IBM Security Verify Governance Adapter 10.0.3 for RSA Authentication Manager - Release notes

IBM Security Verify Governance Adapter 10.0.3 for RSA Authentication Manager is available. Compatibility, installation, and other getting-started issues are addressed.

Copyright International Business Machines Corporation 2003, 2026. All rights reserved.
US Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

Contents

Preface

Adapter Features and Purpose

License Agreement

Contents of this Release

Installation and Configuration Notes

Updates to the installation guide

Supported Configurations

Notices

Preface

These Release Notes contain information for the following products that was not available when the IBM Security Verify Governance Server manuals were printed:

Adapter Features and Purpose

The IBM Security Verify Governance Adapter for RSA Authentication Manager is designed to create and manage user accounts in the RSA Authentication Manager server. The adapter runs in "agentless" mode and communicates with the RSA Authentication Manager through Enterprise Java Beans (EJBs).

IBM recommends this adapter (and the prerequisite Security Directory Integrator) be installed on each node of an IBM Security Verify Governance Server WebSphere cluster. A single copy of the adapter can handle multiple IBM Security Verify Governance Server services. The deployment configuration is based, in part, on the topology of your network domain, but the primary factor is the planned structure of your IBM Security Verify Governance Server Provisioning Policies and Approval Workflow process. Please refer to IBM Security Verify Governance Adapters Knowledge Center for a discussion of these topics.

IBM Security Verify Governance Server adapters are powerful tools that require Administrator Level authority. Adapters operate much like a human system administrator, creating accounts, permissions and home directories. Operations requested from IBM Security Verify Governance Server will fail if the adapter is not given sufficient authority to perform the requested task. IBM recommends that this adapter run with administrative (root) permissions.

License Agreement

Review and agree to the terms of the IBM Security Verify Governance Adapter License prior to using this product. The license can be viewed from the "license" folder included in the product package.

Contents of this Release

Adapter Version

Component Version
Release Date 2026 June 08 05.25.19
Adapter Version 10.0.3
Component Versions Adapter build: 10.0.3.01
Profile: 10.0.3.01
Connector: 10.0.3.01
Dispatcher: 7.1.40
Documentation The following guides are available in the IBM Security Verify Governance Adapters Knowledge Center:
  • Installation and Configuration Guide for IBM Security Verify Governance Adapter for RSA Authentication Manager
  • User Guide for IBM Security Verify Governance Adapter for RSA Authentication Manager

New Features

Internal# Enhancement # (RFE)/#Idea Description
Items included in current release (10.0.3)
SVGAD-6368 ADAPT-236 Certify Adapters with IVIG v11.x
SVGAD-6368 ADAPT-236 Certify the RSA Authentication Manager adapter with SDI 11 Release
SVGAD-6368 ADAPT-234 Certify the RSA Authentication Manager adapter with SDI 10 Release
Items included in the release (10.0.2)
None
Items included in release (10.0.1)
ADAPT-119 RSA SecurID Authentication Manager 8.7 is supported
RTC 188277 RSA Authentication Manager 8.5 is supported
Items included in the release (7.1.19)
RTC 184345 RSA Authentication Manager 8.4 is supported
Items included in the release (7.1.18)
RTC 154247 RSA Authentication Manager 8.2 is supported.

RSA Authentication Manager 8.1.1 is supported.
Items included in the release (7.1.17)
RTC 152138 Add Support for Identity Governance and Intelligence (IGI) v5.2.2

This adapter is now designed for use with IBM Security Identity Manager, Privileged Identity Manager, and Identity Governance and Intelligence.
Items included in the release (7.0.16)
36429 (71209)

40202 (80833)
ISIM RSA on-demand token support

RSA Authentication Manager Adapter v6.0.15 On-Demand provisioning
Items included in the release (7.0.15)
Initial release

Closed Issues

Internal# KnowIssue#/Case# Description
Items closed in current release (10.0.3)
None
Items closed in the release (10.0.2)
SVGAD-2321 TS015966156 The license check call should be disabled for RSA 8.7 and an RSA 8.7 specific connector should be released.

