Tag Archives: openidm

Addendum to ForgeRock Full Stack Configuration – Using ForgeRock OpenIG

This is an extension of an earlier post that demonstrated ForgeRock Full Stack Configuration, comprising OpenDJ, OpenAM and OpenIDM. In here we’ll plug in ForgeRock OpenIG to route traffic to/from OpenAM and OpenIDM. In the video log that follows, you’ll see:

– All urls that hit OpenIG, containing a string ‘openam’ getting redirected to OpenAM URL
– All urls that hit OpenIG, that does not contain the string ‘openam’ getting redirected to:

  1. OpenAM for Authentication if there is no valid User session and then on to OpenIDM UI
    2. OpenIDM UI if there is a valid User sessionOpenIDM UI

So here’s the extended illustration


Now on to the video.Enjoy!

Scripted SQL Connector in ForgeRock OpenIDM 4

ForgeRock Identity Management solution includes generic Groovy Connector Toolkit that enables you to run Groovy scripts on any external resource. You can read more about it here. Lifted verbatim from the OpenIDM 4 documentation mentioned above:”To facilitate creating your own scripted connectors with the Groovy Connector Toolkit, OpenIDM provides a scripted connector bundler. ” I followed Instructions in there (as well as in the README file of the ‘sample3’ in OpenIDM installation directory), to build a ScriptedSQL Connector to connect OpenIDM to a MySQL Database and my Video Log is below:


ForgeRock Full Stack Configuration

If you’re in a hurry to know what each of the ForgeRock Identity Platform Components is meant to do, try the Full Stack Configuration. In just over fifteen minutes, you’ll see:

– Installation of ForgeRock OpenDJ
– Deployment of ForgeRock OpenAM
– Configuration of OpenDJ as an Identity Repository in ForgeRock OpenAM
– Installation of ForgeRock OpenIDM
– Configuring OpenDJ as External Resource in OpenIDM
– Running a reconciliation in OpenIDM from OpenDJ
– Provisioning a User from OpenIDM to OpenDJ
– Using OpenAM as the Authentication Module for OpenIDM

With a much awaited weekend around the corner, I couldn’t really get over the laziness to create a better illustration than the one below to help visualize what’s mentioned above.


Please watch it, if you have some time. Enjoy!

Thanks: ForgeRock Product Documentation

Deploying a Highly Available ForgeRock Identity Management Solution

We have already discussed on this space the installation of ForgeRock Identity Management Solution and further configuring a Database as its repository. But in those discussions, all the critical components of the Solution namely the ForgeRock OpenIDM 4, MySQL Database were a Single Point of Failure. In an environment where business continuity is critical, we ought to build a solution that has no SPOF in the architecture. So I’m going to take you through that route today. Of course, this is a hint and just a way to understand the different options that you might consider in Configuring ForgeRock OpenIDM 4 for High Availability.

I’ve a rather simple example of HA configuration, mainly meant for understanding and learning it. In a sensitive infrastructure, a great deal of planning goes into building a Highly Available Environment. So what’s the small little setup we’ve here for learning:

ForgeRock OpenIDM 4 High Available Configuration

Two instances of ForgeRock OpenIDM 4 connects to a MySQL Proxy, which in turn talks to a MySQL Replication site. Of course, in this setup, MySQL Proxy is a SPOF, so you should have at least two of it in front of the MySQL Replication site. But if I had attempted to it, the whole thing would have looked a lot more complicated and would have failed the objective of being a learning tool. So if you’ve just under a half an hour to spare, you will know:

– How to use MySQL Proxy
– How to setup MySQL Replication (Master/Slave)
– How to install OpenIDM 4
– How to configure OpenIDM 4 to use a MySQL Database as its Repository
– How to bring up an OpenIDM Cluster environment

Well, the final state is what you get to see in the illustrations above.

Now on to the video. Enjoy!

