Sun Identity Manager (IDM)

Similar Messages

• Migration from SIM(Sun Identity Manager) to Oracle IDM

  hi
  Anyone having any knowledge on Migration from SIM(Sun Identity Manager) to Oracle IDM. Please share the knowledge/doc/links. Would helps me lot.
  Thanks
  .\idm

  Hi,
  Basic migration information can be found here. http://www.oracle.com/us/products/middleware/identity-management/upgrade/index.html
  I believe more detailed information will be available soon.

• Integration of sun identity manager with sun access manager

  Hi i am working on integration of sun identity manager 6.0 with SP1 and sun access manager7.0.IDM was deployed on Sun application server 8.1.SAm is installed on SunOneWebserver i am working on windows 2003 server.I downloaded the agent for the application server and installed.
  when i am configuring resource in IDM i am getting following error.
  testconnection failed for resource(s):
  sun access manager could notconnect as user 'amadmin' with specified password==>com.sun.identity.authentication.spi.AuthLoginException:failed to create new AuthenticationContext{0}\n.
  i modified amagent.properties,amconfig.properties and web.xml also
  can any one help me on this.

  Hi i am working on integration of sun identity manager 6.0 with SP1 and sun access manager7.0.IDM was deployed on Sun application server 8.1.SAm is installed on SunOneWebserver i am working on windows 2003 server.I downloaded the agent for the application server and installed.
  when i am configuring resource in IDM i am getting following error.
  testconnection failed for resource(s):
  sun access manager could notconnect as user 'amadmin' with specified password==>com.sun.identity.authentication.spi.AuthLoginException:failed to create new AuthenticationContext{0}\n.
  i modified amagent.properties,amconfig.properties and web.xml also
  can any one help me on this.

• Upgrading sun identity manager 7.1.1 to 8.1

  hi all,
  I am Upgrading sun identity manager 7.1.1 to 8.1 and ran the DB script upgradeto81from71.oracle. It takes a long time and eventually hangs on this statement:
  CREATE INDEX repo1.userobj_repomod ON repo1.userobj(repomod);
  We have large number of users around 30,000 but it should still not hang....
  Any thoughts?
  I am using Oracle 10g client and database is Oracle 11.2.0.2.0
  thanks a lot!
  vik

  Hi,
  I did not have any issues when I did the upgrade but we also did not change the script from waveset to repo1.
  In changing the script did you miss any of changes from waveset to repo1
  By the way we have about 90,000 users so I do not think the number of users is the issue. The database version we use is 10g

• Trial version of the "Sun Identity Manager " available?

  Hello,
  is there a trial version of the "Sun Identity Manager " available? (e.g. 90 days test licence, or something similar)
  I'am a consultant for metadirectory products and want to setup a test-environment to discover the benefits of your product.
  Best regards,
  Markus Svec

  Hi Mark,
  thank you for your answer.
  Is there documentation (e.g. administration guide) available?
  I searched at docs.sum.com but I only found documentation about "Java System Identity Server", which is a different product as I understand the "confusing" product naming.
  Best regards
  Markus

• How to view the MissingFields Form in Sun Identity Manager

  Hi All,
  In the Tabbed User Form [in the Sun Identity Manager's administrative interface], there's this tab called Attributes. This is referring to a form called MissingFields. I want to read this form and understand it's working logic. But I am not able to find out as to where's it stored.
  Help me.
  Thanks,
  Shriram Ravikumar.

  I believe this is not a real form but a special built-in form or something.
  Because when I open the Tabbed User Form in BPE and try to open the reference to MissingFields I get an error.

• Latest Sun Identity Manager release?

  Hi all,
  What is the latest and greatest release as of today?
  Sun identity manager 8.0 Patch 5?
  thanks a lot!
  vik

  Hi Vik-
  Yes. It's 8.0.0.5 and 7.1.1.10 if you're running 7.x.
  With the proper credentials they can both be obtained here:
  http://sunsolve.sun.com/show.do?target=patches/zp-Software_Network-Internet_Identity_Manager
  New patches are released every 6 weeks or so.
  Regards,
  Alex

• Tool(s) in Cisco Unified CM Administration to support Identity Management (IDM)?