ERROR, CMOMDCRSA1.cibc.cginet,,,,Failed to load product license limit for user count
Items closed in release (10.0.1)
None
Items closed in the release (7.1.19)
None
Items closed in the release (7.1.18)
None
Items closed in the release (7.1.17)
None
Items closed in the 7.0.16 release
Bugz1815

RTC128412
IV75814 PMR 25592,200,838

AuthMan adapter throws ArrayIndexOutOfBoundsException when reconciling an identity source with no principals in it.
Items closed in the 7.0.15 release
Initial release

Known Limitations

Internal# Case#/KnownIssue Description
SVGAD-6504 Adapter fails to modify On Demand Authentication Attributes.

If an account is enabled for On Demand Authentication(ODA), and a modify operation is performed to update other ODA attributes (for e.g. Delivery Method, SMS Destination Address etc.), the adapter fails.

Workaround to update ODA attributes:
- Perform modify operation to disable the account for ODA.
- Modify account again to enable ODA with new values.

The issue will be fixed in future release.
SVGAD-6507 Wrong status returned during filtered recon

When a filtered recon is executed using a filter like (eruid=name) and "name" is not found in the target resource, the adapter returns a FAILURE status. The adapter should return a SUCCESS status so that IBM Security Verify Governance will remove the "name" service account from its datastore.

This issue will be fixed in a future release.
SVGAD-6516 Object Class Violation Error on SendOnly Attributes

If the RSA Authentication Manager adapter fails to set one or more send-only attributes:
• erRsaAmT1ClearSecurIDPin
• erRsaAmT2ClearSecurIDPin
• erRsaAmT3ClearSecurIDPin
• erServicePwd1
• erServicePwd2
• erServicePwd3
• erRsaAmT1RplNextToken
• erRsaAmT2RplNextToken
• erRsaAmT3RplNextToken

on the RSA Authentication Manager server during an ADD or MODIFY operation, then the adapter will return the attribute in the failed attribute list and some versions of IBM Security Verify Governance will generate an "Object Class Violation" error. This is an IBM Security Verify Governance server defect and will be addressed in a future server fix pack.
SVGAD-6510 RSA Authentication Manager Adapter impacts on TDI and other adapters

For the adapter to run correctly, several specific jar files are needed in the runtime environment. Some of these jars interfere with the operation of other adapters or with certain features of the Tivoli Directory Integrator (TDI). In particular,

• The TDI 7.1.1 or SDI REST service will not run when the RSA Authentication Manager 8.0 or 8.1 Adapter is installed and configured.
• Do not install the RSA Authentication Manager Adapter in the same TDI environment with any of the following adapters: Google Apps or Salesforce.
SVGAD-6513 No support for 2-way SSL or SOAP communication

The adapter does not support two-way SSL communication with the RSA Authentication Manager server. The adapter also does not support the SOAP protocol when communicating with the RSA Authentication Manager server.

Installation and Configuration Notes

See the Installation and Configuration guide for IBM Security Verify Governance Adapter for RSA Authentication Manager for detailed instructions.

Updates to the installation guide

See the Installation Guide for IBM Security Verify Governance Adapter for RSA Authentication Manager for detailed instructions.

Corrections to Installation Guide:

Chapter 1: Overview

No updates for the current release

Chapter 2: Planning

No updates for the current release

Chapter 3: Installing

Installing the adapter binaries or connector

The following connectors are available:

For RSA 8.7 and later: Copy the resource/RsaAuthmanConfig.properties and resource/config.properties files to the SDI_HOME/timsol/properties directory.

Copying JAR files from the RSA Authentication Manager server to the Security Directory Integrator environment

Note: Remove table for RSA Authentication Manager 7.1 and its related content.

In RSA Authentication Manager 8.2, for SDI 10 or above version you need to copy all jars from the RSA_SDK_HOME/lib/java to SDI_HOME/timsol/rsa folder, do not copy any other jars.

