SlideShare a Scribd company logo
1 of 7
OpenIDM Training
June 2017
Version 1.0
1
Table of Contents
Training Agenda...............................................................................................................................8
PART I) OpenIDM hands-on......................................................................................................8
Part II) Building all the different connector................................................................................9
Part III) Reconciliation................................................................................................................9
Part IV) SQL connectors...........................................................................................................11
Part V) Rule and Role Provisioning..........................................................................................12
Part 6) WorkFlow......................................................................................................................12
Part 7) Hardening – Security.....................................................................................................13
1) Getting Started with with OpenIDM.........................................................................................15
1.1) Presentation........................................................................................................................15
Prerequisites..............................................................................................................................15
1.2) Installing openIDM............................................................................................................15
1.3) OpenIDM Directory hierarchy...........................................................................................15
1.4) Starting openIDM..............................................................................................................16
1.5) OpenIDM useful Information............................................................................................17
Exercises :.................................................................................................................................17
Exercise 1 : openIDM infrastructure....................................................................................17
Exercise 2 : openIDM installation........................................................................................17
Exercise 3 : Starting openIDM.............................................................................................18
2) Discovering openIDM World....................................................................................................19
2.1) Overview - What is OpenIDM all about ?.........................................................................19
2.2)Managed Objects................................................................................................................19
2.3) Connectors.........................................................................................................................19
2.5) Mappings.......................................................................................................................20
2.6) Accessing to openIDM as administrative user...................................................................20
2.6.1) Dashboard..................................................................................................................20
2.6.2) Configure Tab.............................................................................................................21
2.6.3) Manage Tab................................................................................................................22
2.7) Accessing to openIDM as normal user..............................................................................24
Exercises :.................................................................................................................................25
Exercise 1 : Using the admin user........................................................................................25
Exercise 2 : Creating a new User.........................................................................................25
3) OpenIDM Architecture..............................................................................................................26
3.1) Overview............................................................................................................................26
3.2) OpenIDM infrastructure using OSGI Framework.............................................................26
3.2) OpenIDM Modules............................................................................................................27
3.3) OpenIDM Core Services....................................................................................................27
3.3.1) Managed Objects :.....................................................................................................27
3.3.2) Object Model..............................................................................................................28
3.3.3) Mappings....................................................................................................................28
3.3.4) Synchronization and Reconciliation..........................................................................28
3.3.5) Workflow....................................................................................................................28
4) Connector – Using an XML Connector.....................................................................................29
4.1) Overview............................................................................................................................29
4.2) Exercise..............................................................................................................................29
5) Connector – Using an LDAP Connector...................................................................................34
5.1) Overview............................................................................................................................34
openDJ installation...............................................................................................................34
2
5.2) Bringing up DJ LDAP Connector......................................................................................34
5.3) Viewing the connector Data...............................................................................................37
5.4) Rest command to query ldap connector data.....................................................................38
6) Connector - using an SQL connector using groovy..................................................................39
6.1) Overview............................................................................................................................39
6.2) Prerequisite........................................................................................................................39
6.2.1) maven and mysql.......................................................................................................39
6.2.2) mysql-connector-java-5.1.41-bin.jar driver...............................................................39
6.3) Exercise..............................................................................................................................39
6.3.1) Connecting to mysql database....................................................................................39
6.3.2) mysql hrdb database preparation....................................................................................40
7) Connector – Using an AD connector.........................................................................................45
7.1) Overview............................................................................................................................45
7.2) Prerequisite........................................................................................................................45
7.3) Test to access to AD machine............................................................................................45
7.4) AD provisioning file..........................................................................................................46
7.5) Display AD data within AD connector..............................................................................46
7.6) Other way to bring up AD connector.................................................................................49
8) Mapping and Reconciliation......................................................................................................50
8.1) Overview............................................................................................................................50
8.2) Mapping - XML to Managed User....................................................................................50
8.2.1) Sync.json file – Mapping File....................................................................................50
8.2.2) Creating an XML mapping to Managed User Object Mapping File..........................50
Properties :............................................................................................................................53
Association :.........................................................................................................................53
Behaviors..............................................................................................................................53
8.2.3) Adding properties to the Mapping..................................................................................55
8.2.3.1) adding new attribute property.............................................................................55
8.2.3.2) Adding transformation script to the authzroles..................................................55
8.2.3.6) Adding a default password.................................................................................57
8.3) Running Reconciliation.....................................................................................................57
8.3.1) Creating a Managed User object................................................................................57
8.3.2) Running « Read-Only Reconciliation ».....................................................................58
8.3.3) Running Reconciliation using the default policy.......................................................60
8.4) Creating a synchronization mapping (OpenIDM – LDAP)...............................................61
8.4.1) Overview....................................................................................................................61
8.4.1) Prerequisite.................................................................................................................61
8.4.3) OpenDJ installation and Configuration......................................................................61
8.4.4) Creating a mapping from IDM to LDAP...................................................................62
8.4.5) Mapping attribute Grid Properties.............................................................................65
8.4.6) Add onCreate – Situtional Event Script.....................................................................66
8.5) openIDM – OpenDJ Reconciliation..................................................................................67
8.5.1) Checking openIDM – OpenDJ reconciliation............................................................67
8.5.2) openIDM – OpenDJ Implicit Sync............................................................................68
8.6) Adding some new XML users............................................................................................68
8.6.1) Adding 2 new users to the XML file..........................................................................68
8.6.2) Running the Reconciliation........................................................................................69
8.7) Managed User - Linked System........................................................................................71
8.7.1) Managed Users...........................................................................................................71
8.7.2) Checking Managed User............................................................................................72
3
8.8) Adding description field to Managed User Object............................................................74
8.8.1) Adding attribute description to the Managed User Object.........................................74
8.8.2) Make Attribute viewable............................................................................................75
8.8.3) Check that description property on Managed User....................................................76
8.8.4) Check the description attribute value on LDAP........................................................76
8.9 Using the CLI......................................................................................................................77
8.9.1) Running the Reconciliation command from the CLI.................................................77
8.9.2) Accessing to the Managed Users using the CLI........................................................77
9) AD - IDM - OpenDJ..................................................................................................................79
9.1) Presentation........................................................................................................................79
9.2) Requirements.....................................................................................................................79
9.3) AD provisioning connector configuration.........................................................................80
9.4) AD connector user data verification..................................................................................81
9.5) Synchronization file sync.json...........................................................................................82
9.6) Reconciliation on AD mapping.........................................................................................82
9.7) Understanding reconciliation error message......................................................................84
9.8) Fixing the errors – Running Reconciliation.......................................................................85
9.9) Propagation of AD User to LDAP.....................................................................................87
9.10) Performing an update on an AD user – Implicit Synchronization...................................88
10) OpenIDM – AD Mapping........................................................................................................90
11) Scripted SQL Connector - Reconciliation...............................................................................91
11.1) Overview..........................................................................................................................91
11.2) MySQL environment.......................................................................................................91
11.3) Mysql Database Preparation............................................................................................91
11.3.1) Checking mysql database.........................................................................................91
11.3.2) Creating hrdb database.............................................................................................92
11.3.3) MySQL Connector...................................................................................................92
11.4) Scripted SQL connector creation.....................................................................................92
11.5) Run the example..............................................................................................................94
11.5.1) Reset the SQL database............................................................................................94
11.5.2) Checking data at SQL Level.........................................................................................94
11.5.3) Verify data at SQL connector level...............................................................................95
11.6) Performing Reconciliation..........................................................................................95
11.7) REST API Queries...........................................................................................................96
11.7.1) _queryId= query-all-ids............................................................................................96
11.7.2) QueryFilter – Global query......................................................................................96
11.8) QueryFilter – Filtering the request...................................................................................98
12) Using the SQL database table connector – Running reconciliation........................................99
12.1) Create a contractor database ;..........................................................................................99
12.2) Database Table Connector.............................................................................................100
12.3) Creating a mapping........................................................................................................105
12.4)Performing a REST Query on Database Table connector..............................................106
12.5) Performing Reconciliation (Read only mode)...............................................................106
12.6) Run Reconciliation « Default Actions ».......................................................................109
12.7) Adding a new attribute to User Managed Object...........................................................111
13) LiveSync Process...................................................................................................................115
13.1) Overview........................................................................................................................115
13.2) Using LiveSync..............................................................................................................116
13.2.1) Configuring LiveSync............................................................................................116
13.2.2) Enabling Auto-sync on MySql Database ..............................................................118
4
13.2.3) Modification of SQL attribute................................................................................118
13.2.4 LiveSync configuration on OpenIDM using Admin UI interface..........................119
13.2.5 Querying LiveSync on OpenIDM using Rest API call...........................................119
13.2.6 displaying LiveSync on OpenIDM information......................................................120
13.2.6 Enabling LiveSync on OpenIDM using REST API................................................120
13.2.7 Verification that LiveSync is enabled......................................................................121
13.2.8) LiveSync in action.................................................................................................121
13.3) Using the scheduler to run liveSync..............................................................................123
13.3.1) LiveSync Scheduler file..............................................................................................123
13.3.2) Example of LiveSync Update................................................................................124
13.4) Checking Log files upon LiveSync...........................................................................125
13.5) Using LiveSync with openDJ........................................................................................126
4.3.1. Setting Up OpenDJ.......................................................................................................126
14) Custom endpoint....................................................................................................................127
14.1) Overview........................................................................................................................127
14.2) openidm instance................................................................................................................127
14.3) Construction of the custom endpoint.............................................................................128
14.3.1 Curl custom query...................................................................................................128
14.3.2 Providing a test script..............................................................................................128
14.3.3 endpoint recording verification – cli.sh validate.....................................................129
14.3.4 test of the custom endpoint URL.............................................................................129
15) Rule Provisioning..................................................................................................................131
15.1) Overview...................................................................................................................131
15.2) openidm instance...........................................................................................................131
15.3) Adding new attributes to Managed User schema...........................................................132
15.4) adding a transformation script.......................................................................................133
15.4.1) adding new custom grid attribute...........................................................................133
15.4.2) adding transformation script..................................................................................135
15.5) Reconciliation – user Provisioning................................................................................138
16) Role and assignments............................................................................................................140
16.1) Overview........................................................................................................................140
16.2) Role in more details.......................................................................................................140
16.3) Assignment in more details............................................................................................141
16.4) Use case example...........................................................................................................143
16.4.1) LDAP ICF connector password.............................................................................143
16.4.2) Requirements.........................................................................................................144
16.4.3) Run Reconciliation.....................................................................................................145
16.5) Assignment creation (EmployeeType)...........................................................................145
16.6) Definition of a Role (Employee Role)...........................................................................146
16.7) adding an assignment to the role employe Role............................................................147
16.8) Adding a user to a role...................................................................................................147
16.8.1) Getting the value _Id of bjensen............................................................................147
16.8.2) Assigning role to bjensen.......................................................................................148
16.8.3) Display of Managed user object bjensen...............................................................148
16.9) LDAP provisioning........................................................................................................149
16.10) Adding new assignment attributes (Employee Assignment).......................................150
16.11 Adding a new managed user to the role employee........................................................152
16.12) Removing a role from a user.......................................................................................154
16.12.1) Getting the _id......................................................................................................154
16.12.2) Removing the Role from bjensen.........................................................................155
5
16.12.3) Verification...........................................................................................................155
17) Sample Provisioning WorkFlow............................................................................................157
17.1) Presentation....................................................................................................................157
17.1 ) start the workflow example..........................................................................................157
17.2) Configure FakeSMTP Email server...............................................................................157
17.3) Configure openIDM email settings...............................................................................157
17.4) Run reconciliation for users and roles...........................................................................158
17.4.1) Reconciling Roles..................................................................................................158
17.4.2) Reconciling Users – (Manager First).....................................................................158
17.4.3) Reconciling Users (Employees).............................................................................159
17.5) View the newly-created data..........................................................................................160
17.6) Check the workflow process definition.........................................................................161
17.7) Initiate Workflow Process..............................................................................................162
17.8) Observing administrative tasks and workflow created..................................................163
17.8.1) Task assignment.....................................................................................................163
17.8.2) Observing workflow tasks.....................................................................................163
17.8.3) observing Workflow process..................................................................................164
17.9) Workflow approval task.................................................................................................165
17.9) User1 Notification dashboard...................................................................................165
17.10) Workflow approval – Authorization Roles..................................................................167
17.11 Difference between Provisioning Role and Authorization Role...................................168
17.12) Some important files (conf directory)..........................................................................169
sync.json.............................................................................................................................169
workflow.json.....................................................................................................................169
process-access.json.............................................................................................................170
18) Workflow – Running a workflow from the reconciliation Process.......................................171
18.1) Presentation....................................................................................................................171
18.2) Starting openIDM with samples/sample9......................................................................171
18.3) Contractor on boarding process.....................................................................................171
18.4) Running reconciliation...................................................................................................171
18.4) Examining Active Workflows........................................................................................172
18.5 Checking MyTask user list (using admin CLI)..........................................................173
18.6) Performing approval process using CLI........................................................................174
18.7) Checking user Provisionniong.......................................................................................174
18.8) Some specific points to be noticed................................................................................175
19) Activiti designer.....................................................................................................................176
19.1) Overview........................................................................................................................176
19.2) Installing activi designer plugin into eclipse.................................................................176
19.3) Creating a simple Project workflow..............................................................................176
19.4) Using the palette (first steps).........................................................................................176
19.5) Producing a bar file........................................................................................................177
19.6) Testing new workflow in openIDM...............................................................................177
20) Hardening for Production......................................................................................................178
20.1) Using a Sql Database.....................................................................................................178
20.2) Running Health monitoring Check................................................................................180
20.3) Starting openIDM as a background process.......................................................................180
20.3.1) starting openIDM as background process on the command line...........................180
20.3.2) using create-openidm-rc.sh....................................................................................180
20.4) Security...............................................................................................................................180
20.4.1) openidm keystore........................................................................................................181
6
20.4.2) conf/boot/boot.properties file.....................................................................................181
20.5) Performing regular backups...........................................................................................183
20.6) Additional security measure..........................................................................................183
Annex 1 – SMTP Client configuration........................................................................................184
Annex 2 : Useful Rest Calls........................................................................................................186
Annex 3 - Installing OpenDJ.......................................................................................................187
Annex 4 - How to deploy windows 2012 AD on virtualbox.......................................................191
Annex 5 – AD connector : differences with template provisioning file......................................193
Annex 6: References....................................................................................................................194
Annex 7: Building Scripted SQL Connector file examples.........................................................195
Overview ................................................................................................................................195
Building samples/sample3 connector......................................................................................195
Adding the grovy connector to the own internal maven repository........................................195
Compiling successfully...........................................................................................................196
Annex 8: Requirements...............................................................................................................198
Software..................................................................................................................................198
Hardware:................................................................................................................................198
Pointers :......................................................................................................................................199
7

