Popular Posts

Getting Started with OAuth2Client on iOS
Custom Solutions
In creating a proof-of-concept iOS app that uses OAuth2 to consume the Google APIs, I began with the OAuth2Client project by the folks at nxtbgthng GmbH. This project is one of oldest and most ac...
Oracle Identity Manager Basics: Creating a Custom Adapter in OIM 11g
Identity Management
Oracle Identity Manager Basics: Creating a Custom Adapter in OIM 11g The purpose of this entry is to explain how to create a custom adapter in OIM.  The adapter will write to an external file.&n...
Externalizing Authorization from Applications using Oracle Entitlements Server
Identity Management
Typically in a private cloud scenario you might have a data center with a hardware grid hosting a middle-ware platform so let's take the next step: You have the departmental application owners bu...


  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that has been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Login
Recent blog posts
Oracle introduced their Mobile Security Suite last year and over the past few months we’ve had a chance to work with this exciting new product. One key piece of this product is the containerization tool, which containerizes and signs app to enable the secure tunnel, authentication through the secure container, encryption, etc.  Recently we had an issue when we tried to containerize an iOS app developed with the new Swift language. After we containerized and signed the app, we saw this error when running the app on the device itself: Error: /private/var/mobile/Containers/Bundle/Application/1291513D-A7C0-46FF-91B6-39F41B8C3A82/Directory.app/Frameworks/libswiftCore.dylib not valid: 0xe8008018: The identity used to sign the...
Hits: 100
Introduction The following guide will walk you through all of the steps necessary to create a series of REST activities in a custom ServiceNow workflow. We'll be using JSONPlaceholder as a REST API for the examples. This is a simple public JSON API that supports all of the various HTTP verbs and mocks the results. One of the endpoints supplied by the REST API is for managing hypothetical blog posts. The general workflow we'll be creating is this: Request a list of posts Store the ID of the first post Request a single post matching the stored ID Store the Title...
Hits: 199
Welcome to part 2 of our two part series on load testing your LDAP with JMeter. In part 1, we setup a simple test plan with a thread group and loop controller along with a simple LDAP Request sampler. Today in part 2, we will look at using a CSV file to drive a multithreaded test with different users. We will also demonstrate how you can distribute your load test across multiple machines to enhance the capabilities.    Using a CSV File To start, setup a simple CSV file with each line containing a username and password, like this: user.0,password user.1,password...
Tagged in: JMeter LDAP Load Testing
Hits: 177
JMeter is a powerful load testing utility supporting many different types of servers and protocols including HTTP, JDBC, LDAP, and TCP. This blog post will walk you through load testing an LDAP server.  If you’d like to follow along, you should download and install JMeter before you begin. This open source tool and is freely available at http://jmeter.apache.org. In part 1, we will look at configuring JMeter to do a few simple operations against an LDAP. We will also introduce a multithreaded test feature to simulate many concurrent operations.    Setting Up Your Test Plan When you first launch JMeter, you...
Tagged in: JMeter LDAP Load Testing
Hits: 243
Custom tasks can be a powerful way to extend Sailpoint’s functionality to perform certain actions that the Out Of The Box (OOTB) solution doesn’t support. As a Sailpoint developer, you’re likely to run into certain client requirements for reporting and certifications which cannot be achieved using default tasks or OOTB configurations. Recently, I had to create a custom task to export audit reports in CEF format (for HP ArcSight) to a location on the server. The task would be set to run periodically. As at the time of this writing (IIQ v 6.3), there was no OOTB API support to export...
Hits: 241
There are currently several mature development environments built for the Go programming language. Some examples include vim-go for Vim and go-plus for Atom. Another entry that shows a lot of promise (but I hesitate to call mature) is the Go language plugin for IntelliJ. Initially launched as GoIde, the implementation has since migrated to a plugin for the IntelliJ IDE rather than a stand-alone IDE. It has gone through several development cycles and at least one major rewrite but is finally starting to show real promise in matching the features found standard in other Go environments. One feature found in other environments but...
Tagged in: Golang IntelliJ
Hits: 325
