2. 2IRM Summit 2014
Upon completion of this presentation, you should be
able to:
■ Describe where OpenIDM fits into the OIS
■ Describe the Business Needs for OpenIDM
■ Describe IDM Use Cases Addressed by OpenIDM
■ Describe OpenIDM Features
Objectives
4. 4IRM Summit 2014
Classic scenario I
User wants to use an application...
User
Application
which does not require any of ForgeRock's
products, but ...
8. 8IRM Summit 2014
Common Use Cases
• Provisioning
• De-Provisioning
■ Compliance and auditing
• Password management
9. 9IRM Summit 2014
Provisioning
• Depending on a user's business role and predefined rules a
new user will:
• Get accounts on backend systems on create
• Get default group/role membership
• Therefore a central instance is needed which
• Connects to all relevant systems
• Is able to sync user attributes and memberships
• Can automatically apply rules
• Manager, approving persons and end-user need well defined
access to the user's data
11. 11IRM Summit 2014
Passwords
• Passwords can be changed at a central place and distributed to
external systems based on flexible rules and password policies
• The provisioning engine needs to detect password changes
from an external resource
• User administrators and end user need well defined access to
the user's passwords
• A password reset mechanism is in place
• Passwords which have been reset can be sent to the end user
in a secure way
13. 13IRM Summit 2014
OpenIDM Components
Java → min 1.6 update 24 on Win: Java 7
OSGi → implementation: Felix
Servlet container → implementation: Jetty
Repository → OrientDB, MySQL and others
JSON → structure for configurations
OpenICF → local or remote connector server
Connectors to external systems → i.e. AD, LDAP, file...
Activiti → workflow engine
14. 14IRM Summit 2014
OpenIDM Architecture
ExternalResources
OSGI
Persistence
(OrientDB)
ForgeRock UI Framework
ForgeRock REST Router
Business Logic (Javascript, Groovy, Java)
Authentication Filter (JASPI)
Jetty Web Server
Configuration
Managed
Users
Sync/Recon
System
(Connectors)
Scheduler WorkflowAudit/Logs
Policy Audit
15. 15IRM Summit 2014
The REST Interface
Representational State Transfer (REST)
Conforming to the REST constraints is generally
referred to as being "RESTful"
REST utilizes HTTP methods:
GET
PUT
POST
DELETE
HEAD
PATCH
18. 18IRM Summit 2014
Activiti Introduction
A light-weight workflow and Business Process
Management Software
BPMN 2 compliant
A process engine for Java applications
It's open-source and distributed under the
Apache license
Workflows are deployed as business archives
(.bar)
Workflow definitions are in XML format
23. 23IRM Summit 2014
■ OpenIDM 3.0 will have
– predefined role objects
– effective role assignments
■ static role assignment
■ dynamic role assignment, i.e. based on a rule, attribute …
– static entitlement assignment
– dynamic entitlement assignment
OpenIDM roles
24. 24IRM Summit 2014
■ Role attributes
– abstract System Association A (1to1 role system but changeable)
■ entitlementA1
■ entitlementA2
■ …
– abstract System Association B (1to1 role system but changeable)
■ entitlementB1
■ entitlementB1
■ …
– …
OpenIDM role structure
25. 25IRM Summit 2014
■ A) when the user is created?
■ B) when the user is updated?
■ C) when the user is de-provisioned?
■ D) when the ROLE is created?
■ E) when the ROLE is updated?
■ F) …
Role Challenges
26. 26IRM Summit 2014
Other Features
Task Scheduling
Cluster OpenIDM for
High availability
Horizontal scalability
OpenIDM command line
Data validation through policies
Managing Passwords
Send emails
27. 27IRM Summit 2014
■ openidm/samples/sample1…
■ openidm/samples/provisioners/…
■ openidm/samples/workflow
■ openidm/samples/usecases/…
OpenIDM by Example