More Related Content

What's hot

Lunabotics Senior Design Final Paper
Lunabotics Senior Design Final PaperLunabotics Senior Design Final Paper
Lunabotics Senior Design Final Paper
Rafi Ahmed
 
Third Year Group Project Group7 Sttephen Murray Kai Tam Peter Kovo
Third Year Group Project Group7 Sttephen Murray Kai Tam Peter KovoThird Year Group Project Group7 Sttephen Murray Kai Tam Peter Kovo
Third Year Group Project Group7 Sttephen Murray Kai Tam Peter Kovo
Kai Tam
 
Industrial Training
Industrial TrainingIndustrial Training
Industrial Training
udara65
 
The Impact of Information and Communications Technologies on the Teaching of...
The Impact of Information and Communications  Technologies on the Teaching of...The Impact of Information and Communications  Technologies on the Teaching of...
The Impact of Information and Communications Technologies on the Teaching of...
Hicham El Moueden
 
Oman_VIS_Telecom_Provider_Search_v1_For_ROP_User
Oman_VIS_Telecom_Provider_Search_v1_For_ROP_UserOman_VIS_Telecom_Provider_Search_v1_For_ROP_User
Oman_VIS_Telecom_Provider_Search_v1_For_ROP_User
Ankur Gupta
 
CODE OF POINTS-GR- 2013 2016 ENGLISH
CODE OF POINTS-GR- 2013 2016 ENGLISHCODE OF POINTS-GR- 2013 2016 ENGLISH
CODE OF POINTS-GR- 2013 2016 ENGLISH
Luz Vanegas
 

What's hot (20)

Software Development Plan
Software Development PlanSoftware Development Plan
Software Development Plan
 