Installing ILMT-Tags

This topic describes the procedures to install ILMT tag files.

Before you begin

Ensure that the Dispatcher is installed.

Procedure

Copy the files from ILMT-Tags folder to the specified location:

Adapter authority requirement for the license.bea file

Note: Remove this entire section as we are removing support of RSA 7.x

Enabling secure communication

Note: Remove all the details which are regarding For RSA Authentication Manager 7.1

Do not add any version specific information like for 8.1 or 8.0 keep it like for RSA without mentioning version. Replace .cer to .der

Update section Set the following Java system property like below:

# SSL Truststore Configuration
# For SDI 7.x
weblogic.security.SSL.trustedCAKeyStore=full-path-to-rsaTruststore.jks
# For SDI 10 and above version use below property
ims.ssl.client.trust.keystore.filename=full-path-to-rsaTruststore.jks
# For SDI 10 and above version to add truststore password use below property
#com.rsa.ssl.trust.store.password=password

# TLS Protocol Configuration for all SDI versions
weblogic.security.SSL.protocolVersion=TLSv1.2
weblogic.security.SSL.minimumProtocolVersion=TLSv1.2
weblogic.security.SSL.ignoreHostnameVerification=true

Configure Java 17 Module Access

This section is applicable for SDI 10 or above versions only, Java 17 enforces strict module encapsulation. WebLogic thin client requires access to internal Java modules. The configuration differs between Windows and Linux platforms.

For Windows: Update ibmdiservice.props

  1. Navigate to: <SDI_HOME>\ibmdiservice.props
  2. Locate the jvmcmdoptions property
  3. Update with the following configuration:
jvmcmdoptions=--add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.lang.invoke=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED --add-opens=java.base/java.net=ALL-UNNAMED --add-opens=java.base/java.nio=ALL-UNNAMED --add-opens=java.base/java.security=ALL-UNNAMED --add-opens=java.base/java.text=ALL-UNNAMED --add-opens=java.base/java.time=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.base/java.util.concurrent.atomic=ALL-UNNAMED --add-opens=java.base/sun.nio.ch=ALL-UNNAMED --add-opens=java.base/sun.security.action=ALL-UNNAMED --add-opens=java.base/sun.security.util=ALL-UNNAMED --add-opens=java.management/javax.management=ALL-UNNAMED --add-opens=java.management/javax.management.openmbean=ALL-UNNAMED --add-opens=java.naming/com.sun.jndi.ldap=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED --add-exports=java.naming/com.sun.jndi.ldap=ALL-UNNAMED --add-exports=java.base/sun.security.internal.spec=ALL-UNNAMED --add-exports=java.base/sun.security.provider=ALL-UNNAMED -Dlog4j2.configurationFile=etc\log4j2.xml

Important Notes for Windows:

For Linux: Update ibmdisrv Script

  1. Navigate to: <SDI_HOME>/ibmdisrv
  2. Locate the Java execution command (typically the line starting with $JAVA_HOME/bin/java or similar)
  3. Add the following --add-opens and --add-exports flags to the Java command:
--add-opens=java.base/java.io=ALL-UNNAMED \
--add-opens=java.base/java.lang=ALL-UNNAMED \
--add-opens=java.base/java.lang.invoke=ALL-UNNAMED \
--add-opens=java.base/java.lang.reflect=ALL-UNNAMED \
--add-opens=java.base/java.net=ALL-UNNAMED \
--add-opens=java.base/java.nio=ALL-UNNAMED \
--add-opens=java.base/java.security=ALL-UNNAMED \
--add-opens=java.base/java.text=ALL-UNNAMED \
--add-opens=java.base/java.time=ALL-UNNAMED \
--add-opens=java.base/java.util=ALL-UNNAMED \
--add-opens=java.base/java.util.concurrent=ALL-UNNAMED \
--add-opens=java.base/java.util.concurrent.atomic=ALL-UNNAMED \
--add-opens=java.base/sun.nio.ch=ALL-UNNAMED \
--add-opens=java.base/sun.security.action=ALL-UNNAMED \
--add-opens=java.base/sun.security.util=ALL-UNNAMED \
--add-opens=java.management/javax.management=ALL-UNNAMED \
--add-opens=java.management/javax.management.openmbean=ALL-UNNAMED \
--add-opens=java.naming/com.sun.jndi.ldap=ALL-UNNAMED \
--add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED \
--add-exports=java.naming/com.sun.jndi.ldap=ALL-UNNAMED \
--add-exports=java.base/sun.security.internal.spec=ALL-UNNAMED \
--add-exports=java.base/sun.security.provider=ALL-UNNAMED

