Configuring the Access Management exit

To enable an Access Management exit, set the uconf parameters described in this topic.

  1. From the Administration pane in the graphical user interface, select Unified Configuration. The Unified Configuration window is displayed.
  2. Double-click in a Unified Configuration window field to begin editing parameters.
  3. Configure the AM exit using the parameters in the following table.
  4. Access Management exit parameters
Parameter Value Description
am.exit.libpath   The absolute path of the dynamic library.
am.exit.check_login Yes/No Indicate if the login must be checked through the AM exit.
am.exit.check_permissions Yes/No Indicate if permissions must be checked though the AM exit.
am.exit.custom.tracelevel.value Default: 1

Trace level where:

  • 1=ERR
  • 2=WRN
  • 3=INF
am.exit.custom.rbac_fname.value   Path to the RBAC flat file used by the Access Management exit sample.
am.exit.custom.ldap_host.value   LDAP server hostname/IP address that is used by the Access Management exit sample.
am.exit.custom.ldap_port.value   LDAP server port that is used by the Access Management exit sample.
Note When the AM exit is enabled these conditions apply:
    • uconf:am.exit.check_login=no: the native authentication procedure is still performed
    • uconf:am.exit.check_permissions=No: all privileges are granted for the current user
  1. Set the type parameter:  am.type = [none] | cft | passport | exit
Value Definition
none No access management control is performed
cft Use traditional Transfer CFT management controlled by SECUTIL
passport Use PassPort AM server to manage accesses
exit Use AM exit to manage accesses
  1. Important: Remember that the am.type is the last parameter to set when activating an AM exit and the first to unset when deactivating it.
  2. Restart the Transfer CFT server and Transfer CFT GUI (Copilot) server.

Example Access Management exit configuration

  1. Using command line set the am.type to none.
  2. CFTUTIL UCONFSET ID=am.type, VALUE=none
  3. Configure the library location and the Access Management exit usage.
  4. CFTUTIL UCONFSET ID=am.exit.libpath, VALUE=<location_of_dynamic_library>
  5. CFTUTIL UCONFSET ID=am.exit.check_login, VALUE=Yes
  6. CFTUTIL UCONFSET ID=am.exit.check_permissions, VALUE=Yes
  7. Enable the Access Management exit.
  8. CFTUTIL UCONFSET ID=am.type, VALUE=exit

Related topics

About Access Management exits

Related Links