Month: October 2010

#Oracle #Identity Management by example #IDM


In my role as an Identity Management consultant many people ask me where they can get more technical information on Identity Management products.  I usually tell people the best way to learn is to get hands-on experience.  This is not as easy as it sounds because typically someone who is learning doesn’t have access to a working environment that they have the liberty to tinker with.  In this case I suggest building your own environment.   I typically use Virtualbox as it is free and a very good virtual environment.  As I work mostly with Oracle Identity Management I will typically suggest Oracle Enterprise Linux (OEL) as the OS.  OEL is based on Redhat (although Oracle has just developed their own kernel) so you can get pretty close to Redhat, if you need to, by using OEL instead.

Once you have your VirtualBox client machine installed and the OS installed then you should check out Oracle by Example.  They had tutorials on a lot of Oracle’s IDM products.  These are step-by-step instructions that will guide you through a basic installation.  These are also good if you are stuck on a particular use case and need some guidance on how to configure your environment for something that is not “out of the box”.

Once you have the basics down (installation and configuration) then you can step out and build out modifications based on IDM uses cases that you may have out your organization or some common ones that can be found online (i.e., Cloud-based, SSO w/Google Apps, etc).

Good Luck!

 

Troubleshooting SAML 2.0 Exchange #SAML #IdM #Identity #Federation


This is a quick post to remind myself … and anyone else that is interested in SAML 2.0 about a great method to troubleshoot issues with SAML assertions:

Setup:

  1. Download and install Live HTTP Headers (a Firefox add-on)
  2. Enable Live HTTP Headers from your browser (Tools>Live HTTPHeaders)

Capture:

  1. Attempt the SSO between IDP and SP
  2. In LiveHTTPHeaders look for string labeled “SAMLResponse” and capture (copy) the entire string.  This is a base64 and URLEncoded string.

Once you have captured the string:

  1. Browse over to SAML 2.0 Debugger and paste the SAML Response string into the window.
  2. Click on Decode

This will show you what the assertion that is being passed from the IDP to the SP looks like.  It’s very helpful to determine what attributes and values are being provided to the SP.  In my case I had neglected to include a key attribute that identified the IDP to the SP.

Good luck and let me know if you have any questions.