Web Adoption and Implementation
Web Adoption and ImplementationWeb Adoption and Implementation
Web Adoption and Implementation
 
Ozp user guide
Ozp user guideOzp user guide
Ozp user guide
 
Lunabotics Senior Design Final Paper
Lunabotics Senior Design Final PaperLunabotics Senior Design Final Paper
Lunabotics Senior Design Final Paper
 
Third Year Group Project Group7 Sttephen Murray Kai Tam Peter Kovo
Third Year Group Project Group7 Sttephen Murray Kai Tam Peter KovoThird Year Group Project Group7 Sttephen Murray Kai Tam Peter Kovo
Third Year Group Project Group7 Sttephen Murray Kai Tam Peter Kovo
 
UAUT lLibrary SRS dDocument
UAUT lLibrary SRS dDocumentUAUT lLibrary SRS dDocument
UAUT lLibrary SRS dDocument
 
Biomechanics hfe
Biomechanics hfeBiomechanics hfe
Biomechanics hfe
 
Industrial Training
Industrial TrainingIndustrial Training
Industrial Training
 
The Impact of Information and Communications Technologies on the Teaching of...
The Impact of Information and Communications  Technologies on the Teaching of...The Impact of Information and Communications  Technologies on the Teaching of...
The Impact of Information and Communications Technologies on the Teaching of...
 
User_Manual
User_ManualUser_Manual
User_Manual
 
Ict in africa education fullreport
Ict in africa education fullreportIct in africa education fullreport
Ict in africa education fullreport
 
Bitdefender 2015 av_user_guide antivirus
Bitdefender 2015 av_user_guide antivirusBitdefender 2015 av_user_guide antivirus
Bitdefender 2015 av_user_guide antivirus
 
Erpi admin 11123510[1] by иссам неязын issam hejazin
Erpi admin 11123510[1] by иссам неязын issam hejazinErpi admin 11123510[1] by иссам неязын issam hejazin
Erpi admin 11123510[1] by иссам неязын issam hejazin
 
Search Engine Risk Dependency by Ronan Chardennau
Search Engine Risk Dependency by Ronan ChardennauSearch Engine Risk Dependency by Ronan Chardennau
Search Engine Risk Dependency by Ronan Chardennau
 
Final report
Final reportFinal report
Final report
 
TS Editor 3.0 User Manual
TS Editor 3.0 User ManualTS Editor 3.0 User Manual
TS Editor 3.0 User Manual
 
Adsb aigd7
Adsb aigd7Adsb aigd7
Adsb aigd7
 
Oman_VIS_Telecom_Provider_Search_v1_For_ROP_User
Oman_VIS_Telecom_Provider_Search_v1_For_ROP_UserOman_VIS_Telecom_Provider_Search_v1_For_ROP_User
Oman_VIS_Telecom_Provider_Search_v1_For_ROP_User
 
zJOS System Events Automation Users Guide
zJOS System Events Automation Users GuidezJOS System Events Automation Users Guide
zJOS System Events Automation Users Guide
 
CODE OF POINTS-GR- 2013 2016 ENGLISH
CODE OF POINTS-GR- 2013 2016 ENGLISHCODE OF POINTS-GR- 2013 2016 ENGLISH
CODE OF POINTS-GR- 2013 2016 ENGLISH
 

Similar to TOC training OpenIDM

SW Deployment best practices
SW Deployment best practicesSW Deployment best practices
SW Deployment best practices
Syed Danish Irfan
 
Office Enterprise2007 Product Guide
Office Enterprise2007 Product GuideOffice Enterprise2007 Product Guide
Office Enterprise2007 Product Guide
guesteb5fd7f
 
Emergency Planning Independent Study 235.b
Emergency Planning  Independent Study 235.b  Emergency Planning  Independent Study 235.b
Emergency Planning Independent Study 235.b
MerrileeDelvalle969
 
Review of informal sector for taxation purposes
Review of informal sector for taxation purposesReview of informal sector for taxation purposes
Review of informal sector for taxation purposes
Dr Lendy Spires
 
Tra informal sector_presumptive_income_tax_report_draft_jan11
Tra informal sector_presumptive_income_tax_report_draft_jan11Tra informal sector_presumptive_income_tax_report_draft_jan11
Tra informal sector_presumptive_income_tax_report_draft_jan11
Dr Lendy Spires
 

Similar to TOC training OpenIDM (20)

SBEP Procurement Manual
SBEP Procurement ManualSBEP Procurement Manual
SBEP Procurement Manual
 
Hcc procurement procedures
Hcc procurement proceduresHcc procurement procedures
Hcc procurement procedures
 
Mobile d
Mobile dMobile d
Mobile d
 
B190p sample
B190p sampleB190p sample
B190p sample
 
SPi Global Services Overview
SPi Global Services OverviewSPi Global Services Overview
SPi Global Services Overview
 
Green Computing Research: Project management report
Green Computing Research: Project management reportGreen Computing Research: Project management report
Green Computing Research: Project management report
 
Online Hotel Room Booking System
Online Hotel Room Booking SystemOnline Hotel Room Booking System
Online Hotel Room Booking System
 
Msf for-agile-software-development-v5-process-guidance2
Msf for-agile-software-development-v5-process-guidance2Msf for-agile-software-development-v5-process-guidance2
Msf for-agile-software-development-v5-process-guidance2
 
U M Lvs I D E F
U M Lvs I D E FU M Lvs I D E F
U M Lvs I D E F
 
develop_a_first_process_application_2013
develop_a_first_process_application_2013develop_a_first_process_application_2013
develop_a_first_process_application_2013
 
SW Deployment best practices
SW Deployment best practicesSW Deployment best practices
SW Deployment best practices
 
