Posts

Showing posts from 2016

The Five Process Groups

Image
PMP PMI Chapter 7 Project Management          LINK Chapter 25 Introduction to Project     LINK A Capbility Maturity Model for Training and Eduction (PMI article)   LINK The Five Traditional Process Groups Explained In project management generally - and the Project Management Body of Knowledge (PMBOK ®  Guide) specifically - best practices dictate a very specific series of process groups that should be performed. These are referred to as Initiating, Planning, Executing, Monitoring and Controlling, and Closing . The question arises: what problem are we trying to solve by having five discrete process groups? (In the PMBOK Guide, they are called process groups because each one contains or houses specific processes that should be performed). The answer is that these processes give us an organizational background to successfully plan, execute, and manage a well-run project. With that said, let's look at each of these process groups in turn and discover why each is so vital

Eliminate use of PII in IT systems

Reduce or eliminate use of SSN in IT systems, read here , here , Context Aware Content Based Federated Access Control System in Healthcare

Get list of user accounts locked in OID

How to get list of user accounts which are locked in OID (Oracle Internet Directory) If you want to get a list of user accounts which are locked in Oracle Internet Directory (OID) then u se the “ pwdaccountlockedtime=* ”  with ldapsearch that will give the list of users whose account is locked. I just now tested in OID 11.1.1.6 and could get a list of users whose account were locked. You can set a cron job that will run this command, say once every few hours to get such users whose accounts are locked. Once you have list of such users there are multiple ways for administrator to notify the user. For unix you can automate this via the crontab. Explore the option of "mailto" in the crontab. Your administrator can be configured in the mailto to receive output of the cron job run.  Check this post in the Oracle  Discussion  Forum References Setting Password Policies in OID  http://docs.oracle.com/cd/E28280_01/admin.1111/e10029/pwdpolicies.htm#OIDAG034 Following determine

Ldapsearch command line

4.13  ldapsearch The ldapsearch command-line tool enables you to search for and retrieve specific entries in the directory. The LDAP filter that you use to search for entries must be compliant with the Internet Engineering Task Force (IETF) standards as specified in RFC 2254. Refer to the IETF Web site at  http://www.ietf.org  for more information about the standard filter format. Oracle Internet Directory supports all elements of RFC 2254 except for extensible matching. Note: Various UNIX shells interpret some characters—for example, asterisks (*)—as special characters. Depending on the shell you are using, you may need to escape these characters. 4.13.1  Syntax for  ldapsearch ldapsearch -h oid_hostname -D " binddn " -w password [-Y " proxy_dn "] [-p ldap_port ] [-V ldap_version ] -b "basedn" {-s base|one|sub} {" filter_string " [ attributes ]|-f input_file } [-A] [-a never|always|search|find] [-F separator ] [-S] [-R] [-i 1

Security Architecture for Oracle Identity Management

Image
Oracle recommended 3-Tier architecture  for Identity Management and Fusion Middleware applications The standard 3 Tier architecture provided by Oracle for Fusion, is Tier 1 being the Web servers facing the Internet, Tier 2 hosting the middleware, i.e. WebLogic infrastructure (Admin Server, Managed Server, Domain) and Tier 3, the Database layer. Below is the Identity Management architecture from Oracle that shows all components in Highly available production environment. Highly available components shown is 2 hosts for each of the components in a cluster - ie 2 OAM server, 2 OIM servers to ensure availability in case one of the host is unavailable.Highly available clusters are preferred for production environments but if you do not have any such requirement then go for a single instance for each component (OAM, OIM, OUD etc). -------------------------------------------------------------------------------------------                                     INTERNET TIER 1      OHS/Webgate

How to create Entitlement in OIM

How to create Entitlement in OIM In OIM R2PS3 how to provide a user with high risk entitlements. 1.  Access Identity self service console as an admin. 2.  Clicked on Manage > Users. 3.  Searched for users with an organization "Foo". 4.  I found "TestUser123" and clicked on user login. 5.  Navigate to Entitlements sub tab and there is nothing listed. 6. Clicked on Request Entitlements. 7. Searched for "Foo" or "*" to find anything  however nothing is returned. 8. Under Categories I was hoping to find entitlement but none is found. How can I create one so that I could add to cart and complete the process of providing high risk entitlement to a user "TestUser123"? Answer:  Go with basic entitlement in OIM doc.  High level overview :   -- You can make resource child table data  (if the child form exist ) as entitlement -- then you need to run entitlement list schedule job Question: Is entitlement the same as LDAP group

OAM Sessions and Cookies

Image
(Taken from oam-idm blog) OAM Session and OAM Cookies OAM Session Session is an object which represent an authenticated user. It contains authenticated user details. No it does not contain user credentials but it keeps track of the important things like when was the last resource accessed, from which IP it was accessed and to which authentication scheme level the user is authenticated etc. Session is stored on server memory. If Database session persistence is enabled then the sessions object is maintained in database. Why session is so important? A valid session means a user is authenticated. If the session is not found in memory then user will be challenged by OAM. A session can attain 3 states:  - active  - inactive  - expired When a session is created it is in active state. If no activity is detected, after idle timeout the session is marked as inactive. The sisson existed in the serve