Installing in virtual appliance

Edit online

For Verify Governance target management, you can install an IBM Security Verify Governance adapter or a custom adapter on the built-in Security Verify Directory Integrator in the virtual appliance instead of installing the adapter externally. As such, there is no need to manage a separate virtual machine or system.

About this task

This procedure is applicable to install this adapter on the virtual appliance for a selected list of Identity Adapters. See the Identity Adapters product documentation to determine which adapters are supported in Identity Governance and Intelligence, and which can be installed on the virtual appliance.

All Identity Governance and Intelligence supported adapters can be installed externally on the virtual appliance. Depending on the adapter, an external Security Directory Integrator may be required.

See the corresponding Adapter Installation and Configuration Guide for the specific prerequisites, installation and configuration tasks, and issues and limitations. See the Adapters Release Notes for any updates to these references.

Procedure

  1. Download the adapter package from the IBM Passport Advantage.
    For example, Adapter-<Adaptername>.zip.
    The adapter package includes the following files:
    Table 1. Adapter package contents
    Files Descriptions
    bundledefinition.json

    The adapter definition file. It specifies the content of the package, and the adapter installation and configuration properties that are required to install and update the adapter.
    Adapter JAR profile
    A Security Directory Integrator adapter always include a JAR profile which contains:
    • targetProfile.json
      • Service provider configuration
      • Resource type configuration
      • SCIM schema extensions
      • List of assembly lines
    • A set of assembly lines in XML files
    • A set of forms in XML files
    • Custom properties that include labels and messages for supported languages.

    Use the Target Administration module to import the target profile.

    Additional adapter specific files
    Examples of adapter specific files:
    • Connector jar files
    • Configuration files
    • Script files
    • Properties files

    The file names are specified in the adapter definition file along with the destination directory in the virtual appliance.
  2. From the top-level menu of the Appliance Dashboard, click Configure > SDI Management.
  3. Select the instance of the Security Directory Integrator for which you want to manage the adapters and click Manage > SDI Adapters
    The SDI Adapters window is displayed with a table that list the name, version, and any comments about the installed adapters.
  4. On the SDI Adapters window, click Install.
  5. On the File Upload window, click Browse to locate the adapter package and then click OK.
    For example, Adapter-<Adaptername>.zip.
  6. Provide the missing 3rd party libraries when prompted.
    1. On the File Upload for Pre-requisite files window, click Select Files.
      A new File Upload window is displayed.
    2. Browse and select all the missing libraries. For example, httpclient-4.0.1.jar, sapjco3.jar
    3. Click Open.
      The selected files are listed in the File Upload for Pre-requisite files window.
    4. Click OK.
      The missing files are uploaded and the adapter package is updated with the 3rd party libraries.
  7. Enable secure communication.
    1. Select the instance of the Security Directory Integrator for which you want to manage the adapter.
    2. Click Edit.
    3. Click the Enable SSL check box.
    4. Click Save Configuration.
  8. Import the SSL certificate to the IBM® Security Verify Directory Integrator server.
    1. Select the instance of the Security Directory Integrator for which you want to manage the adapter.
    2. Click Manage > Certificates.
    3. Click the Signer tab.
    4. Click Import.
      The Import Certificate window is displayed.
    5. Browse for the certificate file.
    6. Specify a label for the certificate. It can be any name.
    7. Click Save.
    Note: While uploading the Adapter package, you may receive System Error: A file included in the SDI Adapter zip already exists on the system. The Server Message log under Appliance tab of VA has a reference to error - com.ibm.identity.sdi.SDIManagementService File ibm.com_IBM_Verify_Identity_Governance_xxxx.swidtag found in the adapter zip at location ILMT-Tags or already exists in system. This is because, you can install the same swidtags only once. So, if another adapter of the same type is installed, remove the swidtags.

    The ibm.com_IBM_Verify_Identity_Governance_Enterprise-xxxx.swidtag file is common to all adapters. In addition to the common swidtag file, an application adapter needs ibm.com_IBM_Verify_Identity_Governance_Application_Adapters-xxxx.swidtag file and an infra adapter needs ibm.com_IBM_Verify_Identity_Governance_Lifecycle-xxxx.swidtag and ibm.com_IBM_Verify_Identity_Governance_Compliance-xxxx.swidtag files. So, if an application adapter is already installed and this is an infra adapter, then only install the infra-specific swidtags and the other way around. See Security Verify Governance Adapters v10.x to identify the type of the installed adapters.