Burmester Sound Upgrade – Redux

26 Nov

imag2149First off, the inspiration for this upgrade is in large part due to the fantastic post that Mike525 made on “Upgrading the W205 Burmester Audio” WordPress article.  The upgrade was conducted on a 2015 C400 W205 with the Burmester Audio package.  My initial experience was like many, I expect, in that the sound of the system sounded good at the showroom and after a couple of months my opinion changed as follows:

  • Sound reproduction in both the high and low end was not accurate. I am not an expert, but my personal comparison using a set of good headphones against the Burmester convinced me that sound quality was lacking.
  • At med-high volume sound distortion was evident and noticeable rattle was coming from the rear passenger door speakers

Thus began the plan to upgrade my Burmester sound system.  In my search for upgrades, I quickly identified that was very little in the way of information about the W205 Burmester system.  The two sources that I found available are:

Mike’s article appealed to me and addressed the sound quality issues that I had and with that I went on a search for a stereo installation expert which led me to Nick of “The Car Audio Shop”, in Austin, TX.  After speaking with Nick the following was decided.

  • The build used in the “Upgrading the W205 Burmester Audio” would be the basis of the upgrade.
  • Use of an additional set of Focal K2 Power 100KRS speakers in the rear passenger area.
  • Use a stealth subwoofer enclosure in the trunk on the driver’s side to preserve as much trunk space as possible and to not interfere with folding rear seats.

Build Out

Items List for the Upgrade

  • Match 82 PP DSP – Digital Sound Processor/Amplifier, 8 configurable channels x 55 Watts / 110 Watts
  • Helix V EIGHT DSP – Digital Sound Processor/Amplifier, 8 configurable channels x 75 Watts / 120 Watts
  • JL Audio FiX™ 82 – Removes factory sound processing for aftermarket speakers and amps
  • CT Sounds 8 inch Subwoofer – 800W RMS
  • CT Sounds AT-900.1d – 1 Ohm @ 12.8v, 500w rms l 1000w max
  • 2x Focal K2 Power 100KRS – two 4″ woofers, 2 tweeters, 2 external crossovers, and 2 woofer grilles

Power Wiring of the Components

Below are pictures of the quality of the wiring showing 8AWG and using black(+) and red(-) leads to the CT AMP from the fuse box.  The leads were post wrapped for extra safety.

imag2174

imag2175

imag2176

Below is a picture of the wiring into the Mercedes fuse box, note the black fuse connector on the bottom

20161126_111638

Below is a picture of the Mercedes stock amp and the addition of the Focal Crossovers

20161126_111552

 

Below, picture of the CT Sounds amp located in the cargo well in the trunk

20161126_111434

Below is a picture of the cargo enclosure with the cargo grate placed back in it’s original location

20161126_111507

Speaker Wiring

Additional wires were run for each of the Focal KRS 100 Tweeters.  This is to allow for tuning of a true 3 way configuration of high, mid and bass with the Match.  Below are several pictures of the door Molex connectors through which the wires were run.

Picture of the Molex form the rear

imag2180

imag2163

Picture above of the disconnected door Molex, the additional wire was run through the available wiring hole on the upper R

Focal 4” Speakers Installation

The picture below shows the Focal KRS 100 4″ mid-range speaker (top), custom mounting bracket (lower L) and the stock speaker (lower R).

imag2155

imag2160

The picture above shows the final mounting of the Focal 4” in the door enclosure

Focal Tweeter Installation

Replacement of the stock tweeters was straight forward.  The stock mounting enclosures were used and

20161126_110827

Subwoofer Enclosure

As mentioned in the introduction the goal was to was to minimize the trunk space loss or usage with the sub.  With this in mind, there was only one real option which was to build an enclosure on the drivers side which:

  • Does not interfere with the rear seats folding down for increased trunk space
  • The space used on the right side takes up only a small amount of usable space, but provides a suitable area for the speaker and enclosure.
  • Use of the cargo area below the trunk remains usable and accessible without modify the stock cargo cover.

Below, the driver’s side trunk area was first formed out to hold the CT Sounds 8” subwoofer.

imag2157

Below, after several layers of fiberglass resin the box was formed.

imag2153

Below, the mounting bracket to hold the subwoofer was built into the enclosure.

imag2169

Below, formation of screen around the enclosure.

imag2170

Below,  the enclosure after several layers of resin.

imag2171

Below, Side view of the enclosure.

imag2172

Below, finished look of the sub enclosure

20161126_111226

Below, finished closeup of the subwoofer

20161126_111159

Subwoofer Power control

The CT Sounds AT-900 has a power/volume control that was mounted inside the center armrest console (below).  The location is ideal as it is not visible when the armrest is closed and does not interfere with the console interior.  Volume control of the subwoofer is toggled on and off from pushing the dial in.

imag2154

6.5-6.75 Footwell speakers

Modifying the stock Burmester “bass” speakers that are located in the driver and passenger foot-well’s was not done, however I have included a picture of their location below.  I am considering replacing these as well at a later time as needed (and if my wallet recovers)…

imag2161

imag2162

Match PP 82DSP and replacement with Helix V EIGHT DSP 

The installation of the Match PP 82DSP failed.  Two different units were used and in both instances the unit was unable to power up.   Helix (AudioTec Fisher) technical support (which was excellent) was used in both cases.  In my opinion the problem was that the modified harness used for the connection to the DSP was the cause with the unit being very sensitive in some manner .  The solution to our problem was to upgrade the unit to the V EIGHT DSP which has the same features but more power.