  Hi,
  In our "Cisco Unified CM Administration System version: 7.0.1.11000-2" installation, I can manually create and administrate users information.
  But we do also have an identity Management (IDM) system in house, that creates users in Microsoft 2003 Active Directory and some sub-systems with the necessary rights they need.
  It would be a lot easier, if our IDM system could create the user in our “Cisco Unified CM Administration System version: 7.0.1.11000-2" when they are created in the MS Active Directory, with the right username, first name, last name, department name and so forth.
  Is there any tool that I can use to make this automatic import of user information?
  Kind regards,
  Carl-Marius

  There are couple solutions.
  You may integration CUCM with LDAP.  Whenever you have a user created in LDAP, CUCM will synchronize that user into CUCM user database.  Then you may assign different permissions for different LDAP users.
  If you don't want to do LDAP integration, you may also consider using AXL to create users in CM database.  AXL is an interface for 3rd-party software to read/write database.
  Michael
  http://htluo.blogspot.com

• SUN Identity Manager Gateway

  Hi,
  Is it possible to provide access (Read/Writ/Execute/delete acccess) to Widows NT shared drive folders by using Sun Idenitry Manager Gateway?
  -Karthik

  I don't know. Why not ask at a Sun Gateway Manager forum?

• Java heap space problem in SUN identity management

  Hi All,
  i am new to sun idm, i have installed netbeans 6.0.1 with tomcat 6.0.14 and then i have installed sun idm inside the web container(webapps/idm). When i stared my webserver manually using startup.batch file then I can easily go to inside administrator interface and i can create users in idm. but when i try to create a project in netbeans and then I try to RUN the project through netbeans .. then Admin interface will automatically opened but I try to create a user i am getting the following error.
  com.waveset.util.WavesetException: Can't call method getObjectNames on class com.waveset.ui.FormUtil
  ==> java.lang.OutOfMemoryError: Java heap space
  Please help me in this ...
  my server log as follows
  Using CATALINA_BASE: C:\Documents and Settings\Nirmalkumar.Dhanaraj.R5-CORE\.netbeans\6.0\apache-tomcat-6.0.14_base
  Using CATALINA_HOME: C:\Apache Software Foundation\Apache Tomcat 6.0.14
  Using CATALINA_TMPDIR: C:\Documents and Settings\Nirmalkumar.Dhanaraj.R5-CORE\.netbeans\6.0\apache-tomcat-6.0.14_base\temp
  Using JRE_HOME: C:\Program Files\Java\jdk1.5.0_18
  Aug 19, 2009 2:51:53 PM org.apache.catalina.core.AprLifecycleListener init
  INFO: The Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\Program Files\Java\jdk1.5.0_18\bin;.;C:\WINDOWS\system32;C:\WINDOWS;C:\oracle\ora92\bin;C:\Program Files\Oracle\jre\1.1.8\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft SQL Server\90\DTS\Binn\;C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\;C:\Program Files\Java\jdk1.5.0_18\bin;C:\Program Files\Java\jre1.5.0_18\bin;
  Aug 19, 2009 2:51:53 PM org.apache.coyote.http11.Http11Protocol init
  INFO: Initializing Coyote HTTP/1.1 on http-8080
  Aug 19, 2009 2:51:53 PM org.apache.catalina.startup.Catalina load
  INFO: Initialization processed in 371 ms
  Aug 19, 2009 2:51:53 PM org.apache.catalina.core.StandardService start
  INFO: Starting service Catalina
  Aug 19, 2009 2:51:53 PM org.apache.catalina.core.StandardEngine start
  INFO: Starting Servlet Engine: Apache Tomcat/6.0.14
  Aug 19, 2009 2:51:53 PM org.apache.catalina.loader.WebappClassLoader validateJarFile
  INFO: validateJarFile(D:\sunIDM\IDM8.0\Idm\image\idm\WEB-INF\lib\j2ee.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2. Offending class: javax/servlet/Servlet.class
  Constructing Startup Servlet...