Verifying the adapter installation

Note: From Table 1. Adapter components remove all reference related to RSA Authentication Manager 7.1

Installing in Virtual Appliance (In ISVG Only)

For Verify Governance target management, you can install an IBM Security Verify Governance adapter or a custom adapter on the built-in Security Verify Directory Integrator in the virtual appliance instead of installing the adapter externally. As such, there is no need to manage a separate virtual machine or system.

About this task

This procedure is applicable to install this adapter on the virtual appliance for a selected list of Identity Adapters. See the Identity Adapters product documentation to determine which adapters are supported in Identity Governance and Intelligence, and which can be installed on the virtual appliance.

All Identity Governance and Intelligence supported adapters can be installed externally on the virtual appliance. Depending on the adapter, an external Security Directory Integrator may be required.

See the corresponding Adapter Installation and Configuration Guide for the specific prerequisites, installation and configuration tasks, and issues and limitations. See the Adapters Release Notes for any updates to these references.

Procedure

  1. Download the adapter package from the IBM Passport Advantage.

    For example, Adapter-.zip.

    The adapter package includes the following files:

    Files Descriptions
    bundledefinition.json The adapter definition file. It specifies the content of the package, and the adapter installation and configuration properties that are required to install and update the adapter.
    Adapter JAR profile A Security Directory Integrator adapter always include a JAR profile which contains:
    • targetProfile.json
    • Service provider configuration
    • Resource type configuration
    • SCIM schema extensions
    • List of assembly lines
    • A set of assembly lines in XML files
    • A set of forms in XML files
    • Custom properties that include labels and messages for supported languages.
    Use the Target Administration module to import the target profile.
    Additional adapter specific files Examples of adapter specific files:
    • Connector jar files
    • Configuration files
    • Script files
    • Properties files
    The file names are specified in the adapter definition file along with the destination directory in the virtual appliance.
  2. From the top-level menu of the Appliance Dashboard, click Configure > SDI Management.
  3. Select the instance of the Security Directory Integrator for which you want to manage the adapters and click Manage > SDI Adapters.

    The SDI Adapters window is displayed with a table that list the name, version, and any comments about the installed adapters.

  4. On the SDI Adapters window, click Install.
  5. On the File Upload window, click Browse to locate the adapter package and then click OK.

    • For example, Adapter-.zip.
    • Provide the missing 3rd party libraries when prompted.
  6. On the File Upload for Pre-requisite files window, click Select Files.

    • A new File Upload window is displayed.
    • Browse and select all the missing libraries. For example, httpclient-4.0.1.jar, sapjco3.jar
    • Click Open.
    • The selected files are listed in the File Upload for Pre-requisite files window.
    • Click OK.
    • The missing files are uploaded and the adapter package is updated with the 3rd party libraries.
  7. Enable secure communication.

    • Select the instance of the Security Directory Integrator for which you want to manage the adapter.
    • Click Edit.
    • Click the Enable SSL check box.
    • Click Save Configuration.
    • Import the SSL certificate to the IBM Security Verify Directory Integrator server.
    • Select the instance of the Security Directory Integrator for which you want to manage the adapter.
    • Click Manage > Certificates.
    • Click the Signer tab.
    • Click Import.
    • The Import Certificate window is displayed.
    • Browse for the certificate file.
    • Specify a label for the certificate. It can be any name.
    • Click Save.