32

Sound configuration using  Configuration

Configuration of the sound was done using the Audiotec DSP tool.  This is a Microsoft Windows only application.  A mini usb cable is used to connect the Helix V EIGHT DSP to your laptop to utilize the tool.  I recommend purchasing a 10ft cable to enable you to sit in the driver seat and tune the sound from your driving location.  With the PC-Tool you are able to control the sound level, filter, crossover and equalization and timing of EACH speaker, AMAZING.  I recommend locating the ATF_Sound_Tuning_Magazine-DSP guides (4 of them) that cover how to use the tool to tailor the sound to your liking.33

 

 

 

Certification of CA Identity Manager Groups with CA Governance Minder

18 Oct

CA Governance Minder and Identity Minder integration supports certification of provisioning roles of Identity Minder.  This article will provide a method of using CA Governance Minder’s Pentaho Data Integration (PDI) utility to import CA Identity Minder groups for certification in CA Governance Minder.

Conversion Process:

On IdM import, users and provisioning roles are returned from IdM to GM

The PDI utility is executed post import and accomplishes the following:

  • Removes the user to provisioning role relationship by deleting all provisioning roles in the GM universe.
  • Connects to the IdM LDAP user store, retrieves IdM groups and creates the IdM groups as roles in the GM universe.
  • Assigns the GM users to the groups based upon a custom multi-valued LDAP user attribute that exists on each user that represents the membership of user to group.
  • After the above is finished, accomplishes the same on the GM model universe.

Pentaho Script

The PDI attached to this article demonstrates the user of integration between CA GM and IdM using Pentaho using the following Pentaho techniques:

  • Uses GM PDI processes to access GM resources.
  • Uses PDI LDAP processes to retrieve IdM users and groups from the user store
  • Performs transformations and validations on IdM information retrieved including parsing of LDAP DN’s, data validation, filtering, and merging.

The following link contains the Pentaho script that accomplishes the above tasks:

http://www.mediafire.com/file/2e4iuu9ug1bieay/Scrub.zip

 

 

CA Governance Minder 12.6.3 on Linux/WebSphere/Oracle

16 Sep

Supported OS

Red Hat Enterprise Linux version 5.x ,6.x Architecture   64-bit

Supported Application Servers

IBM WebSphere ND (on RHEL only) ver 7.0 JDK · 1.6.0 (JDK version is IBM JDK that comes with Web Sphere version)

IBM WebSphere ND (on RHEL only) ver 8.5.5 JDK · 1.6.0, 1.7.x (JDK version is IBM JDK)

GM Installation

Governance Minder requires a Linux/Windows host for the J2EE container. In this environment GM will be installed on a WebSphere 8.5.5.5 Cluster. The backend database used is an Oracle 12C database server.

To begin the installation of the GM WebSphere environment you will need to install the Government Minder binaries. The install files can be downloaded from CA at www.ca.com or copied from the development server at CMS.

Pre-Requisites

Open Ports

netstat -an -o |grep “1098 1099 1577 4026 4444 4445 4446 5001 8009 8080 8083 8093 8094 9092”

If no results are returned good, if results are found. Use netstat –an –o –b to locate, you must redirect traffic from these ports prior to GM install

Create databases

Done – The dbutil utility in can be used to create the databases prior to install, this will not be used

JDK deployment

Install JDK 1.6.45

mkdir /opt/CA/

chmod 775 /opt/CA/

copy jdk-6u45-linux-x64.bin to /opt/CA/

cd /opt/CA/

chmod 775 jdk-6u45-linux-x64.bin

./jdk-6u45-linux-x64.bin

rm –f jdk-6u45-linux-x64.bin

echo export JAVA_HOME=/opt/CA/jdk1.6.0_45 > /etc/profile.d/jdk.sh

vi /etc/profile.d/jdk.sh

Add the following:

export PATH=$JAVA_HOME/bin:$PATH

Save and exit

Start a new shell and verify that your JAVA_HOME variable is set and your PATH is mapped to the JDK

java –version will return

Java(TM) SE Runtime Environment (build 1.6.0_45-b06)

Java HotSpot(TM) 64-Bit Server VM (build 20.45-b01, mixed mode)

Configure JAVA alternatives

This is to be used if there are multiple JDK’s on the system

/usr/sbin/alternatives –install /usr/bin/java java /usr/java/jdk1.6.0_45/bin/java 1500

/usr/sbin/alternatives –config java

Output:

[root@e48v111v bin]# /usr/sbin/alternatives –config java

You may see the following if there are 2 programs which provide ‘java’.

