Previous Topic: Use CA SiteMinder® to Secure the Management ConsoleNext Topic: Protection from CSRF Attacks

CA Identity Manager Configuration GuideCA Identity Manager ProtectionManagement Console SecurityProtect an Existing Environment After Upgrade

Protect an Existing Environment After Upgrade

After you upgrade to CA Identity Manager 12.6 or above, you can protect the Management Console using native security.

Note: You cannot use native CA Identity Manager security to protect the Management Console when CA Identity Manager integrates with CA CA SiteMinder®.

Follow these steps:

  1. Enable native security for the Management Console in the web.xml file as follows:
    1. Open CA Identity Manager_installation\iam_im.ear\management_console.war\WEB-INF\web.xml in a text editor.
    2. Set the value of the Enable parameter for ManagementConsoleAuthFilter to true as follows: 
      <filter>
<filter-name>ManagementConsoleAuthFilter</filter-name>
<filter-class>com.netegrity.ims.manage.filter.ManagementConsoleAuthFilter</filter-class>
<init-param>
<param-name>Enable</param-name>
<param-value>true</param-value>
</init-param>
</filter>
    3. Save the web.xml file.
  2. Create the IM_AUTH_USER table in the CA Identity Manager object store.

    The IM_AUTH_USER table stores information about Management Console administrators.

    1. Navigate to CA\Identity Manager\IAM Suite\Identity Manager\tools\db\objectstore
    2. Run one of the following scripts against the object store:
      • sql_objectstore.sql
      • oracle_objectstore.sql

    Note: For information about running a script against an existing database, see the vendor documentation for that database.

  3. Use the password tool to encrypt the user password.

    The password tool is installed with the CA Identity Manager tools in the following location:

Windows: C:\Program Files\CA\Identity Manager\IAM Suite\Identity Manager\tools\PasswordTool

UNIX: /opt/CA/IdentityManager/IAM_Suite/Identity_Manager/tools/PasswordTool

PasswordTool

Run the password tool using the following command:

pwdtools -JSAFE -p anypassword

The JSAFE option encrypts a plain text value using the PBE algorithm.

  1. Insert the bootstrap user information into the IM_AUTH_USER table. Specify values for all columns in the IM_AUTH_USER table.

    For example:

    USER_NAME: admin1

    PASSWORD: anypassword

    DISABLED: 0

    ID:1

  2. Restart the CA Identity Manager server.

    The Management Console is protected by native security.