Popular Posts

Getting Started with OAuth2Client on iOS
Custom Solutions
In creating a proof-of-concept iOS app that uses OAuth2 to consume the Google APIs, I began with the OAuth2Client project by the folks at nxtbgthng GmbH. This project is one of oldest and most ac...
Databases, ACID Compliance, NoSQL, and More
NoSQL has been in the media for the last couple years as one of the new marketing buzzwords and you may be wondering exactly what it is, what it can do, and how it can fit into your current infrastruc...
Oracle Identity Manager Basics: Creating a Custom Adapter in OIM 11g
Identity Management
Oracle Identity Manager Basics: Creating a Custom Adapter in OIM 11g The purpose of this entry is to explain how to create a custom adapter in OIM.  The adapter will write to an external file.&n...


  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that has been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Login
Recent blog posts
One thing that can be commonly overlooked in early SailPoint projects is performance tuning.  Just like a car, SailPoint will get you where you need to go, but with a little tuning, it can get you there much faster.  SailPoint provides a great performance tuning guide with all of the detailed JVM and database tuning options.  Here are a few quick ways to improve the performance of IIQ:   1.      Increase dataSourceMaxActive This value is stored in the iiq.properties file and controls how many connections IIQ can open to the repository at one time.  The default is 50 connections but most...
Hits: 135
Have you ever needed a non-root install and just wanted a quick guide to get it in without having to do a lot of research? This is a quick example guide of getting you started from start to finish. This also gives guidance of how to structure a non-root install so that there isn't a lot of guess work for someone that isn't familiar with the existing environment. Purpose: This is a quick start guide to assist in setting up an eDirectory and IDM installation onto a Linux box, without root access. This install was specific for a SuSE Linux server. Other...
Hits: 129
I’m certain that as enthusiasts in technology, you have heard a lot about systems on a chip (Or SoCs).  They are what power our smartphones, connect our homes (For instance, the NEST thermostat uses a SoC), and help operate our vehicles. So it's no surprise that Raspberry Pis (And their kin, such as the ODRoid C1) are fantastic devices.  For an incredibly small up-front amount you get what amounts to a bit less than an AWS T2 micro instance (In terms of raw compute- for now anyways) for substantially less cost annual cost[1].  They're also great for prototyping- trying out ideas...
Hits: 165
For those of you responsible somehow for the security of your company’s network and information stores, your job never ends. You are placed between two points of diminishing returns between authentic users and the rest of the world, hackers, competitors, prior employees, and list goes on.  I compare your job to one I previously had working in product development for one of the leading automotive manufacturers in engine electronics. Our trade offs were performance, fuel economy and air quality.  It was a complex triangle and one where none of the end points were ever fully satisfied. Compromise was always the present...
Hits: 184

Posted by on in Access Management
RSA Via provides the ability to integrate with web service enabled solutions in several ways.  This can be accomplished by creating web service nodes in fulfillment workflows, enabling RSA Via web services, or leveraging their additional web service fulfillment handler integration.   For this post I am going to cover the latter as it pertains to connecting to other service request tools like ServiceNow, Remedy, and Cherwell.  There are two main components to the integration, the Web Service Fulfillment Handler and the Query Status Command Handler. The first of these two is what translates the request from Via and builds the...
Hits: 227
Often times there are requirements to pick dates for workflow requests within NetIQ User Application workflows.  These could be for start dates, end dates, effective dates or any other dates of interest.  The possibilities are numerous for all of the situations and scenarios that might call for a user to select one or more dates during the request/approval process.   In many cases developers can just slap a text field or two on the forms and just let users enter a date value and hope that it is a correct format.  Sure, developers can do extensive scripting logic to validate and...
Hits: 229
There are good reasons to deliberately pack a move. Our process is automated; but even if you must plan by hand you should do it. We’ll look at how to do it. What is meant by packing for a move? It means loading the truck in a specific order so items install smoothly when unloading. Collecting items from various points in loading is better than scattered installing. Why bother? Among the reasons are: •Devices with HIPPA, PCI, or other PII  data should be under audit control. •It helps you install higher priority systems first. •It helps you separate items for multiple...
Hits: 263
Depending on your role within an Identity & Access Management shop, successes are defined by various proverbial champagne-popping accomplishments.  If your role is that of a Software Engineer, you and your colleagues give each other a pat on the back and an “atta-go!” on the day the major release of the product you’ve been working on is unleashed on the market. If sales is your thing, you get to flex your muscles and strut around feeling a little taller after you make that six-figure licensing sale.  You feel a sense of finality to your recent efforts, and tomorrow you’ll start something...
Hits: 408
Often times an IDM solution’s connector/functionality does not have the ability to fully match the disablement requirements for a client when it comes to Microsoft Exchange.  An example of this is the education industry where the requirement calls for the Active Directory account to be placed into a dummy organizational unit, yet left enabled to facilitate an influx of rehires on an annual basis, i.e. returning school staff. In cases such as this, the client requires that the AD account be moved to the disabled OU and restrict client access to the user’s mailbox.  Attributes such as disabling ActiveSync for mobile...
Hits: 375
I recently encountered an issue at a client that I thought might be useful to share with others.  We were implementing OAM using the F5 (v11.5.2) OAM APM module to act as the webgate in our test environment.  Our initial implementation used Open security mode to validate the connection worked.  We then progressed to Simple mode to test SSL.  This point is where we hit a wall.  We kept seeing that the F5 would not initialize because it could not contact the Access Server.  Very generic errors such as "Access Server you specified is currently down. Please check your Access...
Hits: 628

