Identity & Access Management Solutions

Monday, October 6, 2014

SailpointIQ 6.3 with SAP connector

If you are using SailpointIQ deployed in Jboss cluster environment instead of standalone environment so definitely you will also face test connection error with sap jco connector.We wasted couple of days to figure out of this test connection issue because OOB JCO files and ".so" deployed in Application lib folder but Jboss cluster environment is not picking those files and I was getting below error messages from IIQ console

>connectorDebug "SAP" test
java.lang.UnsatisfiedLinkError: no sapjco3 in java.library.path
at java.lang.ClassLoader.loadLibrary(Unknown Source)
at java.lang.Runtime.loadLibrary0(Unknown Source)
at java.lang.System.loadLibrary(Unknown Source)
at com.sap.conn.jco.rt.DefaultJCoRuntime.loadLibrary(DefaultJCoRuntime.j
ava:444)
at com.sap.conn.jco.rt.DefaultJCoRuntime.registerNativeMethods(DefaultJC
oRuntime.java:310)

So finally got solution:->

For this issue:
I explicitly added the following jars in class path and tried testing from CLI (iiq console) and WOW it works...
$ export CLASSPATH=$CLASSPATH:/opt/user_projects/sailpointws/sailpointws-host1/servers/SAILPOINTWS_Server01/tmp/vfs/temp567b30591bbe7c2f/content-b2d86a4624af7518/WEB-INF/lib/libsapjco3.so:/opt/user_projects/sailpointws/sailpointws-host1/servers/SAILPOINTWS_Server01/tmp/vfs/temp567b30591bbe7c2f/content-b2d86a4624af7518/WEB-INF/lib/sapidoc3.jar:/opt/user_projects/sailpointws/sailpointws-host1/servers/SAILPOINTWS_Server01/tmp/vfs/temp567b30591bbe7c2f/content-b2d86a4624af7518/WEB-INF/lib/sapjco3.jar

Tested from IIQ console
> connectorDebug "SAP" test
Test Succeeded
>

Please verify the below parameters from this link:->
http://yourhostname:port/identityiq/debug/about.jsf

sun.java.command: /opt/jboss/jboss-eap-6.1/jboss-modules.jar -mp /opt/jboss/jboss-eap-6.1/modules -jaxpmodule javax.xml.jaxp-provider -Djboss.home.dir=/opt/jboss/jboss-eap-6.1 -Djboss.server.base.dir=/opt/user_projects/sailpointiiq

java.library.path: /usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib:/opt/user_projects/sailpointiiq/application/identityiq.war/WEB-INF/lib

Cheers..

SailpointIQ with Jboss EAP 6.3

Started to work on SailpointIQ.It is very interesting product and similar to Sun IDM (Oracle Waveset).

Last week I was trying to setup environment with cluster Jboss setup but really we spent lot of time to figure out that How to deploy the war file in Jboss EAP 6.1 and It is not easy steps as documents follow.

So coming to tech parts:

As we are using the cluster Environment so we can't use standalone deployment process in Jboss.

We are unable to configure or can say we should touch the "“standalone.xml" file in case of cluster environment.finaly we tried below options:

Update the domain.xml file as below instead of standalone.xml

Comment out the xml node: <extension module="org.jboss.as.jaxrs"/>.

Comment out the node: <subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>

Then clear all cache/temp files and bring up the domain and servers. Now try to deploy the file.

https://community.jboss.org/message/579996

Then again we got some OOB hibernate setting error with Jboss EA

Basically the issue was due to the JVM option -XX:-UseSplitVerifier that was used to workaround a Hibernate problem (https://hibernate.atlassian.net/browse/HHH-7544). But since, sailpoint is using its ownIdentityIQ-hibernate configuarations, the UseSplitVerifier option had to be removed. THis is because when this option is set, the NoClassDefFound exception is *not* caught within the class initializer!

After removing this option, the NoClassDefFound exception was caught, and the application came up fine with no errors.

Finally cheers....

