SlideShare a Scribd company logo

Identity Manager Opensource OpenIDM Architecture

Download as PPTX, PDF
Aidy Tificate, profile picture
Aidy Tificate

This document provides an overview of the architecture of OpenIDM, an open source identity and access management solution. It describes the modular framework based on OSGi, core services like managed objects, system objects and mappings, and infrastructure modules including a workflow engine, scheduler, scripting, and repository. It also covers the access layer with RESTful interfaces and user interfaces.

Technology
Related topics:
Web Application
1 of 17
Downloaded 46 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Allidm.com Discovering Identity and Access Management Solutions OpenIDM Architecture
Stay connected to Allidm Find us on Facebook: https://www.facebook.com/allidm Follow us on Twitter: https://twitter.com/aidy_idm Look for us on LinkedIn: http://www.linkedin.com/in/identityandaccessmanagement Visit our blog: http://www.allidm.com/blog
Disclaimer and Acknowledgments The contents here are created as a own personal endeavor and thus does not reflect any official stance of any Identity and Access Management Vendor on any particular technology.
Contact Us On this presentation we’ll talk about some useful topics that you can use no matter which identity and access management solution or product you are working on. If you know one that make a big difference please tell us to include it in the future aidy.allidm@gmail.com
OpenIDM architecture
Modular Framework  The OpenIDM framework is based on OSGi.  OSGi  OSGi is a module system and service platform for the Java programming language that implements a complete and dynamic component model.  OpenIDM currently runs in Apache Felix.  Servlet  The optional Servlet layer provides RESTful HTTP access to the managed objects and services.  OpenIDMembeds Jetty by default.
Infrastructure Modules  BPMN 2.0 Workflow Engine  Embedded workflow and business process engine based on Activiti and the Business Process Model and Notation (BPMN) 2.0 standard.  Task Scanner  Task scanning mechanism that enables you to perform a batch scan for a specified date in OpenIDM data, on a scheduled interval, and then to execute a task when this date is reached.  Scheduler  Scheduler provides a cron-like scheduling component implemented using the Quartz library.  For example, to enable regular synchronizations and reconciliations.
Infrastructure Modules…  Script Engine  Script engine is a pluggable module that provides the triggers and plugin points for OpenIDM.  OpenIDM currently supports JavaScript and Groovy.  Policy Service  Provides an extensible policy service that enables you to apply specific validation requirements to various components and properties.  Audit Logging  Auditing logs all relevant system activity to the configured log stores.  This includes the data from reconciliation as a basis for reporting, as well as detailed activity logs to capture operations on the internal (managed) and external (system) objects.
Infrastructure Modules…  Repository  Repository provides a common abstraction for a pluggable persistence layer.  The default, embedded implementation for the repository is the NoSQL database OrientDB.  OpenIDM 3.0.0 supports use of MySQL to back the repository.  Plugin repositories can include NoSQL and relational databases, LDAP, and even flat files.  Repository API operates using a JSON-based object model with RESTful principles consistent with the other OpenIDM services.
 Object Model Core Services  Artifacts handled by OpenIDM are Java object representations of the JavaScript object model as defined by JSON.  These representations are instances of classes:Map, List, String, Number, Boolean, and null.  Object model supports interoperability and potential integration with many applications, services and programming languages  OpenIDM can serialize and deserialize these structures to and from JSON as required.  OpenIDM also exposes a set of triggers and functions that system administrators can define, in either JavaScript or Groovy
Core Services…  Managed Objects  A managed object is an object that represents the identity-related data managed by OpenIDM.  Managed objects are configurable, JSON-based data structures that OpenIDM stores in its pluggable repository.  The default configuration of a managed object is that of a user  You can define any kind of managed object  For example, groups or roles.  You can access managed objects over the REST interface
Core Services…  System Objects  System objects are pluggable representations of objects on external systems.  For example, a user entry that is stored in an external LDAP directory  System objects follow the same RESTful resource-based design principles as managed objects.  There is a default implementation for the OpenICF framework, that allows any connector object to be represented as a system object
 Mappings Core Services…  Mappings define policies between source and target objects and their attributes during synchronization and reconciliation.  Mappings can also define triggers for validation, customization, filtering, and transformation of source and target objects.
Core Services…  Synchronization & Reconciliation  Reconciliation enables on-demand and scheduled resource comparisons between the OpenIDMmanaged object repository and source or target systems.  Comparisons can result in different actions, depending on the mappings defined between the systems.  Synchronization enables creating, updating, and deleting resources from a source to a target system, either on demand or according to a schedule.
Secure Commons REST Commands  Representational State Transfer (REST) is a software architecture style for exposing resources, using the technologies and protocols of the World Wide Web.  REST interfaces are commonly tested with a curl command.  Work with the standard ports associated with Java EE communications, 8080 and 8443.  To run curl over the secure port, 8443, you must include either the --insecure option, or run in Restrict REST Access to the HTTPS Port.
Access Layer  The access layer provides the user interfaces and public APIs for accessing and managing the OpenIDM repository and its functions.  RESTful Interfaces  OpenIDM provides REST APIs for CRUD operations and invoking synchronization and reconciliation for both HTTP and Java.  User Interfaces  User interfaces provide password management, registration, self-service, and workflow services.
Allidm.com Discovering Identity and Access Management Solutions OpenIDM Architecture

