Skip to main content

Testing all operations

Test all operations required by the Bravura Security Fabric solution from a connector when:

  • New target systems are created

    At least one target system has to be tested for each target system type, when:

    • A target system configuration changes the way an administrator interacts with that target system within the same target system type; for example scripted target systems like Unix/Linux SSH types.

    • A target system is run on a different Bravura Security Fabric proxy server.

  • New or custom connectors are used.

  • There are changes in target system configuration relevant to the operations required for integration

  • idmsuite.log reports warnings or errors from a connector communicating with an existing target system.

Each connector can implement different sets of operations, and those sets of operations can be read at any time from the connector with the instance's loadplatform utility.

All operations triggered during target listing (Connect, serverinfo, listobj) must be supported by the connector that runs the list operations, and all have to succeed, in order for the newly listed target data to be loaded and processed during discovery.

There are two methods of testing operations:

Triggering operations

To list only accounts, navigate to Manage the System > Resources > Target systems [Manually defined | Automatically discovered] > < Target system > > Test connection > Test list.

To test complete listing as configured on the target system's General information page (account attributes, groups, group attributes, group members):

  1. Open a command prompt in the environment of the Bravura Security Fabric service account, for example:

    runas /user:psadmin cmd

  2. In that command prompt, navigate to the instance's util\ directory.

  3. Run:

    psupdate -list -target <TARGETID>

    where <TARGETID> is the ID of the target system being tested

To test password verify, trigger it from the Front-end (psf) LOGIN screen as part of a passwords.pss authentication chain:

  • Associate at least one account from that target system with a test profile.

  • Place the test target system in the Manage the system > Policies > Authentication List.

To test password resets, change passwords via:

  • Change passwords (pss)

  • Help users (ida)

  • Password Manager service (idpm ), using transparent synchronization. This triggers verifyreset instead of reset.

To test challenge-response configure a challenge-response authentication chain module and trigger it with a test user that exists both in the Bravura Security Fabric database and in the two-factor target system (RSA, DUO, RADIUS)

Other operations like account provisioning, adding accounts to groups, moving account context (from one OU to another) need to be triggered as part of the configured workflow.

The methods described above can generate errors from other product modules, services, scripting and other automation, like workflow configuration, so it is not testing only the connector.

Editing input files

The following is a more advanced but more time efficient method of testing connectors:

  1. Collect input KVGroups from all operations needed as they run on a working target system.

    Contact support for help with collecting input.

  2. Use a text editor that doesn't change line endings and text encoding (like Notepad++) to edit the input KVGs and change the details required for testing (targetid, address field, attributes, etc).

    Ensure that no strings enclosed in double quotes are broken by stray double quotes, or by Enter/EOL/special characters.

  3. Redirect the modified input KVGs into the test connector:

    1. Open a command prompt in the environment of the Bravura Security Fabric service account, for example:

      runas /User:Psadmin Cmd

    2. In that command prompt, navigate to the instance's agent\ directory.

    3. Run:

      <connector> < <input-connector-operation>.kvg

      where:

      • <connector> is the binary name of the connector being tested; for example "agtaddn-orig"

      • <input-connector-operation> is a suggested name scheme specific to each input KVG; for example input-agtaddn-create-JohnDoe.kvg

  4. Check:

    • Error pop-up windows

    • The output of the connector printed at the console

    • The idmsuite.log for errors or warnings

In this section: