Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Identity Manager Opensource OpenIDM Architecture


Published on

Identity Manager OpenSource - ForgeRock OpenIdM

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Identity Manager Opensource OpenIDM Architecture

  1. 1. Discovering Identity and Access Management Solutions OpenIDM Architecture
  2. 2. Stay connected to Allidm Find us on Facebook: Follow us on Twitter: Look for us on LinkedIn: Visit our blog:
  3. 3. Disclaimer and Acknowledgments The contents here are created as a own personal endeavor and thus does not reflect any official stance of any Identity and Access Management Vendor on any particular technology.
  4. 4. Contact Us On this presentation we’ll talk about some useful topics that you can use no matter which identity and access management solution or product you are working on. If you know one that make a big difference please tell us to include it in the future
  5. 5. OpenIDM architecture
  6. 6. Modular Framework  The OpenIDM framework is based on OSGi.  OSGi  OSGi is a module system and service platform for the Java programming language that implements a complete and dynamic component model.  OpenIDM currently runs in Apache Felix.  Servlet  The optional Servlet layer provides RESTful HTTP access to the managed objects and services.  OpenIDMembeds Jetty by default.
  7. 7. Infrastructure Modules  BPMN 2.0 Workflow Engine  Embedded workflow and business process engine based on Activiti and the Business Process Model and Notation (BPMN) 2.0 standard.  Task Scanner  Task scanning mechanism that enables you to perform a batch scan for a specified date in OpenIDM data, on a scheduled interval, and then to execute a task when this date is reached.  Scheduler  Scheduler provides a cron-like scheduling component implemented using the Quartz library.  For example, to enable regular synchronizations and reconciliations.
  8. 8. Infrastructure Modules…  Script Engine  Script engine is a pluggable module that provides the triggers and plugin points for OpenIDM.  OpenIDM currently supports JavaScript and Groovy.  Policy Service  Provides an extensible policy service that enables you to apply specific validation requirements to various components and properties.  Audit Logging  Auditing logs all relevant system activity to the configured log stores.  This includes the data from reconciliation as a basis for reporting, as well as detailed activity logs to capture operations on the internal (managed) and external (system) objects.
  9. 9. Infrastructure Modules…  Repository  Repository provides a common abstraction for a pluggable persistence layer.  The default, embedded implementation for the repository is the NoSQL database OrientDB.  OpenIDM 3.0.0 supports use of MySQL to back the repository.  Plugin repositories can include NoSQL and relational databases, LDAP, and even flat files.  Repository API operates using a JSON-based object model with RESTful principles consistent with the other OpenIDM services.
  10. 10.  Object Model Core Services  Artifacts handled by OpenIDM are Java object representations of the JavaScript object model as defined by JSON.  These representations are instances of classes:Map, List, String, Number, Boolean, and null.  Object model supports interoperability and potential integration with many applications, services and programming languages  OpenIDM can serialize and deserialize these structures to and from JSON as required.  OpenIDM also exposes a set of triggers and functions that system administrators can define, in either JavaScript or Groovy
  11. 11. Core Services…  Managed Objects  A managed object is an object that represents the identity-related data managed by OpenIDM.  Managed objects are configurable, JSON-based data structures that OpenIDM stores in its pluggable repository.  The default configuration of a managed object is that of a user  You can define any kind of managed object  For example, groups or roles.  You can access managed objects over the REST interface
  12. 12. Core Services…  System Objects  System objects are pluggable representations of objects on external systems.  For example, a user entry that is stored in an external LDAP directory  System objects follow the same RESTful resource-based design principles as managed objects.  There is a default implementation for the OpenICF framework, that allows any connector object to be represented as a system object
  13. 13.  Mappings Core Services…  Mappings define policies between source and target objects and their attributes during synchronization and reconciliation.  Mappings can also define triggers for validation, customization, filtering, and transformation of source and target objects.
  14. 14. Core Services…  Synchronization & Reconciliation  Reconciliation enables on-demand and scheduled resource comparisons between the OpenIDMmanaged object repository and source or target systems.  Comparisons can result in different actions, depending on the mappings defined between the systems.  Synchronization enables creating, updating, and deleting resources from a source to a target system, either on demand or according to a schedule.
  15. 15. Secure Commons REST Commands  Representational State Transfer (REST) is a software architecture style for exposing resources, using the technologies and protocols of the World Wide Web.  REST interfaces are commonly tested with a curl command.  Work with the standard ports associated with Java EE communications, 8080 and 8443.  To run curl over the secure port, 8443, you must include either the --insecure option, or run in Restrict REST Access to the HTTPS Port.
  16. 16. Access Layer  The access layer provides the user interfaces and public APIs for accessing and managing the OpenIDM repository and its functions.  RESTful Interfaces  OpenIDM provides REST APIs for CRUD operations and invoking synchronization and reconciliation for both HTTP and Java.  User Interfaces  User interfaces provide password management, registration, self-service, and workflow services.
  17. 17. Discovering Identity and Access Management Solutions OpenIDM Architecture