User Self Service Registration Demonstration

This demo video walks through the steps of user self-service registration, a workflow approval for account creation, and the advanced security registration (including OTP) process.

The following systems are used during this demonstration:

OAAM: Oracle Adaptive Access Manager – Advanced authentication and fraud prevention

OAM: Oracle Access Manager – Single Sign-On, authentication services, and web services security

OIM: Oracle Identity Manager – Role based provisioning, user self-service, complex workflow, and permissions attestation

OVD: Oracle Virtual Directory – User source consolidation, data transformation, and DSML gateway

OID: Oracle Internet Directory – LDAP V3 repository, highly scaleable, and user record storage Read more

ITIM Provisioning Policy Priority

A provisioning policy in ITIM (IBM Tivoli Identity Manager) basically grants access and set entitlements to the ITIM managed services based on the provisioning policy membership.

Each provisioning policy consists of information and settings on the following tabs:

  • General
  • Members
  • Entitlements

Of course, there are factors to consider: Role Memberships, service selection policies and policy join behaviors to name a few but this blog is just looking at the value of the required priority attribute.

The priority setting is a required value on the General tab of the provisioning policy configuration.  This is a required numeric attribute and the lower the number the higher the priority of the Provisioning Policy. Read more

Using WebSphere Process Server in your SOA Infrastructure

WebSphere Process Server (WPS) is the runtime engine for artifacts produced in a business-driven development process.   It allows orchestration of business assets into highly optimized and effective processes to meet business goals.  It is a single, integrated, runtime foundation for deploying service-oriented architecture or SOA based business processes.  Built on open standards, it deploys and executes processes that orchestrate services (people, information, systems, and trading partners) within your SOA or non-SOA infrastructure.  It helps increase efficiency and productivity by automating complicated processes that span people, partners, and systems.  It helps cut costs by enabling flexible business processes with reusable assets, thus reducing the need to hard-code changes across multiple applications.  It has the ability to track the state of process instances, handle human intervention, and deal with exceptions.

WPS is mounted on top of WebSphere Application Server (WAS) with its robust J2EE runtime and offers a new level of abstraction so the task of integrating applications and services becomes much easier. Read more

IT Disciplines of an Identity & Access Management Expert

The field of identity and access management is considered a small, specialized niche in the world of IT. Some would speculate that this is because of the very complex nature of the applications we deploy to an enterprise. Although that may be true, it goes far beyond just the complexity of the specific applications we work with. A true identity and access management expert must be very knowledgeable over many IT disciplines. This is due to the products we architect and implement being entire solutions, as opposed to singular purposed applications. Let me provide some examples of the typical IT disciplines covered during a deployment:

Gathering enterprise requirements:  The expert must be well versed in enterprise architecture, security, networking, hardware, and multiple operating systems. This is crucial as they will propose the best suite of products based upon the clients requirements and the current state of the enterprise architecture. The expert must consider things as simple as who the primary user base is, to more complex questions such as what hardware will be required based on expected application load. This phase will determine both the tempo of the project as well as its success. Lest we forget the expert must also play the role of a project manager, technical writer and business analyst. Any well-rounded expert can explain identity and access management plans and concepts to the client in simple, no nonsense terms, but also deliver highly technical documents to the various IT departments in which the project will affect. In addition, a precise project plan needs to be delivered to the client to stay on task and on budget. Read more

Tivoli Directory Integrator – On Multiple Entries

Tivoli Directory Integrator (TDI) is a pretty neat tool that comes packaged with IBM Tivoli Identity Manager (ITIM).  TDI comes out to the box with a multitude of connectors that are used to as the name says, connect to different sources.  One of the most common business processes where TDI is used is to extract data, transform the data and then load the data into different data source (ETL).  For an example, it is common to use TDI to extract Human Resources data and using a DMSL connector, send the data over to the ITIM Application for processing.

One of the main considerations in extracting data from different sources is the data.  The data values, the data relationships and attributes do not always exist as advertised.

For example:  The process pulls the employee information from SAP and then does a lookup to Active Directory using the employee number.  Active Directory is only supposed to have one entry for each employee.  “Supposed to” is the key word.  In some cases, there are multiple AD accounts for one employee. Read more

Internet Enable your Applications using WebSEAL with Active Directory Authentication

Let’s say you have a set of applications you use within your organization that you want to make available for access from the Internet. Let’s further say you want remote users to login using their Active Directory credentials. That way, there is no additional password maintenance to worry about – for users or for support staff.

Sounds great, but can you pull it off without exposing your organization to the countless threats lurking out there on the Internet?

In most cases, it can be achieved with minimal risk to your systems and applications. Furthermore, PathMaker can help you design and deploy a solution, as well as help you analyze your applications and infrastructure for potential vulnerabilities. Read more