IDMWORKS is pleased to introduce our Oracle Mobile Security Suite Demo! IDMWORKS has developed an easy way for you to try out the exciting features available in the OMSS product. Setup takes just a few minutes, so we invite you to register for an account, login and have a look around. For now, the Test Drive works with iOS devices only.  Oracle Mobile Security Suite (OMSS) isolates corporate from personal data, enabling BYOD without cumbersome Mobile Device Management (MDM) overhead. A key feature of the OMSS architecture is the Secure Container, which protects corporate data and enforces enterprise security requirements without compromising...
Hits: 367
Symptoms:  When trying to import a new project from Identity Vault nothing happens when you click next after entering host, username, and password information. When clicking Test Connection in Identity Vault Properties nothing happens. In the error log to have this error:  (Type Error in the Search box in the upper right.) eclipse.buildId=unknown java.version=1.7.0_65 java.vendor=Oracle Corporation BootLoader constants: OS=win32, ARCH=x86_64, WS=win32, NL=en Command-line arguments:  -os win32 -ws win32 -arch x86_64 -clean   Error Fri Feb 20 10:35:30 MST 2015 Unhandled event loop exception   java.lang.NoClassDefFoundError: Could not initialize class com.novell.admin.ns.nds.jclient.NDSNamespaceImpl at com.novell.core.datatools.access.nds.DSAccess.authenticateToTree(Unknown Source) at com.novell.core.datatools.access.nds.DSAccess.buildDSAccess(Unknown Source) at com.novell.designer.Designer.testCredentials(Unknown Source) at com.novell.idm.config.internal.IdentityVaultPage.widgetSelected(Unknown...
Hits: 266
Recently we encountered an issue at a client where we were seeing intermittent failures for some users when they tried to authenticate via OAM. In the logs, we saw errors indicating authentication failed because multiple users had the same UID (which was the attribute OAM was using to find users in the identity store.)  As it turns out, the identity store was an Oracle Virtual Directory instance with multiple adapters pointing to several different backend data stores. In the case of these authentication failures, there were matching users in several backend data stores with the same UID, meaning OAM could not...
Hits: 467
Giving your business a presence in mobile app stores can be a great marketing tool, but creating fully native mobile applications can be a daunting task. Implementing all of your functionality in new native applications for each mobile platform requires significant resources, and often the return on investment is not immediately clear. What if you could have the best of both worlds: exposure in each platform's app store, while leveraging the investment in your existing mobile-friendly website? Creating a Windows Phone application that wraps your existing website is pretty straightforward. Prior experience with Windows development, C#, and/or XAML is helpful but...
Create New Project
Hits: 450
OIM ships with an out of the box capability to purge Recon events. Starting with R2 PS2, this feature is available via a scheduled job called OIM Data Purge Task. Recently we experienced a strange issue where not all eligible recon events were getting purged. Specifically, the reconciliation purge retention period was set to 7 days, yet we found that there were thousands of reconciliation events not getting purged even though they were several weeks (or months) old.   The problem: After digging into the Recon Purge Stored Procedure, it was discovered that entries in recon_events with a corresponding entry in...
Hits: 479

Posted by on in IDMWorks
When implementing a new IDM product there is one thing that should never be skipped - training.   Oftentimes training gets overlooked during scheduling or is cut out due to budget concerns.  It happens.  When you are coordinating resources and scheduling, most project managers focus on development, testing and implementation times, so training is not considered and gets left out.   Training can also get cut out of financial concerns.  True, funds are finite.  Companies and departments have budgets that they have to operate within and training costs extra.  This means that if training will add a few thousand dollars to...
Hits: 366
The SSLPeerUnverifiedException arises when a client is trying to access a service on a secured webserver. It indicates that the peer's identity has not been verified.  When You'll See It: You’re likely to come across this error if you use the integration activity while developing your workflows in designer.  What To Check: When you get this error, this is one way you can quickly identify the root cause: Depending on the webserver (in my case, it was jboss) you can enable SSL debugging and restart the webserver. When you re-run the workflow, you’ll get additional information around the exception. E.g. “The...
Hits: 360

