Popular Posts

Externalizing Authorization from Applications using Oracle Entitlements Server
Identity Management
Typically in a private cloud scenario you might have a data center with a hardware grid hosting a middle-ware platform so let's take the next step: You have the departmental application owners bu...
0
Oracle Identity Manager Basics: Creating a Custom Adapter in OIM 11g
Identity Management
Oracle Identity Manager Basics: Creating a Custom Adapter in OIM 11g The purpose of this entry is to explain how to create a custom adapter in OIM.  The adapter will write to an external file.&n...
0
OIM: Manually Revoking a Stuck Resource Object through the Database
Identity Management
**NOTE: As with all Tips and Tricks we provide on the IDMWorks blog, use the following AT YOUR OWN RISK.  We do not guarantee this will work in your environment and make no warranties*** Oracle Ident...
0

IDMWORKS : Blog

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that has been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Login
Recent blog posts

Posted by on in IDMWorks
One of the items we've been asked to integrate into SailPoint IIQ recently has been file shares. We want to be able to pull in permissions on folders and files within the file shares to certify their access within SailPoint IIQ. There isn't a specific connector within IIQ for file shares. SailPoint’s documentation states that an unstructured data is “any data that is stored in a format that is not easily readable by a machine.” In our case, the unstructured data are the permissions in the file shares. To aggregate the data for certification, we must use the unstructured target portion...
Hits: 157
0
Anyone familiar with identity management is well aware that not all data is created equal. Many times we get data that isn’t exactly in the state we’d like it to be. One instance I’ve seen many times when working with data for SailPoint IIQ is to get data in what can be described as a horizontal format rather than a vertical format for a CSV file. A data file that would be very easy to aggregate within SailPoint IIQ may look like the following: USERNAME, PROFILE, BUSINESSUNITuser1,Administrator,1user1,Administrator,2  user2,Super-User,1   This data is fairly basic, there’s a username attribute, a profile attribute,...
Hits: 159
0
With the release of Oracle's Identity & Access Management Suite R2PS2 (11.1.2.2.0), you can now fully automate the installation/configuration/integration of OAM, OIM and OUD. The new Deployment Tool offers the ability to create a response file and then deploy it using the Deployment Wizard. You can configure this process to do all of the following: Install OAM/OIM Install OUD and configure it as OAM Identity Store Install OHS and WebGate Configure LDAPSync Integrate OIM with OAM SSL Enable OUD and OAM Configure Reverse Proxy for all IAM consoles through OHS Configure Email Server and UMS The Deployment Wizard comes packed part...
Hits: 410
0

Posted by on in IDMWorks
NoSQL has been in the media for the last couple years as one of the new marketing buzzwords and you may be wondering exactly what it is, what it can do, and how it can fit into your current infrastructure. One of the first things to do is describe exactly what is meant by SQL and RDBMS and then proceed to explain the characteristics of databases and NoSQL databases in particular. SQL and RDBMS SQL stands for Structured Query Language.  When we refer to SQL we are talking about statements such as "SELECT * from my_Table;"  That statement will go and...
Hits: 250
0

Posted by on in IDMWorks
Description : StealthAudit is an additional software package that can be installed with Aveksa ACM product. The functions of StealthAudit is to pull FileShare and SharePoint information that will be managed in Aveksa(ACM). I ran into an issue while at a customer site when I tried to schedule a StealthAudit job to execute. Below is an explanation of what the issue was and how I corrected it. Below is the error message that I received when attempting to schedule the StealthAudit job. During today’s session we had to disable the following security policy: “Network access: Do not allow storage of credentials...
Hits: 106
0
I ran into an issue at a client that I figured I would share. They extensively use access policies in their business process to handle provisioning of resources. This worked fine in R1 and then in R2 there was an issue OOTB. Side note: To kick off this style of request you need to have your access policy set to be "with approval" instead of "without approval"   The Request Type for using Access Policy Requests is Access Policy Based Application Instance Provisioning (It used to be Access Policy Based Provisioning in R1).  If you try to create a Request Level...
Hits: 294
0