Office Enterprise2007 Product Guide
Office Enterprise2007 Product GuideOffice Enterprise2007 Product Guide
Office Enterprise2007 Product Guide
 
Strategy Field Project Report
Strategy Field Project ReportStrategy Field Project Report
Strategy Field Project Report
 
Web 2.0 Content Creation Tools: A Quick Guide
Web 2.0 Content Creation Tools: A Quick GuideWeb 2.0 Content Creation Tools: A Quick Guide
Web 2.0 Content Creation Tools: A Quick Guide
 
Emergency Planning Independent Study 235.b
Emergency Planning  Independent Study 235.b  Emergency Planning  Independent Study 235.b
Emergency Planning Independent Study 235.b
 
Emergency planning independent study 235.b
Emergency planning  independent study 235.b  Emergency planning  independent study 235.b
Emergency planning independent study 235.b
 
Android Programing Course Material
Android Programing Course Material Android Programing Course Material
Android Programing Course Material
 
Smart Speaker as Studying Assistant by Joao Pargana
Smart Speaker as Studying Assistant by Joao ParganaSmart Speaker as Studying Assistant by Joao Pargana
Smart Speaker as Studying Assistant by Joao Pargana
 
Review of informal sector for taxation purposes
Review of informal sector for taxation purposesReview of informal sector for taxation purposes
Review of informal sector for taxation purposes
 
Tra informal sector_presumptive_income_tax_report_draft_jan11
Tra informal sector_presumptive_income_tax_report_draft_jan11Tra informal sector_presumptive_income_tax_report_draft_jan11
Tra informal sector_presumptive_income_tax_report_draft_jan11
 

More from Pascal Flamand

More from Pascal Flamand (20)

Start14 french tech startuffe nation
Start14 french tech startuffe nationStart14 french tech startuffe nation
Start14 french tech startuffe nation
 
Article "Un an de télétravail et de COVID" dans le magazine Start
Article "Un an de télétravail et de COVID" dans le magazine StartArticle "Un an de télétravail et de COVID" dans le magazine Start
Article "Un an de télétravail et de COVID" dans le magazine Start
 
Article "La tyrannie du risque zéro" dans le magazine Start
Article "La tyrannie du risque zéro" dans le magazine StartArticle "La tyrannie du risque zéro" dans le magazine Start
Article "La tyrannie du risque zéro" dans le magazine Start
 
Article "quand les licornes voleront..." dans le magazine Start
Article "quand les licornes voleront..." dans le magazine StartArticle "quand les licornes voleront..." dans le magazine Start
Article "quand les licornes voleront..." dans le magazine Start
 
Article sur "Le temps des c(e)rises" dans le magazine Start
Article sur "Le temps des c(e)rises" dans le magazine StartArticle sur "Le temps des c(e)rises" dans le magazine Start
Article sur "Le temps des c(e)rises" dans le magazine Start
 
TOC training Keycloak RedhatSSO advanced
TOC training Keycloak RedhatSSO advancedTOC training Keycloak RedhatSSO advanced
TOC training Keycloak RedhatSSO advanced
 
TOC training KeyCloak Redhat SSO core
TOC training KeyCloak Redhat SSO coreTOC training KeyCloak Redhat SSO core
TOC training KeyCloak Redhat SSO core
 
Article sur l'Agilité dans le magazine Start
Article sur l'Agilité dans le magazine StartArticle sur l'Agilité dans le magazine Start
Article sur l'Agilité dans le magazine Start
 
Article sur l'IA dans le magazine Start
Article sur l'IA dans le magazine StartArticle sur l'IA dans le magazine Start
Article sur l'IA dans le magazine Start
 
Article sur la Smart City dans le magazine Start
Article sur la Smart City dans le magazine StartArticle sur la Smart City dans le magazine Start
Article sur la Smart City dans le magazine Start
 
TOC training Keycloak RedhatSSO UMA
TOC training Keycloak RedhatSSO UMATOC training Keycloak RedhatSSO UMA
TOC training Keycloak RedhatSSO UMA
 
Article sur les Startup dans le magazine Start
Article sur les Startup dans le magazine StartArticle sur les Startup dans le magazine Start
Article sur les Startup dans le magazine Start
 
TOC training Keycloak RedhatSSO advanced
TOC training Keycloak RedhatSSO advancedTOC training Keycloak RedhatSSO advanced
TOC training Keycloak RedhatSSO advanced
 
TOC training KeyCloak Redhat SSO core
TOC training KeyCloak Redhat SSO coreTOC training KeyCloak Redhat SSO core
TOC training KeyCloak Redhat SSO core
 
Article sur les Pitchs dans le magazine Start
Article sur les Pitchs dans le magazine StartArticle sur les Pitchs dans le magazine Start
Article sur les Pitchs dans le magazine Start
 
Article sur la Transformation Digitale dans le Magazine Start
Article sur la Transformation Digitale dans le Magazine StartArticle sur la Transformation Digitale dans le Magazine Start
Article sur la Transformation Digitale dans le Magazine Start
 
Article sur l'IA dans le magazine Start
Article sur l'IA dans le magazine StartArticle sur l'IA dans le magazine Start
Article sur l'IA dans le magazine Start
 
Tribune paca jaguards 12.12.18
Tribune paca jaguards 12.12.18Tribune paca jaguards 12.12.18
Tribune paca jaguards 12.12.18
 
Partenariat Jaguards - Busit
Partenariat Jaguards - BusitPartenariat Jaguards - Busit
Partenariat Jaguards - Busit
 