Selection   Command

———————————————–

*+ 1           /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/java

   2           /usr/java/jdk1.6.0_45/bin/java

Enter to keep the current selection[+], or type selection number: 2

Select the new JDK (2) that was deployed

Verify JAVA version:

java –version

Should return java version 1.6.45 or above

Packages

The following packages must be installed

glibc-2.12-1.25.el6.i686.rpm

libX11-1.3-2.el6.i686.rpm

libxcb-1.5-1.el6.i686.rpm

libXtst-1.0.99.2-3.el6.i686.rpm

libXau-1.0.5-1.el6.i686.rpm

libXi-1.3-3.el6.i686.rpm

libXext-1.1-3.el6.i686.rpm

nss-softokn-freebl-3.12.9-3.el6.i686.rpm

dos2unix-3.1-37.el6.x86_64.rpm

Issue the following to install the required packages

yum install glibc-2.12-1.25.el6.i686 libX11-1.3-2.el6.i686 libxcb-1.5-1.el6.i686 libXtst-1.0.99.2-3.el6.i686 libXau-1.0.5-1.el6.i686 libXi-1.3-3.el6.i686 libXext-1.1-3.el6.i686 nss-softokn-freebl-3.12.9-3.el6.i686 dos2unix-3.1-37.el6.x86_64

Improve performance

rm /dev/random && mknod -m 644 /dev/random c 1 9

Output:

rm: remove character special file `/dev/random’? yes

Linux Environment Requirements

The install must be run as root

ulimit unlimited

umask 0022

Installation Instructions

mkdir /opt/CA/GM

chmod 775 /opt/CA/GM

cd /opt/CA/GM

The following files must be deployed in the /opt/CA/GM location

-rwxrwxr-x 1 root root   9944944 Aug 31 16:53 GEN06113240E.zip

-rwxrwxr-x 1 root root   22365919 Aug 31 16:53 GEN06113635E.zip

-rwxrwxr-x 1 root root   6508285 Aug 31 16:53 GEN06113840E.zip

-rwxrwxr-x 1 root root   7685405 Aug 31 16:53 GEN06114031E.zip

-rwxrwxr-x 1 root root 144821579 Aug 31 16:53 GEN06114144E.zip

-rwxrwxr-x 1 root root   21467559 Aug 31 16:53 GEN06114251E.zip

-rwxrwxr-x 1 root root   98058816 Aug 31 16:53 GEN06114404E.zip

-rwxrwxr-x 1 root root 128941761 Aug 31 16:53 GEN06114535E.zip

-rwxrwxr-x 1 root root 297298511 Aug 31 16:53 GEN06115951E.zip

-rwxrwxr-x 1 root root 293004965 Aug 31 16:53 GEN06120054E.zip

-rwxrwxr-x 1 root root   60494416 Aug 31 16:53 GEN06120210E.zip

-rwxrwxr-x 1 root root   2494281 Aug 31 16:53 GEN06120406E.zip

-rwxrwxr-x 1 root root   77711630 Aug 31 16:53 GEN06120508E.zip

-rwxrwxr-x 1 root root 246255121 Aug 31 16:53 GEN06120611E.zip

-rwxrwxr-x 1 root root     502996 Aug 31 16:53 GEN06121000E.zip

-rwxrwxr-x 1 root root     263826 Aug 31 16:53 GEN06120813E.zip

-rwxrwxr-x 1 root root 1020551602 Aug 31 16:53 GEN06120717E.zip

unzip ‘*.zip’

chmod 775 *

unzip CA-IdentityGovernance-12.6.03-Installer.zip

chmod 777 InstCAIdentityGovernance.bin

Run installer

./InstCAIdentityGovernance.bin

GM01

GM02

GM03

GM04

GM05

GM06

GM07

GM08

GM09

GM10

GM11

GM12

GM13

GM14/

Deploying Governance Minder on WebSphere

Oracle changes for JMS

This procedure describes how to create database users to synchronize Java Messaging Service (JMS) topics. Have the Oracle DBA’s issue the following as the system user, examine notes for complete privileges:

create user gvmBus identified by PASSWORD;

create user wpBus identified by PASSWORD;

grant select on pending_trans$ to gvmBus;

grant select on dba_2pc_pending to gvmBus;

grant select on dba_pending_transactions to gvmBus;

grant execute on dbms_xa to gvmBus;

grant select on pending_trans$ to wpBus;

grant select on dba_2pc_pending to wpBus;

grant select on dba_pending_transactions to wpBus;

grant execute on dbms_xa to wpBus;

commit;

Note:   The following specific privileges were used

GRANT CMS_CONNECT TO GVMBUS;

GRANT CMS_RESOURCE TO GVMBUS;

GRANT CONNECT TO GVMBUS;

GRANT GVMBUS_XA_ROLE TO GVMBUS;

GRANT RESOURCE TO GVMBUS;

ALTER USER GVMBUS DEFAULT ROLE ALL;

GRANT UNLIMITED TABLESPACE TO GVMBUS;

GRANT CMS_CONNECT TO WPBUS;

GRANT CMS_RESOURCE TO WPBUS;

GRANT CONNECT TO WPBUS;

GRANT RESOURCE TO WPBUS;

ALTER USER WPBUS DEFAULT ROLE ALL;

GRANT UNLIMITED TABLESPACE TO WPBUS;

Note:    The passwords for these users are the ones used in dataSources.py

Note:   The following privileges work to provide sufficient access

grant all privileges to gvmBus;

grant all privileges to wpBus;

Note:    The following privileges were not sufficient to start the GM Server

GRANT CREATE SESSION TO gvmBus WITH ADMIN OPTION;

GRANT CREATE SESSION TO wpBus WITH ADMIN OPTION;

Note:   The GVM_WorkPoint used in the commands below is based upon the WorkPoint schema name used in the GM GUI install steps previously

Hazelcast

This procedure describes how to configure Hazelcast. Hazelcast is an open source clustering and highly scalable Java data distribution operating environment that CA GovernanceMinder uses.

