : -Closing rejected actions file
Info : -Closing unsupported actions file
Info : -Log File Closed
Info : -Exit code: 0
EOJ : 2015-09-28 16:54:21 - Terminating