La tribune ce que booster apporte à semantic experts
La tribune   ce que booster apporte à semantic expertsLa tribune   ce que booster apporte à semantic experts
La tribune ce que booster apporte à semantic experts
 

Recently uploaded

Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 

Recently uploaded (20)

WSO2CON 2024 - Lessons from the Field: Legacy Platforms – It's Time to Let Go...
WSO2CON 2024 - Lessons from the Field: Legacy Platforms – It's Time to Let Go...WSO2CON 2024 - Lessons from the Field: Legacy Platforms – It's Time to Let Go...
WSO2CON 2024 - Lessons from the Field: Legacy Platforms – It's Time to Let Go...
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
WSO2Con2024 - Organization Management: The Revolution in B2B CIAM
WSO2Con2024 - Organization Management: The Revolution in B2B CIAMWSO2Con2024 - Organization Management: The Revolution in B2B CIAM
WSO2Con2024 - Organization Management: The Revolution in B2B CIAM
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
 
BusinessGPT - Security and Governance for Generative AI
BusinessGPT  - Security and Governance for Generative AIBusinessGPT  - Security and Governance for Generative AI
BusinessGPT - Security and Governance for Generative AI
 
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
 
WSO2Con2024 - Low-Code Integration Tooling
WSO2Con2024 - Low-Code Integration ToolingWSO2Con2024 - Low-Code Integration Tooling
WSO2Con2024 - Low-Code Integration Tooling
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2
 
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital Businesses
 
AzureNativeQumulo_HPC_Cloud_Native_Benchmarks.pdf
AzureNativeQumulo_HPC_Cloud_Native_Benchmarks.pdfAzureNativeQumulo_HPC_Cloud_Native_Benchmarks.pdf
AzureNativeQumulo_HPC_Cloud_Native_Benchmarks.pdf
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 