Note: While uploading the Adapter package, you may receive System Error: A file included in the SDI Adapter zip already exists on the system. The Server Message log under Appliance tab of VA has a reference to error - com.ibm.identity.sdi.SDIManagementService File ibm.com_IBM_Verify_Identity_Governance_xxxx.swidtag found in the adapter zip at location ILMT-Tags or already exists in system. This is because, you can install the same swidtags only once. So, if another adapter of the same type is installed, remove the swidtags.

The ibm.com_IBM_Verify_Identity_Governance_Enterprise-xxxx.swidtag file is common to all adapters. In addition to the common swidtag file, an application adapter needs ibm.com_IBM_Verify_Identity_Governance_Application_Adapters-xxxx.swidtag file and an infra adapter needs ibm.com_IBM_Verify_Identity_Governance_Lifecycle-xxxx.swidtag and ibm.com_IBM_Verify_Identity_Governance_Compliance-xxxx.swidtag files. So, if an application adapter is already installed and this is an infra adapter, then only install the infra-specific swidtags and the other way around. See Security Verify Governance Adapters v10.x to identify the type of the installed adapters.

Installing in an IBM Security Verify Directory Dispatcher Container

Before you begin

The steps to install adapter and related files into the container can be performed using the adapterUtil.sh script, which is shipped with the dispatcher package. This script should be staged on the machine running Kubernetes cli. The adapterUtil.sh script is also readily available in the bin directory of ISIM IBM Security Verify Governance Identity Manager Container Starter Kit installation directory (If ISVDI was selected for installation during the ISIM container installation steps).

If, for any reason, the adapter util script cannot be executed or used, the below manual instructions must be followed to copy the files to the persistent volume.

Note: The container must be restarted after installing, uninstalling the adapter or any changes to the configuration yaml. To activate changes and restart the container run the following commands:

Note: This document only describes the adapterUtil.sh command options that are required to install this adapter. For other command options, such as listing installed connectors and 3rd party jars, please refer to the Dispatcher10 Installation and Configuration Guide.

Installing / Upgrading / Re-installing / Downgrading the adapter

Using Script

Use below command to install / upgrade/ re-install / downgrade the adapter:

/path/to/adapterUtil.sh -loadAdapter "/path/to/Adapter-RsaAuthMgr-*.zip" accept

Where /path/to/adapterUtil.sh is the location where the adapterUtil.sh script is installed and /path/to/Adapter-RsaAuthMgr-*.zip is the location where the Adapter zip file is staged on the machine running Kubernetes cli.

Manually copying files to Persistent Volume

Copy the files to the persistent volume mapped to the /opt/IBM/svgadapters directory of the container image as per the given directory structure:

RsaAuthMgrConnector.jar

Copy this file to <Persistent_Volume>/jars/connectors directory.

ILMT-Tags

Copy below files to <Persistent_Volume>/swidtag directory:

Copying 3rd party libraries:

Using Script

Use below command to copy 3rd party jars: (List of the jars required are mentioned in Managed Resource section of Release Notes, need to copy all of these jars)

/path/to/adapterUtil.sh -copyToPatches "RSA_SDK_HOME/lib/java/*.jar"

This command will copy the 3rd party jars to <Persistent_Volume>/jars/patches directory.

