Sun Identity Compliance Manager Questions
Hi Everyone,
We are looking for a complete list of supported managed resources for the Sun Identity Compliance Manager (SICM) tool.
Also we have the following specific questions:
1. Does SICM have connectors/adapters to Solaris 8/9/10 and Oracle EBS (as managed resources) to perform access certification of user accounts and associated entitlements/privileges/roles.
For example: Can SICM be used to analyze/report on the status of current and newly provisioned Solaris unix-level accounts and associated RBAC roles (say) -or- Oracle EBS accounts and associated roles /responsibilities to identify if they have been certified or have any SOD conflicts?
2. Can SICM be implemented as a fully functional stand-alone product as opposed to it being integrated with Sun Identity Manager (SIM) ?
3. In a scenario where SIM and SICM are integrated, can SIM do a hand-off to SICM for SOD analysis and checking as part of it account provisioning workflows?
Any insight and/or pointers will be greatly appreciated!
Thanks in advance and please let me know if there is a more relevant forum to post this question.
-TS
I have resolved the problem, the problem is because of the idmmanager attribute. In onsite they are using some other idm 6.0 with some patch, so they are getting the idm manager attribute but in offshore we dont have any patch installed for getting the idm manager attribute. Do you have any idea about how to get the idm manager attribute in the idm 6.0 with some patch? Thanks for your help ya.
Similar Messages
-
Any one any docs on SUN Identity Manager ? i have some doubts
I have a feeling that it will be a never ending question as to the migration steps. For the time being, if you must "migrate", i would suggest re-evaluating what is being done in the Sun IDM system and develop a project plan to implement the same connectors, recon the data from Sun IDM or target, and then use OIM.
-Kevin -
Upgrading sun identity manager 7.1.1 to 8.1
hi all,
I am Upgrading sun identity manager 7.1.1 to 8.1 and ran the DB script upgradeto81from71.oracle. It takes a long time and eventually hangs on this statement:
CREATE INDEX repo1.userobj_repomod ON repo1.userobj(repomod);
We have large number of users around 30,000 but it should still not hang....
Any thoughts?
I am using Oracle 10g client and database is Oracle 11.2.0.2.0
thanks a lot!
vikHi,
I did not have any issues when I did the upgrade but we also did not change the script from waveset to repo1.
In changing the script did you miss any of changes from waveset to repo1
By the way we have about 90,000 users so I do not think the number of users is the issue. The database version we use is 10g -
Trial version of the "Sun Identity Manager " available?
Hello,
is there a trial version of the "Sun Identity Manager " available? (e.g. 90 days test licence, or something similar)
I'am a consultant for metadirectory products and want to setup a test-environment to discover the benefits of your product.
Best regards,
Markus SvecHi Mark,
thank you for your answer.
Is there documentation (e.g. administration guide) available?
I searched at docs.sum.com but I only found documentation about "Java System Identity Server", which is a different product as I understand the "confusing" product naming.
Best regards
Markus -
Integration of sun identity manager with sun access manager
Hi i am working on integration of sun identity manager 6.0 with SP1 and sun access manager7.0.IDM was deployed on Sun application server 8.1.SAm is installed on SunOneWebserver i am working on windows 2003 server.I downloaded the agent for the application server and installed.
when i am configuring resource in IDM i am getting following error.
testconnection failed for resource(s):
sun access manager could notconnect as user 'amadmin' with specified password==>com.sun.identity.authentication.spi.AuthLoginException:failed to create new AuthenticationContext{0}\n.
i modified amagent.properties,amconfig.properties and web.xml also
can any one help me on this.Hi i am working on integration of sun identity manager 6.0 with SP1 and sun access manager7.0.IDM was deployed on Sun application server 8.1.SAm is installed on SunOneWebserver i am working on windows 2003 server.I downloaded the agent for the application server and installed.
when i am configuring resource in IDM i am getting following error.
testconnection failed for resource(s):
sun access manager could notconnect as user 'amadmin' with specified password==>com.sun.identity.authentication.spi.AuthLoginException:failed to create new AuthenticationContext{0}\n.
i modified amagent.properties,amconfig.properties and web.xml also
can any one help me on this. -
How to view the MissingFields Form in Sun Identity Manager
Hi All,
In the Tabbed User Form [in the Sun Identity Manager's administrative interface], there's this tab called Attributes. This is referring to a form called MissingFields. I want to read this form and understand it's working logic. But I am not able to find out as to where's it stored.
Help me.
Thanks,
Shriram Ravikumar.I believe this is not a real form but a special built-in form or something.
Because when I open the Tabbed User Form in BPE and try to open the reference to MissingFields I get an error. -
Migration from SIM(Sun Identity Manager) to Oracle IDM
hi
Anyone having any knowledge on Migration from SIM(Sun Identity Manager) to Oracle IDM. Please share the knowledge/doc/links. Would helps me lot.
