Integrating Oracle Identity Manager with Sun Java System Directory Server: Modifying a User's Password

Purpose

This OBE tutorial describes and shows you how to use Oracle Identity Manager to:

  • Create a password policy for a resource to which a user is provisioned. This policy is initiated when the user's resource-related password is modified.
  • Assign the policy to the resource
  • Create a status for the process task used to modify the user's password in the resource. This status is an indicator to the administrator that the task is completed successfully.
  • Change the user's resource-related password internally

After these actions are completed, Oracle Identity Manager verifies the modified password meets the criteria of the password policy. If it does, Oracle Identity Manager replaces the existing password with the modified password in the resource.

For this tutorial, Linda is the administrator, Robert is the user, and Sun Java System Directory Server is the resource.

Time to Complete

Approximately 2 hours

Topics

This OBE tutorial covers the following topics:

 Overview
 Scenario
 Prerequisites
 Creating a Password Policy
 Assigning the Policy to a Resource
 Creating a Status for a Process Task
 Modifying a User's Password
 Accessing the Resource
 Summary
 Related Information

Viewing Screenshots

 Place the cursor over this icon to load and view all the screenshots for this tutorial. (Caution: Because this action loads all screenshots simultaneously, response time may be slow depending on your Internet connection.)

Note: Alternatively, you can place the cursor over each individual icon in the following steps to load and view only the screenshot associated with that step.

The screenshots will not reflect the specific environment you are using. They are provided to give you an idea of where to locate specific functionality in Oracle Identity Manager.

Overview

Oracle Identity Manager is a component of the suite of Oracle Identity and Access Management products. It administers and selectively automates tasks to manage user access privileges across a company’s resources throughout the identity management life cycle. Specifically, Oracle Identity Manager handles tasks for creating user access privileges, modifying these privileges dynamically (based on changes to user and business requirements), and removing user access privileges. As a result, Oracle Identity Manager handles user identity information across multiple identity data stores to maintain data accuracy.

Features and benefits of Oracle Identity Manager include identity and role administration (user and group management, self-service functionalities for users, and delegated administration), provisioning (approval and request management, and configurable workflow models), policy-based entitlements, reconciliation, and attestation support (for audit, regulatory, and compliance purposes).

Back to Topic List

Scenario

Linda works as a network administrator for Mydo Main Corporation. In Mydo Main, she performs identity and access management tasks on users within the company. One task she performs is creating and implementing password policies for users with the company's resources. These policies are initiated when a user's resource-related password is created or modified in Oracle Identity Manager. When this occurs, Oracle Identity Manager checks to see if the new or updated password meets the criteria of the password policy. If it does, Oracle Identity Manager either creates the resource-related password or replaces the existing password with the modified password in the resource.

Robert is an employee for Mydo Main Corporation. For security purposes, Linda must update the password for Robert's resource-related account (that is, Sun Java System Directory Server) periodically.

To complete this action, Linda opens the electronic form associated with the connector used to provision Robert with the resource. Then, she enters Robert's modified password in the Password field of the form, and saves the information to the database. Oracle Identity Manager verifies the modified password meets the criteria of the password policy. If it does, Oracle Identity Manager swaps the existing password with the modified password in the resource.

 

Back to Topic List

Prerequisites

Before starting this tutorial, you should:

1.

Complete the OBE titled Installing, Configuring, and Launching Oracle Identity Manager.

2.

Complete the OBE titled Preparing to Customize the Administrative and User Console.

3.

Complete the OBE titled Branding the Administrative and User Console.

4.

Complete the OBE titled Changing the Functionality of the Administrative and User Console.

5.

Complete the OBE titled Branding the Oracle Identity Manager Design Console.

6.

Complete the OBE titled Using the Generic Technology Connector (GTC) Framework: Performing Flat-File Reconciliation.

7.

Complete the OBE titled Integrating Oracle Identity Manager with Sun Java System Directory Server: Performing User Management and Provisioning.