Setting Up Email and User Self Registration in ForgeRock OpenIDM 4

A few months back, I had published a post with a video demonstration on setting up Email in now older version of ForgeRock OpenIDM. If you haven’t seen it and would like to take a look at it, it’s here. Between now and then a lot of things changed, one of which is an improved UI in the recently released OpenIDM 4. If you’ve four minutes to spare, watch the video below to see how good a work has gone into the OpenIDM 4 UI improvement.


ForgeRock OpenIDM 4: Installing a Repository for Production (PostgreSQL))

ForgeRock OpenIDM 4 uses OrientDB as its default datastore, which is good for learning and evaluation, but not suitable for a Production environment. In an earlier post on this space, we looked at the Configuration of MySQL database as the repository for OpenIDM 4. Picking up from there, because a site that I know of uses PostgreSQL instead of MySQL, made a quick demonstration on setting up OpenIDM 4 with PostgreSQL.


Related ForgeRock Documentation:
Setting up OpenIDM with PostgreSQL

ForgeRock OpenIDM 4: Installing a Repository for Production (MySQL)

Think of this post as a remake of an earlier one done several months back. Well, just tha, the earlier blog post in reference here was based on a now older version of OpenIDM, ForgeRock‘s Identity Management Solution. As always, I’m grateful to the ForgeRock documentation team for a clean write up on the Configuration of MySQL as a repository for ForgeRock OpenIDM 4.

Related Video/Documentation:
Video – Setting Up ForgeRock OpenIDM with MySQL (OpenIDM 3.x)
Documentation – Setting up OpenIDM with MySQL

Configuring Roles in ForgeRock OpenIDM 4

Merry Christmas!

For those interested to know how to configure Roles in ForgeRock OpenIDM, here’s my Christmas gift. A video at the end of this post will walk you through the installation of both ForgeRock OpenIDM and ForgeRock OpenDJ, configure the latter as an external resource in OpenIDM, performing reconciliation to bring in users from OpenDJ to OpenIDM. That’s not it, because all of that I’ve shown you earlier as well. Then, what’s more? Here it is:

So we go on and create Roles in OpenIDM, which has Managed Assignments that in turn has Attributes associated with an external resource (ForgeRock OpenDJ). So when a Role is assigned to a user in OpenIDM, based on the value of Attribute that is attached to the Role, the user will be subscribed to a group in the OpenDJ. If it sounds confusing,please don’t waste time reading it again, instead watch the video below, it’ll all be crystal clear.


Installation of ForgeRock OpenIDM 4 and Configuration of ForgeRock OpenDJ as its External Resource

It’s not for no reason that I picked up ‘Whistling Down the Road’ by Silent Partner (Courtesy: Google YouTube Audio Library) as the audio background for the screen-cast embedded on this blog post. The installation of ForgeRock OpenIDM 4 is one such experience, as in like just whistling away down the road! See it to believe it and don’t forget to try it.

I’ve done a similar screen-cast before, but that’s using OpenIDM 3.x. Be wary of the fact that the software used in this screen-cast is not yet read for Production. But now that the ForgeRock Management have given us this clue on the road ahead for the ForgeRock Products, it makes sense to start exploring it (if not already done).

So in the video below, you’ll see the lightning fast installation of both OpenIDM and OpenDJ and configuration of OpenDJ as an External Resource for OpenIDM.


Sending Emails from ForgeRock OpenIDM

No one wants to stay logged in on to the User Interface of a Provisioning Tool, waiting for the approval requests to flood into their queue in order to take an appropriate action. We have other things to do in life and for matters that require our attention we all expect notifications, don’t we? Without doubt, one very common and an easy channel for notification is Email, which some consider to be the first and the last killer app of the Internet. Just like many other configurations, setting up Outbound Email in ForgeRock OpenIDM is a walk in the park. If you have just over 5 minutes to spare, watch how it’s done in the video below:


Deeply indebted to this section of the ForgeRock Documentation on OpenIDM.

