4.5.9 Configuring an External Database to Store User History

Access Manager supports MySQL, Oracle, and Microsoft SQL Server databases for storing risk history. This section provides details about how to configure these databases.

Configuring MySQL Database

NOTE:Access Manager 4.5 supports MySQL 5.5 and earlier.

IMPORTANT:If you are using SQL database and you are upgrading to Access Manager 4.5, you must run a utility to re-factor the database. This is to ensure that Access Manager and its associated products use the same naming convention.

  1. Unzip the RiskDBScripts.zip file containing script to extend the database and sample configuration files. The file is located at the following location:

    On Linux: /opt/novell/nids/lib/webapp/WEB-INF/RiskDBScripts.zip

    On Windows: C:\Program Files\Novell\Tomcat\webapps\nidp\WEB-INF\RiskDBScripts.zip.

  2. On the MySQL server, execute the following command to create database objects for risk-based authentication:

    mysql -h host -u username -p password netiq_risk_mssql_install.sql

  3. Download the JDBC connector for the MySQL database from MySQL.com.

  4. Copy the JDBC connector to the /opt/novell/nids/lib/webapp/WEB-INF/lib/ folder.

  5. Restart Identity Server.

Configuring Oracle Database

  1. Unzip the RiskDBScripts.zip file containing script to extend the database and sample configuration files. The file is located at the following location:

    On Linux: /opt/novell/nids/lib/webapp/WEB-INF/RiskDBScripts.zip

    On Windows: C:\Program Files\Novell\Tomcat\webapps\nidp\WEB-INF\RiskDBScripts.zip.

  2. On the Oracle server, execute the following script to create database objects for risk-based authentication:

    Oracle 12c, 18c, and 19c: netiq_risk_oracle_12c_style_install.sql

    Earlier to Oracle 12c: netiq_risk_oracle_install.sql

  3. Download the JDBC connector for the Oracle database from Oracle.com.

    NOTE:(Access Manager 4.5 Service Pack 3 and later) Oracle 19.x supports two JDBC connectors, ojdbc8.jar and ojdbc10.jar. However, ojdbc10.jar is not supported with JDK 8. Hence you must use the ojdbc8.jar file while using Oracle Database 19.c.

  4. Copy the JDBC connector jar to the /opt/novell/nids/lib/webapp/WEB-INF/lib/ folder.

  5. Restart Identity Server.

Configuring Microsoft SQL Server

  1. Unzip the RiskDBScripts.zip file containing script to extend the database and sample configuration files. The file is located at the following location:

    On Linux: /opt/novell/nids/lib/webapp/WEB-INF/RiskDBScripts.zip

    On Windows: C:\Program Files\Novell\Tomcat\webapps\nidp\WEB-INF\RiskDBScripts.zip.

  2. On the SQL Server, execute the following script to create database objects for risk-based authentication:

    netiq_risk_sql_server_install.sql

  3. Download the JDBC connector for the SQL Server database from Microsoft.com.

  4. Copy the JDBC connector file sqljdbc42.jar to the /opt/novell/nids/lib/webapp/WEB-INF/lib/ folder.

  5. Restart Identity Server.

Enabling c3p0 Connection Pooling for Database

By default, Access Manager uses hibernate framework connection pooling to manage database connections for the external RBA SQL database. It is recommended to use c3p0 connection pooling to enhance Access Manager login performance. It is an easy-to-use library for augmenting traditional JDBC drivers. Using c3p0 connection pooling enhances performance and scalability. Perform the following steps to enable c3p0 connection pooling.

  1. Download the following connection pool libraries from Maven Repository:

  2. Copy the connection pool libraries to the following location:

    /opt/novell/nids/lib/webapp/WEB-INF/lib/

  3. Restart Identity Server.

    NOTE:Access Manager now uses the c3p0 libraries for connection pooling with the following default parameters:

      hibernate.c3p0.testConnectionOnCheckout : true
      hibernate.c3p0.max_statements : 100
      hibernate.c3p0.max_size : 100
      hibernate.c3p0.validate : true
      hibernate.c3p0.idle_test_period : 3000
      hibernate.c3p0.min_size : 20

    For more information about c3p0 connection pooling, see c3p0 - JDBC3 Connection and Statement Pooling.

  4. (Optional) To change the default parameters, perform the following steps:

    1. Create a configuration file and specify the custom parameters.

    2. Specify the configuration file location in the /opt/novell/nam/idp/conf/tomcat.conf file as a Java Virtual Machine system property in the following format:

      JAVA_OPTS="${JAVA_OPTS} -Dcom.microfocus.risk.history.hibernate.properties.file=<location of the configuration file>

    3. Restart Identity Server.