Configuring an External Database to Store User History

Access Manager supports MySQL, Oracle, and Microsoft SQL Server databases for risk history.

In this Section

Configuring MySQL Database

Access Manager supports MySQL 8.0.30 and earlier.

IMPORTANT:If you are using SQL database and you are upgrading to Access Manager, you must run a utility to re-factor the database. This is to ensure that Access Manager and its associated products use the same naming convention.

  1. Unzip the RiskDBScripts.zip file. This file contains the script to extend the database and sample configuration files. The file is located at the following location:

    /opt/novell/rba-core/lib/webapp/WEB-INF/RiskDBScripts.zip

  2. On the MySQL server, run the following command to create database objects for risk-based authentication:

    mysql -h host -u username -p password netiq_risk_mssql_install.sql

  3. Download the JDBC connector for the MySQL database from MySQL.com.

  4. Copy the JDBC connector to /opt/novell/rba-core/lib/webapp/WEB-INF/lib/.

  5. Restart Identity Server.

Configuring Oracle Database

  1. Unzip the RiskDBScripts.zip file. This file contains the script to extend the database and sample configuration files. The file is located at the following location:

    /opt/novell/rba-core/lib/webapp/WEB-INF/RiskDBScripts.zip

  2. On the Oracle server, run the following script to create database objects for risk-based authentication:

    Oracle 21c, 19c, 18c, and 12c: netiq_risk_oracle_12c_style_install.sql

    Earlier to Oracle 12c: netiq_risk_oracle_install.sql

  3. Download the JDBC connector for the Oracle database from Oracle.com.

    NOTE:Oracle 19.x supports two JDBC connectors, ojdbc8.jar and ojdbc10.jar. However, ojdbc10.jar is not supported with JDK 8. Hence you must use the ojdbc8.jar file while using Oracle Database 19.c.

  4. Copy the JDBC connector jar to /opt/novell/rba-core/lib/webapp/WEB-INF/lib/.

  5. Restart Identity Server.

Configuring Microsoft SQL Server

  1. Unzip RiskDBScripts.zip. This file contains the script to extend the database and sample configuration files. The file is located at the following location:

    /opt/novell/rba-core/lib/webapp/WEB-INF/RiskDBScripts.zip

  2. On the SQL Server, run the following script to create database objects for risk-based authentication:

    netiq_risk_sql_server_install.sql

  3. Download the JDBC connector for the SQL Server database from Microsoft.com.

  4. Copy the JDBC connector file mssql-jdbc-9.2.1.jre8.jar to /opt/novell/rba-core/lib/webapp/WEB-INF/lib/.

  5. Restart Identity Server.

Configuring File-based H2 Database

The H2 database works only on a single node Identity Server cluster. To use this database, you must first create a new H2 database on Identity Server (single node cluster only) using the netiq_risk_h2_install.sql script file provided in RiskDBScripts.zip.

For more information about how to create a new H2 database, see Creating New Databases.

This database uses a file to store information about Identity Server. Therefore, ensure that the database file has access permissions for the novlwww user.

IMPORTANT:It is not recommended to use the H2 database in a production environment. Use it for the testing purpose or for a demo.

  1. Unzip /opt/novell/rba-core/lib/webapp/WEB-INF/RiskDBScripts.zip.

  2. On the H2 database, run the following script to create database objects for risk-based authentication:

    netiq_risk_h2_install.sql

  3. Download h2-1.4.200.jar from com.h2database » h2 » 1.4.200.

  4. Copy h2-1.4.200.jar to the following location:

    /opt/novell/rba-core/lib/webapp/WEB-INF/lib/

  5. Restart Identity Server.

Enabling c3p0 Connection Pooling for Database

By default, Access Manager uses hibernate framework connection pooling to manage database connections for the external SQL database. It is recommended to use c3p0 connection pooling to enhance Access Manager login performance. It is an easy-to-use library for augmenting traditional JDBC drivers. Using c3p0 connection pooling enhances performance and scalability.

Perform the following steps to enable c3p0 connection pooling.

  1. Download the following connection pool libraries from Maven Repository:

  2. Add the connection pool libraries to Identity Server in the following location using Advanced File Configurator:

    /opt/novell/rba-core/lib/webapp/WEB-INF/lib/

    For information about how to add a file, see Adding Configurations to a Cluster. While adding files, ensure that Restart Identity Server After Configuration Change is enabled.

  3. (Optional) To change the default parameters, perform the following steps:

    1. Create a configuration file and specify the custom parameters.

    2. Specify the configuration file location in Identity Server’s tomcat.conf file as a Java Virtual Machine system property in the following format:

      For information about how to modify a file, see Modifying Configurations.

      JAVA_OPTS="${JAVA_OPTS} -Dcom.microfocus.risk.history.hibernate.properties.file=<location of the configuration file>

      NOTE:Access Manager uses c3p0 libraries for connection pooling with the following default parameters:

        hibernate.c3p0.testConnectionOnCheckout : true
  hibernate.c3p0.max_statements : 100
  hibernate.c3p0.max_size : 100
  hibernate.c3p0.validate : true
  hibernate.c3p0.idle_test_period : 3000
  hibernate.c3p0.min_size : 20

      For information, see c3p0 - JDBC3 Connection and Statement Pooling.

Deleting Risk-based Authentication and Device Fingerprint Entries from the Database

If you have enabled user history, details for all login attempts using a risk-policy or a device fingerprint policy are recorded in the database. This might result in huge data and occupy a large space. It is recommended to delete the entries periodically after you complete the analysis.

Deleting Entries from MS SQL Server

  1. Go to Start > All Programs > Microsoft SQL Server 2016 > SQL Server Management Studio.

  2. Connect to the database engine.

  3. Expand Databases, you can see the netiq_risk database.

  4. Click New Query.

  5. To check the number of entries in the usrtransaction table, select the following command and click Execute.

    Select * from dbo.risk_usrtransaction;

  6. To delete entries, select the following command and click Execute:

    Delete from dbo.usrtransaction;

    NOTE:This command deletes all entries in the table. If you want to delete a specific range of entries, use the appropriate SQL command.

  7. Perform step 5 and 6 for the device fingerprint table (device_fingerprint) also.

Deleting Entries from MySQL Server

  1. Connect to MySQL Server installed on Linux by using the MySQL client:

    mysql -u root -p password

  2. Connect to the use netiq_risk database.

    use netiq_risk;

  3. List the tables. The usrtransaction table is listed in the list of tables.

    show tables;

  4. Delete entries.

    delete from usrtransaction;

    NOTE:This command deletes all entries in the table. If you want to delete a specific range of entries, use the appropriate SQL command.

  5. Perform step 4 for the device fingerprint table (device_fingerprint) also.

Deleting Entries from Oracle Server

  1. Open Oracle SQL Developer.

  2. Right-click Connections and select New Connection.

  3. Connect to the database engine.

  4. Expand Connections, you can see the netiq_risk database under.

  5. To check the number of entries in the usrtransaction table, select the following command and execute:

    Select * from usrtransaction;

  6. To delete entries, select the following command and execute:

    Delete from usrtransaction;

    NOTE:This command deletes all entries in the table. If you want to delete a specific range of entries, use the appropriate command.

  7. Perform step 5 and 6 for the device fingerprint table (device_fingerprint) also.