Certification in ForgeRock OpenIDM Episode I: Initial Reconciliation

If this was a book, what we have here is a prologue. Just as you don’t expect the prologue to throw a full story at you, so does this web log unveil absolutely no details around Certification in ForgeRock OpenIDM. What it does though is to setup a ‘plot’ for a possible video demonstration on Certification facility in ForgeRock’s Identity Management Solution. And that’s coming soon…

So in the video log, that’s actually a visual representation of the brilliant ForgeRock Documentation on OpenIDM, you’ll see:
– Installation of ForgeRock OpenDJ
– Configuration of OpenDJ as an external resource managed by OpenIDM (using sample files)
– Performing the initial reconciliation using REST to load users from OpenDJ to OpenIDM

Soon we’ll put all those users in action for Certification in OpenIDM. For now, just as you’d skim through the prologue of a book, take a quick look at the ~5 minute video

Provisioning Users to PostgreSQL Database Table Using ForgeRock OpenIDM

This one is rather uncomplicated. ForgeRock OpenIDM does provisioning well, be it to a Directory Server, a Database or even to several other external resources. The following video log demonstrates exactly that. You’ll see:

– Super quick installation of ForgeRock OpenIDM
– Installation of PostgreSQL database, creation of user with super user role in PostgreSQL, creation of a database and finally creation of a table
– Configure the OpenIDM Database connector to connect to the PostgreSQL database table created in the above mentioned step
– And finally see how the users from OpenIDM are provisioned on to the PostgreSQL database table

It’s all very simple and easy to understand. So enjoy!

ForgeRock OpenIDM User Provisioning Workflow

ForgeRock OpenIDM, very simply put, manages the identity, not necessarily of users all the time. In a short video demonstration that follows, I’ve taken efforts to show you a very simple user provisioning workflow in OpenIDM. When an employee in an organization initiates an onboard contract, the workflow is launched and the request reaches a manager, who then pickups the request and approves (or reject) it. Consequently, the new user’s identity is provisioned on a resource.

This video demonstration owes heavily to this section of ForgeRock documentation.

What’s in the video is a simple exercise and I strongly encourage anyone interested in ForgeRock’s Identity Management solution to try it and see. Well, if you say you aren’t familiar with the OpenIDM installation, that isn’t difficult either, you can watch it here.


ForgeRock OpenIDM: Setting Up SSL With MySQL Internal Repository

If you’ve already seen the video demonstration on setting up ForgeRock OpenIDM to use a JDBC repository, you may now be interested to know how to secure the traffic from ForgeRock OpenIDM to its JDBC repository. So in the video that follows, you will see:

– Setting up SSL in MySQL database
– Configuring OpenIDM to use SSLto the MySQL database (its internal repository)
Like several other videos that I’ve already published on this blog space around ForgeRock products, this one also makes use of Ubuntu 14.10 host 0S. A Linux Container running Ubuntu 14.04.2 LTS is where we’ve our ForgeRock OpenIDM and MySQL database running. The illustration below might help you get a quick picture about the infrastructure used for the screen-cast:

Hope you’ll find the video log useful:

MySQL Product Documentation
ForgeRock Documentation

ForgeRock OpenIDM REST Interface

I’ve already posted some entries around the ForgeRock OpenIDM, direct links to which are appended below in case you are interested:

ForgeRock OpenIDM Installation In a Linux Container”
ForgeRock OpenIDM Integration with ForgeRock OpenDJ
Setting up ForgeRock OpenIDM with MySQL
Configuring ForgeRock OpenIDM in a Cluster

The following video log is a very light one, partly because I haven’t done a video on REST interface around OpenIDM, but have done similiar ones for both OpenDJ and OpenAM, and partly because I’m feeling too sleepy to do a screen-cast on tougher topics. Talking of REST, in case if you haven’t seen my earlier reference to a neat and curt introduction to ForgeRock Common REST API, read it here.

Again, for those who are not familiar with REST calls to OpenIDM, the embedded video below might just give an idea of how to create a user and fetch a user profile in OpenIDM using REST.