Manually copying files to Persistent Volume

Copy 3rd party jar files to <Persistent_Volume>/jars/patches directory (List of the jars required are mentioned in Managed Resource section of Release Notes, need to copy all of these jars):

Configuring the SSL connection between the IBM Security Verify Directory Integrator Container and the RSA Authentication Manager Target

Export certificate and create trustStore jks file using java, refer to Enabling secure communication section for the same. Copy the created rsaTruststore.jks to the dispatcher container using the following command:

/path/to/adapterUtil.sh -copyFile path_to_crt/rsaTruststore.jks /opt/IBM/svgadapters/

Configuring RsaAuthmanConfig.properties

Update RsaAuthmanConfig.properties within /opt/IBM/svgadapters/timsol/properties folder by updating required properties mentioned in Authentication Manager config.properties file update section as well as add properties mentioned in Enabling secure communication section in the same file.

ims.ssl.client.trust.keystore.filename=/opt/IBM/svgadapters/rsaTruststore.jks
com.rsa.ssl.trust.store.password=password
weblogic.security.SSL.ignoreHostnameVerification=true
weblogic.security.SSL.protocolVersion=TLSv1.2
weblogic.security.SSL.minimumProtocolVersion=TLSv1.2

Enabling TLS 1.2

Refer https://www.ibm.com/docs/api/v1/content/SSCQGF_10.0.0/container/html/verify-directory-integrator.html#advanced page from SVDI.

If the config.yaml file which is used as the YAML_CONFIG_FILE environment variable for the container doesn't have an advanced configuration element, follow the instructions that are provided in https://www.ibm.com/docs/api/v1/content/SSCQGF_10.0.0/container/html/verify-directory-integrator.html#advanced to add an advanced configuration section to the config.yaml file.

Update ibmdisrv file

1. Copy ibmdisrv file from container by using the following command:

For OpenShift container:

oc cp -n isvgim <isvdi_pod_name>:/opt/IBM/TDI/ibmdisrv <destination_on_local_system>

For Kubernetes container:

kubectl cp -n isvgim <isvdi_pod_name>:/opt/IBM/TDI/ibmdisrv <destination_on_local_system>

2. Update ibmdisrv file as mentioned in the Configure Java 17 Module Access.

3. Copy updated ibmdisrv file to <Persistent_Volume> path:

/path/to/adapterUtil.sh -copyFile <destination_on_local_system>/ibmdisrv <Persistent_Volume>

4. Create rsa.sh script file having script as mentioned below to Copy ibmdisrv file to the <Persistent_Volume> path:

#!/bin/bash
cp <Persistent_Volume>/ibmdisrv /opt/IBM/TDI 

5. Give executable permission to rsa.sh file

6. Configure rsa.sh script in the container

Copy script to the <Persistent_Volume>/scripts directory manually in the container or you can use the following command:

/path/to/adapterUtil.sh -copyFile /path/to/rsa.sh <Persistent_Volume>/scripts

Add line for rsa.sh above the setHostname.sh script.

Add script as mentioned in the SVDI guide as follows:

init:
 aux-config-programs:
  - command: /opt/IBM/svgadapters/scripts/rsa.sh

If the config.yaml file which is used as the YAML_CONFIG_FILE environment variable for the container doesn't have an advanced configuration element, follow the instructions that are provided in https://www.ibm.com/docs/api/v1/content/SSCQGF_10.0.0/container/html/verify-directory-integrator.html#advanced to add an advanced configuration section to the config.yaml file.

Updating the container

Using Script

To update the dispatcher container with the new certificate using the ISVG-IM starter kit, run the following commands:

Manually

To update the dispatcher container with the new certificate on Kubernetes/OpenShift, now run the following commands to create a config map and update the dispatcher specific yaml:

<kubectl or oc > create configmap <namespace> --from-file=<path to main isvdi config yaml> --from-file=<directory where certificates are stored> --dry-run=client -o yaml –namespace=<namespace where dispatcher container resides> > <path_to_dispatcher_container_that_runs_this_adapter_yaml>

e.g.

kubectl create configmap isvgimsdi --from-file=/root/isvg/config/adapters/isvdi_config.yaml --from-file=/root/isvg/config/certs --dry-run=client -o yaml --namespace=isvgim > /root/isvg/yaml/045-config-adapters.yaml

Then apply the updated dispatcher that runs this adapter yaml.

