• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
OpenIDM - An Introduction
 

OpenIDM - An Introduction

on

  • 1,845 views

An IAM for Beginners session led by ForgeRock Senior Instructor Matthias Tristl

An IAM for Beginners session led by ForgeRock Senior Instructor Matthias Tristl

Statistics

Views

Total Views
1,845
Views on SlideShare
1,845
Embed Views
0

Actions

Likes
0
Downloads
86
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    OpenIDM - An Introduction OpenIDM - An Introduction Presentation Transcript

    • OpenIDM for Beginners EMEA Summit 2013
    • Objectives Upon completion of this presentation, you should be able to: • Describe where OpenIDM fits into the OIS • Describe the Business Needs for OpenIDM • Describe IDM Use Cases Addressed by OpenIDM • Describe OpenIDM Features 01-2
    • Pillars of IAM 01-3
    • Classic scenario I User wants to use an application... which does not require any of ForgeRock's products, but ... Application User 01-4
    • Classic scenario II Centralization of Authentication … and ... Application OpenDJ User 01-5
    • Classic scenario III Central Authorization OpenAM OpenDJ Application User 01-6
    • Classic scenario V Identity Management OpenAM Application HR DB OpenIDM OpenDJ User 01-7
    • Common Use Cases • Provisioning • De-Provisioning • Compliance and auditing • Password management 01-8
    • Provisioning • Depending on a user's business role and predefined rules a new user will: • • • Therefore a central instance is needed which • • • • Get accounts on backend systems on create Get default group/role membership Connects to all relevant systems Is able to sync user attributes and memberships Can automatically apply rules Manager, approving persons and end-user need well defined access to the user's data 01-9
    • Central Provisioning Point HR DB OpenIDM User 01-10
    • Passwords • Passwords can be changed at a central place and distributed to external systems based on flexible rules and password policies • The provisioning engine needs to detect password changes from an external resource • User administrators and end user need well defined access to the user's passwords • A password reset mechanism is in place • Passwords which have been reset can be sent to the end user in a secure way 01-11
    • Central Password Distribution Point User Changes Password OpenIDM OpenDJ 01-12
    • Components used in OpenIDM  Java → min 1.6 update 24 on Win: Java 7  OSGi → implementation: Felix  Servlet container → implementation: Jetty  Repository → OrientDB, MySQL and others  JSON → structure for configurations  OpenICF → local or remote connector server  Connectors to external systems → i.e. AD, LDAP, file...  Activiti → workflow engine 01-13
    • Putting It All Together 01-14
    • The REST Interface    Representational State Transfer (REST) Conforming to the REST constraints is generally referred to as being "RESTful" REST utilizes HTTP methods:      GET PUT POST DELETE HEAD 01-15
    • OpenIDM in action • Install OpenIDM • Start with workflow sample • Get user through reconciliation • Start 01-16
    • Native Connection Protocols DB ADSI SSH JNDI JDBC OpenIDM Repo DB 01-17
    • Connector Architecture 01-18
    • Activiti Introduction  A light-weight workflow and Business Process Management Software  BPMN 2 compliant  A process engine for Java applications  It's open-source and distributed under the Apache license  Workflows are deployed as business archives (.bar)  Workflow definitions are in XML format 01-19
    • Apply for Contractor I Workflow outline 01-20
    • Apply for Contractor II Startup Form: (Screen shot) 01-21
    • Activiti Modeler II 01-22
    • Connector Configuration (simple) 01-23
    • Sync Configuration 01-24
    • Connector Configuration (flexible) "principal" : "cn=Directory Manager", "ssl" : false, "baseContexts" : ["ou=People,dc=example,dc=com"], "groupMemberAttribute" : "uniqueMember", "passwordAttribute" : "userPassword", "accountSearchFilter" : null, "accountObjectClasses" : ["top",...], "maintainLdapGroupMembership" : false, "blockSize" : 100, "baseContextsToSynchronize" : ["ou=People,dc=example,dc=com"], "attributesToSynchronize" : [ "uid",...], {"account" : ... {"nativeType" : "__ACCOUNT__", "properties" : {"uid" : {"type" : "string", "nativeName" : ”userName", "nativeType" : "STRING", "flags" : ["NOT_CREATABLE”… 01-25
    • Other OpenIDM Features  Task Scheduling  Cluster OpenIDM for   High availability Horizontal scalability  OpenIDM command line  Data validation through policies  Managing Passwords  Send emails 01-26
    • Forgerock University 01-27