For the CA GovernanceMinder cluster integration, edit the hazelcast.xml file to adjust the Hazelcast lock mechanism. The Hazelcast.xml file is located in the eurekify.war file. Follow the following steps to modify the hazelcast.xml file.

mkdir /tmp/hazelcast

chmod 777 /tmp/hazelcast

cd /tmp/hazelcast

cp /opt/CA/GovernanceMinder/Server/rcm-websphere/eurekify.ear .

mv /opt/CA/GovernanceMinder/Server/rcm-websphere/eurekify.ear /opt/CA/GovernanceMinder/Server/rcm-websphere/eurekefy.ear.orig

jar xvf eurekify.ear eurekify.war

jar xvf eurekify.war WEB-INF/classes/hazelcast.xml

Note: If this is a multi server/clustered/federated configuration and only one the servers is available at the time of the install do not attempt to use both servers in the hazelcast.xml, this is unsupported

vi /tmp/hazelcast/WEB-INF/classes/hazelcast.xml

Change the group stanza password to be the WebSphere password, this needs to match the WAS Security you have setup, if there is no security setup, use the default values

<group>

<name>GM_WAS</name>

<password>PASSWORD</password>

</group>

Change the interfaces to include all servers in your WebSphere cluster

<tcp-ip enabled=”true”>

<interface>SHORTNAMEOFSERVER</interface>

</tcp-ip>

Recreate and place the modified .ear back in place

cd /tmp/hazelcast

jar uvf eurekify.war WEB-INF/classes/hazelcast.xml

jar uvf eurekify.ear eurekify.war

mv eurekify.ear /opt/CA/GovernanceMinder/Server/rcm-websphere

Review Python file parameters

vi /opt/CA/GovernanceMinder/Server/rcm-websphere/WAS-Scripts/dataSources.py

The password used was PASSWORD, so the four “db_pw” variables should have the install password.

Modify the gvmBus and wpBus user and passwords to match the user and passwords that were sent to the Oracle DBA’s in the previous steps

Set up the CA GovernanceMinder and Workpoint clusters.

Update the Custer Name and Server names in the gvmDefaults.py, the top 5 lines and bottom 2 are where modifications need to be made.

vi /opt/CA/GovernanceMinder/Server/rcm-websphere/WAS-Scripts/gvmDefaults.py

Top five Lines

Workpoint_Cluster_Name = “EUA-WP”

Workpoint_Server_Name_Format = “EUA-WP-S%d”

Workpoint_BusName = “wpBus”

Gvm_Cluster_Name = “EUA-GM”

Gvm_Server_Name_Format = “EUA-GM-S%d”

Bottom two lines, comment out the similar two lines with a # before

msJTDSdriverFullPath = “${WAS_INSTALL_ROOT}”+os.sep+essentialsDirName+os.sep+”JDBC”+os.sep+”jtds-1.2.jar”

ORACLEdriverFullPath = “${WAS_INSTALL_ROOT}”+os.sep+essentialsDirName+os.sep+”JDBC”+os.sep+”ojdbc6.jar”

Set up CA GovernanceMinder and setup CA GovernanceMinder and Workpoint Clusters

cd /opt/CA/GovernanceMinder/Server/rcm-websphere/WAS-Scripts

umask 0022

./DeployGVM.sh /opt/IBM/WebSphere/AppServer/bin/ >> deploy.log &

Note: The WebSphere directory to be used is the root directory of the application server and not the node or cluster locations of the wsadmin.sh script

Note: use tail –f deploy.log to examine log the last two commands should copy statements

Configure the CA GovernanceMinder folder

cd /opt/CA/GovernanceMinder/Server/rcm-websphere/WAS-Scripts

/opt/IBM/WebSphere/AppServer/bin/wsadmin.sh -lang jython -f setupEssentials.py >> setup.log &

This needs to be accomplished on each cluster server in a federated/cluster configuration. On each of the servers, repeat the following

cd /opt/CA

tar zcvf GMCluster.tar.gz GovernanceMinder/

copy the GMCluster.tar.gz to the other cluster members

On the other cluster members as root

ulimit unlimited

umask 0022

mkdir /opt/CA

chmod 775 /opt/CA

cd /opt/CA

cp GMCluster.tar.gz to this location

tar zxvf GMCluster.tar.gz

cd /opt/CA/GovernanceMinder/Server/rcm-websphere/WAS-Scripts

/opt/IBM/WebSphere/EntAppServer85-64/appServerbin/wsadmin.sh -lang jython -f setupEssentials.py

WebSphere Changes

Add JDBC provider

cp /oracle/product/12.1.0/db1/jdbc/lib/ojdbc6.jar /opt/IBM/WebSphere/AppServer/essentials/JDBC

Note:  The above assumes Oracle was installed on this machine and the database used was db1

Core Groups

Servers / Core groups / Core group bridge settings / Access point groups / DefaultAccessPointGroup / Core group access points

GM15

Select the core group and Show Detail, Select Bridge Interfaces, New

Select each of the Bridge interfaces (do this 4 times) listed in drop down and apply

GM16

Review changes and sync, the final list should look like this

GM17

Configure JDBC drivers and data sources on the WorkPoint cluster

This procedure describes how you install Oracle JDBC drivers and data sources on the WorkPoint cluster. Follow these steps for each of the JDBC providers, there will be six.