More Related Content

PPTX
OpenIDM - An Introduction
ForgeRock
 
PPTX
OpenIDM: An Introduction
ForgeRock
 
PPTX
OpenIDM - Flexible Provisioning Platform - April 28 Webinar
ForgeRock
 
PPTX
Identity Manager OpenSource OpenIDM - introduction
Aidy Tificate
 
PPTX
OPENIDM: DID YOU JUST SAAS ME?
ForgeRock
 
PPTX
OpenDJ - An Introduction
ForgeRock
 
PPTX
Case Study: Utilizing OpenIDM with an External AJAX Interface
ForgeRock
 
PPTX
Webinar: OpenIDM 3.1
ForgeRock
 
OpenIDM - An Introduction
ForgeRock
 
OpenIDM: An Introduction
ForgeRock
 
OpenIDM - Flexible Provisioning Platform - April 28 Webinar
ForgeRock
 
Identity Manager OpenSource OpenIDM - introduction
Aidy Tificate
 
OPENIDM: DID YOU JUST SAAS ME?
ForgeRock
 
OpenDJ - An Introduction
ForgeRock
 
Case Study: Utilizing OpenIDM with an External AJAX Interface
ForgeRock
 
Webinar: OpenIDM 3.1
ForgeRock
 

What's hot (20)

PPT
Case Study: University of California, Berkeley and San Francisco
ForgeRock
 
PPTX
OpenIDM 3.0 - What's New
ForgeRock
 
PPTX
IDM Reconciliation
Aidy Tificate
 
PPTX
OpenDJ: An Introduction
ForgeRock
 
PPTX
OpenAM - An Introduction
ForgeRock
 
PPT
THE FORGEROCK PLATFORM BIG PICTURE
ForgeRock
 
PDF
Identity as a Managed Cloud Service
ForgeRock
 
PPTX
OIS Architecture Review
ForgeRock
 
PPT
Open Identity Stack Roadmap
ForgeRock
 
PDF
Case Study: Plus Retail - Moving from the Old World to the New World
ForgeRock
 
PDF
Federation in Practice
ForgeRock
 
PPTX
OpenAM: An Introduction
ForgeRock
 
PPTX
Identity Management with the ForgeRock Identity Platform - So What’s New?
ForgeRock
 
