Popular Posts

Getting Started with OAuth2Client on iOS
Custom Solutions
In creating a proof-of-concept iOS app that uses OAuth2 to consume the Google APIs, I began with the OAuth2Client project by the folks at nxtbgthng GmbH. This project is one of oldest and most ac...
Oracle Identity Manager Basics: Creating a Custom Adapter in OIM 11g
Identity Management
Oracle Identity Manager Basics: Creating a Custom Adapter in OIM 11g The purpose of this entry is to explain how to create a custom adapter in OIM.  The adapter will write to an external file.&n...
0
Databases, ACID Compliance, NoSQL, and More
IDMWorks
NoSQL has been in the media for the last couple years as one of the new marketing buzzwords and you may be wondering exactly what it is, what it can do, and how it can fit into your current infrastruc...
0

IDMWORKS : Blog

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that has been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Login
Recent blog posts
Below are a list of Operating systems that the RSA IMG application will install on. The RSA IMG will also install on a RHEL 6U6 os version, there is only one place that you will have to modify so that the installation script will perform the install. SUSE Linux Enterprise Server 11SP3RHEL 5u8 RHEL 5u9 RHEL 5u10 RHEL 6 RHEL 6u1RHEL 6u2 RHEL 6u3 RHEL 6u4 RHEL 6u5 How to correct the version issue when installing V6.9.1 on a RedHat OS version 6.6 Description of the error: When installing aveksa version 6.9.1 on a redhat os version 6.6 I had to...
Hits: 75
0

