JavaScript is disabled on your browser. Please enable JavaScript to enjoy all the features of this site.
OpenIDM Integrator's Guide
Chapter 13. Managing Authentication, Authorization and RBAC
Sidebar
Prev
|
Up
|
Next
13.1. OpenIDM Users
13.1.1. Internal Users
13.1.2. Managed Users
OpenIDM distinguishes between internal users and managed users.
Contents
Search
Preface
1. Who Should Use this Guide
2. Formatting Conventions
3. Accessing Documentation Online
4. Joining the Open Identity Platform Community
1. Architectural Overview
1.1. OpenIDM Modular Framework
1.2. Infrastructure Modules
1.3. Core Services
1.4. Access Layer
2. Starting and Stopping OpenIDM
2.1. To Start and Stop OpenIDM
2.2. Specifying the OpenIDM Startup Configuration
2.3. Obtaining Information About an OpenIDM Instance
2.4. Verifying the Health of an OpenIDM System
2.5. Displaying Information About Installed Modules
2.6. Starting OpenIDM in Debug Mode
3. OpenIDM Command-Line Interface
3.1. configexport
3.2. configimport
3.3. configureconnector
3.4. encrypt
3.5. keytool
3.6. validate
4. OpenIDM User Interface
4.1. Overview of the Default User Interface
4.2. Configuring the Default User Interface
4.2.1. Enabling Self-Registration
4.2.2. Configuring Security Questions
4.2.3. Enabling Site Identification
4.2.4. Configuring the Country List
4.3. Managing User Accounts With the User Interface
4.4. Managing Workflows From the User Interface
4.5. Changing the UI Theme
4.5.1. Changing the Default Stylesheet
4.5.2. Changing the Default Logo
4.5.3. Changing the Language of the UI
4.5.4. Creating a Project-Specific UI Theme
4.6. Using an External System for Password Reset
4.7. Providing a Logout URL to External Applications
4.8. Changing the UI Path
4.9. Disabling the UI
5. Configuring OpenIDM
5.1. OpenIDM Configuration Objects
5.2. Changing the Default Configuration
5.3. Configuring an OpenIDM System for Production
5.3.1. Configuring a Production Repository
5.3.2. Disabling Automatic Configuration Updates
5.3.3. Disabling the File-Based Configuration View
5.4. Configuring OpenIDM Over REST
5.5. Using Property Value Substitution in the Configuration
5.5.1. Using Property Value Substitution With System Properties
5.5.2. Limitations of Property Value Substitution
5.6. Adding Custom Endpoints
6. Accessing Data Objects
6.1. Accessing Data Objects by Using Scripts
6.2. Accessing Data Objects by Using the REST API
6.3. Defining and Calling Queries
6.3.1. Parameterized Queries
6.3.2. Native Query Expressions
6.3.3. Constructing Queries
7. Using Policies to Validate Data
7.1. Configuring the Default Policy
7.1.1. Policy Script File
7.1.1.1. Policy Configuration Object
7.1.1.2. Policy Implementation Function
7.1.2. Policy Configuration File
7.2. Extending the Policy Service
7.3. Disabling Policy Enforcement
7.4. Managing Policies Over REST
7.4.1. Listing the Defined Policies
7.4.2. Validating Objects and Properties Over REST
8. Configuring Server Logs
9. Connecting to External Resources
9.1. About OpenIDM & OpenICF
9.2. Accessing Remote Connectors
9.3. Configuring Connectors
9.4. Connector Configuration Examples
9.4.1. XML File Connector
9.4.2. Generic LDAP Connector
9.4.3. Active Directory Connector
9.4.3.1. Installing and Configuring a .NET Connector
9.4.3.2. Installing a Standalone Java Connector Server
9.4.3.2.1. MySQL Database Example to Reconcile JCS Users
9.4.3.3. XML Example to Reconcile JCS Users
9.4.3.4. Configuring the Active Directory Connector
9.4.3.5. Using PowerShell Scripts With the Active Directory Connector
