Identity and Access Management, Identity Governance

Identity and Access Management Frederick Chong Microsoft Corporation July 2004 Summary:  Fredrick Chong discusses the principles and benefits of Service Oriented Architecture (SOA), specifically as they relate to the technical challenges in identity and access management, and secondarily, to help the reader gain an understanding of the commonly encountered issues in identity management. (20 printed pages) Contents Overview Introduction Anatomy of a Digital Identity Identity and Access Management Framework Challenges in Identity and Access Management Entitlement Management Auditing Conclusions References Overview To date, many technical decision makers in large IT environments have heard about the principles and benefits of Service Oriented Architecture (SOA). Despite this fact, very few IT organizations are yet able to translate the theoretical underpinnings of SOA into practical IT actions. Over the last year, a few individual solution architects on my team have atte

Load Balancer, High Availability, Fault tolerance, Failover capability LOAD BALANCER A Load Balancer is a network device. Load balancer refers to load sharing (i.e. share or distribute the user requests, connections), among individual servers or nodes in a cluster, typically in the same data center, LAN or across different data centers. Aim is to provide continuous services in case of failure of a node in a cluster, share and distribute load, connections between the nodes. So when referring to Load Balancer it could provide High Availability in the same LAN or data center or across different data centers. (See below note on Load Balancer in Oracle Identity Management components ) Typical use of Load Balancer is to front-end two or more servers where the Load Balancer device receives the initial request and sends the request to its pool of servers, and returns the server's response to the client. But why would one require to front-end servers with another device in the first p

What is Centralized logout in Oracle Access Manager   LINK http://docs.oracle.com/cd/E25178_01/doc.1111/e15478/logout.htm#CHDDIBGF Oracle discussion on error with logout for application LINK What is impersonation in Oracle Access Manager and what does it provide

Configuring Active Directory authenticator with Weblogic server Original blog from  http://weblogic-wonders.com/weblogic/2010/12/04/configuring-active-directory-authenticator-with-weblogic-server/ LINK Weblogic Server comes with an Embedded LDAP Server which acts as the Default Provider for authentication, authorization and rolemapping.Since authentication is based on JAAS ( Java Authentication and Authorization Service), we can have external providers as well.These providers can be Out Of the Box Providers provided by WLS or Custom Providers which can be plugged in. I’ll discuss that in some other article. These are some of the providers WLS does provide an out of the box provider for Active Directory. These are the steps to configure it. Step 1) . Open Active Directory Console Step 2) . Create a User Step 3) . Assign it to Administrator Group. This is required as Active Directory gives connection only to Admin User. Step 4) . Go to Weblogic Server and C

SERVICE PROVIDER INITIATED SSO ON WLS11G USING SAML2.0 At a recent customer I got the assignment to implement a SAML 2.0 configuration. (http://blog.darwin-it.nl/2014/04/service-provider-initiated-sso-on.html) The customer is in this setup a Service Provider. They provide a student-administration application for the Dutch Higher Education Sector, like Colleges and Universities. The application conventionally is implemented on premise. But they like to move to a SaaS model. One institute is going to use the application from 'the cloud'. In the Dutch education sector, an organization called SurfConext serves as an authentication broker. Note the below diagram is a good representation of SP-initiated SSO. A good schematic explanation of the setup is in the  Weblogic 11g docs : When a user connects to the application, Weblogic finds that the user is not authenticated: it lacks a SAML2.0 token (2). So when configured correctly the browser is rerouted to SurfConext (3). O