A self password reset on RACF V2 account, coming from a self password reset on AD with Password Synchronization Agent, is performed as an administrative password change.

book

Article ID: 32929

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

Problem:

A self password reset on RACF V2 account, coming from a self password reset on AD with Password Synchronization Agent, is performed as an administrative password change. And so the RACF user ID will have to change it at next login.

Environment:

Password Synchronization Agent is installed on Active Directory to launch a provisioning server.

AD accounts deal with global users with PSYNC enable which include RACF V2 user IDs.

Cause:

eTSelfChange=1 is properly passed to the Java connector for RACF V2 but not processed because eTSelfChange attribute definition is missing from RACF V2 Dynamic metadata.

Solution: 

Add the eTSelfChange attribute definition into the RACF V2 Dynamic metadata as following:

1. Open CA IAM Connector Xpress;

2. From right part frame, expand the Endpoint Types and put the cursor on "RACF v2" endpoint type.

3. Click on "Create Project" from Action button or from contextual menu.

4. Edit the metadata and expand the Data Model tree: Classes -> eTDYNAccount -> Properties

5. Click Add, and define the new property as below: 

5.1 Name: eTSelfChange, Type: Integer

5.2 Metadata:

isHidden, Type: Boolean, Value: true

beanPropertyName, Type: String, Value: eTSelfChange

connectorMapTo, Type: String, Value: eTSelfChange

6. Save and update the metadata then save the project.

 

Additional Information:  

http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec553834.aspx

 

Environment

Release:
Component: IDMGR