B.0 Refactoring SQL Database

Access Manager uses a user's DN to store data for Risk Based Authentication in SQL database. A majority of LDAP user stores uses lowercase naming convention. From Access Manager 4.4 onwards all user data will be stored in the SQL database using a lower case DN. Hence, it ensures that Access Manager interacts with other products without any conflict.

If you are upgrading from an older version with SQL database in place, you must refactor your database to save existing users’ DN to lowercase. To refactor your database, you must run a jar utility supplied along with Access Manager 4.4. If you do not run this utility, the existing user data can become irrelevant in RBA and may not be used for Risk Score calculation.

Refer the following points to know how this utility works:

  • It runs outside Access Manager as a separate JAR utility.

  • It runs on a configuration file and the configuration file is bundled with JAR.

  • It uses hibernate and native SQL queries to modify the database entries.

  • It modifies usr, usrtransaction, device_fingerprint and extra tables to refactor the database.

Perform the following steps to refactor your database:

IMPORTANT:

  • It is recommended to back up your database before you run the utility.

  • Make sure that enough Java heap space is available before you run the utility.

  • Provide appropriate hibernate connector JARs in classpath.

  1. Log in to Administrator Console of Access Manager.

  2. Click Policies > Risk-based policies > User history. Make a note of the following information provided on this page:

    1. Database Driver

    2. Database Dialect

    3. Username

    4. Password

    5. URL

  3. Extract the utility JAR (RBA_SQL_Cleanup_Util.zip) outside Identity Server folders.

  4. Open the config.properties file that you extracted from utility JAR.

  5. Specify the details that you noted in Step 2 in config.properties file:

    For example, see the following information to understand what information is specified in config.properties file:

    hibernate.connection.url=<URL>
hibernate.connection.username=<Username>
hibernate.connection.password=<Password>
hibernate.dialect=<Database Dialect>
hibernate.connection.driver_class=<Database Driver>

  6. Run command line or terminal as an administrator.

  7. Run the following java command to run the utility:

    java -cp '<directory path where the zip is extracted>/*' com.novell.nam.nidp.risk.sql.cleanup.SQLApp
<directory path where the zip is extracted>/config.properties <directory to save log files>

    IMPORTANT:Make sure that you specify absolute paths in classpath and arguments to avoid platform specific issues.

  8. Open the log files to check for errors, if occurred.