• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Applying Novell Identity Manager to Your Everyday Problems
 

Applying Novell Identity Manager to Your Everyday Problems

on

  • 3,117 views

In this session, you will hear from experts on the best way to approach the password management/self service and the web services - two of the most common use cases for Novell Identity Manager.

In this session, you will hear from experts on the best way to approach the password management/self service and the web services - two of the most common use cases for Novell Identity Manager.

This session will remove the mystery from installing the UserApp and configuring password self-service, including a number of procedures that exist only in scattered technical information documents (TIDs). You will take away a set of proven procedures that will help you prepare password self-service for your end users and learn how to provide a simple URL for password self-service that's easy for end users to remember.

Statistics

Views

Total Views
3,117
Views on SlideShare
3,101
Embed Views
16

Actions

Likes
0
Downloads
135
Comments
0

1 Embed 16

http://www.slideshare.net 16

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Applying Novell Identity Manager to Your Everyday Problems Applying Novell Identity Manager to Your Everyday Problems Presentation Transcript

    • Identity Web Services Applying Novell Identity Manager to Everyday Problems ® Jerry Combs Principal Architect Novell Inc.
    • Agenda • Introduction to Novell Identity Manager web services ® – Identity Manager core architecture – Available identity web services – Enabling the test page functionality • Implementing custom identity services with workflows – Provisioning identities from a custom interface • Demonstration – Provisioning Service – Password Management Service 2 © Novell, Inc. All rights reserved.
    • Novell Identity Manager ® Core Architecture 3 © Novell, Inc. All rights reserved.
    • Novell Identity Manager is an event based system! ® Nothing happens without an event 4 © Novell, Inc. All rights reserved.
    • Event Sources • Connected Systems • Direct changes to the Identity Directory – Identity and Provisioning Application Server – LDAP/LDIF/NDAP • Job Service – “cron” like function to periodically generate events based on query parameters – Jobs are defined and processed on a per connector basis 5 © Novell, Inc. All rights reserved.
    • Two Active Processing Components • Identity Event Rule Engine – Processes data events based on rules (Policies) – No User Interface – “System” Level Integration • Application Server (User Application) – Workflow Engine – User Interface – Web services – “Service” Level Integration All processing by the App Server results in a data event that is processed by the Rule Engine > 6 © Novell, Inc. All rights reserved.
    • Rule Engine Connectors • Historically called “Drivers” • All processing is XML based • A connector is a collection of rules, communication APIs, and any API/Code required to translate events to XML • All rule processing is done by connectors! • Special Connectors – A “Loop Back” connector is used to implement processes that need to act on identity data events within the Rule Engine – User Application Connector – Role and Resource Connector 7 © Novell, Inc. All rights reserved.
    • Identity Directory • Pure object database – Highly scalable – Very extensible • Multi-master replication – High Availability and horizontal scalability – Patented replication process provides an event system • Event system is used by connectors to subscribe to data events • This event mechanism is NOT available in any other directory or database 8 © Novell, Inc. All rights reserved.
    • Identity Web Services • Provisioning management • Role management • Resource management • Password management – Password Change, Challenge/Response reset • Virtual Directory / Data Abstraction – Access to Identity data • Metrics – Data on system usage and performance • Notification – Enables the sending of emails based on stored templates 9 © Novell, Inc. All rights reserved.
    • Provisioning Service • Functions to initiate, monitor, and interact with workflows – Start a Workflow (Provisioning Request) – Get Workflow Status – Approve/Deny a request – Get requests for a user – Get requests by a user – Get available requests • URL http://<server>:<port>/IDM/provisioning/service/ 10 © Novell, Inc. All rights reserved.
    • Role Management Service • Complete roll API – Request a role assignment – Check SOD policy – Get role catalog – Remove a role assignment • URL http://<server>:<port>/IDM/role/service/ 11 © Novell, Inc. All rights reserved.
    • Password Management Service • Get password policy for a user – Complexity requirements • Check password synchronization status • Change password • Reset password using challenge/response – Available only as a SOAP endpoint • URL http://<server>:<port>/IDM/pwdmgt/service/ 12 © Novell, Inc. All rights reserved.
    • Virtual Directory / Data Abstraction Service • Access to identity data through the Directory Abstraction layer – Ad-hoc queries – Get Attribute(s) – Pre-defined queries (Global Queries) – Update Attribute • URL http://<server>:<port>/IDM/vdx/service/ 13 © Novell, Inc. All rights reserved.
    • Resource Management Service • Key services – requestResourceGrant – requestResourceRevoke – getResourceAssignmentsForUser • New end points in RBPM 3.7 patch B – Create, update, and delete Resources • URL http://<server>:<port>/IDM/resource/service/ 14 © Novell, Inc. All rights reserved.
    • Metrics Service • Provisioning usage and processing statistics • Used for reporting • Not exposed in the RBPM 3.7 Interface • URL http://<server>:<port>/IDM/metrics/service/ 15 © Novell, Inc. All rights reserved.
    • Notification Service • Used to send email notifications – sendNotification is the only end point • Utilizes templates stored in the Identity Vault – Supplied parameters used to populate template • URL http://<server>:<port>/IDM/notification/service/ 16 © Novell, Inc. All rights reserved.
    • Enabling the Test Services • Extract the WAR file using the jar utility from the proper JDK • Modify web.xml <servlet-name>Provisioning</servlet-name> <servlet-class>com.novell.soa.af.impl.soap.ProvisioningImpl</servlet-class> <init-param> <param-name>com.novell.soa.ws.test.disable</param-name> <param-value>false</param-value> • Rebuild the WAR file using the jar utility – Do NOT use any other zip application • Deploy the new WAR file • Access the test pages http://<server>:<port>/IDM/provisioning/service?test 17 © Novell, Inc. All rights reserved.
    • Custom Identity Services • Three simple steps – Build a workflow that implements the function you need – Deploy the workflow – Use the provisioning web service to start the workflow • Benefits – Allows external applications and systems to perform identity functions in a standardized, controlled, and secure way – No need for direct access to Identity Vault • Limitations – Asynchronous only, you must check process status if you need to know that the request succeeded. 18 © Novell, Inc. All rights reserved.
    • A Real World Example A. A Provisioning Request Definition (PRD) F. - Defines the workflow for a provisioning The rules are evaluated B. action. There may be many PRDs that and the account is created The provisioning request can define any required process. in the appropriate systems. workflows can be initiated via web services. Provisioning Workflow Engine Identity Rule Engine Modify role assignment PRD LDAP Connector Common Web Create std external user PRD Create user in LDAP rule LDAP External Service Account Create “special” external user PRD Interface interface SAP Connector Disable external user PRD Create user in SAP rule SAP C. ***PRD Access to a specific PRD can be controlled at a very granular level. Two applications / users D. can have different flows Once the flow is complete and all for the same end function. requirements have been met the E. flow creates the new user account The eDirectory event system sends and adds the appropriate the event to each subscribing driver. entitlements. Event System Identity Database 19 © Novell, Inc. All rights reserved.
    • Demonstration
    • Questions?
    • Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.