CA API Gateway 9.1

9.4 9.1

Resolve External Dependencies Wizard

The Resolve External Dependencies Wizard lets you manually reconcile the following from an imported policy:
gateway90
The Resolve External Dependencies Wizard lets you manually reconcile the following from an imported policy:
  • Custom assertions
  • Identity providers
  • JDBC connections
  • JMS routing endpoints
  • Policy fragments
  • Private keys
  • CA Single Sign-On configurations
  • Trusted certificates
  • XML schemas
This wizard appears when Policy Manager is unable to automatically reconcile these elements during import. 
The steps that appear in this wizard depend on the elements that require manual reconciliation; the steps shown in the above figure are just an example. The table below describes all the external dependencies that can be resolved by this wizard.
Note that you can click [
Cancel
] at any time to cancel the importing of the policy.
Dependency
Description
Unknown custom assertion
The incoming policy contains one or more custom assertions that are not configured in the target policy is listed. Choose a solution:
  • Remove the unknown assertion from the import.
  • Ignore the error and import the assertions as-is.
Unresolved global resource
The incoming policy contains assertions that reference an unresolved global resource. The missing global resource details are displayed. Choose a solution:
  • Remove the assertions from the policy that refer to the missing global resource.
  • Ignore the error and import the assertions as-is.
  • Click [
    Add Global Resource
    ] to manually add the missing global resource to the Policy Manager. Complete the Edit Global Resource dialog.
Unknown identity provider
The incoming policy contains assertions referring an identity provider that is unknown in the target policy. Details of the identity provider are displayed. Choose a solution:
  • Select a local identity provider to substitute for the imported identity provider. This option is available only when there is another identity provider of the same type to choose.
  • Remove the assertions from the policy that refer to the missing identity provider
  • Ignore the error and import the assertions as-is
  • Click [
    Create a new Identity Provider
    ] to configure a new identity provider. Use the details displayed to assist you, if necessary. Complete the Federated Identity Provider Wizard or LDAP Identity Provider Wizard that appears.
  • Exit the wizard and edit an existing identity provider so that its properties match the imported identity provider. Repeat the import process and then choose the first option in the wizard ("Change assertions to use this identity provider").
When creating or editing an identity provider, consult the properties values of the imported identity provider found in the imported policy XML file. Open the file in a text editor and note the values in the "<exp:References>" parameter. Policies displayed under Policy Templates can be found in the ".l7tech\policy.templates" directory.
Unresolved JDBC connections
The incoming policy contains a JDBC connection that cannot be resolved in the target policy. The name of the missing JDBC connection is displayed. Choose a solution:
  • Select another connection from the drop-down list.
  • Remove the assertions from the policy that refer to the missing connection.
  • Ignore the error and import the assertions as-is.
  • Click [
    Manage JDBC Connections
    ] to create a new JDBC connection. Complete the Manage JDBC Connections dialog.
Unresolved JMS routing endpoint
The incoming policy contains a Route via JMS assertion or JMS endpoints that cannot be resolved in the target policy. Details of the missing JMS endpoints are displayed. Choose a solution:
  • Change the assertions to use another JMS endpoint selected from the drop-down list. This option is available only when there is another JMS endpoint to choose.
  • Remove the assertions from the policy that refer to the missing endpoint.
  • Ignore the error and import the assertions as-is.
  • Click [
    Manage JMS Destinations
    ] to create a new JMS endpoint. Complete the Manage JMS Destinations dialog.
  • Exit the wizard and edit existing inbound/outbound queues to match the configuration of the imported queue references. Repeat the import process and then choose the first option in the wizard ("Change assertions to use this endpoint").
When creating or editing a JMS destination, consult the properties values of the imported queues found in the imported policy XML file. Open the file in a text editor and note the values in the "<exp:References>" parameter. Policies displayed under Policy Templates can be found in the ".l7tech\policy.templates" directory.
Unresolved policy fragments
The incoming policy contains a policy fragment that has the same name as an existing fragment, but has a different GUID. You are prompted to enter a new name for the incoming policy fragment.
If the incoming policy has the same GUID as an existing fragment but different contents, the Resolve External Dependencies Wizard does not appear. Instead, you are notified that the existing fragment will be used instead of the incoming fragment.
Unresolved private keys
The incoming policy contain a private key that is not present in the target policy. Details of the missing key are displayed. Choose a solution:
  • Use default private key: Select this option to use the default SSL key for the target policy.
  • Use custom private key: Select this option to choose another private key from the drop-down list. You can click [
    Manage Private Keys
    ] to import or create new private keys or to view details for any key.
  • Remove all assertions from the incoming policy that refer to the missing private key.
  • Import the erroneous assertions without changes. You will need to correct this error later to prevent policy execution errors.
Unresolved CA Single Sign-On Configuration
The incoming policy contains assertions referencing a CA Single Sign-On configuration that does not exist in the target policy. The following missing CA Single Sign-On details are displayed:
Configuration Name
Hostname
Choose a solution:
  • Change the assertion to reference another CA Single Sign-On configuration that does exist in the policy.
  • Remove the assertions that refer to the missing configuration.
  • Ignore the error and import the assertions as-is.
  • Click [
    Create CA Single Sign-On Configuration
    ] to create a new CA Single Sign-On configuration.
Unresolved stored passwords
The incoming policy contains one or more assertions that refer to unknown stored (secure) passwords. The details for the unknown stored passwords are displayed. Choose an action:
  • Change the incoming assertions to use another stored password instead. Either choose a stored password from the drop-down list. If the password you require is not listed, click [
    Create Stored Passwords
    ] to define one now.
  • Remove all assertions from the incoming policy that refer to the missing stored password.
  • Import the erroneous assertions without changes. You will need to correct this error later to prevent policy validation errors.
Unresolved trusted certificate
The incoming policy contains one or more assertions that refer to unknown trusted certificates. The details for the unknown certificate are displayed. Choose an action:
  • Change the incoming assertions to use another trusted certificate instead. Either select a certificate listed and then click [
    Select a Certificate
    ] or click [
    Create a new certificate
    ] to create a new trusted certificate.
  • Remove all assertions from the incoming policy that refer to the missing trusted certificate.
  • Import the erroneous assertions without changes. You will need to correct this error later to prevent policy execution errors.
Unresolved XML schemas
The incoming policy contains assertions that refer to an unresolved external schema. Information about the missing external schema is shown. Choose an action:
  • Change the assertion to use another schema from the drop-down list. This option is not available if no other suitable schemas are available.
    If a target namespace is listed, then only schemas from that namespace are shown, otherwise all namespaces are shown. Ensure that the schema you choose is an appropriate schema to use as a replacement, as the wizard does not check for appropriateness.
  • Remove the Validate XML Schema assertions that reference the missing schema.
  • Ignore the error and import the assertions as-is. The wizard indicates whether the reference is currently valid or invalid (depending on schemas added using [Add External Schema]). If the reference is invalid, you will need to correct this error later to prevent policy execution errors.
  • Click [
    Add External Schema
    ] to add a new schema to the Gateway.
When the wizard is finished, the imported policy will appear in the policy development window.
If you chose "Import assertion as-is" in any wizard step, then the imported policy will contain validation errors. These errors must be corrected before the policy is used.

Content feedback and comments