How to set Custom fields to be case insensitive for provisioning correlation rules to work properly.
search cancel

How to set Custom fields to be case insensitive for provisioning correlation rules to work properly.

book

Article ID: 31665

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal

Issue/Introduction

With a correlation rule using a Custom Field, the correlation is performed only when the account attribute value matches with the exact Custom Field case value.
This is because eTCustomField01 until eTCustomField99 are case sensitive defined in the COS parser table.

e.g.:
Correlation rule is "eTCustomField02=ActiveDirectory:eTADSdisplayName",
Global User eTCustomField02 value is "sampleuser",
ADSdisplayName value is "SAMPLEUSER".
The correlation in this case will not be processed as expected.

 

 

Environment

Release:
Component: IDMGR

Resolution

That requires some development skills.

-You need to install "ProvisioningSDK" from "Legacy components" package; then go to "Program Files (x86)\CA\Identity Manager\Provisioning SDK\admin\samples\COSX" folder.
The COSX Sample shows how to extend the number of custom global user attributes in your Identity Manager installation. (See the README.txt file)
For instance, if you decided to add 100 new attributes, those new global user attributes would be named as eTCustomField100 through eTCustomField199.

>You need to save the original "gencosx.bat" file.
>Edit this script file to change "sensitive" to "insensitive" (2 lines).
>Follow the 6 steps from the README file; running in step 2 the previously updated "gencosx.bat" which will create new extra insensitive Custom Fields from eTCustomField100.
You will need to change your correlation rule using one new extended insensitive Custom Field (e.g.: eTCustomField100=ActiveDirectory:eTADSdisplayName).

This procedure will produce 1 COSX parser table file (cosxparse.ptt) to post under the following locations:
"Program Files (x86)\CA\Identity Manager\Provisioning Server\data",
"Program Files (x86)\CA\Identity Manager\Provisioning Manager\data".
One schema file (etrust_cosx.schema) to post under the following location:
"Program Files (x86)\CA\Identity Manager\Provisioning Server\data".
One schema file (etrust_cosx.dxc) to post under the following location:
"Program Files\CA\Directory\dxserver\config\schema".

After this implementation; You will need to stop im_ps service, "*-impd-*" DSAs then restart the DSAs and im_ps service.
Also restart IM Provisioning Manager (ETAdmin.exe) sessions if there are.

Note: This custom implementation with SDK requires a C++ development Environment (to perform the nmake command).

 

Powered by Wolken Software