ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

How to configure bulk loader client on Apache SSL proxy server

book

Article ID: 41064

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

Summary:

This techdoc presents steps to setup bulk loader client in an IdentityMananger (IM) application that has an SSL Apache proxy server in front. If your IM application is setup on SSL directly, please refer to this techdoc in CA Communities website:


https://communities.ca.com/docs/DOC-231159591

Instruction:

Assumption:


• IM is functioning fine with Apache Proxy 2.4 on SSL that forwards traffic to IM application.
• Bulk loader client is readily installed
• Web service is enabled for all IM tasks required by the feed.

For example,


Bulk Loader
Create User
Modify User
Delete User

 

<Please see attached file for image>

picture4.png


• Execution of Web Services is enabled on the Identity Manager Server:

 

<Please see attached file for image>

picture1.png
 
1. Configuration steps

a. Create a folder to store the bulk client keystore file:

For example, create sslkeystore folder under

\CA\Identity Manager\Bulk Loader\sslkeystore

b. Download the CA root certificate that signed the Apache proxy server cert

For example, if your apache server cert is signed by Verisign, you can go to Verisign website to download it.

c. Import the CA root certificate into the bulk client keystore:

• Navigate to the JRE bin folder to run the keytool commands

• The below command will create the keystore and import the CA root to it:

keytool -import -alias <aliasname> -file <filename> -keystore <keystore name>.jks

For example,

 

<Please see attached file for image>

picture2.png

Note: if there is any space in the filename and path in the command, double quotes must be applied.

• Verify the <keystore name>.jks is created

d. Edit imbulkloadclient.bat under \CA\Identity Manager\Bulk Loader\bin to use SSL

Change these lines:
set TRUSTSTORE=%HOMEDRIVE%%HOMEPATH%\.imbulkloadclientkeystore
set TRUSTSTORE_PASSWORD=changeit

to:
set TRUSTSTORE=..\<keystore folder>\<keystore name>.jks
set TRUSTSTORE_PASSWORD=<password you typed during the import>

For example,

set TRUSTSTORE=..\sslkeystore\imbulkloadclientkeystore.jks
set [email protected]

e. Verify details in imbulkloadclient.properties under \CA\Identity Manager\Bulk Loader\conf

Ensure the attribute of the unique identifier is the same between the feed file and the imbulkloadclient.properties.

For example, if the feed file has unique user id as %USER_ID%, the uniqueIdentifierAttrName in imbulkloadclient.properties file must also be %USER_ID%

 

<Please see attached file for image>

picture3.png


2. Run the bulk loader client
Note: You must set a batch/chunk size when using Bulk Load Client for faster processing. The recommended batch size is 100.

For example:


imbulkloadclient.bat -f CSV -i C:\feeder_file.csv -b 100

Environment

Release: CAIDMB99000-12.6.5-Identity Manager-B to B
Component:

Attachments

1558719594814000041064_sktwi1f5rjvs16vde.png get_app
1558719592818000041064_sktwi1f5rjvs16vdd.png get_app
1558719590896000041064_sktwi1f5rjvs16vdc.png get_app
1558719588999000041064_sktwi1f5rjvs16vdb.png get_app