Planning your #IDM architecture

Planning and designing your Identity & Access Management architecture can be pretty complex, depending on your use cases. Even when using a set of tools like ForgeRock’s Open Identity Suite … which is pretty easy to install. You need to understand which products are right for your use cases and requirements.

Should you use OpenAM or OpenIDM for creating users? This is a common question that customers ask us. (hint … you should probably use (more...)

Building OpenAM with Maven (Quick Note)

Just a quick note from my past self to my future self …

Set up:
Apple MacBook Pro (Late 2013)
2.3 Ghz Intel Core i7
16 GB 1600 Mhz

java version “1.8.0_51”
Java(TM) SE Runtime Environment (build 1.8.0_51-b16)
Java HotSpot(TM) 64-Bit Server VM (build 25.51-b03, mixed mode)

mvn -version
Apache Maven 3.3.3

Check out from the trunk:
svn co

Set the Maven Environment Variables:

OpenAM: Forcing user to reset password on next login.


A very common use case, when implementing ForgeRock’s OpenAM, is forcing a user to reset their password the next time they login. Seems easy enough right? … next time a particular user authenticates in they should be prompted to change their password before continuing on to the resource (web page) that they had originally requested.

The documentation does mention a setting, in section 8.3, to enable this:

Force Change Password on Next (more...)

#ForgeRock: Using #OpenIDM to sync Account Lockout Status #IDM

Use Case:

In an enterprise setup you would likely want to know when a user has locked their account (e.g. too many failed password attempts) and more than likely want to distribute that information to other systems in your environment. One solution would be to enable OpenIDM to monitor the user identity repository for changes to the user’s status.

This post will demonstrate one possible configuration for this use case.

Starting out with a (more...)