PPTX
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
Scott Hoag
 
PDF
OpenAM Best Practices - Corelio Media Case Study
ForgeRock
 
PDF
Implementing eGov
ForgeRock
 
PDF
Shoot Me a Token: OpenAM as an OAuth2 Provider
ForgeRock
 
PPT
Incredible Edible Identity
ForgeRock
 
PDF
OpenAM as Flexible Integration Component
ForgeRock
 
ODP
Apache Syncope and Tirasa
Francesco Chicchiriccò
 
Case Study: University of California, Berkeley and San Francisco
ForgeRock
 
OpenIDM 3.0 - What's New
ForgeRock
 
IDM Reconciliation
Aidy Tificate
 
OpenDJ: An Introduction
ForgeRock
 
OpenAM - An Introduction
ForgeRock
 
THE FORGEROCK PLATFORM BIG PICTURE
ForgeRock
 
Identity as a Managed Cloud Service
ForgeRock
 
OIS Architecture Review
ForgeRock
 
Open Identity Stack Roadmap
ForgeRock
 
Case Study: Plus Retail - Moving from the Old World to the New World
ForgeRock
 
Federation in Practice
ForgeRock
 
OpenAM: An Introduction
ForgeRock
 
Identity Management with the ForgeRock Identity Platform - So What’s New?
ForgeRock
 
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
Scott Hoag
 
OpenAM Best Practices - Corelio Media Case Study
ForgeRock
 
Implementing eGov
ForgeRock
 
Shoot Me a Token: OpenAM as an OAuth2 Provider
ForgeRock
 
Incredible Edible Identity
ForgeRock
 
OpenAM as Flexible Integration Component
ForgeRock
 
Apache Syncope and Tirasa
Francesco Chicchiriccò
 
Ad

Viewers also liked (20)

PPTX
IAM Password
Aidy Tificate
 
PPTX
IAM Cloud
Aidy Tificate
 
PPTX
IDM Introduction
Aidy Tificate
 
PPTX
Dell Password Manager Introduction
Aidy Tificate
 
PDF
Introduction to IDM
Tommy Docks
 
PPTX
Dell Password Manager Architecture - Components
Aidy Tificate
 
PPTX
Opendj - A LDAP Server for dummies
Claudio Borges
 
PPTX
Dell Quest TPAM Privileged Access Control
Aidy Tificate
 
PPTX
Securing your Cloud Deployment
Hrusostomos Vicatos
 
PDF
Was Ist Identity Relationship Management (IRM) - Webinar auf Deutsch
ForgeRock
 
PDF
ForgeRock Webinar - Was ist Identity Relationship Management?
Hanns Nolan
 
PDF
Common IDM How-To's
Tommy Docks
 
PDF
Case study using idm and a web portal as a gateway to the cloud june 2012
Steve Young
 
PPTX
Directory Introduction
Aidy Tificate
 
PPTX
Cloud introduction
Aidy Tificate
 
PDF
IDM & IAM 2012
Ariel Evans
 
PDF
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CloudIDSummit
 
PPTX
AssureBridge - SSO to Many B2B Service Providers - Marketing presentation
AssureBridge
 
PPTX
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
ForgeRock
 
PPTX
Engineering Cryptographic Applications: Symmetric Encryption
David Evans
 
IAM Password
Aidy Tificate
 
IAM Cloud
Aidy Tificate
 
IDM Introduction
Aidy Tificate
 
Dell Password Manager Introduction
Aidy Tificate
 
Introduction to IDM
Tommy Docks
 
Dell Password Manager Architecture - Components
Aidy Tificate
 
Opendj - A LDAP Server for dummies
Claudio Borges
 
Dell Quest TPAM Privileged Access Control
Aidy Tificate
 
Securing your Cloud Deployment
Hrusostomos Vicatos
 
Was Ist Identity Relationship Management (IRM) - Webinar auf Deutsch
ForgeRock
 
ForgeRock Webinar - Was ist Identity Relationship Management?
Hanns Nolan
 
Common IDM How-To's
Tommy Docks
 
Case study using idm and a web portal as a gateway to the cloud june 2012
Steve Young
 
Directory Introduction
Aidy Tificate
 
Cloud introduction
Aidy Tificate
 
IDM & IAM 2012
Ariel Evans
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CloudIDSummit
 
AssureBridge - SSO to Many B2B Service Providers - Marketing presentation
AssureBridge
 
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
ForgeRock
 
Engineering Cryptographic Applications: Symmetric Encryption
David Evans
 
Ad

Similar to Identity Manager Opensource OpenIDM Architecture (20)

