Popular Posts

Externalizing Authorization from Applications using Oracle Entitlements Server
Identity Management
Typically in a private cloud scenario you might have a data center with a hardware grid hosting a middle-ware platform so let's take the next step: You have the departmental application owners bu...
Oracle Identity Manager Basics: Creating a Custom Adapter in OIM 11g
Identity Management
Oracle Identity Manager Basics: Creating a Custom Adapter in OIM 11g The purpose of this entry is to explain how to create a custom adapter in OIM.  The adapter will write to an external file.&n...
OIM: Manually Revoking a Stuck Resource Object through the Database
Identity Management
Oracle Identity Manager: Manually Revoking a Stuck Resource Object through the Database Have you ever had a Resource Object stuck in a Pending or Provisioning state that you just couldn't do anythi...


  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that has been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Login
Recent blog posts
How many times have you loaded WinSCP, Eclipse, Apache Directory Studio, etc… on a fresh machine and have had an error popup saying the application can’t find java?   Below are simple directions on how to set JAVA_HOME and modify PATH to include JAVA. I’ll mention this now before you get copy-paste happy - the two paths are different, so pay attention to the paths in the examples. In Windows:       1. Click on the windows Start button       2. Right Click on Computer and select Properties       3. Click on Advanced System Settings       4. Under the Advanced tab, click...
Hits: 91
On Aug. 19th at 4:00 p.m. EST, Chad Cromwell, IDMWorks CTO, will present a brief webinar: Seamless Directory Integration & SCIM Provisioning.   The webinar will show how our IdentityForge suite of products, ForgeDS and ForgeIE, can help maintain and provision identities to on-premise target systems as well as cloud systems. During the webinar we will give a brief high-level overview of our products, our Identity Directory Store, and our Identity Gateway (Utilizing SCIM & LDAP). We will also demo these in action with a few of our target connectors: RACF, NonStop & ServiceNow. Register For Webinar Today    ...
Hits: 108
Until recently, 2-factor strong authentication has usually had extra cost and complexity associated with it. In OAM 11g R2 PS2, Oracle has sought to eliminate a lot of this with the introduction of Oracle Mobile Authenticator (OMA). Support for OMA ships out of the box with PS2 and setup is fairly straightforward. This blog post will walk you through configuring OMA from start to finish, and we’ll also share some of the tips and tricks we learned along the way. At a high level, OMA requires that you configure the OAuth Service in OAM for secret key generation. Next, you will...
Configure OAuth Service
Hits: 107
One of the connectors for NetIQ Identity Manager is the SOAP driver.  It can be used to transform directory changes into SOAP API calls.  In general, a single change in the directory on an object results in a single API call being preformed.  However, what happens when you need to make multiple API calls based on a single change?  Or if your SOAP endpoint has multiple databases and requires separate calls for each?   Typically, a XSLT stylesheet is developed to make the transform from XML to SOAP language.   Below is an example of an add event being converted into a...
Hits: 141
The challenge is: How do you make Aveksa Compliance Manager automatically create a User account object in Active Directory after running a collection (& unification) for all new users. This should be pretty easy... right, but it's not as easy as you think so I built a mindmap which explains the process:       Create an AFX connector, make sure that you enable the following functions: Create, Update and Add to AD Group Create an Application (and collectors) and associate the AFX connector to this Application. Make sure you collect Account, Account Mappings and Groups. Create an Account Template (it needs to...
Hits: 263
Certifications are one of the major components of NetIQ’s Access Governance Suite (AGS).  Great time and work is taken before the certifications are generated to make sure each certification item is routed to the correct person.  However, there are times where certification items need to be moved to another person.  AGS offers 3 different types of moving ownership of a certification item to another user.  Each type differs slightly.  The preferred method will depend on how the certification is to be run and the business rules of the organization.  To try to avoid some confusion, here are the definitions for Forwarding,...
Hits: 253
This is part 2 of a 2 part series. In part 1, we discussed developing these web service wrappers and handling security for both the OIM credentials and web service endpoints. In part 2, we'll demonstrate how to invoke these web services from your BPEL Approval Workflow (and even how to store your web service user credentials in the CSF).  One quick note: We received some great feedback on part 1 (thanks everyone!). One suggestion we wanted to pass along was to use Fault Policies around your web service calls to retry the operation in the event of network issues. We...
Hits: 322
 When we are working with a client to support a new Cloud or Enterprise system for integration with our IdentityForge suite of products, our first question to clients is usually, “Can we include an agent?” As a result, I often find myself answering variations of the question, “Why are agent-based approaches so important for identity information matters?” The reason we feel this is important is that we want to provide real value to our current and future customers. To achieve maximum ROI from their information security investments, we want to provide them with the ability to access data on the target...
Hits: 298
Leading enterprise and cloud integration software provides effective and secure synchronization between cloud-based IT automation and service management solution and enterprise information security infrastructure. MIAMI, FL (PRWEB) June 16, 2014 IdentityForge, an IDMWORKS company, today announced the availability of the Advanced Adapter for ServiceNow®. Acquired by IDMWORKS in March 2014, IdentityForge is a global leader in providing enterprise and cloud integration software for identity & access management (IAM), biometric, governance and risk, monitoring, modernization projects and custom solutions for both private and public entities. ServiceNow is a popular platform-as-a-service provider of IT service management software, and is used by many Fortune...
Hits: 173
  Overview   In this paper, we are going to walk through setting up Mobile & Social so we can log in to a protected page using a Google account.   My starting point is a fresh install of OAM R2 PS2 ( I also have OHS installed ( with an 11g Webgate. For my Identity Store, I have a fresh instance of OUD, also   ...
Hits: 309
This is an Alfred 2.0 workflow (extension) which will take a screenshot and upload it to Imgur. You will need Alfred 2.0 (currently in beta). This workflow also uses the command line tool imguru to do the uploading. You can download that here.   Activate the workflow with the ‘screenshot’ keyword. Once activated, you can switch between screenshot modes with the SPACE bar. Window mode grabs a full app window, and Selection mode (on by default) lets you draw a rectangle of what to capture. The screenshot is immediately uploaded, the Imgur URL is saved to your clipboad and also displayed as a...
Hits: 211
I don't know if you caught Larry Ellison's announcement on June 10, 2014, but Oracle has been hyping their new Database In-Memory tech and I figured I'd summarize what I've found about it so far.   The Oracle press releases speak to how revolutionary Database In-Memory will be and how it will benefit customers. So what is it exactly is it? One of the main uses for Oracle Databases is obviously to store data. But one of the things enterprise organizations also look to do is to then use that database to perform analyses.    Storing data can be highly...
Hits: 325
Over the years I have worked with a variety of environments running IDM instances.  In most cases I have found that the environments are all kept the same.  For example one instance was running all Microsoft Windows servers with similar processors, RAM, disk space, NIC cards, etc.  Another instance was entirely run on VM's using Linux with all VM's configured to use the same amount of RAM and processor cores.   However, there have been times where I have come across environments where the IDM servers were not so similar.  One in particular had multiple IDM servers where some servers were...
Hits: 353