TOC training OpenIDM

  • 2. Table of Contents Training Agenda...............................................................................................................................8 PART I) OpenIDM hands-on......................................................................................................8 Part II) Building all the different connector................................................................................9 Part III) Reconciliation................................................................................................................9 Part IV) SQL connectors...........................................................................................................11 Part V) Rule and Role Provisioning..........................................................................................12 Part 6) WorkFlow......................................................................................................................12 Part 7) Hardening – Security.....................................................................................................13 1) Getting Started with with OpenIDM.........................................................................................15 1.1) Presentation........................................................................................................................15 Prerequisites..............................................................................................................................15 1.2) Installing openIDM............................................................................................................15 1.3) OpenIDM Directory hierarchy...........................................................................................15 1.4) Starting openIDM..............................................................................................................16 1.5) OpenIDM useful Information............................................................................................17 Exercises :.................................................................................................................................17 Exercise 1 : openIDM infrastructure....................................................................................17 Exercise 2 : openIDM installation........................................................................................17 Exercise 3 : Starting openIDM.............................................................................................18 2) Discovering openIDM World....................................................................................................19 2.1) Overview - What is OpenIDM all about ?.........................................................................19 2.2)Managed Objects................................................................................................................19 2.3) Connectors.........................................................................................................................19 2.5) Mappings.......................................................................................................................20 2.6) Accessing to openIDM as administrative user...................................................................20 2.6.1) Dashboard..................................................................................................................20 2.6.2) Configure Tab.............................................................................................................21 2.6.3) Manage Tab................................................................................................................22 2.7) Accessing to openIDM as normal user..............................................................................24 Exercises :.................................................................................................................................25 Exercise 1 : Using the admin user........................................................................................25 Exercise 2 : Creating a new User.........................................................................................25 3) OpenIDM Architecture..............................................................................................................26 3.1) Overview............................................................................................................................26 3.2) OpenIDM infrastructure using OSGI Framework.............................................................26 3.2) OpenIDM Modules............................................................................................................27 3.3) OpenIDM Core Services....................................................................................................27 3.3.1) Managed Objects :.....................................................................................................27 3.3.2) Object Model..............................................................................................................28 3.3.3) Mappings....................................................................................................................28 3.3.4) Synchronization and Reconciliation..........................................................................28 3.3.5) Workflow....................................................................................................................28 4) Connector – Using an XML Connector.....................................................................................29 4.1) Overview............................................................................................................................29 4.2) Exercise..............................................................................................................................29 5) Connector – Using an LDAP Connector...................................................................................34 5.1) Overview............................................................................................................................34 openDJ installation...............................................................................................................34 2
  • 3. 5.2) Bringing up DJ LDAP Connector......................................................................................34 5.3) Viewing the connector Data...............................................................................................37 5.4) Rest command to query ldap connector data.....................................................................38 6) Connector - using an SQL connector using groovy..................................................................39 6.1) Overview............................................................................................................................39 6.2) Prerequisite........................................................................................................................39 6.2.1) maven and mysql.......................................................................................................39 6.2.2) mysql-connector-java-5.1.41-bin.jar driver...............................................................39 6.3) Exercise..............................................................................................................................39 6.3.1) Connecting to mysql database....................................................................................39 6.3.2) mysql hrdb database preparation....................................................................................40 7) Connector – Using an AD connector.........................................................................................45 7.1) Overview............................................................................................................................45 7.2) Prerequisite........................................................................................................................45 7.3) Test to access to AD machine............................................................................................45 7.4) AD provisioning file..........................................................................................................46 7.5) Display AD data within AD connector..............................................................................46 7.6) Other way to bring up AD connector.................................................................................49 8) Mapping and Reconciliation......................................................................................................50 8.1) Overview............................................................................................................................50 8.2) Mapping - XML to Managed User....................................................................................50 8.2.1) Sync.json file – Mapping File....................................................................................50 8.2.2) Creating an XML mapping to Managed User Object Mapping File..........................50 Properties :............................................................................................................................53 Association :.........................................................................................................................53 Behaviors..............................................................................................................................53 8.2.3) Adding properties to the Mapping..................................................................................55 8.2.3.1) adding new attribute property.............................................................................55 8.2.3.2) Adding transformation script to the authzroles..................................................55 8.2.3.6) Adding a default password.................................................................................57 8.3) Running Reconciliation.....................................................................................................57 8.3.1) Creating a Managed User object................................................................................57 8.3.2) Running « Read-Only Reconciliation ».....................................................................58 8.3.3) Running Reconciliation using the default policy.......................................................60 8.4) Creating a synchronization mapping (OpenIDM – LDAP)...............................................61 8.4.1) Overview....................................................................................................................61 8.4.1) Prerequisite.................................................................................................................61 8.4.3) OpenDJ installation and Configuration......................................................................61 8.4.4) Creating a mapping from IDM to LDAP...................................................................62 8.4.5) Mapping attribute Grid Properties.............................................................................65 8.4.6) Add onCreate – Situtional Event Script.....................................................................66 8.5) openIDM – OpenDJ Reconciliation..................................................................................67 8.5.1) Checking openIDM – OpenDJ reconciliation............................................................67 8.5.2) openIDM – OpenDJ Implicit Sync............................................................................68 8.6) Adding some new XML users............................................................................................68 8.6.1) Adding 2 new users to the XML file..........................................................................68 8.6.2) Running the Reconciliation........................................................................................69 8.7) Managed User - Linked System........................................................................................71 8.7.1) Managed Users...........................................................................................................71 8.7.2) Checking Managed User............................................................................................72 3
  • 4. 8.8) Adding description field to Managed User Object............................................................74 8.8.1) Adding attribute description to the Managed User Object.........................................74 8.8.2) Make Attribute viewable............................................................................................75 8.8.3) Check that description property on Managed User....................................................76 8.8.4) Check the description attribute value on LDAP........................................................76 8.9 Using the CLI......................................................................................................................77 8.9.1) Running the Reconciliation command from the CLI.................................................77 8.9.2) Accessing to the Managed Users using the CLI........................................................77 9) AD - IDM - OpenDJ..................................................................................................................79 9.1) Presentation........................................................................................................................79 9.2) Requirements.....................................................................................................................79 9.3) AD provisioning connector configuration.........................................................................80 9.4) AD connector user data verification..................................................................................81 9.5) Synchronization file sync.json...........................................................................................82 9.6) Reconciliation on AD mapping.........................................................................................82 9.7) Understanding reconciliation error message......................................................................84 9.8) Fixing the errors – Running Reconciliation.......................................................................85 9.9) Propagation of AD User to LDAP.....................................................................................87 9.10) Performing an update on an AD user – Implicit Synchronization...................................88 10) OpenIDM – AD Mapping........................................................................................................90 11) Scripted SQL Connector - Reconciliation...............................................................................91 11.1) Overview..........................................................................................................................91 11.2) MySQL environment.......................................................................................................91 11.3) Mysql Database Preparation............................................................................................91 11.3.1) Checking mysql database.........................................................................................91 11.3.2) Creating hrdb database.............................................................................................92 11.3.3) MySQL Connector...................................................................................................92 11.4) Scripted SQL connector creation.....................................................................................92 11.5) Run the example..............................................................................................................94 11.5.1) Reset the SQL database............................................................................................94 11.5.2) Checking data at SQL Level.........................................................................................94 11.5.3) Verify data at SQL connector level...............................................................................95 11.6) Performing Reconciliation..........................................................................................95 11.7) REST API Queries...........................................................................................................96 11.7.1) _queryId= query-all-ids............................................................................................96 11.7.2) QueryFilter – Global query......................................................................................96 11.8) QueryFilter – Filtering the request...................................................................................98 12) Using the SQL database table connector – Running reconciliation........................................99 12.1) Create a contractor database ;..........................................................................................99 12.2) Database Table Connector.............................................................................................100 12.3) Creating a mapping........................................................................................................105 12.4)Performing a REST Query on Database Table connector..............................................106 12.5) Performing Reconciliation (Read only mode)...............................................................106 12.6) Run Reconciliation « Default Actions ».......................................................................109 12.7) Adding a new attribute to User Managed Object...........................................................111 13) LiveSync Process...................................................................................................................115 13.1) Overview........................................................................................................................115 13.2) Using LiveSync..............................................................................................................116 13.2.1) Configuring LiveSync............................................................................................116 13.2.2) Enabling Auto-sync on MySql Database ..............................................................118 4
