Create a JDBC Data Source

requires a JDBC datasource in the application server where is installed to connect to the user store. The instructions for creating a datasource are different for each application server.
cim1268
Identity Manager
requires a JDBC datasource in the application server where
Identity Manager
is installed to connect to the user store. The instructions for creating a datasource are different for each application server.
JBoss
Follow these steps:
  1. Create a copy of the following file:
    <jboss_home>
    \standalone\deployments\objectstore-ds.xml
    jboss home
    The installed location of the Jboss application server where
    Identity Manager
    is installed.
    The new file must exist in the same location.
  2. Rename the file to userstore-ds.xml.
  3. Edit userstore-ds.xml as follows:
    1. Locate the <jndi-name> element.
    2. Change the value of the <jndi-name> element from jdbc/objectstore to userstore as follows:
      <jndi-name>userstore</jndi-name>
    3. In the <connection-url> element, change the DatabaseName parameter to the name of the database that serves as the user store as follows:
      <connection-url>
      jdbc:sqlserver://
      ipaddress:port
      ;selectMethod=cursor;DatabaseName=
      userstore_name
      </connection-url>
      ipaddress
      Specifies the IP address of the machine where the user store is installed.
      port
      Specifies the port number for the database
      userstore_name
      Specifies the name of the database that serves as the user store.
  4. Perform the following steps if you plan to create a JBoss security realm, which is required for support FIPS:
    1. Rename the security-domain to <security-domain>imuserstoredb</security-domain>.
    2. Save the file.
    3. Omit the remaining steps. Instead, complete the steps in Create a JBoss Security Realm for the JDBC Data Source.
  5. Make the following additional changes to userstore-ds.xml:
    1. Change the value of the <user-name> element to the username for an account that has read and write access to the user store.
    2. Change the value of the <password> element to the password for the account specified in the <user-name> element.
    Note
    : The user-name and password appear in clear text in this file. Therefore, you may decide to create a JBoss Security realm instead of editing userstore-ds.xml.
  6. Save the file.
Use a JBoss Security Realm for the JDBC Data Source
Assure that you are creating a JDBC data source in a JBoss application server. You can configure the data source to use a user name and password or can configure it to use a security realm.
Make sure that the JBoss Security Realm option is used if FIPS is being used.
Follow these steps:
  1. Complete the steps in.
    Do not specify a user name and password in the userstore-ds.xml as described in step 4.
  2. Open login-cfg.xml in
    jboss_home
    \server\default\conf.
  3. Locate the following entry in the file:
    <application-policy name="imobjectstoredb"> <authentication> <login-module code="com.netegrity.jboss.datasource.PasswordEncryptedLogin" flag="required"> <module-option name="userName">fwadmin</module-option> <module-option name="password">{PBES}:gSex2/BhDGzEKWvFmzca4w==</module-option> <module-option name="managedConnectionFactoryName">jboss.jca:name=jdbc/objectstore,service=NoTxCM</module-option> </login-module> </authentication> </application-policy>
  4. Copy the complete entry and paste it within the <policy> and </policy> tags in the login-cfg.xml file.
  5. In the entry you pasted in the file, make the following changes:
    1. Change the name attribute value from imobjectstoredb to imuserstoredb as follows:
      <application-policy name="imuserstoredb">
    2. Specify the name of the user used to authenticate against the user store as follows:
      <module-option name="userName">user_store_user</module-option>
    3. Specify the password for the user in the previous step as follows:
      <module-option name="password">user_store_user_password</module-option>
      Note
      : To encrypt the user store password, use the password tool (pwdtools) that is installed with
      Identity Manager
      .
    4. In the <module-option name="managedConnectionFactoryName"> element, provide the correct jdbc.jca:name as follows:
      <module-option name="managedConnectionFactoryName"> jboss.jca:name=userstore,service=NoTxCM </module-option>
  6. Save the file.
  7. Restart the application server.
WebLogic
You create a data source in the WebLogic Administration Console.
See the Oracle WebLogic 11 Documentation for complete information about Weblogic Connection Pools.
Follow these steps:
  1. Create a JDBC Data Source with the following parameters in the WebLogic Administration Console:
    Name:
    User Store Data Source
    JNDI Name:
    userstore
  2. Create the connection pool for the data source with the following information:
    • For SQL Server 2005 databases, use the following values:
      URL:
      jdbc:sqlserver://
      db_systemName
      :1433
      Driver Class Name:
      com.microsoft.sqlserver.jdbc.SQLServerDriver
      Properties:
      user=
      username
      databaseName=
      user store name
      selectMethod=cursor
      Password:
      password
    • For Oracle databases, use the following values:
      URL:
      jdbc:oracle:thin:@
      tp_db_systemname
      :1521:
      oracle_SID
      Driver Class Name:
      oracle.jdbc.driver.OracleDriver
      Properties:
      user=
      username
      Password:
      password
  3. After configuration, set the target for the pool to the server instance
    wl_server_name
    .
    After you deploy the pool, check the console to see if any errors occurred.
    You may see an error that says the data source cannot be created with a non-existent pool. To resolve this error, restart WebLogic.
WebSphere
Create a SQL Server Data Source for WebSphere
Follow these steps:
  1. In the WebSphere Administrative Console, navigate to the JDBC provider that you created when you configured the JDBC driver.
  2. Select Data Sources in the Additional Properties section.
  3. Create a data source with the following properties and click Apply:
    Name:
    User Store Data Source
    JNDI Name:
    userstore
    databaseName:
    userstore_name
    serverName:
    db_systemname
  4. Configure the selectMethod property as follows:
    1. Select Custom Properties in the Additional Properties section.
    2. Click the selectMethod custom property.
    3. Enter the following text in the Value field:
      cursor
    4. Click OK, then use the navigation links at the top of the screen to return to the data source you are creating.
  5. Configure a new J2C Authentication Data Entry for the User Store Data Source:
    1. Select J2EE Connector Architecture (J2C) authentication data entries from the Related Items section.
    2. Click New.
    3. Enter the following properties:
      Alias:
      User Store
      User ID:
      username
      password:
      password
      where
      username
      and
      password
      are the username and password for the account you specified when you created the database.
    4. Click OK, then use the navigation links at the top of the screen to return to the data source you are creating.
  6. Select the User Store J2C Authentication Data Entry that you created from the list box in the Component-managed Authentication Alias field.
  7. Click OK, then save the configuration.
    To verify that the data source is configured correctly, click Test Connection in the configuration screen for the data source. If the test connection fails, restart WebSphere and test the connection again.
Create an Oracle Data Source for WebSphere
Follow these steps:
  1. In the WebSphere Administrative Console, navigate to the JDBC provider that you created when you configured the JDBC driver.
  2. Create a data source with the following properties and click Apply:
    Name:
    User Store Data Source
    JNDI Name:
    userstore
    URL:
    jdbc:oracle:thin:@
    db_systemname
    :1521:
    oracle_sid
  3. Configure a new J2C Authentication Data Entry for the User Store Data Source:
    1. Enter the following properties:
      Alias:
      User Store
      User ID:
      username
      password:
      password
      where
      username
      and
      password
      are the username and password for the account you specified when you created the database.
    2. Click OK, then use the navigation links at the top of the screen to return to the data source you are creating.
  4. Select the User Store J2C Authentication Data Entry that you have created from the list box in the following fields:
    • Component-managed Authentication Alias
    • Container-managed Authentication Alias
  5. Click OK, then save the configuration.
    Note:
    To verify that the data source is configured correctly, click Test Connection in the configuration screen for the data source. If the test connection fails, restartWebSphere and test the connection again.