Thursday, June 13, 2013

How to Install OpenDJ in Command line

How To install OpenDJ

1. Download and copy the “OpenDJ-2.5.0-Xpress1” to server location home/Ubuntu (Make sure jdk1.6 already installed)

2. Setup script is there. Need to run that script in silent mode (command line)
3. Chnage the owner ship of Ubuntu user for all script and folder.
Chown –R Ubuntu:Ubuntu / OpenDJ-2.5.0-Xpress1/*
4. ubuntu@test.com:~/opendj$ ./setup --cli
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
FORGEROCK OPEN IDENTITY STACK DEVELOPMENT LICENSE
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This license applies to this copy of ForgeRock's Open Identity Stack software,
which includes OpenAM, OpenIDM and OpenDJ software, when used for development
or testing purposes. To obtain a license to use the Open Identity Stack under
conditions other than for testing or development purposes please contact
ForgeRock at sales@forgerock.com.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
If you intend to or do use the ForgeRock Product only for the purposes of
developing, testing, prototyping and/or demonstrating your application, then
ForgeRock grants you a nonexclusive, nontransferable, limited license to use
the ForgeRock Product only for those purposes, and not for any other purpose.
In such case, the ForgeRock product is made available to you AS IS and without
warranty of any kind. ForgeRock may audit your use of the ForgeRock Product for
compliance with these terms and confirmation that a commercial or production
license is not required.

If you intend to or do use the application you develop for any commercial,

production or other purpose not permitted by the previous paragraph, you must
enter into a ForgeRock Software License and Subscription Agreement, pay the
associated Fees, and comply with all terms and conditions of that Agreement.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Please read the License Agreement above.

You must accept the terms of the agreement before continuing with the

installation.

Accept the license (Yes/No) [No]:yes

OpenDJ 2.5.0-Xpress1

Please wait while the setup program initializes...

What would you like to use as the initial root user DN for the Directory

Server? [cn=Directory Manager]:cn=Directory Manager

Please provide the password to use for the initial root user:*******

Please re-enter the password for confirmation:********

Provide the fully-qualified directory server host name that will be used when

generating self-signed certificates for LDAP SSL/StartTLS, the administration

connector, and replication [localhost]:ldap.test.com

On which port would you like the Directory Server to accept connections from

LDAP clients? [1389]: 1389

On which port would you like the Administration Connector to accept

connections? [4444]: 4444

Do you want to create base DNs in the server? (yes / no) [yes]: yes

Provide the base DN for the directory data: dc=test,dc=com

Options for populating the database:

1) Only create the base entry

2) Leave the database empty

3) Import data from an LDIF file

4) Load automatically-generated sample data

Enter choice [1]: 1

Do you want to enable SSL? (yes / no) [no]: yes

On which port would you like the Directory Server to accept connections from

LDAPS clients? [1636]: 1636

Do you want to enable Start TLS? (yes / no) [no]: no
Certificate server options:

1) Generate self-signed certificate (recommended for testing purposes

only)

2) Use an existing certificate located on a Java Key Store (JKS)

3) Use an existing certificate located on a JCEKS key store

4) Use an existing certificate located on a PKCS#12 key store
5) Use an existing certificate on a PKCS#11 token

Enter choice [1]: 1

Do you want to start the server when the configuration is completed? (yes /

no) [yes]: no

Setup Summary

=============

LDAP Listener Port: 1389

Administration Connector Port: 4444

LDAP Secure Access: Enable StartTLS

Enable SSL on LDAP Port 1636

Create a new Self-Signed Certificate

Root User DN: cn=Directory Manager

Directory Data: Create New Base DN dc=test,dc=com.

Base DN Data: Only Create Base Entry (dc=test,dc=com)

Do not start Server when the configuration is completed

What would you like to do?

1) Set up the server with the parameters above

2) Provide the setup parameters again

3) Print equivalent non-interactive command-line

4) Cancel and exit

Enter choice [1]: 3

Equivalent non-interactive command-line to setup server:

/home/ubuntu/opendj/setup \

--cli \

--baseDN dc=weh,dc=com \

--addBaseEntry \

--ldapPort 1389 \

--adminConnectorPort 4444 \

--rootUserDN cn=Directory\ Manager \

--rootUserPassword ****** \

--doNotStart \

--enableStartTLS \

--ldapsPort 1636 \

--generateSelfSignedCertificate \

--hostName localhost \

--no-prompt \

--noPropertiesFile

What would you like to do?

1) Set up the server with the parameters above

2) Provide the setup parameters again

3) Print equivalent non-interactive command-line

4) Cancel and exit

Enter choice [1]: 1

See /tmp/opendj-setup-4473936405937455953.log for a detailed log of this operation.