Resources / JDBC / JDBC Providers – The list should like this

GM18

Select each of the Oracle providers above

GM19

Select the Oracle11g Data provider for each

GM20

Review and synchronize changes for this provider, these steps should be done seven times total.

WebSphere Virtual Host Configuration

In Servers \ WebSphere Application Servers \ Application servers > EUA-GM-S1 > Ports

The WC_defaulthost is mapped to a port locate this value and that same port needs to be listed in Environment \ Virtual Hosts \ Default_host \ Host Alias

GM21

Restart Environment

/opt/IBM/WebSphere/AppServer/bin/stopManager.sh

/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin/stopNode.sh

/opt/IBM/WebSphere/AppServer/bin/startManager.sh

/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin/startNode.sh

JDBC Connection Verification

Verify the ojdbc6.jar is located in the WAS_install_root/essentials/JDBC/

Verify each of the JDBC resources by testing the connection in Resources \ JDBC \ DataSources

Select the following 6 and test connection

GM22

GM23

You need to receive a successful connection test for all 6

Start GM and WP applications

Servers / All Servers

GM24

Portal Verification

Verify each of the JDBC resources by testing the connection (has to wait until node is started)

This procedure describes how you verify a successful installation after you complete installing the product. When the CA GovernanceMinder installation is successful, you can access the CA GovernanceMinder Portal.

Follow these steps:

Select and start one server from the CA GovernanceMinder cluster, CA GovernanceMinder, and installed applications, including reports.

Review the started server logs and verify that no log errors exist.

Start all other servers in the CA GovernanceMinder cluster.

Review all the product cluster logs and verify that no errors exist in the logs.

You can access the Portal after a successful installation.

Open a browser and enter the following URL:

http://GM_Server_Name:9081/eurekify/portal/login

Log in using the following default administration credentials:

Username: AD1\EAdmin

Password: eurekify

Creating a Web Services Connector for CA IdM using the CA API Gateway

23 Jun

Layer 7 Policy Manager

User:     admin

Password: 7layer

Gateway: server.customer.com

00

Project – Alias Wire Create User

Project view of Alias Wire Create User with list of assertions

01

SOAPUi request that AliasWire is expecting

This is what the AliasWire Web Service is expecting as a request to create the user

<env:Envelope xmlns:env=”http://schemas.xmlsoap.org/soap/envelope/”&gt;

   <env:Header>

     <wsse:Security env:mustUnderstand=”1″ xmlns:wsse=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd”&gt;

         <wsse:UsernameToken wsu:Id=”UsernameToken-3″ xmlns:wsu=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd”&gt;

           <wsse:Username>wsuser@customer.com</wsse:Username>

           <wsse:Password Type=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest”>DTN8fmbjl1DD/ICKY78wvOYsYNc=</wsse:Password&gt;

           <wsse:Nonce EncodingType=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary”>eN3hmjkJwj+BGvbU6zmpGg==</wsse:Nonce&gt;

           <wsu:Created>2015-06-18T16:36:22.166Z</wsu:Created>

         </wsse:UsernameToken>

         <hashKey xmlns=”http://www.aliaswire.com/common”>hashkey</hashKey&gt;

     </wsse:Security>

   </env:Header>

   <env:Body>

     <ns1:createUser xmlns:ns1=”http://www.aliaswire.com/directbiller/cp/billeradmin”&gt;

         <user>

           <partnerBillerId>999999</partnerBillerId>

           <displayName>user123</displayName>

           <partnerUniqueId>1719dcd7ef8e26f4e053e490ae0a3bqw</partnerUniqueId>

           <role>CSR</role>

           <fname>firstname</fname>

           <lname>lastname</lname>

           <email>first.last@customer.com</email>

           <phone>8599998584</phone>

         </user>

     </ns1:createUser>

   </env:Body>

</env:Envelope>

Project Logic and flow using assertions

02

#9 – All assertions must evaluate to true – Captures details of the request and response for auditing purposes

#25 – At least one assertion must evaluate to true – Determines the incoming request type

#26 – All assertions must evaluate to true – Returns a hard coded list of SCIM functions

(This is an XML list of SCIM functions)

#34 – All assertions must evaluate to true – Provide Schema

(This is an XML list of SCIM attribute/group attribute definitions)

#34 – All asserstions must evaluate to true – If the request is a POST of the user information from IdM, locate the attribute values and submit them to AliasWire

#55 – All assertions must evaluate to true – if the IdM request is a GET with user information, return the same information back to IdM to resolve errors returned from PM tool when it searches for user after a creation. Note: At this this time, this is a workaround as there is not a search function available at AliasWire.