Posted by on in IDMWorks
Like most people doing SailPoint implementations, I keep a sandbox environment with SailPoint for my own testing and development. I often want to assign or remove a role from a user to test a provisioning policy or integration config. Back in the days of IIQ 5.5, I could do this by directly assigning role in the identity cube itself. Since moving to 6.0 and beyond, that functionality has been replaced with the LCM access request functionality. Overall, I really enjoy the access request functionality. It provides a full-featured request interface that is a step above most other IAM/IAG products I’ve worked on. It’s...
Hits: 195
0

Posted by on in Identity Management
If you do any kind of OIM development, you've undoubtably had to edit MDS files. I always find the process of getting files in and out of the MDS rather cumbersome so I wrote a little Java tool to make it easier. It's a runnable JAR file that will let you connect to an OIM instance (the DB actually) and will let you view and edit MDS files in a simple straight forward GUI.   You can download MDSEdit here.   Questions, comments or concerns? Feel free to reach out to us below or at IDMWORKS ...
Hits: 328
0

Posted by on in IDMWorks
As someone who has spent time as both a corporate employee that managed consultants and as a consultant, there are a few key things that I have learned and been burned by over the years and that is to make sure you have all of your "ducks in a row" when bringing a consultant in to your environment. By this I mean know your internal processes and timelines. As a corporate employee I knew that it took several days to get a contractor setup on our network so I always made sure to start that process so that either the creation date...
Hits: 148
0

Posted by on in IDMWorks
We recently had the opportunity to integrate ServiceNow’s ticketing system with SailPoint’s IdentityIQ platform for a client. The client was deploying IdentityIQ to aid in their quarterly access certification process. SailPoint IdentityIQ has provided an industry-leading access review and certification platform that would streamline their manual processes and increase the efficiency of their access reviews. The client used ServiceNow for all of their access requests, change management, and help desk incidents. Rather than using the standard SailPoint work items for revocation requests, they chose to use the out-of-the-box integration with ServiceNow to create ServiceNow tickets for provisioning. The integration itself is relatively simple: the integration...
Hits: 384
0

Posted by on in IDMWorks
It's no secret that companies are always looking for ways to save money, whether through reduced payroll, increased automation or whatever makes sense given their situation and industry. But regardless of which industry a company is in, there are always projects that need to be done. Having been in IT for nearly 20 years now, I have been involved with and witness to many such projects. With every project it is always the same story, there is a deadline and a budget that the project is not to exceed, which is to be expected. With many of the projects that was...
Hits: 123
0

Posted by on in IDMWorks
Enabling an existing open LDAP connection to use SSL is a simple process with a few code modifications and certificate creation procedures.   Example of unsecure LDAP connection: var lc = new LDAPConnection(); lc.connect( host, port ); lc.bind( LDAPConnection.LDAP_V3, user, new java.lang.String(password).getBytes("UTF8") );    Example of SSL LDAP connection: System.setProperty("javax.net.ssl.trustStore", "/opt/novell/eDirectory/lib64/nds-modules/jre1.6.0_20/lib/security/cacerts"); System.setProperty("javax.net.ssl.trustStorePassword", "changeit"); var ssf = new LDAPJSSESecureSocketFactory(); var lc = new LDAPConnection(ssf); lc.connect( host, port ); lc.bind( LDAPConnection.LDAP_V3, user, new java.lang.String(password).getBytes("UTF8") );     Step by Step: (text in red needs to be modified by the user to fit their environment) The following sets the location of the Trust Store...
Hits: 201
0
Recently we had a request to find the number of users who had (and had not) set their challenge questions in OIM 11g. Here's a quick tip to get the answer: Challenge questions and answers are stored in the PCQ table. Everything is encrypted, but you can still verify their existence by running these SQL queries: This first query will allow you to see the number of users who have not defined their challenge questions: select count(*) from usr left outer join pcq on (usr.usr_key = pcq.usr_key) where pcq_key is null; This second query allows you to see the number of users...
Hits: 257
0
As of OIM 11g R2, Design Console is still required for some functionality (although it is reportedly being phased out with its functionality being rolled into the web-based system admin app). Starting with OIM 11g, there was no longer a standalone installer for Design Console. Instead, you must install the full IAM suite and configure only the Design Console component. However, a problem arises when you want to install into a Middleware Home that does not already contain Weblogic. If you're installing into a new Middleware Home, for example /apps/oracle/Middleware/, and Weblogic has not already been installed, you will see this...
Hits: 324
0
This is an add-on to a previous post regarding migrating disconnected app instances (http://www.idmworks.com/blog/entry/disconnected-app-instances-in-oim-and-sandboxes).   We created 50+ app instances that were replacing a manual paper/email process. Each app instance collected info and forwarded that to the data owner for approval. This add-on post is just to point out a simplification to our process when migrating a large number of app instances. We will go through the whole process rather than just hashing out the differences between the two posts.    The first step is to import the database objects. A common object required for disconnected apps is the adpManualProvisioning Task...
Hits: 475
0
I wanted to provide a quick guide to Disconnected App Instances in OIM and how to handle migrating them between environments using sandboxes. First and foremost in regards to sandboxes, straight from the administration manual for R2 (http://docs.oracle.com/cd/E27559_01/admin.1112/e27149/sysadmin.htm#CACJDIFG) "...a sandbox is a temporary storage area to save a group of runtime page customizations before they are either saved and published to other users, or discarded."  The middle phrase, "group of runtime page customizations", is the key part of that sentence.  You need to understand what Oracle includes in their definition of runtime page customizations and what it considers outside of that....
Hits: 697
0