  Initializing Startup Servlet...
  Defining system properties...
  StartupServlet: programmatically derived waveset.home=file:D:\sunIDM\IDM8.0\Idm\image\idm\
  StartupServlet: Defining properties from web.xml
  Starting: Identity Server...
  Starting internal database server ...
  DB Server @ jdbc:hsqldb:hsql://127.0.0.1:54210/idm
  ...Finished starting Startup Servlet
  Aug 19, 2009 2:52:07 PM org.apache.coyote.http11.Http11Protocol start
  INFO: Starting Coyote HTTP/1.1 on http-8080
  Aug 19, 2009 2:52:07 PM org.apache.jk.common.ChannelSocket init
  INFO: JK: ajp13 listening on /0.0.0.0:8009
  Aug 19, 2009 2:52:07 PM org.apache.jk.server.JkMain start
  INFO: Jk running ID=0 time=0/16 config=null
  Aug 19, 2009 2:52:07 PM org.apache.catalina.startup.Catalina start
  INFO: Server startup in 13773 ms
  Shutting down Startup Servlet...
  Stopping: Identity Server...
  Stopping internal database server ...
  ...Finished shutting down Startup Servlet in 1499 ms
  Aug 19, 2009 2:52:09 PM org.apache.catalina.startup.HostConfig checkResources
  INFO: Undeploying context [Idm]
  Aug 19, 2009 2:52:09 PM org.apache.catalina.loader.WebappClassLoader validateJarFile
  INFO: validateJarFile(D:\sunIDM\IDM8.0\Idm\image\idm\WEB-INF\lib\j2ee.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2. Offending class: javax/servlet/Servlet.class
  Constructing Startup Servlet...
  Initializing Startup Servlet...
  Defining system properties...
  StartupServlet: programmatically derived waveset.home=file:D:\sunIDM\IDM8.0\Idm\image\idm\
  StartupServlet: Defining properties from web.xml
  Starting: Identity Server...
  Exception in thread "HSQLDB Timer @8ddc4c" java.lang.NullPointerException
  at org.hsqldb.lib.HsqlTimer.nextTask(Unknown Source)
  at org.hsqldb.lib.HsqlTimer$TaskRunner.run(Unknown Source)
  at java.lang.Thread.run(Thread.java:595)
  Starting internal database server ...
  DB Server @ jdbc:hsqldb:hsql://127.0.0.1:54210/idm
  ...Finished starting Startup Servlet
  Aug 19, 2009 2:52:21 PM org.apache.catalina.core.StandardContext start
  INFO: Container org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[Idm] has already been started
  XPRESS <invoke> exception:
  com.waveset.util.WavesetException: Can't call method getObjectNames on class com.waveset.ui.FormUtil
  ==> java.lang.OutOfMemoryError: Java heap space

  Hi, there might be some information here that is useful: http://blogs.adobe.com/livecycle/2008/11/livecycle_es_update_1_turnkey.html

• Sun identity manager -  java.lang.OutOfMemory

  Hi, I have one very interesting issue regarding JVM memory. I have one sun idm (version 7) application deployed in sun java web application server. I am facing JVM error - java.lang.OutOfMemory very frequently now days in production server. I am sharing you the details regarding configuration :
  Their are 4 app servers - IDMAPP01 IDMAPP02 IDMAPP03 IDMAPP04
  current total memory on each of the 4 app server 8 GB
  memory allocated to JVM on each server 5 GB
  os - solaris
  admin task recon are performed only on instance - IDMAPP04
  JVM setting is - -Xmx5g -Xms5g -Xmn1500m -XX:MaxPermSize=512m
  Log file locations:
  /var/opt/SUNWappserver/domain1/logs/vm.log
  /var/opt/SUNWappserver/domain1/logs/gc.log
  /opt/SUNWappserver/appserver/config/asadminenv.conf
  /opt/SUNWappserver/appserver/config/asenv.conf
  idm app deployment path:
  /var/opt/SUNWappserver/domain1/applications/j2ee-modules/idm
  logpath
  /var/opt/SUNWappserver/domain1/logs/
  Whenever I am getting this issue, we are restarting all the 4 server instances which is impacting business as this is prod server.
  Can anyone suggest how can I solve this issue. (please suggest good performance tuning tips without increasing physical memory).
  Regards,
  Jimmy