Thanks
.\idmHi,
Basic migration information can be found here. http://www.oracle.com/us/products/middleware/identity-management/upgrade/index.html
I believe more detailed information will be available soon. -
Latest Sun Identity Manager release?
Hi all,
What is the latest and greatest release as of today?
Sun identity manager 8.0 Patch 5?
thanks a lot!
vikHi Vik-
Yes. It's 8.0.0.5 and 7.1.1.10 if you're running 7.x.
With the proper credentials they can both be obtained here:
http://sunsolve.sun.com/show.do?target=patches/zp-Software_Network-Internet_Identity_Manager
New patches are released every 6 weeks or so.
Regards,
Alex -
Com.sun.identity.authentication.spi.AuthLoginException:
Hello -
I'm currently trying to integrate IDM 7.1, Access Manager 7.1 and Directory Server 6.0...
The problem that I am running into is trying to register Access Manager 7.1 as a resource in IDM:
I am utilizing the Sun Java Access Manager Realm Resource Adapter.
I am getting the following exception -
Test connection failed for resource(s):
SunAccessManagerRealm: Could not connect as user �uid=amAdmin,ou=People,o=AMRoot� with specified password ==> com.waveset.util.WavesetException: Could not connect as user �uid=amAdmin,ou=People,o=AMRoot� with specified password ==> com.sun.identity.authentication.spi.AuthLoginException: Failed to create new Authentication Context:Naming Service is not available
I've done the following:
1) I have verified that the naming service is available because I get the following message when I access the url:
�Webtop 2.5 Platform Low Level request servlet�
2) I have edited and added the proper lines in AMAgent.properties
3) I have created a policy for IDM in AM
4) I have copied the jar files into IDM_Install_Dir/WEB-INF/lib
5) I have copied the AMConfig.properties file into IDM_Install_Dir/WEB-INF/classes
6) Added the custom resource (with no errors) under Configure Types in IDM
Any help would be greatly appreciated.try to use only the amclientsdk.jar and a minimal AMConfig.properties file in the IDM WEB-INF/classes directory. Try these values (modify for your env):
com.iplanet.am.naming.url=http://amserver.com:80/amserver/namingservice
com.iplanet.am.naming.failover.url=
com.iplanet.services.debug.level=error
com.iplanet.services.debug.directory=/tmp/amDebug
com.iplanet.security.encryptor=com.iplanet.services.util.JCEEncryption
com.iplanet.am.notification.url=
com.sun.identity.agents.notification.enabled=false
com.sun.identity.agents.notification.url=
com.sun.identity.agents.app.username=amadmin
com.iplanet.am.service.password=amdminpassword
am.encryption.pwd=encpassword -
Sun Identity Manger 8.0 and fail over..
We are setting up a fail/recovery site for our Sun Identity Manager solution, I had pictured a seem less fail over, but that looks near impossible to do with oracle database. I had pictured load balanced Appserver, with load balanced data bases, sort of a multi-master like LDAP allows..
Curious what others are using for a fail over site / setup.
ThanksWe're using 7.0. For us failover is basically mulitple servers all using the same DB repository, with a "smart" loadbalancer in front of them (smart meaning, able to detect which back end servers are responsive).
IdM doesn't use any inter-server temp-data synchronization, all the servers running off the same repository communicate by committing changes to the database.
So if a specific IdM instance dies, on the next page load the user will be redirected to a new server. That server will redirect to the login page and ask the user to re-auth, with the desired page placed after login.jsp as a "nextPage" argument. After (re-)logging in, the user's returned to the page they were trying to get to. However, in-progress edits that had not been committed back to the database will be lost.
We looked at high availability arrangements where valid sessions are shared across a new server, but fundamentally the limitation is that the app servers still don't sync in-progress edits, so the only difference between an HA environment and a more passive fail-over environment (like ours) is that in an HA environment the user doesn't have to re-login on a server failure; they still lose in-progress edits. So HA didn't seem like it added value to us.
If you are literally talking about an off-site, completely standby, seamless failover site, I agree I don't see how you would do that. I'd expect that you'd need the offsite setup to be a cold-standby site; configured to use the replicated database, but with the apps powered down until you actually need them. Otherwise, I think you'd have problems with the standby site servers not wanting to "standby". You could ensure no users end up on the standby servers, but background processes are likely to be run across both the primary and the standby services; I don't think you can enforce an "idle but running" status for the standby servers.
Edited by: etech on Feb 4, 2009 7:37 PM -
RME - Compliance Management - Deploy strangeness
Hi All,
Here is an interesting one. Got a selection of Compliance management jobs and am having trouble with the deploy phase. Basically I am looking for the following on a series of devices and then removing it.
