Tuesday, 30 June 2015

Decrypting the Password from the ITIM property files in JAVA

Decrypting the Password from the ITIM property files in JAVA.

Yes we can decrypt an encrypted password from the ISIM Property files like enRoleLDAPConnection.properties and enRoledatabase.properties file.
This can be very helpful when you are trying to connect to ISIM LDAP or DB in the java code from workflows using FESI Extension or custom Extension or even in ISIM Hooked Reports.

The by default com.ibm.itim.common.properties package Provided by IBM in the websphere Libraries contains a class called PropertiesManager

Create an object for this class and check for the options of methods it provides from it.
Use the method called getEncryptedProperty and get the decrypted password.

Confused....... and probably wondering why the heck do you need all the above information right.
Ok then to make it much easier see the below sample code for reference.


Sample Code for reference

//add the below line along with your import statements
import com.ibm.itim.common.properties.PropertiesManager;

public class my class{

public myldapconnection(){
//creates an object for the PropertiesManager class
PropertiesManager pm =PropertiesManager.gInstance();
String ldapserverpwd =pm.getEncryptedProperty("enrole.ldap.connection","java.naming.security.credentials");


Ok so in the above code enrole.ldap.connection is actually an property in the properties.properties file in the <ISIM Installed location>/data/ folder
In my code The Properties Manager is refering to the properties.properties file and searching for the property file to look into.

Monday, 8 June 2015

java.io.FileNotFoundException in the TDI while using JNDI Connector as a feed to ISIM

ITIM from TDI using the JNDI connector result in java.io.FileNotFoundException.

Even though the file is present and it is of the correct format and in the correct location, TDI throws a file not found exception.
and yes it might not be because your file is not being able to be detected by the TDI but there can be other factors that are causing it.

There are typically two reasons for this error:
1. The port number defined in the URL definition is incorrect.
2. The name parameter on the TDI connection form is incorrect. (This actually results in a different error seen during the evaluation of this issue.

If a Certificate is deployed or if a VIP is defined for an Identity Manager WAS cluster, the URL to access the Identity Manager may look like this:

https://<ITIM VIP Hostname>/itim/console/main

But, the actual port where the enrole application is listening is not the standard 9080 or 80.

The Provider URL on the jndi connector - connection tab needs to match the port defined for the enrole application.

To determine the correct url/port:

Review the WAS Server's systemOut.log where the ITIM application is running.
Search for the startup details. For example:

WSVR0221I: Application started: ITIM
TCPC0001I: TCP Channel TCP_2 is listening on host * (IPv4) port 9082.


Therefore, on the TDI jndi connection tab, the ITIM Url must contain the correct (IPv4) port. For example,

http://<ITIM VIP Hostname>:9082/enrole/dsml2_event_handler
which matches the port defined in the WAS/Enrole.ear for the TCP listening port.

and finally
Verify the $dn is correctly formed based on the Naming Context/Search Base. For example:

ret.value="uid="+work.getString("UID")+","+<ConnectorName>.getConnectorParam("jndiSearchBase");