Posted by on in IDMWorks
Recently I worked with a client who was attempting to connect to multiple Active Directory servers using remote loaders.  The client had experienced some issues getting the remote loaders to work properly.  After working through the issues we were able to successfully get the remote loaders working.  The issues varied for each remote loader and in talking with the client we discovered there was some misunderstanding about some of the documentation that lead to the issues encountered.  The information that follows is a quick reference of what a remote loader does, what is needed for common implementations and some common issues...
Hits: 523
Event Description: The rapid movement to cloud computing is driving demand for data centers and storage facilities faster than anyone would have imagined a few years ago. Changing user requirements and security concerns are altering the way data centers are designed and operated. Our panelists will address the most-pertinent issues, including what is driving demand for data centers now, what are user requirements, the new technologies that are required to meet these needs, and the different data center technology methodologies. They'll also take a look at the opportunities for the data center providers and the commercial real estate community involved in...
Hits: 408
Event Description: A modern identity revolution is upon us. Driven by cloud and mobile adoption, we've crossed the line of no return. Reacting with slight modifications to your existing strategy and infrastructure will leave you short of the goal. A modern identity strategy promises to unlock the true potential of the cloud by enabling a world where users, devices and apps are trusted but controlled, connected but secure. The good news is that your wait is over. After a decade of advancements in identity, a new model for identity has emerged. Understanding this modern identity revolution will put you at a...
Hits: 453
As I look forward to downing a few tacos and margaritas this evening at my local cantina, I thought it appropriate to point out five (or cinco) things everyone should know about the latest security flaw to make the news. The latest security issue on the internet involves a technology that many users utilize on a daily basis; I'm talking about OpenID and OAuth.  To get an in depth look at OAuth, check out my previous blog post. 1.  What is OAuth & OpenID? You may not know the technology by those names, but these two authentication schemes allow users to...
Hits: 1015
  Whitepaper Executive Summary   With the release of Identity & Access Management suite R2 PS2 (, Oracle has released a new deployment tool to automate the installation and configuration of products related to the IAM suite. This tool is named Oracle Identity and Access Management Deployment Wizard.   With the Deployment Wizard, you can fully automate the installation, configuration and integration of WebLogic Server, SOA Suite, Oracle Identity Manager, Oracle Access Management, Oracle Unified Directory, Oracle HTTP Server and Webgates. The tool allows you to select one of three deployment topologies: OIM, OAM or OIM integrated with OAM and OUD....
Hits: 1119
It looks like we are living in the era of security flaws. Recently it was HeartBleed, and now it is about the OAuth and OpenID Flaw discovered last week and termed Covert Reunion or Covert Redirect. Published by Wang Jing, a Ph.D student from Nanyang Technological University in Singapore as Covert Redirect, this flaw states that the redirect URI (Uniform Resource Identifier) can be manipulated in a way that malicious websites can easily get access to tokens (provided by Facebbook, Google, Microsoft, etc. to access user information) and use it for their benefit. In a purely hypothetical example, let's say the ESPN website asks a...
Tagged in: OAuth2 OpenID Oauth
Hits: 550
A new vulnerability has been published which affects OAuth and OpenID protocols, named Covert Redirect. This vulnerability affects all the top major OAuth 2.0 and OpenID providers, including Facebook, Google, Yahoo, LinkedIn, PayPal, Live, Github, and many more. This blog provides a summary of how it works and why it's going to be difficult to get this patched. First, most websites out there have a redirect URL, which allows them to send the user to external sites through the redirect so they can capture and track it (presumably). For example, http://my company.com/redirect?http://someothersite.com Now, without going into too much detail about how OpenID and OAuth...
Hits: 405


Contact Us

Please fill in all required fields.