Identity Fusion Responds to Directory Services (OpenDJ) Security Advisory #201703

ForgeRock released Security Advisory #201703 covering two medium security vulnerabilities for Directory Services (OpenDJ) impacting versions 2.6 on up to 3.5.1 as well as the embedded OpenDJ in OpenAM 12.X, 13.0.0, and 13.5.0. Vulnerability Issue #201703-01: Bind Request trace logging shows plaintext password The first vulnerability “Bind Request trace logging shows plaintext password”, is only Read more

OpenIDM Property Value Substitution

Property value substitution can be a useful technique for customizing OpenIDM deployments across multiple environments. Assume, for instance, that you have three environments (Development, Test, and Production).  Your OpenIDM deployment has been configured for one OpenDJ system resource, but the configuration properties for that resource is different across each environment.  The following diagram demonstrates the Read more

Configuring OpenIDM Password Reset

ForgeRock OpenIDM is a powerful account management and data synchronization tool that provides many robust features out of the box.  Some of these features must be enabled, however, before they can be used.  Once such feature allows a user to reset their password in the OpenIDM Web UI by responding to challenge questions. The OpenIDM Read more

OpenDJ and the Fine Art of Impersonation

Directory servers are often used in multi-tier applications to store user profiles, preferences, or other information useful to the application.  Oftentimes the web application includes an administrative console to assist in the management of that data; allowing operations such as user creation or password reset.  Multi-tier environments pose a challenge, however, as it is difficult Read more

Hacking OpenAM – An Open Response to Radovan Semancik

I have been working with Sun, Oracle and ForgeRock products for some time now and am always looking for new and interesting topics that pertain to theirs and other open source identity products.  When Google alerted me to the following blog posting, I just couldn’t resist: Hacking OpenAM, Level: Nightmare Radovan Semancik | February 25, 2015 There Read more

OpenDJ Access Control Explained

An OpenDJ implementation will contain certain data that you would like to explicitly grant or deny access to.  Personally identifiable information (PII) such as a user’s home telephone number, their address, birth date, or simply their email address might be required by certain team members or applications, but it might be a good idea to Read more

The Next Generation of Identity Management

The face of identity is changing. Historically, it was the duty of an identity management solution to manage and control an individual’s access to corporate resources. Such solutions worked well as long as the identity was safe behind the corporate firewall – and the resources were owned by the organization. But in today’s world of Read more

OpenIDM 3.1: A Wake Up Call for Other Identity Vendors

Having implemented Sun, Novell, and Oracle provisioning solutions in the past, the one thing that I found to be lacking in ForgeRock’s OpenIDM solution was an easy to use administrative interface for connecting to and configuring target resources. Sure, you could configure JSON objects at the file level, but who wants to do that when Read more