Posted by on in Access Management
So I ran into an issue with OAM 11gR2PS2 where I needed to modify the retry limit for the authentication scheme.  Previous versions of OAM used a system level value that you could define in oam-config.xml (per https://support.oracle.com/epmos/faces/DocumentDisplay?id=1360866.1).  When I tried that for PS2, I still saw the default 5 retries.   I then stumbled onto an article talking about someone exhibiting the behavior I desired when they didn't want it (https://support.oracle.com/epmos/faces/DocumentDisplay?id=1570598.1)   As a result, in my authentication scheme, I added OverrideRetryLimit=1 into my Challenge Parameters.  Once you click apply, the value takes effect.     The benefit to this modification, and...
b2ap3_thumbnail_OverrideRetryLimit.png
Hits: 207
0
NetIQ has released a beta version of their Designer for IDM tool on the Mac OS.  For years Designer has only been supported on Windows and Linux but with this release NetIQ has officially taken that last step to add Mac support.  If you have a Mac and want to use Designer on your native OS without having to use a VM or dual-boot system, you can download the BETA version at the link below: Beta Designer for Mac OS You will need to register an account to download the required files if you do not already have one. If you...
Hits: 429
0
Our previous blog about creating custom review reports within RSA IMG (formerly Aveksa) focused on leveraging certain views, namely pv_users, pv_reviews, pv_review_component, and pv_unified_entitlment. (http://www.idmworks.com/blog/entry/creating-a-custom-aveksa-review-report). A few things to consider when writing custom reports, or modifying those that are supplied by RSA: 1.     What are the questions that need answering in this report? 2.     Are the views documented in the “Public Database Schema Reference” guide sufficient to answer these questions? 3.     Will I need to further reverse engineer the RSA IMG relational database to get the level of details, or necessary information to build this report?   Let’s examine each aspect:...
Hits: 208
0
We always receive requests for custom functionality here at IdentityForge. Sometimes meeting these needs are easy, other times it requires us to change our outlook.  On occasion we get a request that we know will benefit our other customers as well, no matter what industry or space they reside in.  A recent request boiled down to some very simple improvements on our end that for some of our clients would enable huge boulders to be moved.  We have this large financial client in Asia and they came to us requesting help with a laundry list of hurdles and game stoppers. The...
Hits: 154
0
If you’ve ever attended an IAM seminar or conference you’ve heard the scary statistics about failure rates for IAM projects, which are known to be as high as 70%. A major contributing factor to this in most organizations is the state of Active Directory. Since AD is the heart of user account information and access granted via groups, it is the natural starting point for any IAM rollout. However, orphaned accounts and groups, miscategorized employees and a lack of clear ownership over groups can lead to the wrong people having the wrong access.  IDMWORKS & STEALTHbits are co-presenting the webinar Getting Ahead of...
Hits: 221
0
When encountering issues with the Courion Access Assurance Suite Office 365 Account Management Module (AMM) or the Password Management Module (PMM), typically one of the following two errors will be captured in the Ticketing table and the microsoft-office365pmm.log - The user name or password is incorrect. Verify your user name, and then type your password again.       - Unable to authenticate your credentials. Make sure that your user name is in the format: <username>@<domain>. If this issue persists, contact Support.”   These are Office 365 specific errors and the likely causes are below:   1.      The user name or...
Hits: 248
0
  A feature of Oracle Mobile Security Suite is the integration with its Secure Mobile Mail app. It works great out of the box, but most customers want to customize it.   During a recent implementation, we found ways to customize this app including new logos and a custom bundle identifier (a necessary step for signing with your own cert). Here's how you do it:   1) Unzip the ipa from Oracle: unzip bmtouchdown_c14n_3_6_1_596_15159-unsigned.ipa   2) Go into the extracted Payload directory, right click on MyTouchDown and select Show Package Contents.   3) Make your modifications (edit info.plist to change bundle id, update png image...
Hits: 224
0
IDMWORKS and NetIQ recently co-sponsored the healthcare technology webinar “Seamless Integration for EHR Governance with NetIQ.” In case you missed it, here are the highlights from IDMWORKS CTO Chad Cromwell’s presentation: Why Has Identity Management Become a Priority for Healthcare Organizations? 1.       Regulations HIPPA privacy and other security statutes require more audit requirements and an increase in users that are required to access multiple systems. This is driving the need to streamline the user provisioning process. 2.       Automation Automating the provisioning increases the efficiency, improves service and decreases the security administration to perform these time consuming tasks.   Meaningful Use and...
Hits: 267
0
During a recent OMSS project, we found we were having issues with kerberos authentication. We tried the typical things such as turning up logging, etc. However we found that the Access Server logs weren't showing us everything we needed to see to troubleshoot the issue with kerberos. After some research and experimentation, we found a way to increase the log level just for the kerberos library used by OMSS (Heimdal, http://www.h5l.org/).  First, find the krb5.conf file located at $OMSS_HOME/msas/conf/krb5.conf. Find the following section:   [logging]   krb5 = STDERR   Replace the krb5 option with the following: krb5: logging = FILE:/tmp/krb.log  ...
Hits: 297
0
One concept common in medium-to-large software development projects is the separation of data-access code into layers. This has the benefits of separating concerns, easing testing, and simplifying dependencies. While the Go programming language has several ORMs in various stages of development to assist with this concept, most pull you further away from the database driver implementation, making it harder to leverage features specific to the underlying database (e.g. array and JSON column types in Postgres). With that in mind, in this post we'll discuss a simple strategy for separating data access in a Go project. The desired characteristics are: Models are...