PPTX
OIS Roadmap
ForgeRock
 
PDF
Managing OpenAFS users with OpenIDM
Manfred Furuholmen
 
PPTX
National Citizen Target SOA Architecture Sept 2016
Guy Huntington
 
PPTX
Oracle Identity Manager Basics
Chekka Venkateshwar Rao
 
PPT
Open Source & Identity Management
JISC Netskills
 
PDF
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
Worteks
 
PPTX
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
ForgeRock
 
PDF
ANALYSIS ON IDENTITY MANAGEMENT SYSTEMS WITH EXTENDED STATE-OF-THE-ART IDM TA...
ijasuc
 
PPTX
Oracle Identity and access management overview
kalikishoregomattam1
 
PDF
Echidna, sistema de respuesta a incidentes open source [GuadalajaraCON 2013]
Websec México
 
PDF
Open iam technicalarchitecture-v3-a
Bibhuti Kr Jha +91-9810016292
 
PDF
IdM Reference Architecture
Hannu Kasanen
 
PDF
Complete open source IAM solution
Radovan Semancik
 
PDF
Web Development in Advanced Threat Prevention
IRJET Journal
 
PDF
Concerto Brochure
sanjayraina
 
PDF
Sim-webcast-part1-1aa
OracleIDM
 
PDF
Design Summit - Security Roadmap - Keenan Brock, Alberto Bellotti
ManageIQ
 
PPTX
AMIS Oracle OpenWorld 2015 Review – part 3- PaaS Database, Integration, Ident...
Getting value from IoT, Integration and Data Analytics
 
PDF
CISSP Prep: Ch 9. Software Development Security
Sam Bowne
 
PDF
8. Software Development Security
Sam Bowne
 
OIS Roadmap
ForgeRock
 
Managing OpenAFS users with OpenIDM
Manfred Furuholmen
 
National Citizen Target SOA Architecture Sept 2016
Guy Huntington
 
Oracle Identity Manager Basics
Chekka Venkateshwar Rao
 
Open Source & Identity Management
JISC Netskills
 
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
Worteks
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
ForgeRock
 
ANALYSIS ON IDENTITY MANAGEMENT SYSTEMS WITH EXTENDED STATE-OF-THE-ART IDM TA...
ijasuc
 
Oracle Identity and access management overview
kalikishoregomattam1
 
Echidna, sistema de respuesta a incidentes open source [GuadalajaraCON 2013]
Websec México
 
Open iam technicalarchitecture-v3-a
Bibhuti Kr Jha +91-9810016292
 
IdM Reference Architecture
Hannu Kasanen
 
Complete open source IAM solution
Radovan Semancik
 
Web Development in Advanced Threat Prevention
IRJET Journal
 
Concerto Brochure
sanjayraina
 
Sim-webcast-part1-1aa
OracleIDM
 
Design Summit - Security Roadmap - Keenan Brock, Alberto Bellotti
ManageIQ
 
AMIS Oracle OpenWorld 2015 Review – part 3- PaaS Database, Integration, Ident...
Getting value from IoT, Integration and Data Analytics
 
CISSP Prep: Ch 9. Software Development Security
Sam Bowne
 
8. Software Development Security
Sam Bowne
 

Recently uploaded (20)

PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Encapsulation theory and applications.pdf
gurumoop
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Cloud computing and distributed systems.
kkkkkhan
 
Approach and Philosophy of On baking technology
30anthuong17
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 

