Previous Topic: Use SiteMinder to Secure the Management ConsoleNext Topic: Protection from CSRF Attacks

Configuration GuideCA IdentityMinder ProtectionManagement Console SecurityProtect an Existing Environment After Upgrade

Protect an Existing Environment After Upgrade

After you upgrade to CA IdentityMinder 12.6 or above, you can protect the Management Console using native security.

Note: You cannot use native CA IdentityMinder security to protect the Management Console when CA IdentityMinder integrates with CA SiteMinder.

Follow these steps:

  1. Enable native security for the Management Console in the web.xml file as follows:
    1. Open CA IdentityMinder_installation\iam_im.ear\management_console.war\WEB-INF\web.xml in a text editor.
    2. Set the value of the Enable parameter for ManagementConsoleAuthFilter to true as follows: 
      <filter>
<filter-name>ManagementConsoleAuthFilter</filter-name>
<filter-class>com.netegrity.ims.manage.filter.ManagementConsoleAuthFilter</filter-class>
<init-param>
<param-name>Enable</param-name>
<param-value>true</param-value>
</init-param>
</filter>
    3. Save the web.xml file.
  2. Create the IM_AUTH_USER table in the CA IdentityMinder object store.

    The IM_AUTH_USER table stores information about Management Console administrators.

    1. Navigate to CA\Identity Manager\IAM Suite\Identity Manager\tools\db\objectstore
    2. Run one of the following scripts against the object store:
      • sql_objectstore.sql
      • oracle_objectstore.sql

    Note: For information about running a script against an existing database, see the vendor documentation for that database.

  3. Use the password tool to encrypt the user password.

    The password tool is installed with the CA IdentityMinder tools in the following location:

Windows: C:\Program Files\CA\Identity Manager\IAM Suite\Identity Manager\tools\PasswordTool

UNIX: /opt/CA/IdentityManager/IAM_Suite/Identity_Manager/tools/PasswordTool

PasswordTool

Run the password tool using the following command:

pwdtools -JSAFE -p anypassword

The JSAFE option encrypts a plain text value using the PBE algorithm.

  1. Insert the bootstrap user information into the IM_AUTH_USER table. Specify values for all columns in the IM_AUTH_USER table.

    For example:

    USER_NAME: admin1

    PASSWORD: anypassword

    DISABLED: 0

    ID:1

  2. Restart the CA IdentityMinder server.

    The Management Console is protected by native security.