8.

Complete the OBE titled Using the Generic Technology Connector (GTC) Framework: Provisioning a User to a Database Table.

 

Back to Topic List

Creating a Password Policy

Linda is ready to use Oracle Identity Manager to create a password policy for a resource to which a user is provisioned. This policy is initiated when the user's resource-related password is modified in Oracle Identity Manager. When this occurs, Oracle Identity Manager verifies the modified password meets the criteria of the password policy. If it does, Oracle Identity Manager replaces the existing password with the modified password in the resource.

To create a password policy, perform the following steps:

1.

Restart Oracle Identity Manager Server, the Administrative and User Console, and the Design Console.

Note: For more information about starting and stopping Oracle Identity Manager, refer to the OBE titled Installing, Configuring, and Launching Oracle Identity Manager.

 

2.

Populate the fields of the Oracle Identity Manager Design Console login window, as follows (and click Login):

Field Value
User ID xelsysadm
Password abcd1234

The Oracle Identity Manager Design Console appears:

 

3.

Open the Password Policies form (found in the Administration folder of the Oracle Identity Manager Explorer).

 

4.

Use the following table to create top-level information for the password policy:

Field Value
Policy Name Sun Password Policy
Policy Description Password Policy for Sun Java System Directory Server

The upper region of the Password Policies form should appear, as follows:

 

5.

Use the following table to create criteria for the password policy:

Field Value
Custom Policy option [selected]
Maximum Length 8
Minimum Numeric Characters 1

Note: By creating this criteria for the password policy, Oracle Identity Manager does not modify Robert's password for Sun Java System Directory Server unless the password contains 1-8 characters and has at least one numeric character. For example, oracle1 is a valid password; however, Robert's user ID of RLAVALLI is not (because the ID does not contain a numeric character).

For more information about fields, buttons, options, check boxes, and tabs of the Password Policies form, refer to the Oracle Identity Manager Design Console Guide.

 

6.

Click Save.

Linda created a password policy for Sun Java System Directory Server. She is ready to assign this policy to the connector she used to provision Robert to the resource in the OBE titled Integrating Oracle Identity Manager with Sun Java System Directory Server: Performing User Management and Provisioning.

As a result, when Robert's resource-related password is modified in Oracle Identity Manager, the product verifies the modified password meets the criteria of the password policy. If it does, Oracle Identity Manager replaces the existing password with the modified password in the resource.

 

Back to Topic List

Assigning the Policy to a Resource

In the previous section of this OBE, Linda created a password policy for Sun Java System Directory Server. She is ready to assign this policy to a component of the connector she used to provision Robert to the resource. This component, the resource object, is a virtual representation of the resource and contains everything required to provision a user to that resource. It is the central record for all entities related to the resource.

Note: Linda provisioned Robert to Sun Java System Directory Server in the OBE titled Integrating Oracle Identity Manager with Sun Java System Directory Server: Performing User Management and Provisioning.

To assign a password policy to a resource, perform the following steps:

1.

Open the Resource Objects form (found in the Resource Management folder of the Oracle Identity Manager Explorer).

 

2.

Enter iPlanet User in the Name field. Click Query.

Note: iPlanet User is the resource object of the connector Linda used to provision Robert to Sun Java System Directory Server. Because this component is a virtual representation of the resource, by assigning the password policy to the resource object, Linda is associating the policy with the resource.

 

3.

Click the Password Policies Rule tab.

Note: Linda is clicking this tab because she is to assign a password policy to the iPlanet User resource object.

 

4.

Use the following table to assign a password policy to the iPlanet User resource object (click Add to assign the policy):

Field Value
Rule Default
Policy Sun Password Policy
Priority 1

Note: By associating the Default rule with the password policy, Oracle Identity Manager checks the policy whenever a user's password for Sun Java System Directory Server is created or modified. Linda imported this rule when she imported the connector for the resource in the OBE titled Integrating Oracle Identity Manager with Sun Java System Directory Server: Performing User Management and Provisioning.

