Allidm.com

Discovering Identity and Access Management Solutions

OpenIDMArchitecture

Find us on Facebook: https://www.facebook.com/allidm

 Follow us on Twitter: 

https://twitter.com/aidy_idm Look for us on LinkedIn: 

http://www.linkedin.com/in/identityandaccessmanagement Visit our blog:

http://www.allidm.com/blog

Stay connected to Allidm

Disclaimer and Acknowledgments

The contents here are created as a own personal endeavor and thus does not reflect any official stance of any Identity and Access Management Vendor on any particular technology.

Contact Us

On this presentation we’ll talk about some useful topics that you can use no matter which identity and access management solution or product you are working on.

If you know one that make a big difference please tell us to include it in the future

aidy.allidm@gmail.com

OpenIDM architecture

The OpenIDM framework is based on OSGi. OSGi

OSGi is a module system and service platform for the Java programming language that implements a complete and dynamic component model. 

OpenIDM currently runs in Apache Felix. Servlet

The optional Servlet layer provides RESTful HTTP access to the managed objects and services. 

OpenIDM embeds Jetty by default.

Modular Framework

BPMN 2.0 Workflow Engine Embedded workflow and business process engine based on

Activiti and the Business Process Model and Notation (BPMN) 2.0 standard.

Task Scanner Task scanning mechanism that enables you to perform a batch

scan for a specified date in OpenIDM data, on a scheduled interval, and then to execute a task when this date is reached.

Scheduler  Scheduler provides a cron-like scheduling component

implemented using the Quartz library.  For example, to enable regular synchronizations and reconciliations.

Infrastructure Modules

Script Engine Script engine is a pluggable module that provides the triggers and

plugin points for OpenIDM. OpenIDM currently supports JavaScript and Groovy.

Policy Service  Provides an extensible policy service that enables you to apply

specific validation requirements to various components and properties.

Audit Logging Auditing logs all relevant system activity to the configured log stores.

This includes the data from reconciliation as a basis for reporting, as well as detailed activity logs to capture operations on the internal (managed) and external (system) objects.

Infrastructure Modules…

Repository Repository provides a common abstraction for a pluggable

persistence layer. The default, embedded implementation for the repository

is the NoSQL database OrientDB. OpenIDM 3.0.0 supports use of MySQL to back the

repository. Plugin repositories can include NoSQL and relational

databases, LDAP, and even flat files.  Repository API operates using a JSON-based object model

with RESTful principles consistent with the other OpenIDM services.

Infrastructure Modules…

Object Model Artifacts handled by OpenIDM are Java object representations of

the JavaScript object model as defined by JSON.  These representations are instances of

classes:Map, List, String, Number, Boolean, and null. Object model supports interoperability and potential integration

with many applications, services and programming languages OpenIDM can serialize and deserialize these structures to and

from JSON as required.  OpenIDM also exposes a set of triggers and functions that

system administrators can define, in either JavaScript or Groovy

Core Services

Managed Objects A managed object is an object that represents the

identity-related data managed by OpenIDM. Managed objects are configurable, JSON-based data

structures that OpenIDM stores in its pluggable repository. 

The default configuration of a managed object is that of a user You can define any kind of managed object

For example, groups or roles.

You can access managed objects over the REST interface 

Core Services…

System Objects System objects are pluggable representations of

objects on external systems. For example, a user entry that is stored in an

external LDAP directory System objects follow the same RESTful resource-

based design principles as managed objects.  There is a default implementation for the OpenICF

framework, that allows any connector object to be represented as a system object

Core Services…

Mappings Mappings define policies between source and

target objects and their attributes during synchronization and reconciliation.

Mappings can also define triggers for validation, customization, filtering, and transformation of source and target objects.

Core Services…

Synchronization & Reconciliation Reconciliation enables on-demand and

scheduled resource comparisons between the OpenIDM managed object repository and source or target systems. Comparisons can result in different actions,

depending on the mappings defined between the systems.

Synchronization enables creating, updating, and deleting resources from a source to a target system, either on demand or according to a schedule.

Core Services…

Representational State Transfer (REST) is a software architecture style for exposing resources, using the technologies and protocols of the World Wide Web.

REST interfaces are commonly tested with a curl command. Work with the standard ports associated with Java EE

communications, 8080 and 8443. To run curl over the secure port, 8443, you must

include either the --insecure option, or run in Restrict REST Access to the HTTPS Port.

Secure Commons REST Commands

The access layer provides the user interfaces and public APIs for accessing and managing the OpenIDM repository and its functions. RESTful Interfaces

OpenIDM provides REST APIs for CRUD operations and invoking synchronization and reconciliation for both HTTP and Java.

User Interfaces User interfaces provide password management,

registration, self-service, and workflow services.

Access Layer

Allidm.com

Discovering Identity and Access Management Solutions

OpenIDMArchitecture