Have you ever forgotten a password? Maybe it's time to finally forget our passwords for good.......
HI + IM = Nulli
Nulli experts share their Human Information + Identity Management knowledge
This post introduces a tool we recently developed to aid the transition from Oracle Access Manager (OAM) to OpenAM, an access management solution by ForgeRock. Specifically, the tool converts access policies from an OAM instance and translates it to XACML, a standard based policy language supported by OpenAM.
Problem: We want to use an HTTP Client to authenticate against OAM 11g, so that a service account can make RESTful calls to an OAM-protected service. However, we are new to the concept of the DCC (detached credential collector), and cannot craft our HTTP Client for OAM 11g and its DCC Webgate in the same way that we could for OAM 10g.
The following report has been prepared by Nulli - Identity Solution Architects for use by our peers, customers, partners and Identity and Access Management teams interested in learning more about deploying the ForgeRock Identity Relationship Management stack with the REST API.
Oracle Identity Manager - OIM 11g R2 introduced a new feature called "Catalog" that provides users of OIM the opportunity to request roles. An user of an Organization can search or request roles using a traditional shopping cart type of process. The process provides an option to generate emails used to notify the requesting user of the progress or stage of his/ her Role Request. The Role Request might require multiple approvals and thus the request would generate many emails being sent at each stage of the approval process. The Out of the Box (OOTB) Role Request workflow could have up to nine emails sent during the OIM Role Approval process. If the Role Request is denied then the process could generate five to eight emails that would be sent to the requesting user. This might be a useful feature for some customers but it could be a nuisance for others who would find the volume of email to be annoying and might desire to have at most two emails for either Role Approval or Role Rejection.
This post describes a way to limit the number of emails generated to two, one when the initial Role Request is made and one when a final decision (either Approve or Reject) is made.
After installing Patch 14760806 also called ORACLE IDENTITY MANAGEMENT SUITE BUNDLE PATCH 188.8.131.52.2 (BP02), to fix a few existing issues with OIM 184.108.40.206.1, we saw "access denied" issues while accessing OIM Identity Console as an "End User". "System Administrator" users could access the console with out any issues. The reason for this is that an OOTB Authorization plugin that allows an "End User" to access his/ her profile is not applied after applying the patch and it has to be manually deployed. The same plugin is also responsible for allowing a user to request roles using Catalog tool. This post describes the error messages displayed, the worked around (suggested by Oracle) and a few missing instructions in Oracle documentation for the plugin deployment.
Oracle has just released an updated version of its Identity Management 11.1.2 Enterprise Deployment Blueprint and I must say, this is tremendous effort from Oracle to fill in some of the gaps in its documentation. It is nice to have a single place to go to for the steps that are required for setting up OAM and OIM to work together in a clustered, highly available design.
While trying to create a DIP (220.127.116.11) profile for Database Import using manageSyncProfiles command from ../Oracle_IDM1/bin, I was getting the following error.
[oracle@somehost bin]$ ./manageSyncProfiles register -h localhost -p 7005 -D weblogic -f dbimp.properties
Properties file dbimp.properties does not have correct key-value format.
Trevor Roskewich, Senior Identity Consultat at Nulli will be presenting to the Calgary Oracle User Group (COUG) at the Suncor Energy Centre at 8:00 AM on December 15, 2011. His presentation, co-produced with Lisa Gryschuk, Senior Human Information Consultant at Nulli, addresses the critical business integration between Human Capital Management and Identity Management.
Aside from the wonderful grammar, this 11:15 AM session being held at Western Canada Regional User Group (WCRUG) in Vancouver, BC on November 10, 2011 will be of interest to everyone in the enterprise.
Human Capital Management (HCM), also known as Human Resources (HR), is a critical application forming the foundation of every business’ success. Knowing who your people are and what role they play along with associated cost/benefit metrics is what HCM/HR applications are best at performing. Nulli believes this Human Information (HI) is central to the success of many applications. High quality Human Information is a key requirement for reliable security and identity processes as well as for HCM.
For many years, Oracle has provided a well documented OAM SSO solution for PeopleSoft using typical header variable integration. However, PeopleBooks for PeopleTools 8.51 has become so, shall we say, refined, it's now harder to acheive success with such time-tested integration steps.
OVD 11g installed on Windows 2008 workstation fails to start with the following diagnostic log error:
While preparing to install OAM 11g, some of us were curious whether all the "ob..." attributes would remain intact or if they would be renamed with, for instance, an "orcl..." prefix. It struck one of my colleagues that the "ob" attributes would survive, if only to facilitate a workable upgrade path or to ease product development.
The Oracle Enterprise Manager Fusion Middleware Control 11g shows OID is down even though opmnctl shows OID is up.
ForgeRock, the open source Identity-Oriented middleware company, has joined a global community to launch a new open source project today. The OpenICF, Identity Connector Framework (ICF) community will provide a home for the development of multi-purpose connectors used by identity providers such as ForgeRock's OpenIDM, Oracle Waveset (formerly Sun Identity Manager) and other governance and compliance software.
Oracle has designated Nulli as an Oracle Gold Partner in the Oracle PartnerNetwork Specialized Program. Nulli having achieved Pillar Partner - Security and Identity status is now being recognized as a Gold Specialized partner for our implementation services excellence for the Oracle Access Manager, Identity Manager, Internet Directory, Virtual Directory and the Oracle suite of identity products including the Oracle Entitlement Server.