If the following scenario fits your installation and you are receiving the above error message there is a quick and simple fix to the issue. Upgrading from IDM 3.6.x  to IDM 4.02 Moving from Standard Edition to Advanced Edition. During the User Application install you will be asked to enter admin credentials in order to connect to the local eDirectory. After entering the local IP for the Identity Vault you may see the above error popup. If you moving from the Standard Edition to the Advanced Edition and have selected the correct iso image simply exit out of the User...
Tagged in: Novell IDM User App
Hits: 361
0
When you have a form with only one field, do you really need a submit button? You assume the user will want to submit once they fill out that field, right? Let's get rid of it and make our application that much simpler. In this instance, our single field is a select menu and we want to automatically submit the form when the drop-down menu changes.This solution was built using JSF 2.0 and Java:1. Add a submit and valueChangeListener to your selectOneMenu tag: onchange="submit()" valueChangeListener="#{itemBean.retrieveStatusInfo}" ORIGINAL STATE: Button for submit after menu change <h:outputText value="Select Item"/> <h:selectOneMenu value="#{itemBean.currentItem}"> <f:selectItems value="#{itemBean.items}" var="item"...
Hits: 1223
0
Posted by on in IDMWorks
Mobile represents one of the greatest challenges of enterprise IT and security. Employees, business partners, and customers, all want to be able to access enterprise applications and information, from anywhere, at any time, and using any device of their choice. Combined with cloud-based and social applications, this becomes a security and compliance nightmare.   Some of the challenges with mobile access, especially BYOD, include ·       People want to use any device of their choice, including devices not issued by and not controlled by the organization. This extends to “transient” devices, e.g., the tablet in the hotel room, or shared devices, e.g.,...
0 Comments
Hits: 903
0
This post shows an example of the basic upgrade procedure of Oracle Directory Server Enterprise Edition from 11g Release 1 (11.1.1.5.0)  to 11.1.1.7.0. ODSEE was initially installed using a zip distribution in a linux x86-64 environment in this example. We referred to this documentation on Oracle's website : http://docs.oracle.com/cd/E29127_01/doc.111170/e28971/toc.htm.  First step is to check whether the installed version of ODSEE requires migration or upgrade. Directory Server 5.x supports migration only and all the other 11g Release 1, 7.x, 6.x ODSEE instances support upgrade.  ODSEE 11g Release 1 upgrade overwrites all the binaries. All the old files related to previous installation will...
Screen-Shot-2013-10-16-at-1.57.37-PM.png
Hits: 481
0

Content

Contact Us

Please fill in all required fields.