Sun Password Policy is the name of the password policy Linda defined in the section of this OBE titled Creating a Password Policy. The priority setting of 1 is an identification number for the rule-policy association.

 

5.

Click Save.

Linda assigned the password policy for Sun Java System Directory Server to a component of the connector she used to provision Robert to the resource. This component is the connector's resource object.

She is ready to create a status for another component of the connector: the process task. The process task is used to modify the user's password in the resource. The status is an indicator to the administrator that the task is completed successfully.

 

Back to Topic List

Creating a Status for a Process Task

In the previous section of this OBE, Linda assigned her password policy to the connector she used to provision Robert to Sun Java System Directory Server. As a result, at runtime, after Robert's resource-related password is modified in Oracle Identity Manager, the product verifies the modified password meets the criteria of the password policy. If it does, Oracle Identity Manager replaces the existing password with the modified password in the resource.

Linda is ready to create a status for the process task used to modify the user's password in the resource. This status is an indicator to the administrator that the task is completed successfully.

Presently, this process task status does not exist. Therefore, Linda must create it. Then, she can assign it to the process task.

To create a status for a process task, perform the following steps:

1.

Click the Status Definition tab of the Resource Objects form.

Note: Linda is clicking this tab because she is to create a status for a process task.

 

2.

Use the following table to create a process task status (click Add to create the status):

Field Value
Status PasswordUpdated
Launch Dependent check box [cleared]

Note: Linda clears the Launch Dependent check box because there are no dependencies between the PasswordUpdated status and statuses for other process tasks.

 

3.

Click Save.

Linda created the PasswordUpdated status. She is ready to assign this status to the process task used to modify the user's password in Sun Java System Directory Server. This status is an indicator to the administrator that the task is completed successfully.

 

4.

Open the Process Definition form (found in the Process Management folder of the Oracle Identity Manager Explorer).

 

5.

Enter iPlanet User in the Name field. Click Query.

Note: iPlanet User is the process of the connector Linda used to provision Robert to Sun Java System Directory Server. This process contains tasks that represent actions for Oracle Identity Manager to perform with the resource. One action is modifying Robert's password in the resource. This action is represented by the Password Updated process task.

Linda is to assign the PasswordUpdated status she created in this procedure to the Password Updated process task. By doing so, at runtime, she can see that the task is completed (because the status is an indicator of the task's successful execution).

 

6.

Double-click the row header of the Password Updated process task.

Note: If a Closing Form window appears, click Yes.

 

7.

Click the Task to Object Status Mapping tab of the Editing Task window.

Note: Linda clicks this tab because she is establishing a link between the PasswordUpdated status of the iPlanet User resource object and the Password Updated task of the iPlanet User process. By doing so, she is assigning the status to the process task.

 

8.

Highlight the Completed item. Double-click the Object Status lookup field to the right of the item. From the Lookup window that appears, select the PasswordUpdated status. Click OK.

 

9.

Save and close the Editing Task window.

Note: If a Closing Form window appears, click Yes.

The PasswordUpdated status is assigned to the Password Updated process task. When this task is completed (that is, Oracle Identity Manager modifies Robert's password in Sun Java System Directory Server), the status of the connector changes from Provisioned to PasswordUpdated. As a result, Linda knows the task is executed successfully.

Linda is ready to use Oracle Identity Manager to modify Robert's password for Sun Java System Directory Server. When this occurs, Oracle Identity Manager verifies the modified password meets the criteria of the password policy she created. If it does, Oracle Identity Manager replaces the existing password with the modified password in the resource.

 

Back to Topic List

Modifying a User's Password

In the previous section of this OBE, Linda assigned the PasswordUpdated status to the Password Updated process task. When this task is completed (that is, Oracle Identity Manager verifies the modified password meets the criteria of the password policy and then modifies Robert's password in Sun Java System Directory Server), the status of the connector changes from Provisioned to PasswordUpdated. As a result, Linda knows the task is executed successfully.

