User sync between OpenIDM/OpenDJ to AS400 system

This topic contains 5 replies, has 3 voices, and was last updated by  prem_compucom 2 days, 5 hours ago.

  • Author
    Posts
  • #22297
     prem_compucom 
    Participant

    Hello everyone,

    We have this new requirement where we need to get the user data synchronized from an AS400 system to ForgeRock OpenIDM or if possible to DJ. We need to get the username, password, FNama, lName and email, phone number etc.. syncronized to IDM, so we can allow users who are part of the AS-400 system to access our new application. The authentication would be done by the OpenAM in our environment.

    As i could see that there is no connector available to do this, is there any other possibilities which can help us achieve this. Thanks in advance for your inputs/suggestions.

    Thanks
    Prem

    #22298
     domingos.creado 
    Participant

    Hi Prem,

    the simplest option is to export the data from source system as csv file, configure openidm to consume the csv, copy the csv file over the network and run a recon. If you need to keep in sync, you can use the openidm scheduler to run the recon recurrently.
    using the scripted sql might be another option if you are able to connect to as400 database using jdbc. The scripted groovy connector is another option if you need to use specific APIs to connect to the source database.

    #22301
     Bill Nelson 
    Participant

    @domingos-creado, your suggestion might work if users are stored in the DB2 database, but I have also seen reference to users being stored locally (files). The challenge (either way) will be regarding passwords which are stored in a hashed format. The only way you can capture passwords is to intercept the clear text password before it is written to disk and somehow get the password into IDM’s hands. RACF has such a capability with the password envelope, but I am not sure about AS400s.

    In the past, we successfully managed AS400 accounts from IDM directly against an AS400 DB2 database. In that case IDM is the authoritative source for these accounts and as such, we already had the passwords in IDM. But this doesn’t seem to be what @prem_compucom is asking for. His accounts already exist in the AS400.

    #22303
     domingos.creado 
    Participant

    the password can be copied to opendj in hashed form to idm and opendj
    @prem_compucom which is the hashing function used by as400? is it md5 or md4?

    #22309
     prem_compucom 
    Participant

    @bill-nelsonidentityfusion-com and @domingos-creado
    Thanks for your response.

    Yes the AS400 already has the user accounts. Which we are looking to get them into IDM/DJ, so AM can do the authentication and user’s can access the application that is already integrated with AM.

    @domingos-creado – I am not yet sure on the hashing function used by the AS400 system, need to check about this with the client and will get back asap once i have an info on this.

    #22322
     prem_compucom 
    Participant

    Hello @domingos-creado

    We are still waiting for an reply from the client on the hashing function used for the password.
    Before i get back to you on this information, can you please let me know how can we achieve the password to be copied to OpenDJ/OpenIDM from AS400 system directly. Also along with this can we get other attributes like FName, LName, Email etc.. from AS400 to IDM/DJ – can we use the connector from IDM to achieve this.

    If not a connector, how can we do this directly to the OpenDJ

    Thanks for your reply in-advance.

    Thanks
    Prem

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

©2018 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?