Identity Manager Opensource OpenIDM Architecture
-
Upload
aidy-tificate -
Category
Technology
-
view
286 -
download
3
description
Transcript of Identity Manager Opensource OpenIDM Architecture
Allidm.com
Discovering Identity and Access Management Solutions
OpenIDMArchitecture
Find us on Facebook: https://www.facebook.com/allidm
Follow us on Twitter:
https://twitter.com/aidy_idm Look for us on LinkedIn:
http://www.linkedin.com/in/identityandaccessmanagement Visit our blog:
http://www.allidm.com/blog
Stay connected to Allidm
Disclaimer and Acknowledgments
The contents here are created as a own personal endeavor and thus does not reflect any official stance of any Identity and Access Management Vendor on any particular technology.
Contact Us
On this presentation we’ll talk about some useful topics that you can use no matter which identity and access management solution or product you are working on.
If you know one that make a big difference please tell us to include it in the future
OpenIDM architecture
The OpenIDM framework is based on OSGi. OSGi
OSGi is a module system and service platform for the Java programming language that implements a complete and dynamic component model.
OpenIDM currently runs in Apache Felix. Servlet
The optional Servlet layer provides RESTful HTTP access to the managed objects and services.
OpenIDM embeds Jetty by default.
Modular Framework
BPMN 2.0 Workflow Engine Embedded workflow and business process engine based on
Activiti and the Business Process Model and Notation (BPMN) 2.0 standard.
Task Scanner Task scanning mechanism that enables you to perform a batch
scan for a specified date in OpenIDM data, on a scheduled interval, and then to execute a task when this date is reached.
Scheduler Scheduler provides a cron-like scheduling component
implemented using the Quartz library. For example, to enable regular synchronizations and reconciliations.
Infrastructure Modules
Script Engine Script engine is a pluggable module that provides the triggers and
plugin points for OpenIDM. OpenIDM currently supports JavaScript and Groovy.
Policy Service Provides an extensible policy service that enables you to apply
specific validation requirements to various components and properties.
Audit Logging Auditing logs all relevant system activity to the configured log stores.
This includes the data from reconciliation as a basis for reporting, as well as detailed activity logs to capture operations on the internal (managed) and external (system) objects.
Infrastructure Modules…
Repository Repository provides a common abstraction for a pluggable
persistence layer. The default, embedded implementation for the repository
is the NoSQL database OrientDB. OpenIDM 3.0.0 supports use of MySQL to back the
repository. Plugin repositories can include NoSQL and relational
databases, LDAP, and even flat files. Repository API operates using a JSON-based object model
with RESTful principles consistent with the other OpenIDM services.
Infrastructure Modules…
Object Model Artifacts handled by OpenIDM are Java object representations of
the JavaScript object model as defined by JSON. These representations are instances of
classes:Map, List, String, Number, Boolean, and null. Object model supports interoperability and potential integration
with many applications, services and programming languages OpenIDM can serialize and deserialize these structures to and
from JSON as required. OpenIDM also exposes a set of triggers and functions that
system administrators can define, in either JavaScript or Groovy
Core Services
Managed Objects A managed object is an object that represents the
identity-related data managed by OpenIDM. Managed objects are configurable, JSON-based data
structures that OpenIDM stores in its pluggable repository.
The default configuration of a managed object is that of a user You can define any kind of managed object
For example, groups or roles.
You can access managed objects over the REST interface
Core Services…
System Objects System objects are pluggable representations of
objects on external systems. For example, a user entry that is stored in an
external LDAP directory System objects follow the same RESTful resource-
based design principles as managed objects. There is a default implementation for the OpenICF
framework, that allows any connector object to be represented as a system object
Core Services…
Mappings Mappings define policies between source and
target objects and their attributes during synchronization and reconciliation.
Mappings can also define triggers for validation, customization, filtering, and transformation of source and target objects.
Core Services…
Synchronization & Reconciliation Reconciliation enables on-demand and
scheduled resource comparisons between the OpenIDM managed object repository and source or target systems. Comparisons can result in different actions,
depending on the mappings defined between the systems.
Synchronization enables creating, updating, and deleting resources from a source to a target system, either on demand or according to a schedule.
Core Services…
Representational State Transfer (REST) is a software architecture style for exposing resources, using the technologies and protocols of the World Wide Web.
REST interfaces are commonly tested with a curl command. Work with the standard ports associated with Java EE
communications, 8080 and 8443. To run curl over the secure port, 8443, you must
include either the --insecure option, or run in Restrict REST Access to the HTTPS Port.
Secure Commons REST Commands
The access layer provides the user interfaces and public APIs for accessing and managing the OpenIDM repository and its functions. RESTful Interfaces
OpenIDM provides REST APIs for CRUD operations and invoking synchronization and reconciliation for both HTTP and Java.
User Interfaces User interfaces provide password management,
registration, self-service, and workflow services.
Access Layer
Allidm.com
Discovering Identity and Access Management Solutions
OpenIDMArchitecture