To modify a user's password, perform the following steps:

1.

Populate the fields of the Oracle Identity Manager Administrative and User Console login page, as follows (and click Login):

Field Value
User ID xelsysadm
Password abcd1234

 

2.

Open the Manage User form (found in the Users folder of the Oracle Identity Manager Explorer).

 

3.

Query for RLAVALLI, the user transferred into Oracle Identity Manager in the OBE titled Using the Generic Technology Connector (GTC) Framework: Performing Flat-File Reconciliation. To do so, select User ID from the combo box in this form. Enter RLAVALLI in the text box to the right of the combo box. Click Search User.

 

4.

From the result set, click the link that contains the ID for RLAVALLI.

 

5.

On the User Detail form, select Resource Profile from the combo box.

 

6.

Click the Edit link that appears to the right of the Provisioned status for the iPlanet User connector.

Note: The iPlanet User connector represents the Sun Java System Directory Server resource.

 

7.

In the Password field of the process form, change the password RLAVALLI has with Sun Java System Directory Server (from rlavalli to robert1). Click Save.

Note: The password Linda enters is encrypted for security purposes. Also, the password meets the criteria of the password policy Linda defined for this resource. Specifically, the password contains seven characters and has one numeric character.

The Resource Profile form appears:

The status of the iPlanet User connector, PasswordUpdated, appears in the Status column of the Resource Profile form. Oracle Identity Manager modified the password Robert has with Sun Java System Directory Server.

Linda is ready to verify these login credentials (that is, the existing user ID and the modified password) can be used to access this resource. For this OBE, this is accomplished by using Sun ONE Server Console.

 

Back to Topic List

Accessing the Resource

In this OBE, Linda used Oracle Identity Manager to change a user's resource-related password. Specifically, she modified the password Robert has with Sun Java System Directory Server.

Now, she must ensure Robert's login credentials (that is, the existing user ID and the modified password) can be used to access the resource. For this OBE, this is accomplished by using Sun ONE Server Console.

To access the resource, perform the following steps:

1.

Close Sun ONE Server Console.

Important: Linda opened this console in the OBE titled Integrating Oracle Identity Manager with Sun Java System Directory Server: Performing User Management and Provisioning.

 

2.

Within Windows Explorer, double-click the startconsole.exe file (found in the C:\Program Files\Sun\MPS directory). Linda created this directory when she installed Sun Java System Directory Server.

 

3.

Populate the Sun ONE Server Console Login window, as follows (and click OK):

Field Value
User ID RLAVALLI
Password rlavalli
Administration URL http://localhost.oracle.com:53017

Note: rlavalli is Robert's former password with Sun Java System Directory Server. This password is encrypted for security purposes.

The following error message appears:

Important: This message appears because the previous password can no longer be used to login to Sun Java System Directory Server.

 

4.

Click OK. Populate the Sun ONE Server Console Login window, as follows (and click OK):

Field Value
User ID RLAVALLI
Password robert1
Administration URL http://localhost.oracle.com:53017

Note: robert1 is Robert's modified password with Sun Java System Directory Server. This password is also encrypted for security purposes.

Sun ONE Server Console appears:

Robert's modified credentials (that is, his existing ID and updated password) can be used to access Sun Java System Directory Server. Oracle Identity Manager changed the user’s password with this resource.

 

Back to Topic List

Summary

In this lesson, you learned how to:

 Create a password policy
 Assign the policy to a resource
 Create a status for a process task
 Modify a user's password
 Access the resource

Back to Topic List

Related Information

 To ask a question about this OBE tutorial, post a query on the OBE Discussion Forum.

Back to Topic List

 Place the cursor over this icon to hide all screenshots.

 

Left Curve
Popular Downloads
Right Curve
Untitled Document