Category Archives: Identity Management

ForgeRock Identity Platform 5.0 docs

ForgeRock Logo By now you have probably read the news about the ForgeRock Identity Platform 5.0 release.

This major platform update comes with many documentation changes and improvements:

Hope you have no trouble finding what you need.

Leave a comment

Filed under Access Management, Directory Services and LDAP, Docs, Identity Management, Uncategorized

We’re hiring

ForgeRock still has open positions in many locations. One of those is for a writer based in our Vancouver, WA office (across the river from Portland, OR).

Be forewarned. This is challenging, hands-on technical writing and reverse engineering work. If you are looking for a gig where you can remain in your comfort zone, skip this one.

On the other hand, if you feel that most things worth doing are tough in the beginning, take a closer look and apply for the job.

Leave a comment

Filed under Docs, Identity Management

ForgeRock Common Audit

ForgeRock LogoCommon Audit is another new feature of the ForgeRock platform.

Common Audit is part of the platform-wide infrastructure: a framework to handle audit events using common audit event handlers that are plugged in to the individual products. The handlers record events, logging them for example into files, relational databases, or syslog. Because handlers are pluggable, new handlers can be added to interoperate with your systems that store and analyze audit data.

Each audit event is identified by a unique transaction ID. The IDs can be communicated across the products and recorded for each local event. The transaction ID is the means to track requests as they traverse the platform.

In the current platform, configuring handlers depends on the product. So there are several places in the docs to read about how to configure Common Audit:

In addition, if you want to get the source code for Common Audit, or are interested in trying out new handlers and developments, you can find it on the ForgeRock Stash server. Right now it is in the forgerock-audit git repository. (To access most code on the ForgeRock Stash server, sign in with your ForgeRock credentials. You can sign up if you have not done so.)

Leave a comment

Filed under Access Management, Directory Services and LDAP, Docs, Identity Management

What’s new in the ForgeRock platform release

ForgeRock LogoPerhaps you have read yesterday’s news about ForgeRock launching the updated identity platform.

Those of us who spent the last year working on this update are proud of all the new capabilities, from the integration achieved with common components to the depth and breadth of new features across all the products in the platform.

Looking for detailed lists of what’s new? Here are some quick links to each of the products’ release notes:

I’ll drill down on some of those in future posts.

1 Comment

Filed under Access Management, Directory Services and LDAP, Docs, Identity Management

OpenIDM: Trying the new Admin UI

openidm-logo One of the cool features in the upcoming release of OpenIDM is the new Admin UI. Jake Feasel demonstrated this to several people last week. It already looks like a major improvement for newbies over editing configuration files.

If like me you have been out of the loop for a while, it is reassuring to see that OpenIDM still installs a dream when you are just getting started. Download, unzip, and ./startup.sh.

Here is how you might start OpenIDM with an existing sample. This uses sample2, which is one-way synchronization with OpenDJ. You are not required to start with the samples, but they can quickly bootstrap your evaluation, without requiring you to read much doc or to think through the initial configuration.

$ cd /path/to && mv ~/Downloads/openidm . && cd openidm
$ ./startup.sh -p samples/sample2
Executing ./startup.sh...
Using OPENIDM_HOME:   /path/to/openidm
Using PROJECT_HOME:   /path/to/openidm/samples/sample2
Using OPENIDM_OPTS:   -Xmx1024m -Xms1024m
Using LOGGING_CONFIG: -Djava.util.logging.config.file=/path/to/openidm/samples/sample2/conf/logging.properties
Using boot properties at /path/to/openidm/samples/sample2/conf/boot/boot.properties
OpenIDM version "3.1.0-RC3-SNAPSHOT" (revision: 4297) jenkins-OpenIDM-3746 null
-> OpenIDM ready

OpenIDM’s web based UI is ready for HTTPS out of the box, but it seems you can still use HTTP for evaluation.

For example, you can visit http://localhost:8080/openidmui/ and login as openidm-admin:openidm-admin.

OpenIDM’s UI helps prevent default passwords by prompting you to change your password the first time you login.

openidm-first-login

You find the Admin UI at http://localhost:8080/admin/. This shows the view when running with the sample2 configuration.

openidm-admin-home

The new Admin UI offers a wizard-like approach to setting up provisioning. If you follow sample2, set up OpenDJ with some sample data before you get started. The sample comes with a mapping from OpenDJ accounts to managed/user.

openidm-add-properties

The sample also comes with a configuration for what to do in different situations during synchronization. Most of the policies are defaults.

openidm-sync-config

To run reconciliation and synchronize your source and target, either click the Reconcile Now or schedule reconciliation on the Sync Tab of the Mappings page. When reconciliation completes, you should have a bunch of new managed users. If you schedule reconciliation, subsequent runs might not encounter any changes.

openidm-recon

Click the User View link at the upper left of the page and then the Users tab to view all your managed users.

openidm-users-list

When you change a mapped attribute in the source, in this case OpenDJ, reconciliation updates it in the target, in this case the managed/user. For example, Babs Jensen’s original mail address is bjensen@example.com.

openidm-babs-before

After changing the mail address in OpenDJ to babs.jensen@example.com, reconciliation updates her corresponding managed/user in OpenIDM’s repo. Refreshing the page after reconciliation, you can see the change.

openidm-babs-after

The OpenIDM Admin UI is quite a leap forward, and promises to make it much easier for all of us to create and edit resources and mappings, and to arrange and schedule synchronization. Hats off to the OpenIDM team!

2 Comments

Filed under Identity Management

Searching ForgeRock Community Sites

ForgeRock Community Logo Someone said it is hard to find the search box on the *.forgerock.org community sites. Also, the searches were scoped too narrowly to look in the mailing lists.

Before the changes the search box is tucked away in the left menu, and scoped to site:<project>.forgerock.org.

OpenDJ site before the change

OpenDJ Before: Search box in left menu

The new, improved version has a more obvious search box. Searches now cover everything at site:forgerock.org.

OpenAM after improving the search box

OpenAM After: Search box top right, now with colors

Leave a comment

Filed under Access Management, Directory Services and LDAP, Identity Management, Tools

ForgeRock welcomes Lana Frost

ForgeRock Community Logo Welcome to Lana Frost who joined the ForgeRock documentation team Monday. Glad you decided to work for ForgeRock, Lana.

Lana has worked as Lead Writer at Sun Microsystems on the Directory Services team, and more recently at Oracle. While helping other writers meet their deadlines and keeping the projects on track, she also wrote a big share of the directory documentation herself. Furthermore, Lana was instrumental in setting up the rigorous documentation review process that first lifted the quality of the directory documentation, and was later adopted by other middleware documentation teams.

Lana will help with OpenDJ docs at ForgeRock. Her main focus however is the leadership role for identity documentation with the OpenIDM and OpenICF projects. Good news for the ForgeRock directory and identity communities!

Leave a comment

Filed under Docs, Identity Management