Popular Posts

Externalizing Authorization from Applications using Oracle Entitlements Server
Identity Management
Typically in a private cloud scenario you might have a data center with a hardware grid hosting a middle-ware platform so let's take the next step: You have the departmental application owners bu...
Oracle Identity Manager Basics: Creating a Custom Adapter in OIM 11g
Identity Management
Oracle Identity Manager Basics: Creating a Custom Adapter in OIM 11g The purpose of this entry is to explain how to create a custom adapter in OIM.  The adapter will write to an external file.&n...
OIM: Manually Revoking a Stuck Resource Object through the Database
Identity Management
**NOTE: As with all Tips and Tricks we provide on the IDMWorks blog, use the following AT YOUR OWN RISK.  We do not guarantee this will work in your environment and make no warranties*** Oracle Ident...


  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that has been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Login
Recent blog posts
Certifications are one of the major components of NetIQ’s Access Governance Suite (AGS).  Great time and work is taken before the certifications are generated to make sure each certification item is routed to the correct person.  However, there are times where certification items need to be moved to another person.  AGS offers 3 different types of moving ownership of a certification item to another user.  Each type differs slightly.  The preferred method will depend on how the certification is to be run and the business rules of the organization.  To try to avoid some confusion, here are the definitions for Forwarding,...
Hits: 125
This is part 2 of a 2 part series. In part 1, we discussed developing these web service wrappers and handling security for both the OIM credentials and web service endpoints. In part 2, we'll demonstrate how to invoke these web services from your BPEL Approval Workflow (and even how to store your web service user credentials in the CSF).  One quick note: We received some great feedback on part 1 (thanks everyone!). One suggestion we wanted to pass along was to use Fault Policies around your web service calls to retry the operation in the event of network issues. We...
Hits: 213
 When we are working with a client to support a new Cloud or Enterprise system for integration with our IdentityForge suite of products, our first question to clients is usually, “Can we include an agent?” As a result, I often find myself answering variations of the question, “Why are agent-based approaches so important for identity information matters?” The reason we feel this is important is that we want to provide real value to our current and future customers. To achieve maximum ROI from their information security investments, we want to provide them with the ability to access data on the target...
Hits: 226
Leading enterprise and cloud integration software provides effective and secure synchronization between cloud-based IT automation and service management solution and enterprise information security infrastructure. MIAMI, FL (PRWEB) June 16, 2014 IdentityForge, an IDMWORKS company, today announced the availability of the Advanced Adapter for ServiceNow®. Acquired by IDMWORKS in March 2014, IdentityForge is a global leader in providing enterprise and cloud integration software for identity & access management (IAM), biometric, governance and risk, monitoring, modernization projects and custom solutions for both private and public entities. ServiceNow is a popular platform-as-a-service provider of IT service management software, and is used by many Fortune...
Hits: 110
  Overview   In this paper, we are going to walk through setting up Mobile & Social so we can log in to a protected page using a Google account.   My starting point is a fresh install of OAM R2 PS2 ( I also have OHS installed ( with an 11g Webgate. For my Identity Store, I have a fresh instance of OUD, also   ...
Hits: 205
This is an Alfred 2.0 workflow (extension) which will take a screenshot and upload it to Imgur. You will need Alfred 2.0 (currently in beta). This workflow also uses the command line tool imguru to do the uploading. You can download that here.   Activate the workflow with the ‘screenshot’ keyword. Once activated, you can switch between screenshot modes with the SPACE bar. Window mode grabs a full app window, and Selection mode (on by default) lets you draw a rectangle of what to capture. The screenshot is immediately uploaded, the Imgur URL is saved to your clipboad and also displayed as a...
Hits: 136
I don't know if you caught Larry Ellison's announcement on June 10, 2014, but Oracle has been hyping their new Database In-Memory tech and I figured I'd summarize what I've found about it so far.   The Oracle press releases speak to how revolutionary Database In-Memory will be and how it will benefit customers. So what is it exactly is it? One of the main uses for Oracle Databases is obviously to store data. But one of the things enterprise organizations also look to do is to then use that database to perform analyses.    Storing data can be highly...
Hits: 244
Over the years I have worked with a variety of environments running IDM instances.  In most cases I have found that the environments are all kept the same.  For example one instance was running all Microsoft Windows servers with similar processors, RAM, disk space, NIC cards, etc.  Another instance was entirely run on VM's using Linux with all VM's configured to use the same amount of RAM and processor cores.   However, there have been times where I have come across environments where the IDM servers were not so similar.  One in particular had multiple IDM servers where some servers were...
Hits: 280

