OpenIDM - An Introduction

7,614 views

Published on

An IAM for Beginners session led by ForgeRock Senior Instructor Matthias Tristl

Learn more about ForgeRock Access Management:
https://www.forgerock.com/platform/access-management/

Learn more about ForgeRock Identity Management:
https://www.forgerock.com/platform/identity-management/

Published in: Technology
0 Comments
5 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
7,614
On SlideShare
0
From Embeds
0
Number of Embeds
13
Actions
Shares
0
Downloads
318
Comments
0
Likes
5
Embeds 0
No embeds

No notes for slide

OpenIDM - An Introduction

  1. 1. OpenIDM for Beginners EMEA Summit 2013
  2. 2. Objectives Upon completion of this presentation, you should be able to: • Describe where OpenIDM fits into the OIS • Describe the Business Needs for OpenIDM • Describe IDM Use Cases Addressed by OpenIDM • Describe OpenIDM Features 01-2
  3. 3. Pillars of IAM 01-3
  4. 4. Classic scenario I User wants to use an application... which does not require any of ForgeRock's products, but ... Application User 01-4
  5. 5. Classic scenario II Centralization of Authentication … and ... Application OpenDJ User 01-5
  6. 6. Classic scenario III Central Authorization OpenAM OpenDJ Application User 01-6
  7. 7. Classic scenario V Identity Management OpenAM Application HR DB OpenIDM OpenDJ User 01-7
  8. 8. Common Use Cases • Provisioning • De-Provisioning • Compliance and auditing • Password management 01-8
  9. 9. Provisioning • Depending on a user's business role and predefined rules a new user will: • • • Therefore a central instance is needed which • • • • Get accounts on backend systems on create Get default group/role membership Connects to all relevant systems Is able to sync user attributes and memberships Can automatically apply rules Manager, approving persons and end-user need well defined access to the user's data 01-9
  10. 10. Central Provisioning Point HR DB OpenIDM User 01-10
  11. 11. Passwords • Passwords can be changed at a central place and distributed to external systems based on flexible rules and password policies • The provisioning engine needs to detect password changes from an external resource • User administrators and end user need well defined access to the user's passwords • A password reset mechanism is in place • Passwords which have been reset can be sent to the end user in a secure way 01-11
  12. 12. Central Password Distribution Point User Changes Password OpenIDM OpenDJ 01-12
  13. 13. Components used in OpenIDM  Java → min 1.6 update 24 on Win: Java 7  OSGi → implementation: Felix  Servlet container → implementation: Jetty  Repository → OrientDB, MySQL and others  JSON → structure for configurations  OpenICF → local or remote connector server  Connectors to external systems → i.e. AD, LDAP, file...  Activiti → workflow engine 01-13
  14. 14. Putting It All Together 01-14
  15. 15. The REST Interface    Representational State Transfer (REST) Conforming to the REST constraints is generally referred to as being "RESTful" REST utilizes HTTP methods:      GET PUT POST DELETE HEAD 01-15
  16. 16. OpenIDM in action • Install OpenIDM • Start with workflow sample • Get user through reconciliation • Start 01-16
  17. 17. Native Connection Protocols DB ADSI SSH JNDI JDBC OpenIDM Repo DB 01-17
  18. 18. Connector Architecture 01-18
  19. 19. Activiti Introduction  A light-weight workflow and Business Process Management Software  BPMN 2 compliant  A process engine for Java applications  It's open-source and distributed under the Apache license  Workflows are deployed as business archives (.bar)  Workflow definitions are in XML format 01-19
  20. 20. Apply for Contractor I Workflow outline 01-20
  21. 21. Apply for Contractor II Startup Form: (Screen shot) 01-21
  22. 22. Activiti Modeler II 01-22
  23. 23. Connector Configuration (simple) 01-23
  24. 24. Sync Configuration 01-24
  25. 25. Connector Configuration (flexible) "principal" : "cn=Directory Manager", "ssl" : false, "baseContexts" : ["ou=People,dc=example,dc=com"], "groupMemberAttribute" : "uniqueMember", "passwordAttribute" : "userPassword", "accountSearchFilter" : null, "accountObjectClasses" : ["top",...], "maintainLdapGroupMembership" : false, "blockSize" : 100, "baseContextsToSynchronize" : ["ou=People,dc=example,dc=com"], "attributesToSynchronize" : [ "uid",...], {"account" : ... {"nativeType" : "__ACCOUNT__", "properties" : {"uid" : {"type" : "string", "nativeName" : ”userName", "nativeType" : "STRING", "flags" : ["NOT_CREATABLE”… 01-25
  26. 26. Other OpenIDM Features  Task Scheduling  Cluster OpenIDM for   High availability Horizontal scalability  OpenIDM command line  Data validation through policies  Managing Passwords  Send emails 01-26
  27. 27. Forgerock University 01-27

×