Auditing

The following statements will capture and send information to the CA API PM logs which can be accessed by using the View / Gateway Audit Events action from the CAP API Gateway – Policy Manager

03

Add Security Token Assertion

04

The username and password were taken from the SOAPUi , Project, Project View, WS Security Configurations

User: wsuser@customer.com

Password: xxR7fUd3W6664Y6TVMxO9w==

05

Configure WS-Security Decoration assertion

0607

0809

Apply WS-Security Assertion

10

Evaluate Regular expression – Insert hash key before end of wsse:Security

The following regular expression is used to insert the constant hash key which needs to be part of the security header for the request to AliasWire the hash key is:<hashKey xmlns=”http://www.aliaswire.com/common”>hashkey</hashKey&gt; and is constant and required with every message

11

Evaluate Regular expression – Validate URI

For each of the attributes received it is necessary to locate the attribute in the JSON message and place it into a variable to be used in the final submission

The regular expression: .*\<Phone\>(.*)\</P.*

Locates the <Phone> attribute, captures the data value (.*) until the end of the attribute \</P.* and places it in the context variable “phone” to be used at the X step

12

Context Variable –createnewUser

This uses the variables captured in the Evaluate Regular expression – Validate URI expressions and uses the variables to create the final message. Each of the variables: partnerBillerId, displayName, partnerUniqueId, role, firstName, lname, email and phone are used

13

Apply JSON Transformation

14

Successful SOAP message to AliasWire

<env:Envelope xmlns:env=”http://schemas.xmlsoap.org/soap/envelope/”>   <env:Header>     <wsse:Security env:mustUnderstand=”1″ xmlns:wsse=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd”>         <wsse:UsernameToken wsu:Id=”UsernameToken-3″ xmlns:wsu=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd”>           <wsse:Username>wsuser@customer.com</wsse:Username>           <wsse:Password Type=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest”>DTN8fmbjl1DD/ICKY78wvOYsYNc=</wsse:Password>           <wsse:Nonce EncodingType=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary”>eN3hmjkJwj+BGvbU6zmpGg==</wsse:Nonce>           <wsu:Created>2015-06-18T16:36:22.166Z</wsu:Created>         </wsse:UsernameToken>         <hashKey xmlns=”http://www.aliaswire.com/common”>hashkey</hashKey>     </wsse:Security>   </env:Header>   <env:Body>     <ns1:createUser xmlns:ns1=”http://www.aliaswire.com/directbiller/cp/billeradmin”>         <user>           <partnerBillerId>999999</partnerBillerId>           <displayName>marijatbs123</displayName>           <partnerUniqueId>1719dcd7ef8e26f4e053e490ae0a3bqw</partnerUniqueId>           <role>CSR</role>           <fname>first</fname>           <lname>last</lname>           <email>first.last@customer.com</email>           <phone>8584999984</phone>         </user>     </ns1:createUser>   </env:Body></env:Envelope>

Certificate Configuration

The Layer7 certificate needs to be imported into CA Connector Server

From the CA API Gateway Policy Manager GUI

Tasks / Manage Private Keys

15

Double click the certificate, view certificate, export, and save

16

Upload Certificate into CA Connector Server

Url: http://server:20080

Username: admin

Password: Password

171819

Connector Express – Deploy AliasWire Connector

Start Connector Express and connect

Open Provisioning Servers on the R pane and select 10.170.110.9 you will be prompted

Username: idmadmin

Password: Password

20

Create AliasWire Connector from Web Services – Layer 7

Using the Web Services – Layer7 endpoint as a project sample, open the im domain, open Endpoint Types and select the “Web Services – Layer 7” connector and R click and select Create project

Create New Project

21

Select No Source and OK

22

** Very Important **

Rename Web Services – Layer 7 to your new project name, this documented sample will be AliasWireSample. This prevents overwriting the existing project

Use Project / Save As and save with the new name (this sample was called AliasWireSample)

23

Classes

Remove all classes except for Endpoint and User Account

Before

24

After

25

Modify User Account class

The existing attribute list needs to be modified to just support what AliasWire is expecting

Original list

26

Remove all attributes by selecting attributes and when the list is displayed modify to just list the following: User Name, FirstName, LastName, User Display Name, Id, External Id, Emails, Role and Phone Number

You accomplish this be removing the values in the R pane in the Maps to: column

27

Modify Attribute values

First Name – change name to fname

28

Last Name – change to lname

29

User Display Name – change to displayName, set the Required checkbox

30

Id – Set name to partnerBillerId, Set the required, create, read and modify checkboxes, set the default value to 999999

31

Additionally set the Acccount Template Value by Rule string to %UCU01%

32

ExternalId – set name to partnerUniqueId, , Set the required, create, read and modify checkboxes, set the min and max length to 20

33

Additionally set the Acccount Template Value by Rule string to %UCU02%

34

Modify the emails and Role attributes by selecting the Attributes value in th L column, select each and remove the multivalued checkbox and set the data type to string