Posted by on in Identity Management
Now that the holidays are over, it’s a good time to reflect on the IDM impact of paid holidays or large percentages of workforces taking vacation time all at once.  Although day-to-day work may stand still for a few days, time does not.  Many companies today have security policies that require passwords to be changed every so many days, so holidays and periods of lengthy absences can cause issues to arise.  When a large portion or even all of the workforce is out of the office for an extended period of time, a significant percentage will find that their passwords have...
Hits: 392

Posted by on in Identity Management
It's holiday season again and for many companies that means a reduced workforce with a lot of personnel taking lots of time off to spend with family and/or travel.  For most this is an annual time of celebration and relaxation, but for others, like a help desk or IT person, it means the calm before the storm.  All too often the return from the holidays heralds in a flood of calls and support tickets for users that have forgotten passwords, had passwords expire over the holiday break or accounts being locked for too many failed login attempts.  For those that support...
Hits: 446
Recently I encountered an unusual scenario; after submitting a workflow successfully the approver was unable to access the request.  The request showed up in the approver's task list but upon clicking the request the approval preview failed to load.  Instead of showing the fields and data to be approved the UI simple showed three red words, "Provisioning application error." The approver could still perform the standard functions for claim, release and reassign but going through the various actions had no impact on the error. A quick look in the server.log file for the user application the following error was found: 2014-12-03...
Hits: 715
Are you maximizing your Aveksa/IMG investment by extending it to your most important compliance applications and providing automated provisioning and real-time data? Using RACF as an example, the current Aveksa/IMG connector provides RACF data using a File and FTP approach, which can be a slow and arduous and does not provide provisioning capabilities. We recognized that some organizations need a more robust RACF integration for Aveksa/IMG so we developed connectors for integration with provisioning capabilities like: ADD ALT CONNECT & REMOVE PASSWORD ALIAS PERMIT Our solution leverages Aveksa’s included LDAP Adapter for easy of deployment by an organization's engineers without them having...
Hits: 635
While working on a deployment of OIM 11gR2PS2 I recently had an issue where a lookup I had migrated from Dev to QA didn't look correct in QA.  Some of the values were missing from the lookup.  I knew I had imported the lookup, but either someone edited the lookup or I imported something incorrectly and I wanted to know which.   Everything else imported correctly, except for this one lookup.  In order to be figure out what happened, I went through the tables that store information about deployment manager and was able to see what was deployed and when.  The...
Hits: 759
If your client makes use of the out of the box admin roles in OIM 11gR2PS2, then you have no doubt run into a situation in which you need to grant additional authorization to a role. This can be done by extending the domain to include Oracle Entitlement Server and creating a new authorization policy. Oracle has a good note for extending your domain, located here http://docs.oracle.com/cd/E27559_01/install.1112/e27301/oim.htm#CDDJFEFA Recently, my client has requested that users in the admin HelpDesk role be able to modify an extranet lockout UDF on the user form but they did not want to grant blanket modify user authorization...
Hits: 1036
Recently at a client we were seeing intermittent Authentication errors with the following in the logs: Caused by: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User xelsysadm javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User xelsysadm denied         at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)   We were not seeing the issues regularly, only during periods of high activity.   As a result of not being able to replicate the issue reliably, we had problems understanding what was going on. The user existed in the Identity Store (LDAP), was seen in the Weblogic Users section, and was viewable in OIM.  Sometimes the user would work and sometimes it would not.  We could not reliably define...
Hits: 1054


Contact Us

Please fill in all required fields.