More than 30 IDM realisations in the Czech Republic and abroad

AMI Praha Reference IdM optimization and Midas connection

IdM optimization and Midas connection


The development of the CA Identity Manager (IdM) application for Raiffeisenbank a.s. continued in 2015.

Project goal

The first of the projects dealt with the processing of requirements related primarily to the optimization of existing processes and the reduction of time-consuming regularly running tasks.

The second project was the connection of the Midas application from Misys and the AS/400 application from IBM.

Project description

As more systems are connected, IdM increases the number of provisioning roles and their assignment to users, resulting in longer run times for daily synchronizations. To reduce the time, the following optimizations were implemented:

  • Migration of JMS queue from Hypersonic database to MSSQL
  • Reimplementation of the way policy sets are stored
  • Optimization of User Directory caching
  • Increasing the number of connections between the JBoss application server and the
  • Provisioning Server component
  • Parallelization of account synchronization on end applications

Other implemented requirements related to the optimization of operations and existing processes were mainly:

  • Historical audit data deletion, archiving setup, and automatic deletion (production database size reduced by more than 90%).
  • Need to approve the execution of data import from the HR system if the number of changes exceeds the maximum allowed.
  • Translation of environment and application names for end users in role requests.
    Enable bulk approval of workflow requests.
  • Ability to request clarification during approval by returning to the requester in all implemented workflows.
  • Improving the way the integration platform connector is logged.
  • New role for exporting provisioning roles and rules from IdM (compatible with the import tool).
  • New tool for bulk account validation changes on endpoint applications + account validation status report.
  • New tool to comprehensively cover requirements related to organizational structure change.

Connection of Midas and AS/400

The Midas banking system uses the IBM iSeries (AS/400) platform. In order to access the Midas application, the user needs to have established accounts in both systems.

The connection of the Midas application is again made via the integration platform (ESB). Since the Midas application can take a long time to process a request, the timeout on the integration platform has been increased to 120 seconds. Furthermore, there is a periodic timeout during which user account data cannot be manipulated. Read operations are performed in the normal way, with the exception that on the Midas side they are obtained from the cache, not from the primary data. Calls to the other operations return a warning, so the connector had to be designed to evaluate IdM operations as successful. On the Midas side, such a request is queued for later processing.

From the proposed methods of connecting the AS/400 system, an option was selected that uses a standard connector from the IdM vendor (CA Technologies). Communication is encrypted using SSL.

Unlike other applications connected so far, Midas does not address account validity. This is only monitored on the AS/400. Upon termination of employment, the accounts are removed from both systems.

Logic has been programmed in IdM to manage the role dependencies for both systems. For user convenience, when a Midas role request is approved, the corresponding AS/400 role is also assigned for the same period. Access extensions and removals behave similarly. Of course, other tools were customized to manage the entire lifecycle of roles and rules.

Another projects for the client

Are you interested in this reference?