Home
Posts Tagged "identity management"
Posted
on Apr 26, 2011 in Industry Trends, Offerings, Technical Tips | 0 comments
I have been running Oracle Identity Management 10g with heavy use of 10g SSO capabilities. Much of our web security architecture along with application authentication relies on this infrastructure. What do I do as development begins to shift from OracleAS to WebLogic, and our middleware stack goes from 10g to 11g? We will need to run 10g and 11g in production side-by-side for some period of time.
This is a question many of our customers are asking and it is understandable that there is confusion around this. Oracle hasn’t provided the clearest of answers, and in general, identity management initiatives are not for the faint of heart to tackle. The fact is that 11g identity management has begun a paradigm shift away from the 10g approach. The good news is that customers have options as they inevitably run 10g and 11g together in their environments since identity management solutions span across applications and nobody [I know of] decides to upgrade all of their enterprise applications at once.
In 11g, you have the option of integrating applications (i.e. ADF 11g applications) running on WebLogic with 10g SSO through identity asserters. This approach basically passes in header information to WebLogic that enables it to “trust” a user authenticated via 10g SSO much like it would trust AD or any other form of identity assertion. As you move to an 11g identity management stack, nowhere will you find 10g SSO as you know it. You will need to buy into the OAM (Oracle Access Manager) 11g model, which includes a robust enterprise access management approach in line with 11g applications that rely on J2EE security standards like JAAS.
Posted
on Mar 21, 2011 in Technical Tips | 0 comments
There could be a number of reasons you want to verify the value of the REMOTE_USER variable in an app you are running in WebLogic. A quick way to check is by dropping in a JSP file that prints the value:
<html>
<body>
REMOTE_USER: <%= request.getRemoteUser() %>
</body>
</html>
Posted
on Mar 3, 2011 in Industry Trends, Technical Tips | 0 comments
I had OIM installed in a sandbox VM a few months ago and decided to spin it back up in our private cloud environment. The novelty of being able to so very simply allocate, deallocate, and reallocate resources when needed to various environments still hasn’t worn off for me.
I’m sure one day in the somewhat near future, this luxury will be commonplace even for lesser-sophisticated IT shops…and we will be telling stories to new team members of “the [not as good] old days” when we had to actually purchase physical hardware for each new project, how sizing hardware was a carefully meticulous process for every single server instance, how cloning environments required a [sometimes complicated] plan to be executed, and how sometimes the fastest way to get back up and running from a hardware failure was to actually fix the hardware.
Click for digressions
I can envision witnessing the conversation: “Hey Jimmy. Back in 20XX, can you imagine places existed where it would be acceptable to take the necessary downtime on their applications and actually wait for the Dell rep to come in to replace their faulty RAM!? Yes, applications ran directly on OS’s that were installed directly on physical hardware. What’s Dell you ask? Why, that was a company that made server hardware. My goodness, have you ever seen a physical server before, Jimmy?” Okay, I might have gotten a little carried away there — but then again, maybe not. (I tend to believe that promising, compelling technology will advance much faster than we expect. I know the people who devised IPv4 never dreamed they would ever run out of IP addresses, yet here we are just 30 some years later and we allocated the last available block last month.)
Food for thought: Why do we refer to spinning up or spinning down VMs? I tend to hear it more for VMs as opposed to physical hardware, which seems kind of funny does it not? Further, as we make a move to solid state hard drives, the analogy of “spinning” for computers, hard drives, etc. — let alone logical entities like VMs — seems it will soon become a complete misnomer.
On a slightly less nostalgic note, as I look at this OIM environment, I have to mention that I do like the latest look-and-feel that is part of the Oracle Middleware 11g stack. In addition to the niceties of a richer experience with ADF, Oracle has even taken the time to design icons and, in some cases like OIM, a nice-looking diagram on the login page.
Posted
on Feb 17, 2011 in Industry Trends, Offerings, Technical Tips | 0 comments
In case you are having trouble finding the Kerberos Module for Apache like some of our customers have, we have decided to host it on our website as well. With more organizations interested in securing their applications with native Windows authentication, this is becoming more and more popular.
We have been devising integrated Windows authentication identity management solutions with Apache for years, so we’re quite comfortable with the best ways to implement with this. Many large software vendors actually leverage this same approach in their enterprise identity management solutions. Feel free to download mod_auth_kerb using the below form.
Free Download
Please complete the following for access to the free download.
Click here to learn more
Following are prerequisites in case the main Kerberos Module for Apache site is not accessible, which we have noticed from time to time:
Prerequisites
- Development enviroment (i.e. libraries and header files) for Kerberos5 and/or Kerberos4.
- Apache server installed – Both 1.x and 2.x series of Apache are supported (make sure the apache installation contains the apxs command)
Posted
on Feb 8, 2011 in News and Updates, Offerings | 0 comments
We just started into installs for four middleware servers for a customer. These will each run DB, WebLogic, IdM, SOA/BPM, UCM, and WebCenter — all 11g.
There’s nothing like getting fresh, fast, functionally-useless hardware and turning it into a powerful piece of problem-solving equipment. – Historic M&S Dogma
Posted
on Jan 25, 2011 in News and Updates, Technical Tips | 1 comment
Unlike WebCenter, SOA/BPM, WebLogic Server, and other products in the recent Middleware 11g PS3 release from Oracle, Identity Management 11g PS3 (11.1.1.4) is not yet available as a full download on oracle.com yet. What you need to do until they get the uploads posted is download 11.1.1.2 from the Identity Management 11g download page and then download 11.1.1.4 from My Oracle Support (aka Metalink) by finding patch set 11060980. I know it took me a little to find this, so hopefully this helps someone until the release is available on the public-facing website.
Posted
on Jan 14, 2011 in Technical Tips | 0 comments
If you have run into issues with ktpass, there is a chance you are not running the latest version. So, how do you check which ktpass.exe you are running?
- Find where ktpass is running while on your Windows 2003 Domain Controller by typing
where ktpass in your command prompt. If it is not found, it might not be installed or it might not be in your PATH. If you installed it normally, there is a good chance it is located in C:\Program Files\Support Tools.
- Once you have tracked down where it lives, navigate to the folder and Right-click > Properties on the ktpass executable (
ktpass.exe) as show below.
- Then click the “Version” tab and locate the version you are running as show below.
If you are not running
Version 5.2.3790.3959 (which is the latest at the time of this writing), then you might run into issues. A common one is the following crypto error:
crypto: enum value ‘rc4-hmac-nt’ is not known
Posted
on Sep 27, 2010 in News and Updates, Offerings, Technical Tips | 0 comments
Our Fusion Middleware expertise allows us to bring it all together. Do you want to follow business processes and ensure transparency to your organization?
M&S Consulting has implemented a next generation process portal built on Oracle BPM/SOA, Identity Management, WebCenter, and innovating solutions built by M&S from the ground up. Underlying technologies include WebLogic and ADF.
Recent Comments