Configuring Directory Server ..... Done.

Configuring Certificates ..... Done.

Creating Base Entry dc=test,dc=com ..... Done.

To see basic server configuration status and configuration you can launch /home/ubuntu/opendj/bin/status

ubuntu@test.com:~/opendj$

5.Now You can check LDAP status from admin console or you can connect with any LDAP browser.

Wednesday, April 17, 2013

SOA Composite configuration with JDeveloper

1.Jdeveloper-->Help-->Check for update

2. Click Next

3.select "Search Update Centers" and click "Next"

4.Select "Oracle SOA Composite Editor" and click "Next"

5.click "Finish"

Verify it

Siteminder Policy Reader

Siteminder Policy Reader
Java Siteminder Policy Reader tool, that has been developed internally by CA Support engineers for use within CA Siteminder Support. Given that CA Siteminder customers, face similar issues with viewing exported XPS & SMDIF policy stores, it was felt that this was a good candidate tool, even though it is at a fairly early stage of development, for release on the CA community website.

Here is a quick list of features :

Ability to Read XPS export files
Ability to read SMDIF export files
Similar in look to the older Siteminder Applet
View History and history navigation (prev and next toolbar, as well as history menu)
Find function
Ability to display objects in detached window (see screenshot below).
Tab that displays Object Properties
Tab that displays all References to an Object.
Screen that displays All Policy Store Objects; with filter, select and browse options - (see screenshot below)
Basic Policy Store Stats
Abiltiy to compare two policy stores, and give visual display of differences.
Compare can be done via Xid or via Name.

SMPolicyReader Demonstration Video

The best way to see what it can do is to watch the video demonstration :
http://youtu.be/71lEVt-GfZw

How Siteminder Work

Tuesday, December 18, 2012

latest Gartner IAG magic quadrant report.

latest Gartner IAG magic quadrant report.
Gartner's Magic Quadrant research methodology provides a graphical competitive positioning of four types of technology providers in fast-growing markets: Leaders, Visionaries, Niche Players and Challengers. For emerging or mature markets, Gartner's MarketScopes are the best tool to help clients understand how the status of an emerging or mature market aligns with their own state of maturity and future plans.
Please find here

Monday, October 22, 2012

These are all implementations of Single Sign-On (SSO):