- [#radius-server host.*#]
So when this runs, it matches what I expect (shown below)
no radius-server host x.x.x.x auth-port 1812 acct-port 1813 key 7 XXXXXXXXXXXX
However when I deploy this, the line above remains on the device?
I have tried changing the compliance check to
- radius-server host x.x.x.x auth-port 1812 acct-port 1813 key 7 XXXXXXXXXXXX
To see if its a regex problem of some form and the job does exactly the same, i.e. it matches the line and tries to deploy however doesn't work?
Any ideas?Hi Yidabear,
Its not a pre-requisite problem as the pre-requisites are fillfilled and hence it deploys the rest of the config to the devices in question. For some reason it is just this one line that it has a problem with. Strangely enough, we had a similar issue with the same format of TACACS server line. It seems to happen when you have the "key 7 xxxxxxxxx" value at the end? Even though it finds it and tried to remove it it fails. -
Security Compliance Manager - version 3.0.60
Does anyone know if this version of Security Compliance Manager supports Windows Server 2012 R2:
3.0.60Hi sayerdi,
As this question is related to Security Compliance Manager (SCM), for quick and accurate response, I would like to recommend that you ask the question in the SCM forum at
https://social.technet.microsoft.com/Forums/en-US/home?forum=compliancemanagement . It is appropriate and more experts will assist you.
Additionally, there is a similar thread about SCM for Windows Server 2012 R2 for your reference.
https://social.technet.microsoft.com/Forums/en-US/9a0b831e-5d38-4b26-9191-16286f10ecab/scm-update-for-windows-81-and-windows-2012-r2?forum=compliancemanagement
Thanks,
Lydia Zhang -
I have downloaded the MS Security Compliance Manager, which is in two parts: MS SQL Server 2008 Express Edition & the SCM. The install instructions state the the server needs to be install before the SCM. So as the install continues I get
an error message, which cancels the installation. So, I am trying to install SQL 2008 EE separate from SCM. My question is:
Can I upgrade from my current SQL Server 2005 Compact Edition [ENU]
directly to SQL Server 2008 Express Edition (or higher)?So as the install continues I get an error message, which cancels the installation.
And which error message did you got?
SQL Server Compact Edition is something different then SQL Server Express (or Standard) Edition, you can't upgrade it as you asked for,.
Olaf Helper
[ Blog] [ Xing] [ MVP] -
Hello
Can someone please help me with the following question.
I have a standalone Server and need to apply settings from SCM, I can see how to do this following the instructions in the following article
http://windowsitpro.com/security/q-how-can-i-apply-security-baseline-i-defined-through-microsoft-security-compliance-manager
The problem is the LocalGPO.wsf that ships with the above version of SCM does not run on Server 2012 R2 (only Server 2012)
my question is,
is there a later version of LocalGPO.wsf I can use that works on Server 2012 R2 ?
Thanks
AAnotherUser__
AAnotherUser__Hi,
Thanks for your post.
SCM Baselines for Windows 8.1, IE 11 and Server 2012 R2 are now live!
http://blogs.technet.com/b/secguide/archive/2014/09/04/scm-baselines-for-windows-8-1-ie-11-and-server-2012-r2-are-now-live.aspx
For more SCM related issue, i think you may ask in:
https://social.technet.microsoft.com/Forums/en-US/home?forum=compliancemanagement
Regards.
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Hazardous Substance Check in Compliance Management
Hi,
Is there anybody out there using the Hazardous Substance Check in Compliance Management?Dear Doug,
I am sure there are people that use that function.
Can you please let us know what your question in this regards is?
Thanks.
Maybe you are looking for
-
Photoshop CS4 smart object template just overwrote a raw file - HELP
So. I've been working in Photoshop extensively for about 6 years now and I am well aware that nothing we do in Photoshop or Lightroom is supposed to overwrite a raw file. I'm not talking about changing it to something a little lighter or darker, I'
-
I have a use case where I need to use different download directories with different firefox profiles.I need to use this profiles in multiple linux machines. I need to have a relative path to my download directory with respect to the profile folder. E
-
How can i add a new 53 rd week to calendar
Hi All, we have requirment i need to add a new week to fiscal year 2011 for septemebr,2011 Please let me know how can i add a new week to this month, Thanks & regards, Chand
-
My Master server is stopping automatically unable to find out the issue
Dear Experts, My Master server in CMC is stopping automatically and is going to infinite stop state.when i again restart manually its connecting but again it is stopping.what may be the cause unable to find the solution Thanks in Advance, Regards, Vi
-
Hi All Iam doing ATP check in planned order and getting Missing parts. When i do ATP check in COHV for same planned order then iam not getting any missing parts. Is any config is missing?