  886672 wrote:
  Hi, I have one very interesting issue regarding JVM memory. I have one sun idm (version 7) application deployed in sun java web application server. I am facing JVM error - java.lang.OutOfMemory very frequently now days in production server. I am sharing you the details regarding configuration :
  Their are 4 app servers - IDMAPP01 IDMAPP02 IDMAPP03 IDMAPP04
  current total memory on each of the 4 app server 8 GB
  memory allocated to JVM on each server 5 GB
  what else is running on those servers and how much memory are those applications consuming?
  os - solaris
  admin task recon are performed only on instance - IDMAPP04
  JVM setting is - -Xmx5g -Xms5g -Xmn1500m -XX:MaxPermSize=512mIf IDMAPP04 is doing different things from the other servers, then they should be configured differently. What garbage collector are you using?
  >
  Log file locations:
  /var/opt/SUNWappserver/domain1/logs/vm.log
  /var/opt/SUNWappserver/domain1/logs/gc.log
  /opt/SUNWappserver/appserver/config/asadminenv.conf
  /opt/SUNWappserver/appserver/config/asenv.confYou may want to have a loog at the gc.log file provided you have actually enabled gc logging which you should at least until you have resolved your memory problems.
  >
  idm app deployment path:
  /var/opt/SUNWappserver/domain1/applications/j2ee-modules/idm
  logpath
  /var/opt/SUNWappserver/domain1/logs/
  Whenever I am getting this issue, we are restarting all the 4 server instances which is impacting business as this is prod server.Why? The whole idea behind running recon on a separate server is that you can restart that one without affecting the others.
  Can anyone suggest how can I solve this issue. (please suggest good performance tuning tips without increasing physical memory).
  Enable gc logging and use a profiler to capture the behaviour of the jvm. You need to understand what it is doing and find where the problem area is before you can recommend what to tune.
  Regards,
  Jimmy

• Sun Identity Compliance Manager Questions

  Hi Everyone,
  We are looking for a complete list of supported managed resources for the Sun Identity Compliance Manager (SICM) tool.
  Also we have the following specific questions:
  1.     Does SICM have connectors/adapters to Solaris 8/9/10 and Oracle EBS (as managed resources) to perform access certification of user accounts and associated entitlements/privileges/roles.
  For example: Can SICM be used to analyze/report on the status of current and newly provisioned Solaris unix-level accounts and associated RBAC roles (say) -or- Oracle EBS accounts and associated roles /responsibilities to identify if they have been certified or have any SOD conflicts?
  2.     Can SICM be implemented as a fully functional stand-alone product as opposed to it being integrated with Sun Identity Manager (SIM) ?
  3.     In a scenario where SIM and SICM are integrated, can SIM do a hand-off to SICM for SOD analysis and checking as part of it account provisioning workflows?
  Any insight and/or pointers will be greatly appreciated!
  Thanks in advance and please let me know if there is a more relevant forum to post this question.
  -TS

  I have resolved the problem, the problem is because of the idmmanager attribute. In onsite they are using some other idm 6.0 with some patch, so they are getting the idm manager attribute but in offshore we dont have any patch installed for getting the idm manager attribute. Do you have any idea about how to get the idm manager attribute in the idm 6.0 with some patch? Thanks for your help ya.

• Integrate IdM roles with Sun Access Manager roles

  Hi all,
  I am currently working on a solution involving Sun Identity Manager 7.1 and Sun Access Manager 7.1 as well. We use AM for overall authentication and SSO across the application, and IdM for user provisioning.
  I need to create roles in Identity Manager, and I would like that when I assign a role to a user in Identity Manager, he gets the same role in my Access Manager repository (Sun LDAP). Identity Manager does provide a way to set attribute values in resources when a role is set. Access Manager on the other hand has both dynamic roles, based on an LDAP search, and static roles.
  What are the important differences between static and dynamic roles in AM?
  Does anybody know a good way to propagate roles from Identity Manager to Access Manager?
  Thanks.