<kubectl or oc> apply -f <path_to_dispatcher_container_that_runs_this_adapter_yaml>

e.g.

oc apply -f /root/isvg/yaml/045-config-adapters.yaml

Finally restart the container

<kubectl or oc> rollout restart deployment <isvdi container deployment>

e.g.

oc -n isvgim rollout restart deployment isvdi

Chapter 4: Upgrading

No updates for the current release

Chapter 5: Configuring

Enabling TLSv1.2 in Security Directory Integrator

Procedure:

1. Apply recommended fix packs and limited availability (LA) versions on the Security Directory Integrator. See Recommended fixes for IBM Security Directory Integrator (SDI).

2. After applying the appropriate updates, modify the /solution.properties file by appending the following text to the bottom of the file:

#####################
# # Protocols to enforce SSL protocols in a SDI Server
# # Optional values for com.ibm.di.SSL* property (TLSv1, TLSv1.1, TLSv1.2). # # This can be a multi-valued comma separated property
# # Optional values for com.ibm.jsse2.overrideDefaultProtocol property (SSL_TLSv2, TLSv1,TLSv11,TLSv12).
# # This is a single value property.
#####################

com.ibm.di.SSLProtocols=TLSv1,TLSv1.1,TLSv1.2
com.ibm.di.SSLServerProtocols=TLSv1,TLSv1.1,TLSv1.2
com.ibm.jsse2.overrideDefaultProtocol=TLSv1
com.ibm.jsse2.overrideDefaultTLS=true
#####################

Chapter 6: Troubleshooting

Enabling DEBUG Logs on SDI Server

Procedure:

1. Stop the SDI Server process

Pre-7.2.0-ISS-SDI-FP0008

2. Edit the /etc/log4j.properties

3. Modify the following line:

log4j.rootCategory=INFO, Default

to

log4j.rootCategory=DEBUG, Default

Post-7.2.0-ISS-SDI-FP0008

2. Edit the /etc/log4j2.xml

3. Modify the following line:

<Root level="info">

to

<Root level="debug">

4. Start the SDI Server process

5. Re-create the problem and collect the /logs/ibmdi.log

Logs are not getting printed in FP13 in Windows OS

To fix this issue copy log4j2.xml file from /etc and add to the /etc (which was missing there). Then configure /ibmdiservice.props with jvmcmdoptions=-Dlog4j2.configurationFile=etc\log4j2.xml

Chapter 7: Reference

No updates for the current release

Supported Configurations

Installation Platform

The IBM Security Verify Governance Adapter for RSA Authentication Manager was built and tested on the following product versions.

Adapter Installation Platform:

Due to continuous Java security updates that may be applied to your ISVG or ISVGIM servers, the following SDI releases are the officially supported versions:

Note: Earlier SDI supported version may function properly, however to resolve any communication errors, you must upgrade your SDI releases to the officially supported versions by the adapters. Please refer to the adapter's installation and configuration guides for the latest update on the IBM Security Directory Integrator versions and fix packs.

Managed Resource:

3rd Party Client Libraries:

For RSA Authentication Manager 8.7+SP2

The required JAR files are in the RSA_SDK_HOME/lib/java directory where RSA_SDK_HOME is the directory where you installed the Authentication Manager SDK. You must copy only these files from the RSA_SDK_HOME/lib/java directory into the SDI_HOME/jars/patches/rsa directory.

Supported IBM Security Verify Governance Servers:

*Unless this document specifies a specific fix pack version of ISVG Identity Manager v10, we expect the adapter to work with ISIM 6 as well. However, it will only be debugged and fixed from the perspective of ISVG-IM v10.

Notices

This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service.

IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to:

IBM Director of Licensing
IBM Corporation
North Castle Drive
Armonk, NY 10504-1785 U.S.A.

For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to:

Intellectual Property Licensing
Legal and Intellectual Property Law
IBM Japan, Ltd.
1623-14, Shimotsuruma, Yamato-shi
Kanagawa 242-8502 Japan

This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice.

Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk.

IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you.

Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact:

Trademarks

IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.

Microsoft, Windows, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.

Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.

End of Release Notes