  • 5. 13.2.3) Modification of SQL attribute................................................................................118 13.2.4 LiveSync configuration on OpenIDM using Admin UI interface..........................119 13.2.5 Querying LiveSync on OpenIDM using Rest API call...........................................119 13.2.6 displaying LiveSync on OpenIDM information......................................................120 13.2.6 Enabling LiveSync on OpenIDM using REST API................................................120 13.2.7 Verification that LiveSync is enabled......................................................................121 13.2.8) LiveSync in action.................................................................................................121 13.3) Using the scheduler to run liveSync..............................................................................123 13.3.1) LiveSync Scheduler file..............................................................................................123 13.3.2) Example of LiveSync Update................................................................................124 13.4) Checking Log files upon LiveSync...........................................................................125 13.5) Using LiveSync with openDJ........................................................................................126 4.3.1. Setting Up OpenDJ.......................................................................................................126 14) Custom endpoint....................................................................................................................127 14.1) Overview........................................................................................................................127 14.2) openidm instance................................................................................................................127 14.3) Construction of the custom endpoint.............................................................................128 14.3.1 Curl custom query...................................................................................................128 14.3.2 Providing a test script..............................................................................................128 14.3.3 endpoint recording verification – cli.sh validate.....................................................129 14.3.4 test of the custom endpoint URL.............................................................................129 15) Rule Provisioning..................................................................................................................131 15.1) Overview...................................................................................................................131 15.2) openidm instance...........................................................................................................131 15.3) Adding new attributes to Managed User schema...........................................................132 15.4) adding a transformation script.......................................................................................133 15.4.1) adding new custom grid attribute...........................................................................133 15.4.2) adding transformation script..................................................................................135 15.5) Reconciliation – user Provisioning................................................................................138 16) Role and assignments............................................................................................................140 16.1) Overview........................................................................................................................140 16.2) Role in more details.......................................................................................................140 16.3) Assignment in more details............................................................................................141 16.4) Use case example...........................................................................................................143 16.4.1) LDAP ICF connector password.............................................................................143 16.4.2) Requirements.........................................................................................................144 16.4.3) Run Reconciliation.....................................................................................................145 16.5) Assignment creation (EmployeeType)...........................................................................145 16.6) Definition of a Role (Employee Role)...........................................................................146 16.7) adding an assignment to the role employe Role............................................................147 16.8) Adding a user to a role...................................................................................................147 16.8.1) Getting the value _Id of bjensen............................................................................147 16.8.2) Assigning role to bjensen.......................................................................................148 16.8.3) Display of Managed user object bjensen...............................................................148 16.9) LDAP provisioning........................................................................................................149 16.10) Adding new assignment attributes (Employee Assignment).......................................150 16.11 Adding a new managed user to the role employee........................................................152 16.12) Removing a role from a user.......................................................................................154 16.12.1) Getting the _id......................................................................................................154 16.12.2) Removing the Role from bjensen.........................................................................155 5
  • 6. 16.12.3) Verification...........................................................................................................155 17) Sample Provisioning WorkFlow............................................................................................157 17.1) Presentation....................................................................................................................157 17.1 ) start the workflow example..........................................................................................157 17.2) Configure FakeSMTP Email server...............................................................................157 17.3) Configure openIDM email settings...............................................................................157 17.4) Run reconciliation for users and roles...........................................................................158 17.4.1) Reconciling Roles..................................................................................................158 17.4.2) Reconciling Users – (Manager First).....................................................................158 17.4.3) Reconciling Users (Employees).............................................................................159 17.5) View the newly-created data..........................................................................................160 17.6) Check the workflow process definition.........................................................................161 17.7) Initiate Workflow Process..............................................................................................162 17.8) Observing administrative tasks and workflow created..................................................163 17.8.1) Task assignment.....................................................................................................163 17.8.2) Observing workflow tasks.....................................................................................163 17.8.3) observing Workflow process..................................................................................164 17.9) Workflow approval task.................................................................................................165 17.9) User1 Notification dashboard...................................................................................165 17.10) Workflow approval – Authorization Roles..................................................................167 17.11 Difference between Provisioning Role and Authorization Role...................................168 17.12) Some important files (conf directory)..........................................................................169 sync.json.............................................................................................................................169 workflow.json.....................................................................................................................169 process-access.json.............................................................................................................170 18) Workflow – Running a workflow from the reconciliation Process.......................................171 18.1) Presentation....................................................................................................................171 18.2) Starting openIDM with samples/sample9......................................................................171 18.3) Contractor on boarding process.....................................................................................171 18.4) Running reconciliation...................................................................................................171 18.4) Examining Active Workflows........................................................................................172 18.5 Checking MyTask user list (using admin CLI)..........................................................173 18.6) Performing approval process using CLI........................................................................174 18.7) Checking user Provisionniong.......................................................................................174 18.8) Some specific points to be noticed................................................................................175 19) Activiti designer.....................................................................................................................176 19.1) Overview........................................................................................................................176 19.2) Installing activi designer plugin into eclipse.................................................................176 19.3) Creating a simple Project workflow..............................................................................176 19.4) Using the palette (first steps).........................................................................................176 19.5) Producing a bar file........................................................................................................177 19.6) Testing new workflow in openIDM...............................................................................177 20) Hardening for Production......................................................................................................178 20.1) Using a Sql Database.....................................................................................................178 20.2) Running Health monitoring Check................................................................................180 20.3) Starting openIDM as a background process.......................................................................180 20.3.1) starting openIDM as background process on the command line...........................180 20.3.2) using create-openidm-rc.sh....................................................................................180 20.4) Security...............................................................................................................................180 20.4.1) openidm keystore........................................................................................................181 6
  • 7. 20.4.2) conf/boot/boot.properties file.....................................................................................181 20.5) Performing regular backups...........................................................................................183 20.6) Additional security measure..........................................................................................183 Annex 1 – SMTP Client configuration........................................................................................184 Annex 2 : Useful Rest Calls........................................................................................................186 Annex 3 - Installing OpenDJ.......................................................................................................187 Annex 4 - How to deploy windows 2012 AD on virtualbox.......................................................191 Annex 5 – AD connector : differences with template provisioning file......................................193 Annex 6: References....................................................................................................................194 Annex 7: Building Scripted SQL Connector file examples.........................................................195 Overview ................................................................................................................................195 Building samples/sample3 connector......................................................................................195 Adding the grovy connector to the own internal maven repository........................................195 Compiling successfully...........................................................................................................196 Annex 8: Requirements...............................................................................................................198 Software..................................................................................................................................198 Hardware:................................................................................................................................198 Pointers :......................................................................................................................................199 7