This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

Running RSA Authentication Manager 8.1 Bulk Administration (AMBA) using --ini parameter

Article Number

000031346

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1 SP1

Issue

This article provides an example of how to use Authentication Manager Bulk Administration (AMBA) with the --ini parameter using a simple example of adding a user to the internal database and assigning a token to this new user where the token already exists in the Authentication Manager database.

Task

The home directory of RSA Authentication Manager 8.1 is /opt/rsa/am and will be referred to as <AMHOME> in this article. Authentication Manager Bulk Administration (AMBA) is a .jar file called AMBulkAdmin.jar and this file is located in the <AMHOME>/utils/lib folder with rsaadmin ownership and group permissions (i. e., -rw-------).
 
Where the AMBulkAdmin.jar is missing from the <AMHOME>/utils/lib folder, please contact RSA Customer Support for AMBA version 1.5.0 (supported with Authentication Manager 8.1) or AMBA version 1.6.0, supported with Authentication Manager 8.2. The RSA Authentication Manager 8.1 Bulk Administration 1.5.0 Custom Application Guide (AMBA) and the ​RSA Authentication Manager 8.2 Bulk Administration 1.6.0 Custom Application Guide (AMBA) provides installation and operating instructions.
 
AMBA requires a valid license file for its operation, usually named AMBAlicense.dat. A good practice is to place the AMBA license in a new folder called <AMHOME>/utils/AMBA and use the same folder to store any related AMBA shell scripts, data files or log files.

Resolution

AMBA has a requirement that the RSA Authentication Manager primary instance is running before using this utility. To use AMBA, an administrator would logon to the command line with the rsaadmin account, navigate to the <AMHOME>/utils folder and use the command: 

./rsautil AMBulkAdmin [options]

AMBA particular usage using --ini <inifile> parameter

  1. In the <AMHOME>/utils/AMBA folder, create a new file called AMBAparams01.ini and add a line the following line, substituting the [SC_administrator] and [SC_administrator_password] for the appropriate values relating to the Authentication Manager deployment.  

-i AMBAdata01.dat -o AMBDAlogfile01.log -a [SC_administrator] -P [SC_administrator_password]
  1. Should the AMBA license have a different file name to AMBAlicense.dat then an extra parameter '--lic [license_filename]' is required in the AMBAparams01.ini file.  For example, 

-i AMBA/AMBAdata01.data -o AMBA/AMBAlogfile.log -a ocadmin -P password00! --lic AMBA/AMBAlicense.dat
  1. When this AMBAparams.ini file is used for the first time, AMBA encrypts the file so it is recommended to make a copy of AMBAparams.ini while in development.
  2. In the <AMHOME>/utils/AMBA folder, create a new file called AMBAdata01.ini and add the appropriate functions you want AMBA to perform. Refer to the RSA Authentication Manager - Bulk Administration - AMBulkAdmin (AMBA) User Guide for a list of functions AMBA can perform and the syntax of those functions.   As an example, the code below adds a user called rsatest and assigns a token with serial number 212085009.  This example assumes the token has already been imported into the Authentication Manager database.

Action,IdentitySource,DefLogin,LastName,ReplTokSerial,TokEnabled,PinMode
AU,internal database,rsatest,test
ATU,internal database,rsatest,,212085009,1,1
  • The required fields for the AU (Add User) action are LastName and DefLogin.
  • The required fields for the​ ATU (Add Token to User) action are DefLogin or TokSerial, ReplTokSerial and TokEnabled.  ATU does not require a last name which is why this has been left blank on the third line of AMBAdata01.dat
  1. Run AMBA from the <AMHOME>/utils folder with the command:

./rsautil AMBulkAdmin --ini AMBA/AMBAparams01.ini
  1. Expected results in the AMBAlogfile01.log are as follows:

BOJ    : 2015-09-28 16:54:18 - 1.5.0 Build 105 - License expires at midnight on 2035-12-31 - Input = AMBA/AMBAdata01.dat
Info   : 2015-09-28 16:54:18 - License Number: 11307-2014 - Issued To: RSA CS APJ - Issued On: 03/23/2014
Info   :                                                                -Output Log File Opened         
Success: 2015-09-28 16:54:19 : Line     2 - addUser                     -rsatest, test                  
Info   :                                                                -000132251663 assigned to rsatest 
Info   :                       Line     3 - addTokenToUser              -000132251663, , 1 : New pin mode set 
Success: 2015-09-28 16:54:21 : Line     3 - addTokenToUser              -000132251663 assigned to rsatest 
Info   :                                                                -Closing input file             
Info   :                                                                -Closing rejected actions file  
Info   :                                                                -Closing unsupported actions file  
Info   :                                                                -Log File Closed                
Info   :                                                                -Exit code: 0
EOJ    : 2015-09-28 16:54:21 - Terminating
Attachments
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2021-04-23 09:27 AM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.