Posted by on in Identity Management
Have you ever found yourself needing your NetIQ IDM solution to perform a set of instructions at a specific time of day or at regular intervals? Most solutions for IDM include some timed processes like nightly checks for upcoming password or account expirations that require email notifications to account holders or managers.  The challenge most people face with these types of processes is understanding how to execute a regularly scheduled routine in the NetIQ's real-time, event triggered IDM system. Luckily NetIQ has already thought about that too and has given us more than one way to achieve this.   In this...
Hits: 679

Posted by on in Data Center
One often overlooked aspect of relocating your data center is the impact the move will have on your end-users and their applications. While the underlying technology is important, your clients are interacting with their applications on a daily basis. If we take a top down approach to data center migration, and start by understanding your application level and then working our way down through the interfaces to the Server/Storage and finally the network, we can uncover the true effect the move will have on your end-user clients.  With many of our customers, we find there are conflicting lists of applications and...
Hits: 423
Within RSA IMG (formerly Aveksa) workflows you can assign many resources to complete an approval and/or manual fulfillment activity. The following screenshot shows an example of resource assigned to an approval activity. The following screenshot shows an example of resource assigned to a manual fulfillment activity.     There is, on occasion, the need to update the resource assignments, due to some type of personnel turnover  - whether the person leaves the enterprise or transfers into another role. When this happens, you find yourself having to edit the workflow. NOTE: In RSA IMG 6.9 the notion to configure “Other…Owners” for any...
Hits: 728
IDMWORKS Recognized for Expertise in Selling, Deploying and Supporting Oracle Identity and Access Management Solutions August 12, 2015 – IDMWORKS today announced that it has achieved Platinum partner status in Oracle PartnerNetwork (OPN). By attaining Platinum level membership, Oracle has recognized IDMWORKS for its in-depth expertise and excellence in delivering identity and access management solutions and for uniquely addressing the challenges of joint customers. IDMWORKS has established its depth and breadth of the expertise across key Oracle solution areas, including the Oracle Identity and Access Management Suite, the Oracle Mobile Security Suite Plus, Oracle Enterprise Single Sign-On Authentication Manager, Oracle Directory...
Tagged in: Oracle
Hits: 482
I ran into an issue where I couldn't determine why a certain ACI was not working as expected in Oracle Unified Directory 11gR2.  After doing some research, I stumbled onto Effective Rights Control (ERC) within OUD.  Effective Rights Control forces OUD to output the ACI that is affecting an entry's permissions.   Here is the Oracle document on Searching Using the Get Effective Rights Control (http://docs.oracle.com/cd/E29407_01/admin.111200/e22648/managing_data.htm#solTO-SEARCH-USING-THE-GET-EFFECTIVE-RIGHTS-CONTROL)   The following command will display a description of the access permissions for an entry for the categories of add, delete, read, write, and proxy.  This command doesn't get down to the individual attribute level, but...
Hits: 540
From time to time we run across requirements where there is some attribute that is used to hold a value that can vary greatly across the enterprise from one object to another, usually users.  Most commonly it is for things like job codes, departments, locations or various entities under a corporate umbrella. Typically in those situations we find that the requirements call for some values to be permitted through the system while others are not or that various values will need to have additional logic applied to them compared to others. Now this may not sound like a difficult requirement to...
Hits: 555
Problem: So maybe my pain will help someone else.  I recently encountered an issue when combining OAM, Unsolicited Login and SSL.  I had configured everything properly in a test environment so that Unsolicited Login worked properly over HTTP.  Testing verified everything worked properly.  As soon as we switched to using our HTTPS-only endpoints everything broke. This scenario should only occur if you are in an HTTPS-only environment for a reason to be described below. It turned out that somehow, despite specifying our successurl as: <input type="hidden" name="successurl" value="https://myserver.example.com/application"> OAM translated that value as http://myserver.example.com/application. As such we saw the following in...
Hits: 944
As an IdentityIQ implementation becomes more mature, there will inevitably be more applications connected. Depending on how the roles are set up, this will have one major consequence: provisioning the roles will take longer. The way IIQ will attempt to provision the roles, out of the box, is serially. It will run through each application being provisioned one at a time, waiting for a response from the target, before it moves on to the next operation. Oftentimes, this will be no issue as many roles will still fly through, assuming everything goes right. There are many cases though (admin roles and...
Hits: 871
Below are a list of Operating systems that the RSA IMG application will install on. The RSA IMG will also install on a RHEL 6U6 os version, there is only one place that you will have to modify so that the installation script will perform the install. SUSE Linux Enterprise Server 11SP3RHEL 5u8 RHEL 5u9 RHEL 5u10 RHEL 6 RHEL 6u1RHEL 6u2 RHEL 6u3 RHEL 6u4 RHEL 6u5 How to correct the version issue when installing V6.9.1 on a RedHat OS version 6.6 Description of the error: When installing aveksa version 6.9.1 on a redhat os version 6.6 I had to...
Hits: 688

Posted by on in Access Management
So I ran into an issue with OAM 11gR2PS2 where I needed to modify the retry limit for the authentication scheme.  Previous versions of OAM used a system level value that you could define in oam-config.xml (per https://support.oracle.com/epmos/faces/DocumentDisplay?id=1360866.1).  When I tried that for PS2, I still saw the default 5 retries.   I then stumbled onto an article talking about someone exhibiting the behavior I desired when they didn't want it (https://support.oracle.com/epmos/faces/DocumentDisplay?id=1570598.1)   As a result, in my authentication scheme, I added OverrideRetryLimit=1 into my Challenge Parameters.  Once you click apply, the value takes effect.     The benefit to this modification, and...
Hits: 794


Contact Us

Please fill in all required fields.