Your SlideShare is downloading. ×
OpenIDM - An Introduction
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

OpenIDM - An Introduction

2,973
views

Published on

An IAM for Beginners session led by ForgeRock Senior Instructor Matthias Tristl

An IAM for Beginners session led by ForgeRock Senior Instructor Matthias Tristl

Published in: Technology

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,973
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
153
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. OpenIDM for Beginners EMEA Summit 2013
  • 2. Objectives Upon completion of this presentation, you should be able to: • Describe where OpenIDM fits into the OIS • Describe the Business Needs for OpenIDM • Describe IDM Use Cases Addressed by OpenIDM • Describe OpenIDM Features 01-2
  • 3. Pillars of IAM 01-3
  • 4. Classic scenario I User wants to use an application... which does not require any of ForgeRock's products, but ... Application User 01-4
  • 5. Classic scenario II Centralization of Authentication … and ... Application OpenDJ User 01-5
  • 6. Classic scenario III Central Authorization OpenAM OpenDJ Application User 01-6
  • 7. Classic scenario V Identity Management OpenAM Application HR DB OpenIDM OpenDJ User 01-7
  • 8. Common Use Cases • Provisioning • De-Provisioning • Compliance and auditing • Password management 01-8
  • 9. Provisioning • Depending on a user's business role and predefined rules a new user will: • • • Therefore a central instance is needed which • • • • Get accounts on backend systems on create Get default group/role membership Connects to all relevant systems Is able to sync user attributes and memberships Can automatically apply rules Manager, approving persons and end-user need well defined access to the user's data 01-9
  • 10. Central Provisioning Point HR DB OpenIDM User 01-10
  • 11. Passwords • Passwords can be changed at a central place and distributed to external systems based on flexible rules and password policies • The provisioning engine needs to detect password changes from an external resource • User administrators and end user need well defined access to the user's passwords • A password reset mechanism is in place • Passwords which have been reset can be sent to the end user in a secure way 01-11
  • 12. Central Password Distribution Point User Changes Password OpenIDM OpenDJ 01-12
  • 13. Components used in OpenIDM  Java → min 1.6 update 24 on Win: Java 7  OSGi → implementation: Felix  Servlet container → implementation: Jetty  Repository → OrientDB, MySQL and others  JSON → structure for configurations  OpenICF → local or remote connector server  Connectors to external systems → i.e. AD, LDAP, file...  Activiti → workflow engine 01-13
  • 14. Putting It All Together 01-14
  • 15. The REST Interface    Representational State Transfer (REST) Conforming to the REST constraints is generally referred to as being "RESTful" REST utilizes HTTP methods:      GET PUT POST DELETE HEAD 01-15
  • 16. OpenIDM in action • Install OpenIDM • Start with workflow sample • Get user through reconciliation • Start 01-16
  • 17. Native Connection Protocols DB ADSI SSH JNDI JDBC OpenIDM Repo DB 01-17
  • 18. Connector Architecture 01-18
  • 19. Activiti Introduction  A light-weight workflow and Business Process Management Software  BPMN 2 compliant  A process engine for Java applications  It's open-source and distributed under the Apache license  Workflows are deployed as business archives (.bar)  Workflow definitions are in XML format 01-19
  • 20. Apply for Contractor I Workflow outline 01-20
  • 21. Apply for Contractor II Startup Form: (Screen shot) 01-21
  • 22. Activiti Modeler II 01-22
  • 23. Connector Configuration (simple) 01-23
  • 24. Sync Configuration 01-24
  • 25. Connector Configuration (flexible) "principal" : "cn=Directory Manager", "ssl" : false, "baseContexts" : ["ou=People,dc=example,dc=com"], "groupMemberAttribute" : "uniqueMember", "passwordAttribute" : "userPassword", "accountSearchFilter" : null, "accountObjectClasses" : ["top",...], "maintainLdapGroupMembership" : false, "blockSize" : 100, "baseContextsToSynchronize" : ["ou=People,dc=example,dc=com"], "attributesToSynchronize" : [ "uid",...], {"account" : ... {"nativeType" : "__ACCOUNT__", "properties" : {"uid" : {"type" : "string", "nativeName" : ”userName", "nativeType" : "STRING", "flags" : ["NOT_CREATABLE”… 01-25
  • 26. Other OpenIDM Features  Task Scheduling  Cluster OpenIDM for   High availability Horizontal scalability  OpenIDM command line  Data validation through policies  Managing Passwords  Send emails 01-26
  • 27. Forgerock University 01-27