Overview

An adapter is an interface between a managed resource and the IBM® Security Identity server.

Adapters can be installed on the managed resource. The IBM Security Identity server manages access to the resource by using the security system. Adapters function as trusted virtual administrators on the target operating system. The adapter creates, suspends, restores user accounts, and other functions that administrators run manually. The adapter runs as a service, independently of whether you are logged on to the IBM Security Identity server.

IBM Security Identity Manager works with the CA ACF2 Security in an MVS™ environment. The adapter:

Receives provisioning requests from IBM Security Identity Manager.
Processes the requests to add, modify, suspend, restore, delete, and reconcile user information from the adapter security database.
Converts the Directory Access Markup Language (DAML) requests that are received from IBM Security Identity Manager to the corresponding adapter Security for z/OS® commands. The Enrole Resource Management API (ERMA) libraries are used for the conversion.
Issues the commands to the CA ACF2 command executor and receives the results.
Returns the results of the command and includes the success or failure message of a request to IBM Security Identity Manager.

The following figure describes the various components of the adapter.

The adapter components — Figure 1. The CA ACF2 Adapter components

Adapter: Receives and processes requests from IBM Security Identity Manager. The adapter can handle multiple requests simultaneously. The binary files of the adapter and related external files reside in the Unix System Services environment of z/OS (OS/390®).
Command Executor: The ACF2 command executor interfaces with CA ACF2. It issues the R_Admin (IRRSEQ00) callable service to issue ACF2 commands. It processes the commands and returns relevant messages.
The REXX command executor interfaces with the ISIMEXIT REXX script. It uses IKJTSOEV to enable issuing TSO/E commands in the ISIMEXIT. To allocate and execute the ISIMEXIT REXX script it uses IRXLOAD with IRXEXEC or tsocmd depending on the chosen configuration.
Reconciliation Processor: The Reconciliation Processor is a series of programs in the C programming language. By default, the Reconciliation Processor runs two programs to obtain data from theCA ACF2 database. The data is sorted and merged before it is sent back to the adapter.