Overview

An adapter is an interface between a managed resource and the Identity server.

Adapters can be installed on the managed resource. The Identity server manages access to the resource by using the security system. Adapters function as trusted virtual administrators on the target operating system. The adapter creates, suspends, restores user accounts, and other functions that administrators run manually. The adapter runs as a service, independently of whether you are logged on to the Identity server.

IBM Security Verify Governance Identity Manager works with the ACF2 Security in an MVS environment. The adapter:

Receives provisioning requests from IBM Security Verify Governance Identity Manager.
Processes the requests to add, modify, suspend, restore, delete, and reconcile user information from the adapter security database.
Converts the Directory Access Markup Language (DAML) requests that are received from IBM Security Verify Governance Identity Manager to the corresponding adapter Security for z/OS® commands. The Enrole Resource Management API (ERMA) libraries are used for the conversion.
Issues the commands to the ACF2 command executor and receives the results.
Returns the results of the command and includes the success or failure message of a request to IBM Security Verify Governance Identity Manager.

The following figure describes the various components of the adapter.

The adapter components — Figure 1. The ACF2 Adapter components

Adapter: Receives and processes requests from IBM Security Verify Governance Identity Manager. The adapter can handle multiple requests simultaneously. The binary files of the adapter and related external files reside in the Unix System Services environment of z/OS (OS/390®).
Command Executor: The ACF2 command executor interfaces with ACF2. It issues the R_Admin (IRRSEQ00) callable service to issue ACF2 commands. It processes the commands and returns relevant messages.
The REXX command executor interfaces with the ISIMEXIT REXX script. It uses IKJTSOEV to enable issuing TSO/E commands in the ISIMEXIT. To allocate and execute the ISIMEXIT REXX script it uses IRXLOAD with IRXEXEC or tsocmd depending on the chosen configuration.
Reconciliation Processor: The Reconciliation Processor is a series of programs in the C programming language. By default, the Reconciliation Processor runs two programs to obtain data from theACF2 database. The data is sorted and merged before it is sent back to the adapter.