Recently I joined ForgeRock as a senior consultant. After almost 15 years in the ops and integration world, working with SiteMinder, a bunch of peers have been asking me how SiteMinder compares to OpenAM and how they differ. So, now as a fully biased ForgeRock employee, I am documenting the process of translating that SiteMinder suite knowledge into OpenAM.
In a series of blogs I will describe OpenAM from the viewpoint of a SiteMinder Admin, mainly myself, learning the similarities and differences as one with such background wishes to quickly come up to speed with ForgeRock’s OpenAM platform. The scope will not be to compare point by point every single feature of SiteMinder and OpenAM, but will be an introduction to OpenAM by deployment and integration of a sample app.
Part 2 - The Basics - Policy Overview and differences
In essence, all access policies are defined with some of following components:
A Tenant boundary,
A target user data source,
A defined enforcement point (or agent),
A protected resource
An authentication mechanism
A Response post authentication
A Policy access rules
Biggest learning curve for SiteMinder Admins to understand OpenAM is the the differences in how you create policies. The steps might be similar but it comes down to the flow and terminology of what you are used to in SiteMinder versus OpenAM.
For reference, this is how the dependancies of the SiteMinder objects can be mapped out.
When integrating a new application into SiteMinder, there is a usual process I follow. It based on the dependancies tower. Each step in the configuration will need a previous step as a prerequisite. These are the minimal logical access policy requirements.
For SiteMinder, a typical process follows as:
1) create Agent Object
2) create ACO which references the Agent object
3) install and configure agent on web server
4) create User Directory (UD) configuration object
5) create domain object (Tenant boundary) which references UD object
6) create realm under the domain object and associate with Agent and define a resource filter and authentication scheme.
7) create rules for the realm (such as get/put, On authentication, authorization, or rejection actions)
8) create responses
9) create policies that tie the UD and rules and responses
While not encompassing of all capabilities and possible integration scenarios, these are typical steps requires to integrate with a basic application.
For reference, this is how the dependancies of the OpenAM objects can be mapped out.
When integrating a new application into OpenAM, there is a usual process as well. These are the minimal logical access policy requirements.
For OpenAM, a typical process follows as:
1) create realm (Tenant boundary)
2) configure DataStore
3) configure Authentication chaining
4) Create a Policy (target resource, actions, subjects which reference the datastore, env conditions and response attributes)
5) create a web agent profile
6) install and configure agent on web server
Next Steps - doing a basic install and configuration.
Try it for yourself. Download the software at https://forgerock.org/downloads/ and discover the differences and simplicity of the ForgeRock platform.
It is going in a good way. Well done.
ReplyDeleteJava Training in Bangalore
Java Institutes in Bangalore
Java Training in Madurai
Java Course in Madurai
Java Training in Coimbatore
Best Java Training in Coimbatore
Good work, I very happy to visit your post. I like this and keep it up...
ReplyDeleteOracle DBA Training in Chennai
Oracle DBA Course in Chennai
Spark Training in Chennai
Oracle Training in Chennai
Pega Training in Chennai
Primavera Training in Chennai
Excel Training in Chennai
Corporate Training in Chennai
Tableau Training in Chennai
I would definitely thank the admin of this blog for sharing this information with us. Waiting for more updates from this blog admin.
ReplyDeleteSalesforce Course in Chennai
salesforce training institute in chennai
Angularjs Course in Chennai
Ethical Hacking Course in Chennai
Tally Course in Chennai
Salesforce Training in Chennai
Salesforce Training
Great Article. Thank you for sharing! Really an awesome post for every one.
ReplyDeleteIEEE Final Year projects Project Centers in Chennai are consistently sought after. Final Year Students Projects take a shot at them to improve their aptitudes, while specialists like the enjoyment in interfering with innovation. For experts, it's an alternate ball game through and through. Smaller than expected IEEE Final Year project centers ground for all fragments of CSE & IT engineers hoping to assemble. Final Year Project Domains for IT It gives you tips and rules that is progressively critical to consider while choosing any final year project point.
Spring Framework has already made serious inroads as an integrated technology stack for building user-facing applications. Spring Framework Corporate TRaining the authors explore the idea of using Java in Big Data platforms.
Specifically, Spring Framework provides various tasks are geared around preparing data for further analysis and visualization. Spring Training in Chennai
ReplyDeleteThis content of information has
helped me a lot. It is very well explained and easy to understand.
seo training classes
seo training course
seo training institute in chennai
seo training institutes
seo courses in chennai
seo institutes in chennai
seo classes in chennai
seo training center in chennai
ReplyDeleteYou write this post very carefully I think, which is easily understandable to me. Not only this, but another post is also good. As a newbie, this info is really helpful for me. Thanks to you.
Tally ERP 9 Training
tally classes
Tally Training institute in Chennai
Tally course in Chennai
Be clear who is poorly performing and possibly are the wrong people to take your company forward. Salesforce training in Hyderabad
ReplyDeleteWith special privileges and services, UEFA BET offers opportunities for small capitalists. Together ufa with the best websites that collect the most games With a minimum deposit starting from just 100 baht, you are ready to enjoy the fun with a complete range of betting that is available within the website
ReplyDeleteufabet , our one another option We are a direct website, not through an agent, where customers can have great confidence without deception The best of online betting sites is that our Ufa will give you the best price
Online slots (Slot Online) is the launch of a gambling machine. Slot machine As stated above Used to make electronic games referred to as web-based slots, due to the development era, many people have turned to gamble with one another by computers. Will draw slot games to make web based gambling games Via the web network system Which players can play through the slot plan or will perform Slots through the service provider's site Which internet slots games are available in the form of participating in guidelines. It is similar to playing on a slot machine. Both realistic pictures as well as sounds are at the same time thrilling as they go to lounge in the casino ever.
ReplyDeleteบาคาร่า
ufa
ufabet
แทงบอล
แทงบอล
แทงบอล
I am ceaselessly stunned by the measure of data accessible regarding this matter. What you introduced was all around looked into and eloquent so as to get your remain on this crosswise over to every one of your perusers. SEO expert
ReplyDelete