Hits: 382
0
Oracle introduced their Mobile Security Suite last year and over the past few months we’ve had a chance to work with this exciting new product. One key piece of this product is the containerization tool, which containerizes and signs app to enable the secure tunnel, authentication through the secure container, encryption, etc.  Recently we had an issue when we tried to containerize an iOS app developed with the new Swift language. After we containerized and signed the app, we saw this error when running the app on the device itself: Error: /private/var/mobile/Containers/Bundle/Application/1291513D-A7C0-46FF-91B6-39F41B8C3A82/Directory.app/Frameworks/libswiftCore.dylib not valid: 0xe8008018: The identity used to sign the...
Hits: 447
0
Introduction The following guide will walk you through all of the steps necessary to create a series of REST activities in a custom ServiceNow workflow. We'll be using JSONPlaceholder as a REST API for the examples. This is a simple public JSON API that supports all of the various HTTP verbs and mocks the results. One of the endpoints supplied by the REST API is for managing hypothetical blog posts. The general workflow we'll be creating is this: Request a list of posts Store the ID of the first post Request a single post matching the stored ID Store the Title...
Hits: 619
0
Welcome to part 2 of our two part series on load testing your LDAP with JMeter. In part 1, we setup a simple test plan with a thread group and loop controller along with a simple LDAP Request sampler. Today in part 2, we will look at using a CSV file to drive a multithreaded test with different users. We will also demonstrate how you can distribute your load test across multiple machines to enhance the capabilities.    Using a CSV File To start, setup a simple CSV file with each line containing a username and password, like this: user.0,password user.1,password...
b2ap3_thumbnail_Screen-Shot-2015-03-30-at-11.11.19-AM.png
Tagged in: JMeter LDAP Load Testing
Hits: 469
0
JMeter is a powerful load testing utility supporting many different types of servers and protocols including HTTP, JDBC, LDAP, and TCP. This blog post will walk you through load testing an LDAP server.  If you’d like to follow along, you should download and install JMeter before you begin. This open source tool and is freely available at http://jmeter.apache.org. In part 1, we will look at configuring JMeter to do a few simple operations against an LDAP. We will also introduce a multithreaded test feature to simulate many concurrent operations.    Setting Up Your Test Plan When you first launch JMeter, you...
b2ap3_thumbnail_jmeter1.png
Tagged in: JMeter LDAP Load Testing
Hits: 522
0
Custom tasks can be a powerful way to extend Sailpoint’s functionality to perform certain actions that the Out Of The Box (OOTB) solution doesn’t support. As a Sailpoint developer, you’re likely to run into certain client requirements for reporting and certifications which cannot be achieved using default tasks or OOTB configurations. Recently, I had to create a custom task to export audit reports in CEF format (for HP ArcSight) to a location on the server. The task would be set to run periodically. As at the time of this writing (IIQ v 6.3), there was no OOTB API support to export...
Hits: 540
0
There are currently several mature development environments built for the Go programming language. Some examples include vim-go for Vim and go-plus for Atom. Another entry that shows a lot of promise (but I hesitate to call mature) is the Go language plugin for IntelliJ. Initially launched as GoIde, the implementation has since migrated to a plugin for the IntelliJ IDE rather than a stand-alone IDE. It has gone through several development cycles and at least one major rewrite but is finally starting to show real promise in matching the features found standard in other Go environments. One feature found in other environments but...
Tagged in: Golang IntelliJ
Hits: 743
0
IDMWORKS is pleased to introduce our Oracle Mobile Security Suite Demo! IDMWORKS has developed an easy way for you to try out the exciting features available in the OMSS product. Setup takes just a few minutes, so we invite you to register for an account, login and have a look around. For now, the Test Drive works with iOS devices only.  Oracle Mobile Security Suite (OMSS) isolates corporate from personal data, enabling BYOD without cumbersome Mobile Device Management (MDM) overhead. A key feature of the OMSS architecture is the Secure Container, which protects corporate data and enforces enterprise security requirements without compromising...
Hits: 619
0
Symptoms:  When trying to import a new project from Identity Vault nothing happens when you click next after entering host, username, and password information. When clicking Test Connection in Identity Vault Properties nothing happens. In the error log to have this error:  (Type Error in the Search box in the upper right.) eclipse.buildId=unknown java.version=1.7.0_65 java.vendor=Oracle Corporation BootLoader constants: OS=win32, ARCH=x86_64, WS=win32, NL=en Command-line arguments:  -os win32 -ws win32 -arch x86_64 -clean   Error Fri Feb 20 10:35:30 MST 2015 Unhandled event loop exception   java.lang.NoClassDefFoundError: Could not initialize class com.novell.admin.ns.nds.jclient.NDSNamespaceImpl at com.novell.core.datatools.access.nds.DSAccess.authenticateToTree(Unknown Source) at com.novell.core.datatools.access.nds.DSAccess.buildDSAccess(Unknown Source) at com.novell.designer.Designer.testCredentials(Unknown Source) at com.novell.idm.config.internal.IdentityVaultPage.widgetSelected(Unknown...
Hits: 519
0
Recently we encountered an issue at a client where we were seeing intermittent failures for some users when they tried to authenticate via OAM. In the logs, we saw errors indicating authentication failed because multiple users had the same UID (which was the attribute OAM was using to find users in the identity store.)  As it turns out, the identity store was an Oracle Virtual Directory instance with multiple adapters pointing to several different backend data stores. In the case of these authentication failures, there were matching users in several backend data stores with the same UID, meaning OAM could not...
b2ap3_thumbnail_plugin_creation.png
Hits: 743
0

Content

Contact Us

Please fill in all required fields.