Online Interceptor Logic

The Connector Online Interceptor detects, in real-time, RACF administration events that occur on the platform, and records them so that they can be reported to IdentityIQ. To accomplish this, the SMF record exit (IEFU83) is used to intercept every RACF command issued in the system, and transfer information regarding the commands to the Online Interceptor.

If password synchronization support is required, the Online Interceptor notifies IdentityIQ of password change events made by RACF accounts. To intercept password change events, RACF postinit exit ICHRIX02 and RACF new password exit ICHPWX01 are used. Both exits must be installed to intercept all password change events in the system.

When a system exit intercepts an event, it notifies the Online Interceptor started task via cross-memory services that the event has been intercepted. The Online Interceptor records the event in Connector for RACF datasets. The data are then reported to IdentityIQ by the Connector Notification Server (CD), via CTSGATE.

As long as the Online Interceptor is active in the system, RACF events and changes are recorded, even if the Connector for RACF is inactive. When the Connector for RACF is restarted, the recorded data are transmitted to IdentityIQ.

The processing flow of the Connector Online Interceptor is illustrated in the following flowchart.

The Connector Online Interceptor detects RACF events in one of the following manners:

When a RACF user changes his/her password during the logon process [1A], RACF calls exit ICHRIX02.
When RACF administrators issue an ALTUSER password command [1B], RACF calls exit ICHPWX01.
When RACF administrators issue a RACF command [1C], RACF writes an SMF record to log the command. When an SMF record is written, the system calls SMF exit IEFU83.

In any of these situations, the exit that intercepts the event passes the event to the Connector Online Interceptor via cross-memory services [2]. The Online Interceptor then writes the event to the Connector QUEUE dataset [3]. The Connector Notification Server (CD) reads the QUEUE dataset [4], gets the updated entity from RACF database, when needed [5] and transfers the event to the Connector for RACF [6] which transfers the event to the Connector Gateway [7] which passes it to IdentityIQ [8].

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

Online Interceptor Logic

Documentation Feedback