Product Name	Project/Vendor	Type	Description
AccessMatrix USO[1]	i-Sprint Innovations	Commercial
OpenOTP & TiQR Server[2]	RCDevs	Commercial and Free	OpenID and SAML with OTP (OATH Tokens, Yubikey, SMS, Email) and QRCode Login
Active Directory Federation Services	Microsoft	Commercial	Claims-based system and application federation
adAS SSO[3]	PRiSE.es	Free Software	Advanced Authentication Server (SSO)
Athens access and identity management	Eduserv UK	Commercial
CA SiteMinder[4]	CA Technologies	Commercial
Central Authentication Service	Yale University	Protocol
ComponentSpace SAML[5]	ComponentSpace	Commercial	SAML SSO for ASP.NET
CoSign single sign on	University of Michigan	Academic	SSO for Michigan University
Distributed Access Control System (DACS)	Distributed Systems Software	Free Software
Enterprise Sign On Engine	Queensland University of Technology	Free Software
EmpowerID Federation Services[6]	The Dot Net Factory	Commercial	Identity management cloud and corporate single sign-on
Evidian Enterprise SSO[7]	Evidian	Commercial	Enterprise single sign-on and authentication
Evidian Web Access Manager[8]	Evidian	Commercial	Seamless internet-to-intranet SSO access (SAML support)
Facebook connect	Facebook	Facebook specific SSO	Facebook SSO to third parties enabled by Facebook
Forefront Identity Manager	Microsoft	Commercial	State-based identity life-cycle management
FreeIPA	Red Hat	Free Software
Geneous SSO-Module[9]	Proatria	Commercial	Geneous software SSO-Module
Gigya SSO[10]	Gigya	Commercial	Social IdM SSO
Hitachi ID Systems	Hitachi	Commercial
HP IceWall SSO^[11]	Hewlett-Packard Development Company, L.P.	Commercial	Web and Federated Single Sign-On Solution
Imprivata OneSign[12]	Imprivata	Commercial	Enterprise single sign-on and authentication
Janrain Federate SSO^[13]	Janrain	Commercial	Social and conventional user SSO
JBoss SSO	JBoss	Free Software	Federated Single Sign-on
JOSSO	JOSSO	Free Software	Open Source Single Sign-On Server
OX[14]	Gluu	Free Software	Open Source Single Sign-On + Trust Management
Gluu[15]	Gluu	On Demand Software	Single Sign-On + Trust Management
JsonSSO[16]	NimbusDS	Commercial	Sign-On for Ajax and cross-domain applications
Kerberos	M.I.T.	Protocol	Computer network authentication protocol
LTPA	IBM	Commercial
myOneLogin	VMware Inc.	Commercial	Cloud single sign-on
Numina Application Framework	Numina Solutions	Commercial	Single sign-on system for Windows
OneLogin	OneLogin Inc.	Commercial and Free	Single sign-on with SAML and Active Directory integration
Okta	Okta,Inc.	Commercial	On-demand identity and access management service in the cloud
OpenAM	ForgeRock	Free Software	Access management, entitlements and federation server platform
OpenASelect[17]	Alfa Ariss	Commercial and Free
Oracle Access Manager[18]	Oracle	Commercial
Oracle ESSO (formally Passlogix v-GO)[19]	Oracle	Commercial
PingFederate[20]	Ping Identity	Commercial
PortalProtect[21]	Asseco Denmark	Commercial
Pubcookie	University of Washington	Protocol
SAML	OASIS	Protocol	XML-based open standard protocol
Secure Network Communications	SAP	Commercial	Authorization layer in SAP software system
Shibboleth	Shibboleth	Free Software	SAML-based open source access control
Tivoli Identity Manager	IBM	Commercial	Identity life-cycle management product
Security Access Manager for Enterprise Single Sign-On	IBM	Commercial	Enterprise Single Sign-On, Strong Authentication, Password Management product
Tools4Ever SSO Manager[22]	Tools4Ever	Commercial
Ubuntu Single Sign On	Canonical Ltd.	Commercial	OpenID-based SSO for Launchpad and Ubuntu services
Microsoft account	Microsoft	Free and Commercial (Microsoft is now attracting new websites to use system)	Microsoft single sign-on web service
ZXID	ZXID	Free Software	Reference Implementation of TAS3 security
SmartSignin	www.smartsignin.com	Free, Professional, and Enterprise versions	Web/Cloud SSO, Password Management, Two-factor authentication, & Identity & Access Management application

Friday, July 27, 2012

How to Use Jmeter to do the OpenDJ Load Testing

How to Use Jmeter to do the OpenDJ(Or any LDAP server) Load Testing--

1. Download the latest Jmeter version from http://jakarta.apache.org/jmeter/

2. Set the JDK 1.5 or JDK 1.6 in your path and run jmeter.bat/jmeter.sh batch file

3. Create a Thread Group with the following values

Set the number of Threads to 50 and the Loop Count to 20. This will send 1000 requests to the server.

3. Under the Thread group create a Loop Controller , (This is required as we are doing the following operations in a sequence , Bind to the LDAP Server , Perform a Search against this LDAP Server and Perform another Search and Finally do a LDAP UnBind)

Right Click on the Thread Group and Add Logical Controller –> Loop Controller

4. Under the Loop Controller Add Sampler –> LDAP Extended Request and select the following options (Enter your LDAP Server details here)

Select the Radio Button –> Thread Bind , ServerName –> localhost(my case atuldesk) , Port –> 389 , Username –> cn=Directory Managerand Password –> password123

5. Under the Loop Controller Add Sampler –> LDAP Extended Request and select the following options (Peform a search operation against this LDAP Server)

Select the Radio Button –> Search test , Search Base –> cn=Accounting Managers,ou=groups,dc=example,dc=com , Search Filter –> (objectClass=*) , Scope –> Perform Subtree Search and Attributes as uniquemember

6. Add another LDAP Search for load testing

Under the Loop Controller Add Sampler –> LDAP Extended Request and select the following options (Peform a search operation against this LDAP Server)

Select the Radio Button –> Search test , Search Base –> ou=People,dc=example,dc=com, Search Filter –> (&(objectclass=person)(uid=pankaj)), Scope –> Perform Subtree Search and Attributes as uid