  I found answers to my question. I succeeded in setting the Access Manager role from Identity Manager using the nsRoleDN attribute. Here are some references to begin with:
  About directory server roles:
  http://docs.sun.com/app/docs/doc/820-2493/fvbrn?a=view
  Forum thread reference:
  http://forums.sun.com/thread.jspa?threadID=5208694
  Here are roughly the steps I followed to get this working.
  Access Manager roles setup:
  1. In Access Manager, create a new static role named test_role under the identities realm (in Subjects > Role).
  Identity Manager roles setup:
  1. Create a new role in Identity Manager: tab Roles, click New....
  2. Assign the LDAP resource to synchronize the role with.
  3. On the Assigned Resources line, click the Set Attributes Values button. This shows up the attributes listing allowing you to bind your IdM role to your LDAP repository.
  4. Set the attribute nsRoleDN to the LDAP DN of the role that was created in AM (nsRoleDN must be added in the resource attributes mapping before).
  * In the column Value override, select Text.
  * In the column How to set, select Authoritative merge with value, clear existing. (* See IDM Admin guide about this setting, I am still not sure how it reacts with multi-value attributes)
  * In the text box, enter the role DN text (ex: cn=test_role,dc=com).
  5. Save the role. You can now add the role to a user.

• IDM 8.0 : See connected users on Identity Manager ?

  Hi everybody.
  My client wants to see all connected users on IdM in order to upgrade the application without disturbing them.
  It is possible to see connected users on IdM ?
  If it's true, can you explain me the steps to achieve it ?
  Thanks in advance.
  Florent
  Edited by: flobR on Jun 5, 2009 2:05 PM

  Florent...
  Sun Identity Manager does not give you the ability to see who is currently connected to the application. The key is that SIM is simply a web application running on the J2EE application server. Most J2EE application servers should give you some functionality in this area. Check the documentation for your application server.
  If your application server is tomcat, you'll likely need to do some custom coding and create an implementation of HttpSessionListener to track user sessions.
  Thanks...
  -Lester
  [http://www.identityworker.com|http://www.identityworker.com]

• Sun Identity Manger 8.0 and fail over..

  We are setting up a fail/recovery site for our Sun Identity Manager solution, I had pictured a seem less fail over, but that looks near impossible to do with oracle database. I had pictured load balanced Appserver, with load balanced data bases, sort of a multi-master like LDAP allows..
  Curious what others are using for a fail over site / setup.
  Thanks

  We're using 7.0. For us failover is basically mulitple servers all using the same DB repository, with a "smart" loadbalancer in front of them (smart meaning, able to detect which back end servers are responsive).
  IdM doesn't use any inter-server temp-data synchronization, all the servers running off the same repository communicate by committing changes to the database.
  So if a specific IdM instance dies, on the next page load the user will be redirected to a new server. That server will redirect to the login page and ask the user to re-auth, with the desired page placed after login.jsp as a "nextPage" argument. After (re-)logging in, the user's returned to the page they were trying to get to. However, in-progress edits that had not been committed back to the database will be lost.
  We looked at high availability arrangements where valid sessions are shared across a new server, but fundamentally the limitation is that the app servers still don't sync in-progress edits, so the only difference between an HA environment and a more passive fail-over environment (like ours) is that in an HA environment the user doesn't have to re-login on a server failure; they still lose in-progress edits. So HA didn't seem like it added value to us.
  If you are literally talking about an off-site, completely standby, seamless failover site, I agree I don't see how you would do that. I'd expect that you'd need the offsite setup to be a cold-standby site; configured to use the replicated database, but with the apps powered down until you actually need them. Otherwise, I think you'd have problems with the standby site servers not wanting to "standby". You could ensure no users end up on the standby servers, but background processes are likely to be run across both the primary and the standby services; I don't think you can enforce an "idle but running" status for the standby servers.
  Edited by: etech on Feb 4, 2009 7:37 PM