Posted by on in IDMWorks
Recently I worked with a client who was attempting to connect to multiple Active Directory servers using remote loaders.  The client had experienced some issues getting the remote loaders to work properly.  After working through the issues we were able to successfully get the remote loaders working.  The issues varied for each remote loader and in talking with the client we discovered there was some misunderstanding about some of the documentation that lead to the issues encountered.  The information that follows is a quick reference of what a remote loader does, what is needed for common implementations and some common issues...
Hits: 407
Event Description: The rapid movement to cloud computing is driving demand for data centers and storage facilities faster than anyone would have imagined a few years ago. Changing user requirements and security concerns are altering the way data centers are designed and operated. Our panelists will address the most-pertinent issues, including what is driving demand for data centers now, what are user requirements, the new technologies that are required to meet these needs, and the different data center technology methodologies. They'll also take a look at the opportunities for the data center providers and the commercial real estate community involved in...
Hits: 362
Event Description: A modern identity revolution is upon us. Driven by cloud and mobile adoption, we've crossed the line of no return. Reacting with slight modifications to your existing strategy and infrastructure will leave you short of the goal. A modern identity strategy promises to unlock the true potential of the cloud by enabling a world where users, devices and apps are trusted but controlled, connected but secure. The good news is that your wait is over. After a decade of advancements in identity, a new model for identity has emerged. Understanding this modern identity revolution will put you at a...
Hits: 370
As I look forward to downing a few tacos and margaritas this evening at my local cantina, I thought it appropriate to point out five (or cinco) things everyone should know about the latest security flaw to make the news. The latest security issue on the internet involves a technology that many users utilize on a daily basis; I'm talking about OpenID and OAuth.  To get an in depth look at OAuth, check out my previous blog post. 1.  What is OAuth & OpenID? You may not know the technology by those names, but these two authentication schemes allow users to...
Hits: 790
  Whitepaper Executive Summary   With the release of Identity & Access Management suite R2 PS2 (, Oracle has released a new deployment tool to automate the installation and configuration of products related to the IAM suite. This tool is named Oracle Identity and Access Management Deployment Wizard.   With the Deployment Wizard, you can fully automate the installation, configuration and integration of WebLogic Server, SOA Suite, Oracle Identity Manager, Oracle Access Management, Oracle Unified Directory, Oracle HTTP Server and Webgates. The tool allows you to select one of three deployment topologies: OIM, OAM or OIM integrated with OAM and OUD....
Hits: 899
It looks like we are living in the era of security flaws. Recently it was HeartBleed, and now it is about the OAuth and OpenID Flaw discovered last week and termed Covert Reunion or Covert Redirect. Published by Wang Jing, a Ph.D student from Nanyang Technological University in Singapore as Covert Redirect, this flaw states that the redirect URI (Uniform Resource Identifier) can be manipulated in a way that malicious websites can easily get access to tokens (provided by Facebbook, Google, Microsoft, etc. to access user information) and use it for their benefit. In a purely hypothetical example, let's say the ESPN website asks a...
Tagged in: OAuth2 OpenID Oauth
Hits: 452
A new vulnerability has been published which affects OAuth and OpenID protocols, named Covert Redirect. This vulnerability affects all the top major OAuth 2.0 and OpenID providers, including Facebook, Google, Yahoo, LinkedIn, PayPal, Live, Github, and many more. This blog provides a summary of how it works and why it's going to be difficult to get this patched. First, most websites out there have a redirect URL, which allows them to send the user to external sites through the redirect so they can capture and track it (presumably). For example, http://my company.com/redirect?http://someothersite.com Now, without going into too much detail about how OpenID and OAuth...
Hits: 310
  The need for custom OIM API operations within BPEL approval workflows happens more often than one might think. While there exists a capability to embed Java code within a BPEL workflow (with the Java Embedding activity), this is far from ideal, as anyone who has tried this will understand. In fact, the Java Embedding activity is designed to provide easy access to some basic utility code, not hundreds of lines worth of functionality. Therefore, we recommend that clients deploy custom Web Service wrappers for the OIM API calls.  This is part 1 of a 2 part series. In part 1,...
Hits: 679
Database Migrations Many high-level development frameworks employ the concept of Database Migrations when it comes to maintaining a database schema. Notable examples include Active Record (used primarily by Ruby on Rails) and Entity Framework (used primarily by ASP.NET). When using Database Migrations, simple code files are created - usually automatically - in the native language of the platform. In the case of Entity Framework this is C# or VB. With Active Record it's Ruby. These code files use database-agnostic language constructs to describe schema changes. These frameworks also include tools for both creating these migration files and for playing them against...
Hits: 619
Starting with OAM 11.1.2, the features from Oracle Identity Federation have begun to be merged into the OAM Suite itself to unify the product stack. The first piece was the Service Provider (SP) functionality, which allowed OAM to act as an SP without requiring a separate OIF installation. With the latest OAM release, (PS2), the Identity Provider (IDP) functionality is now available as well. In this post, we will cover the basics such as creating a Service Provider Partner in OAM, as well as creating a Token Issuance Policy, which allows you to authorize (or not authorize) certain users to...
Hits: 634
I’m happy to see version 2.0 of Apache Directory Studio was recently released. This new version adds support for a feature I use all the time; verifying passwords and BINDing as users. Version 2.0 now supports Salted SSH algorithms:               In previous versions, passwords stored with SSHA-512, for example, showed up as “unsupported hash method” and you were unable to Verify or Bind them. What does Verify and Bind do? Verify – Performs a COMPARE operation and see if the value of the “userPassword” attribute matches what you entered. Bind – This actually performs a...
Hits: 92
Here’s a quick script that will add the OUD Authentication Provider in WebLogic. Just edit the variables in the top section, the rest should not need editing. After running, you will should update the provider order and restart all your managed servers. To quickly run this script from anywhere you can simply do this (set/change MW_HOME to your env): 1 2 export CLASSPATH=$CLASSPATH:$MW_HOME/wlserver10_3/server/lib/weblogic.jar java weblogic.WLST oudauth.py   And here is the script itself: #!/usr/bin/python import os, sys   adminUser="weblogic" adminPassword="password" adminServerHost="adminserver.host.com" adminServerPort="7001" domainName="YourDomainName" LDAPProviderName="OUDAuthenticator" LDAPHost="oudserver.host.com" LDAPPort="1389" LDAPAdmin="cn=Directory Manager,cn=Root DNs,cn=config" LDAPAdminPassword="password" LDAPGroupBase="cn=Groups,dc=your,dc=company,dc=com" LDAPUserBase="cn=Users,dc=your,dc=company,dc=com"   connect (adminUser,adminPassword,'t3://'+adminServerHost+':'+adminServerPort) edit() startEdit() cd('/SecurityConfiguration/'+domainName+'/Realms/myrealm') # In the...
Hits: 242


Contact Us

Please fill in all required fields.