Identity Manager Opensource OpenIDM Architecture

  • 1. Allidm.com Discovering Identity and Access Management Solutions OpenIDM Architecture
  • 2. Stay connected to Allidm Find us on Facebook: https://www.facebook.com/allidm Follow us on Twitter: https://twitter.com/aidy_idm Look for us on LinkedIn: http://www.linkedin.com/in/identityandaccessmanagement Visit our blog: http://www.allidm.com/blog
  • 3. Disclaimer and Acknowledgments The contents here are created as a own personal endeavor and thus does not reflect any official stance of any Identity and Access Management Vendor on any particular technology.
  • 4. Contact Us On this presentation we’ll talk about some useful topics that you can use no matter which identity and access management solution or product you are working on. If you know one that make a big difference please tell us to include it in the future aidy.allidm@gmail.com
  • 6. Modular Framework  The OpenIDM framework is based on OSGi.  OSGi  OSGi is a module system and service platform for the Java programming language that implements a complete and dynamic component model.  OpenIDM currently runs in Apache Felix.  Servlet  The optional Servlet layer provides RESTful HTTP access to the managed objects and services.  OpenIDMembeds Jetty by default.
  • 7. Infrastructure Modules  BPMN 2.0 Workflow Engine  Embedded workflow and business process engine based on Activiti and the Business Process Model and Notation (BPMN) 2.0 standard.  Task Scanner  Task scanning mechanism that enables you to perform a batch scan for a specified date in OpenIDM data, on a scheduled interval, and then to execute a task when this date is reached.  Scheduler  Scheduler provides a cron-like scheduling component implemented using the Quartz library.  For example, to enable regular synchronizations and reconciliations.
  • 8. Infrastructure Modules…  Script Engine  Script engine is a pluggable module that provides the triggers and plugin points for OpenIDM.  OpenIDM currently supports JavaScript and Groovy.  Policy Service  Provides an extensible policy service that enables you to apply specific validation requirements to various components and properties.  Audit Logging  Auditing logs all relevant system activity to the configured log stores.  This includes the data from reconciliation as a basis for reporting, as well as detailed activity logs to capture operations on the internal (managed) and external (system) objects.
  • 9. Infrastructure Modules…  Repository  Repository provides a common abstraction for a pluggable persistence layer.  The default, embedded implementation for the repository is the NoSQL database OrientDB.  OpenIDM 3.0.0 supports use of MySQL to back the repository.  Plugin repositories can include NoSQL and relational databases, LDAP, and even flat files.  Repository API operates using a JSON-based object model with RESTful principles consistent with the other OpenIDM services.
  • 10.  Object Model Core Services  Artifacts handled by OpenIDM are Java object representations of the JavaScript object model as defined by JSON.  These representations are instances of classes:Map, List, String, Number, Boolean, and null.  Object model supports interoperability and potential integration with many applications, services and programming languages  OpenIDM can serialize and deserialize these structures to and from JSON as required.  OpenIDM also exposes a set of triggers and functions that system administrators can define, in either JavaScript or Groovy
  • 11. Core Services…  Managed Objects  A managed object is an object that represents the identity-related data managed by OpenIDM.  Managed objects are configurable, JSON-based data structures that OpenIDM stores in its pluggable repository.  The default configuration of a managed object is that of a user  You can define any kind of managed object  For example, groups or roles.  You can access managed objects over the REST interface
  • 12. Core Services…  System Objects  System objects are pluggable representations of objects on external systems.  For example, a user entry that is stored in an external LDAP directory  System objects follow the same RESTful resource-based design principles as managed objects.  There is a default implementation for the OpenICF framework, that allows any connector object to be represented as a system object
  • 13.  Mappings Core Services…  Mappings define policies between source and target objects and their attributes during synchronization and reconciliation.  Mappings can also define triggers for validation, customization, filtering, and transformation of source and target objects.
  • 14. Core Services…  Synchronization & Reconciliation  Reconciliation enables on-demand and scheduled resource comparisons between the OpenIDMmanaged object repository and source or target systems.  Comparisons can result in different actions, depending on the mappings defined between the systems.  Synchronization enables creating, updating, and deleting resources from a source to a target system, either on demand or according to a schedule.
  • 15. Secure Commons REST Commands  Representational State Transfer (REST) is a software architecture style for exposing resources, using the technologies and protocols of the World Wide Web.  REST interfaces are commonly tested with a curl command.  Work with the standard ports associated with Java EE communications, 8080 and 8443.  To run curl over the secure port, 8443, you must include either the --insecure option, or run in Restrict REST Access to the HTTPS Port.
  • 16. Access Layer  The access layer provides the user interfaces and public APIs for accessing and managing the OpenIDM repository and its functions.  RESTful Interfaces  OpenIDM provides REST APIs for CRUD operations and invoking synchronization and reconciliation for both HTTP and Java.  User Interfaces  User interfaces provide password management, registration, self-service, and workflow services.
  • 17. Allidm.com Discovering Identity and Access Management Solutions OpenIDM Architecture