9.4.4. CSV File Connector
9.4.5. Scripted SQL Connector
9.5. Creating Default Connector Configurations
10. Configuring Synchronization
10.1. Types of Synchronization
10.2. Managing Reconciliation Over REST
10.2.1. Triggering a Reconciliation Run
10.2.2. Canceling a Reconciliation Run
10.2.3. Listing Reconciliation Runs
10.2.4. Querying the Reconciliation Audit Log
10.3. Triggering LiveSync Over REST
10.4. Flexible Data Model
10.5. Basic Data Flow Configuration
10.5.1. Connector Configuration Files
10.5.2. Synchronization Mappings File
10.5.3. Using Encrypted Values
10.5.4. Restricting HTTP Access to Sensitive Data
10.5.5. Constructing and Manipulating Attributes
10.5.6. Reusing Links
10.6. Synchronization Situations and Actions
10.6.1. Synchronization Situations
10.6.2. Source Reconciliation
10.6.3. Target Reconciliation
10.6.4. Situations Specific to Automatic Synchronization and LiveSync
10.6.5. Synchronization Actions
10.6.6. Providing a Script as an Action
10.7. Asynchronous Reconciliation
10.8. Configuring Case Sensitivity for Data Stores
10.9. Reconciliation Optimization
10.9.1. Correlating Empty Target Sets
10.9.2. Prefetching Links
10.9.3. Parallel Reconciliation Threads
10.10. Correlation Queries
10.10.1. Managed Object as Correlation Query Target
10.10.2. System Object as Correlation Query Target
10.11. Advanced Data Flow Configuration
10.12. Scheduling Synchronization
10.12.1. Configuring Scheduled Synchronization
10.12.2. Alternative Mappings
11. Scheduling Tasks and Events
11.1. Scheduler Configuration
11.2. Configuring Persistent Schedules
11.3. Schedule Examples
11.4. Service Implementer Notes
11.5. Scanning Data to Trigger Tasks
11.5.1. Configuring the Task Scanner
11.5.2. Managing Scanning Tasks Over REST
11.5.2.1. Triggering a Scanning Task
11.5.2.2. Canceling a Scanning Task
11.5.2.3. Listing Scanning Tasks
12. Managing Passwords
12.1. Enforcing Password Policy
12.2. Password Synchronization
13. Managing Authentication, Authorization and RBAC
13.1. OpenIDM Users
13.1.1. Internal Users
13.1.2. Managed Users
13.2. Authentication
13.3. Roles
13.4. Authorization
13.4.1. router-authz.js
13.4.2. access.js
13.4.3. Extending the Authorization Mechanism
14. Securing & Hardening OpenIDM
14.1. Use SSL and HTTPS
14.2. Restrict REST Access to the HTTPS Port
14.3. Encrypt Data Internally & Externally
14.4. Use Message Level Security
14.5. Replace Default Security Settings
14.6. Secure Jetty
14.7. Protect Sensitive REST Interface URLs
14.8. Protect Sensitive Files & Directories
14.9. Obfuscate Bootstrap Information
14.10. Remove or Protect Development & Debug Tools
14.11. Protect the OpenIDM Repository
14.12. Adjust Log Levels
14.13. Set Up Restart At System Boot
15. Integrating Business Processes and Workflows
15.1. BPMN 2.0 and the Activiti Tools
15.2. Setting Up Activiti Integration With OpenIDM
15.2.1. Setting Up Local Integration
15.2.2. Setting Up Remote Integration
15.2.3. Configuring the Activiti Engine
15.2.3.1. Configuring the Activiti History Level
15.2.4. Defining Activiti Workflows
15.2.5. Invoking Activiti Workflows
15.2.6. Querying Activiti Workflows
15.3. Managing Workflows Over the REST Interface
15.4. Example Activiti Workflows With OpenIDM
15.4.1. Example Email Notification Workflow
15.4.2. Sample Workflow - Provisioning User Accounts
15.4.2.1. Overview of the Sample
15.4.2.2. Running the Sample
16. Using Audit Logs
16.1. Audit Log Types
16.2. Audit Log File Formats
16.3. Audit Configuration
16.3.1. Event Types
