"One of the top Identity Management Strategists in the market today!"

Welcome to my Identity Management blog with focus on proven implementation stratigies, best practices, product selection, and where I open my expertse to You!

Fortune 100, Higher Education, Government... I've done it all. I'm 7 feet tall, live in NYC, tattooed, and love a challenge! Here's what I've learned...

Adam Callen

Tag: OVD

No Comments 0

“I forgot my admin password for OVD!”

Thursday, April 16th, 2009 | Oracle, OVD | .: Adam

It’s happened to us all, especially when we’re working for multiple clients and each client has multiple environments.

Should you forget your admin password for Oracle Virtual Directory, here’s a quick fix!

Go to OVD_HOME\conf and open server.os_xml

Find the <rootUser> node and replace with following

<rootUser>
<name>cn=admin</name>
<password>{SSHA}qLzLcgk/WLpCE6Z72OmQ7zXfCp4nTvj7</password>
</rootUser>

This will set cn=admin and password as “secret” for the admin account.

I keep a copy of this on my machine, so should I ever need to get into an OVD box, I just copy / paste, and I’m in!

.: Adam

Tags: , ,
No Comments 0

How to Install OVD on Oracle Enterprse Linux v5

Thursday, April 16th, 2009 | Configuration, OEL, Oracle, OVD | .: Adam

Initially OVD will not install on Oracle Linux 5 due to one line of code in the installer file that needs to be commented out:

Cause – ovid1014.bin includes:
export LD_ASSUME_KERNEL=2.2.5

Solution
Comment out the “export” line in the ovid1014.bin, retaining the same number of characters per line. For example change to:

#xport LD_ASSUME_KERNEL=2.2.5

Use the following steps:

1. Backup the original file:

cp ovid1014.bin ovid1014.bin.bak

2. Issue this command to edit the line:

cat ovid1014.bin.bak | sed “s/export LD_ASSUME_KERNEL/#xport LD_ASSUME_KERNEL/” > ovid1014.bin

After that, you just run installer in console mode. I didn’t make any configurations to the OS or the kernel. I used OEL v5 out of the box install.

.: Adam

Tags: , , ,
No Comments 0

Adding Certificates to Oracle Virtual Directory

Monday, March 16th, 2009 | Configuration, Oracle, OVD | .: Adam

I was tooling around with OVD (Oracle Virtual Directory) a while ago, and I needed to add a certificate so that I would have SSL connections everywhere. Here’s the steps I followed:

1. In OVD Manager, right click on the server, then select Manage > Server Certificates > click the Generate New Key button to generate a server certificate. Supply the necessary fields, but do not check “Self-Signed”.

2. Click Finish and the key will be displayed in the Key Manager.

3. Select Request Certificate to export the certificate to a text file for processing by the certificate authority.
The certificate will be exported in PEM or Base-64 encoded format.

4. With the exported certificate file, submit the certificate request as instructed by your certificate authority for signing.

5. When the signed certificate is returned, import it using the Import Signed Cert button.

When prompted, enter the certificate file name of the Base-64 (PEM) encoded certificate and the alias name to import as.

6. After clicking Finish, activate the certificate by enabling SSL on one of the listeners and specifying the certificate alias as the certificate to use.

The set up is now complete.

.: Adam

Tags: , ,
No Comments 0

What should I ask a prospective IdM client?

Wednesday, November 19th, 2008 | General IdM, Oracle | .: Adam

This question comes from Rick:

“My company is looking to start offering Identity Management services (just Oracle), what are some questions I should ask a prospective client so we have a good understanding of what they have / want?”

First let me point out that for a company to just suddenly decide to start offering Identity Management services, is a bold step. IdM services are not like anything else out there. You really need to have someone that knows what they’re doing. But, a lot of services companies, like yours I would imagine, do one type of service really well. So well, that one of their clients say, “Hey! We just purchased this IdM suite from X and have no idea how to implement it. Do you?” And you say, “Of course!” Over half of my calls come from this exact scenario after they figure out what’s really involved =)

But, if you’re really serious about starting this type of work, more power to you!

Here is a list of the common questions that you can ask a prospective IdM client. They will get a lot of pertinent information about them and what they want.
They may not have the answers to all of these, and that’s ok. These are just so you can have a clearer understanding as to what the client wants before engaging with them on a more formal deep-dive requirements gathering process.
  • Which products did they purchase? (See list below)
  • When do they want to start the implementation?
  • What is their deadline for a production role out, and what do they plan to have accomplished by then?
  • What were the driving reasons / decisions for purchasing the IdM product(s)? (Provisioning, Password reset, compliancy, etc)
  • If they’re a government entity, are there any special security clearances that are required?
  • What are their primary concerns with this type of roll-out?
  • How many environments do they want to roll out to? (Typical is 3: Dev, Test, Prod)
Oracle Identity Manager Questions:
  • Which connectors have they purchased?
  • What resources are they planning on provisioning to? What are they? What versions?
  • How many authoritative source do they have? What are they? What versions?
  • Are they replacing any current provisioning products, attestation products, or home-grown scripts?
  • What operating system are they installing it on?
Oracle Access Manager Questions:
  • Do they already have an LDAP Identity Store (AD, Oracle Internet Directory, Oracle Virtual Directory)
  • How many web applications do they want to protect and what are they?
  • What Application Server are they going to use / do they have? (OC4J, Web Sphere, WebLogic, JBoss)
  • Are they replacing any current access control products or home-grown scripts?
  • What operating system are they installing it on?
Oracle Virtual Directory Questions:
  • How many LDAP’s do they want to connect to?
  • How many Databases do they want to connect to?
  • Are they any other systems they plan on hooking into it?
  • What operating system are they installing it on?
Oracle Identity Federations Questions:
  • Do they plan on integrating it into Oracle Access Manager?
  • Will they be the Identity Provider, the Service Provider, or both?
  • How many clients within the circle of trust will they be federating to?
  • Are they replacing any current federation products or home-grown scripts?
  • What operating system are they installing it on?
Oracle Role Manager Questions:
  • Have they purchased the product, or the service?
  • How many employees do they have and what types? (full-time, contractors, students, etc)
Oracle Internet Directory Questions:
  • Will this be their first corporate LDAP?
  • Are they migrating data from a separate data store? (another LDAP, database, or file system)
  • Do they have a global unique identifier setup?
  • What operating system are they installing it on?
Oracle Enterprise Linux Questions:
  • Are they running them on the boxes, or virtualized?
  • What version are they installing? (If OEL v5, ask if they are aware of incompatibilities with other Oracle products)
This should be enough to start you out.
.: Adam
Tags: , , , , ,


Back to topBack to top