Configuring ForgeRock OpenIDM In a Cluster

On this site, I’ve written another couple of posts around ForgeRock OpenIDM. If you’re not familiar with OpenIDM, I’d recommend reading/watching those (mentioned below), before viewing the video log embedded at the end of this post.

ForgeRock OpenIDM Installation In a Linux Container
Forge Rock OpenIDM with MySQL

Video logs on the links above are quite detailed, but if you’ve not much time to spare to watch all of it, not to worry, the installation of OpenIDM and configuration of MySQL as its internal repository is quickly covered in the following screen-cast as well.

The below illustration might give you a rough idea about the infrastructure that I used to perform the demonstration on OpenIDM Cluster Configuration. I’ve a Host Operating System of Ubuntu 14.10 in which there are many Linux Containers. Two of LXCs named ‘my-openidm’ & ‘my-openidm2’ are used to install two separate instances of ForgeRock OpenIDM (say ‘node1’ & ‘node2’). A directory named ‘/software’ on the Host OS that has all required binaries is shared as ‘/source’ inside the Linux Containers. For brevity, I’ve included only the relevant LXCs in the illustration as follows:

Please use the embedded video for a quick reference. For a detailed study on how the OpenIDM works in a cluster, please refer to the ForgeRock documentation.


Setting Up ForgeRock OpenIDM with MySQL

ForgeRock OpenIDM comes bundled with OrientDB. But the use of OrientDB as an internal repository for OpenIDM is not recommended in a production environment. A list of supported JDBC repositories for production use with OpenIDM can be found here. In this post, you’ll find a screen-cast that demonstrates the configuration of MySQL as an internal repository for OpenIDM. The following video log, however, does not demonstrate the installation of OpenIDM, but if interested you can watch the OpenIDM installation here.

The following screen-cast is based on the ForgeRock OpenIDM documentation section

ForgeRock OpenIDM Integration with ForgeRock OpenDJ

This post picks up from an earlier one and maybe it makes sense to have look at that first before going through this one. So now that we have ForgeRock OpenIDM running inside a Linux Container, in the video log embedded below, we integrate it with ForgeRock OpenDJ. We’ll then use OpenIDM to provision users on to the OpenDJ. Here’s a summary of what you get to see in the video:

– A quick look at the existing installation of ForgeRock OpenIDM and ForgeRock OpenDJ
– Configuring OpenIDM with LDAP connector during startup using available sample files
– Reconciliation of identifies from ForgeRock OpenDJ to ForgeRock OpenIDM
– Provisioning users from ForgeRock OpenIDM to ForgeRock OpenDJ

More details are available at this section of the OpenIDM documentation

ForgeRock OpenIDM Installation In a Linux Container

Chronologically, this is my third blog update around ForgeRock software stack, the first two being Installation of OpenDJ in a Linux Container and ForgeRock OpenAM Installation in a LXC. While none of these entries have any dependency on each other whatsoever, it is recommended to watch it in order so as to get a fairly uncomplicated idea on the infrastructure being used for demonstrations. In the video logs embedded in all the blog posts as mentioned above, the ForgeRock products are being installed in Linux Containers in Ubuntu Linux flavour that in turn is running in a Virtual Box. Because I thought it maybe relatively effortless for you to sit back and enjoy watching a video rather than reading through a lengthy essay, I’m sticking to my idea of publishing my screen-cast on installation of ForgeRock OpenIDM in a Linux Container. In the screencast, you’ll find:

– Creating new linux container for installation of OpenIDM
– Installation of OpenIDM in a LXC
– Starting/stopping OpenIDM Services
– Accessing OpenIDM using REST calls
– Accessing OpenIDM using BUI
– Configuring OpenIDM as a run control script in Ubuntu Linux

With a hope that this screencast will give you a some understanding on getting started with ForgeRock OpenIDM, I here unto present it for you:

We will figure out how to use OpenIDM for Identity provisioning in a later segment, not too far in the future. In the mean time, if you would like to browse away the features of ForgeRock OpenIDM, its documentation can be found here.