35

Rename Roles to Role

Rename emails to email

Rename Phone Number to phone

36

Change Phone Number to Phone

37

Modify Account Screens

Select account screens in the list

Remove all screens except for Users, by selecting the box and –

38

Remove the Organization and User Information sub screens as well and produce a list that looks as follows:

39

Open Containers, select groups and remove the Groups container

Before

40

After

41

Save Project

Select Project / Save

Deploy Endpoint

R click on Endpoint types and select eh Create new Endpoint Type

42

Select OK

43

Success. OK

44

Select your new AliasWireSample in the endpoint list, and select deploy metadata

45

Select Yes

46

You have deployed your new connector

47

Provision Management Create Endpoint

Connect to the Provisioning Manager

Start the CA Provisioning Manger Utility

48

User name: idmadmin

Password: Password

Creating new AliasWire Endpoint

Select Endpoints on the upper bar, in object type select the endpoint of AliasWire

49

Select ‘New’ to the R of AliasWire

5051

Endpoint name:                                AliasWire

Endpoint name:                                AliasWire

User name:        admin

Password:           7layer

Base URL:            https://server:8443/v1/caim

Notes: The user name and password are required and are the CA API Gate (CA API GATEWAY) user name and password

The Base URL was/can through errors regarding the certificate which must be exported from CA API GATEWAY and imported into the CA keystore. The use of a shortname was needed rather than the FQDN of the server because the certificate generated and used was using the short name

52

Explore and Correlating and creating an account on AliasWire

R click on AliasWire and select Explore and Correlate

53

Select AliasWire in L Pane (it must not be grey and look like above, for Action select ‘Explore endpoint for managed objects’ and select Start

The result will be the following dialog

54

The Error above is expected and is a result the AliasWire endpoint not having a search ability (at present only a CreateUser function is available) to locate an users, however what we want to occur is the that it was able to retrieve scheme (Operation detail count in yellow), click OK and done.

Now R click on AliasWire and select content, select Accounts in the L pane and New in the create new content box

55

Create the user

56

You will find that:

  • Fields are required to be filled out
  • A default parterBillerId of 999999 was placed
  • The partnerUniqueId requires exactly 20 characters

57

  • The email must be formatted correctly (containing @ symbol)

Or errors are returned

Select OK to create user

58

Test user was created

Role Definition Generator

It is necessary to run the roledefgenerator.bat utility on the endpoint to generate the OSGI (.jar) bundle for import into the IdM management console to work with connector from the IdM application server (Web Ui).

Locate the completed connector in Connector Express

These steps need to occur after the connector has been deployed so verify that the connector exists and what its name is in Connector Express.

59

Run the Role Definition utility from the command line from the provisioning/connector server

6061

The password is: Password

The result should be a .jar file with the connector name that can be used for import.

62

Notes: We encountered several issues with modification of the OOB Web Services – CA API GATEWAY connector that was used as a the base project for our new connector. The key part was that we removed many of the classes and later realized that they were mapped to other areas within Connector Express which resulted in errors when using roledefgenerator.bat. We had success by modifying the connector as little as possible, essentially just the account class and the user screens.

Import of the AliasWire .jar into the IdM Application server

On the IdM application server you need to place the .jar bundle generated by roledefgenerator in the deployment directory of the application server.

63

Use the management console to deploy the connector

http:// ssopoc11.customer.com:88/iam/immange

64

User: idmadmin

Password: Password

Import the connector

Select Environment \ CustomerEnvironmentPOC \ Roles and Task Settings \ Import

Select the new connector check box and finish

65

When the import is completed, restart the application server

Your new endpoint is deployed and usable in both the IdM Web Ui and with the Windows PM GUI tool

Congradulations!

CENTOS 6 and AMD A10-6800K Build – Graphics, Overclock and Monitoring

14 Jul

Purpose:  As a builder I wanted to create a CentOS 6 server using a AMD A10-6800K processor, and setup KVM virtualization to host several virtualized OS’s for several purposes.

Build:  Silverstone TJ08B-E, AMD a10-6800K, ASRock FM2A75 PRO4-M, Corsair 32Gb 1600 CMZ32GX3M4X1600C10, Cooler Mater Hyper 212 EVO, Corsair 430W CX430, 2x Seagate Baracuda ST2000DM001, LiteON IHAS124-04 CD/DVD

# Base CentOS install, patching after installing CentOS from the Live CD
yum update
reboot

# Elrepro repository for additional packages
rpm -Uvh http://elrepo.org/elrepo-release-6-5.el6.elrepo.noarch.rpm
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
sudo rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm
vi /etc/yum.repos.d/remi.repo
#  Modify [remi] portion change enabled option to 1

# Radeon Graphics driver required libraries
yum install kernel-devel kernel-sources kernel-headers gcc gcc-c++ libgcc glibc glibc-devel glib2 glib2-devel libstdc++ libstdc++-devel

# Download and install the Radeon Driver
http://support.amd.com/us/gpudownload/linux/Pages/radeon_linux.aspx
Select install driver and automatic
You will be asked to reboot on completion, accept