16.3.2. Log To List
16.3.3. Exception Formatter
16.4. Generating Reports
17. Sending Email
17.1. Sending Mail Over REST
17.2. Sending Mail From a Script
18. OpenIDM Project Best Practices
18.1. Implementation Phases
18.1.1. Initiation
18.1.2. Definition
18.1.3. Design
18.1.4. Build
18.1.5. Production
19. Troubleshooting
19.1. OpenIDM Stopped in Background
19.2. Internal Server Error During Reconciliation or Synchronization
19.3. The scr list Command Shows Sync Service As Unsatisfied
19.4. JSON Parsing Error
19.5. System Not Available
19.6. Bad Connector Host Reference in Provisioner Configuration
19.7. Missing Name Attribute
File Layout
Ports Used
Data Models and Objects Reference
1. Managed Objects
1.1. Managed Object Schema
1.1.1. Managed Object Reserved Properties
1.1.2. Managed Object Schema Validation
1.1.3. Managed Object Derived Properties
1.2. Data Consistency
1.3. Managed Object Triggers
1.3.1. State Triggers
1.3.2. Object Storage Triggers
1.3.3. Property Storage Triggers
1.3.4. Storage Trigger Sequences
1.4. Managed Object Encryption
1.5. Managed Object Configuration
1.6. Custom Managed Objects
1.6.1. Setting Up a Managed Object Type
1.6.2. Manipulating Managed Objects Declaratively
1.6.3. Manipulating Managed Objects Programmatically
1.6.3.1. Creating Objects
1.6.3.2. Updating Objects
1.6.3.3. Patching Objects
1.6.3.4. Deleting Objects
1.6.3.5. Reading Objects
1.6.3.6. Querying Object Sets
1.7. Accessing Managed Objects Through the REST API
2. Configuration Objects
2.1. When To Use Custom Configuration Objects
2.2. Custom Configuration Object Naming Conventions
2.3. Mapping Configuration Objects To Configuration Files
2.4. Configuration Objects File & REST Payload Formats
2.5. Accessing Configuration Objects Through the REST API
2.6. Accessing Configuration Objects Programmatically
2.7. Creating Objects
2.8. Updating Objects
2.9. Deleting Objects
2.10. Reading Objects
3. System Objects
4. Audit Objects
5. Links
Synchronization Reference
1. Object-Mapping Objects
1.1. Property Objects
1.2. Policy Objects
1.2.1. Script Object
2. Links
3. Queries
4. Reconciliation
5. REST API
REST API Reference
1. URI Scheme
2. Object Identifiers
3. Content Negotiation
4. Conditional Operations
5. Supported Methods
Scripting Reference
1. Scripting Configuration
2. Examples
3. Function Reference
3.1. openidm.create(id, value)
3.2. openidm.patch(id, rev, value)
3.3. openidm.read(id)
3.4. openidm.update(id, rev, value)
3.5. openidm.delete(id, rev)
3.6. openidm.query(id, params)
3.7. openidm.action(id, params, value)
3.8. openidm.encrypt(value, cipher, alias)
3.9. openidm.decrypt(value)
3.10. logger.debug(string message, object... params)
3.11. logger.error(string message, object... params)
3.12. logger.info(string message, object... params)
3.13. logger.trace(string message, object... params)
3.14. logger.warn(string message, object... params)
4. Places to Trigger Scripts
5. Variables Available in Scripts
6. Debugging OpenIDM Scripts
Router Service Reference
1. Configuration
1.1. Filter Objects
1.2. Script Execution Sequence
1.3. Script Scope
2. Example
Embedded Jetty Configuration
1. Using OpenIDM Configuration Properties in the Jetty Configuration
1.1. Accessing Explicit Bean Properties
1.2. Accessing Generic Properties
2. Jetty Default Settings
3. Registering Additional Servlet Filters
Release Levels & Interface Stability
1. Open Identity Platform Product Release Levels
2. Open Identity Platform Product Interface Stability
OpenIDM Glossary
Index
Search Highlighter (On/Off)
