Creating a list file to support challenge-response authentication
Some target systems do not natively support listing objects using the connectors. In this case, you must create the list file manually and you need to have a SQLite database list file to associate users and other objects during auto discovery. You can create the file by copying it from another target such as Active Directory.
For Bravura Security Fabric 12.4.0 and up, refer to Creating a list file and copying data from other targets for how to use the Copy data from these targets, separated by commas, during auto-discovery target system option to be able to copy the listing data from one or more other targets to use for the list file for the target. This also makes use of the Connector execution order auto discovery list as well as a post psupdate script for the target that you are copying data to.
Alternatively, you can use the List Override target address option to create the list file.
See here for examples of using List Override:
RADIUS Authentication: Creating a list file to support challenge-response authentication
DUO Authentication: Creating a list file to support challenge-response authentication
The following are examples of settings to use when using the List Override target address optiion:
In the case where ADDN is the target ID from the target that you are copying from, set the List Override target address option to the following:
{action=copy;srcTargetId=ADDN;script=listoverride.py;postHook=replaceLongIdWithShortId;}If copying the list file from an RSA Authentication Manager target and where RSAAM is the target ID or from another source where the longid is the same as the shortid and therefore doesn’t need to be replaced, set the List Override target address option to the following:
{action=copy;srcTargetId=RSAAM;}General usage for the KVGroup for List Override:
{action=copy;srcTargetId=<source target id>;script=<script name>;postHook=<hook name>;}
The following are further details on each of the KVGroup values that may be used for the List Override target system option:
Option | Value | Description |
|---|---|---|
action | [copy|move|augment] | The copy operation copies the source database file from the target list file specified by srcTargetId. The move operation will move the list file. The augment operation runs the list operation in the connector. |
srcDbFile | <path> | Provides the ability to override the path to the database list file as either an absolute or relative value. By default, listoverride calculates the path based on the database file path that is passed into the connector, such as the psconfig directory for example. Other paths that may be used could be those such as a directory within psconfig\discovered for an automatically discovered target system or another custom directory path. |
script | <Python script name> | The Python script name, for example listoverride.py. See hooks below for additional requirements. |
postHook/preHook/perHook | Provides both a "pre" and "post" hook to run before and after the action as well as an override "per" hook that replaces the action functionality. perHook passes in the following json argument: {"objectType": "<objectType>", "operation": "<operation>", dbFile: "dbFile"} postHook/preHook passes in the following: {"dbFile: "dbFile"} Example: specify postHook=replaceLongIdWithShortId; to replace the longid with the shortid in the list file, such as when copying from an ADDN target and to remove the domain name. | |
doNotLoad | When set to "1", the list file will not be loaded during the auto discovery process. This may be used in some situations such as where the source is a fake target, it can take an exceedingly long time to list, during testing and you do not wish to actually load the data until it is validated, or other scenarios where you may not with to load the data. The default value is empty. Any value that is not "1" will load the database list file. | |
format | db | Default is db. |