#  Testing Graphic driver utilities
glxgears
fgl_glxgears

# To remove ATI graphics driver
/usr/share/ati/fglrx-uninstall.sh

# System monitor gkrellm
yum install gkrellm

# Setup of monitoring tools
yum install lm-sensors
yes “” | sensors-detect
# create a directory to build a kernel module
# download all of the files from https://github.com/groeck/nct6775 to this directory
# you may need to modify the Makefile KERNEL_BUILD paramter to pont to your kernel such as
# KERNEL_BUILD   := /usr/src/kernels/$(TARGET)
make
make install
# Test module build
modprobe nct6775
sensors
#  This should now show your CPU and FAN stats

# Create file /etc/sysconfig/modules/lm-sensors.modules permissions 755
#!/bin/sh
modprobe nct6775 >/dev/null 2>&1
exit 0

# Go into gkrellm configuration / built ins / Sensors
#  your temp, fan, and voltages can be selected based on output from sensors

#  System Stability Tester to load the OS and test stability
http://sourceforge.net/projects/systester/files/systester/1.4.0/systester-1.4.2-linux-amd64.tar.gz/download
gunzip systester-1.4.2-linux-amd64.tar.gz
tar xvf systester-1.4.2-linux-amd64.tar
cd systester-1.4.2-linux-amd64
systester

Conclusion: You can now run systester to load the CPU and monitor CPU temps with the gkrellm GUI to show CPU and Fan temps and speeds.  I have a OC’d system running at 4.6Ghz with a CPU voltage of 1.43, at rest temp 32.5C, load temp 53C

4.6_At_Rest 4.6_At_Stress 4.6_Stress_Complete

WorkPoint Designer fails to log in (WebLogic)

2 Nov

Configuration of the WorkPoint Designer needs a few adjustments to get allow it to work.  Otherwise the WorkPoint Designer will start but will have CORBA.NO_PERMISSION: errors in your log.

Workflow Designer install
cp /opt/Oracle/Middleware/wlserver_10.3/server/lib/wlclient.jar /opt/CA/IdentityManager/IAM_Suite/IdentityManager/tools/Workpoint/lib
vi /opt/CA/IdentityManager/IAM_Suite/IdentityManager/tools/Workpoint/bin/init.sh
uncomment the line # EJB_CLASSPATH=../lib/wlclient.jar

vi /opt/CA/IdentityManager/IAM_Suite/IdentityManager/tools/Workpoint/conf/workpoint-client.properties
uncomment the following lines
java.naming.factory.initial=weblogic.jndi.WLInitialContextFactory
java.naming.provider.url=t3://localhost:7001
java.naming.security.principal=workpoint
Change this line
java.naming.security.credentials=workpoint!

In the Weblogic console
IPPS-A / Security Realms / myrealm
Select users and groups and create a new user
name:  workpoint
password: workpoint!

Restart the Weblogic server
/opt/Oracle/Middleware/user_projects/domains/IPPSA/stopWebLogic.sh
/opt/Oracle/Middleware/user_projects/domains/IPPSA/startWebLogic.sh

Start the Workpoint Designer
/opt/CA/IdentityManager/IAM_Suite/IdentityManager/tools/Workpoint/bin/Designer.sh
You can use the default user without password

CA Identity Minder Report Server Installation

16 Oct

The report server is highly sensitive to the environment that is being used and the following was needed
to be completed prior to install.

  • Update standard packages: yum update

You IP configuration must be fixed, you need to have your FQDN and short name in your
/etc/hosts file such as:

  • 192.168.83.24   idm-report.domain.com      idm-report
  • 127.0.0.1               localhost.domain.com localhost

Ensure 32bit compatibility libraries are installed

  • yum install compat-libstdc++-33-3.2.3-61.i386

Create a user and group for the Report Server

  • groupadd cabi
  • useradd -g cabi -d /home/cabi -m cabi

SE Linux Firewall port exception: 6400, 3306, 6410, 8080, 8443, 8005
As root (required) Run a terminal session

  • export LANG=en_US.utf8
  • export LC_ALL=en_US.utf8

./cabinstall.sh on the CD Rom Drive (in terminal)

  • System or User Install:    2 – System
  • MySQL Database Info:  User Id: sa

In a new terminal window

  • su – cabi
  • /opt/CA/SharedComponents/CommonReporting3/bobje/stopservers (errors)

In old terminal window (as root)

  • cd /tmp
  • grep makeccvt /var/log/audit/audit.log | audit2allow -M postgreylocal
  • semodule -i postgreylocal.pp
  • grep mozjsshell /var/log/audit/audit.log | audit2allow -M postgreylocal
  • semodule -i postgreylocal.pp

In terminal window as cabi

  • /opt/CA/SharedComponents/CommonReporting3/bobje/stopserver
  • /opt/CA/SharedComponents/CommonReporting3/bobje/startservers

Verify Install is successful

Install Service Pack 5

  • Logout of any session and relogin after install
  • ./biekpatch

Server initialization Scripts:

  • /opt/CA/SharedComponents/CommonReporting3/bobje/init/setupinit.sh

Reboot server
In terminal window as cabi

  • /opt/CA/SharedComponents/CommonReporting3/bobje/startservers

Verify that patch has been done