Integrating Oracle Identity Manager with Sun Java System Directory Server: Modifying a User's Password
Integrating Oracle Identity Manager with Sun Java System Directory Server: Modifying a User's Password
Purpose
This OBE tutorial describes and shows you how to use Oracle Identity Manager to:
Create a password policy for a resource to which a user is provisioned. This policy is initiated when the user's resource-related password is modified.
Assign the policy to the resource
Create a status for the process task used to modify the user's password in the resource. This status is an indicator to the administrator that the task is completed successfully.
Change the user's resource-related password internally
After these actions are completed, Oracle Identity Manager verifies the modified password meets the criteria of the password policy. If it does, Oracle Identity Manager replaces the existing password with the modified password in the resource.
For this tutorial, Linda is the administrator, Robert is the user, and Sun Java System Directory Server is the resource.
Place
the cursor over this icon to load and view all the screenshots for this tutorial.
(Caution: Because this action loads all screenshots simultaneously, response
time may be slow depending on your Internet connection.)
Note: Alternatively, you can place the cursor
over each individual icon in the following steps to load and view only the screenshot
associated with that step.
The screenshots will not reflect the specific environment
you are using. They are provided to give you an idea of where to locate specific
functionality in Oracle Identity Manager.
Overview
Oracle Identity Manager is a component of the suite of Oracle Identity and Access Management products. It administers and selectively automates tasks to manage user access privileges across a company’s resources throughout the identity management life cycle. Specifically, Oracle Identity Manager handles tasks for creating user access privileges, modifying these privileges dynamically (based on changes to user and business requirements),
and removing user access privileges. As a result, Oracle Identity Manager handles user identity information across multiple identity data stores to maintain data accuracy.
Features and benefits of Oracle Identity Manager include identity and role administration (user and group management, self-service functionalities for users, and delegated administration), provisioning (approval and request management, and configurable workflow models), policy-based entitlements, reconciliation, and attestation support (for audit, regulatory, and compliance purposes).
Linda works as a network administrator for Mydo Main Corporation. In Mydo Main, she performs identity and access management tasks on users within the company. One task she performs is creating and implementing password policies for users with the company's resources. These policies are initiated when a user's resource-related password is created or modified in Oracle Identity Manager. When this occurs, Oracle Identity Manager checks to see if the new or updated password meets the criteria of the password policy. If it does, Oracle Identity Manager either creates the resource-related password or replaces the existing password with the modified password in the resource.
Robert is an employee for Mydo Main Corporation. For security purposes, Linda must update the password for Robert's resource-related account (that is, Sun Java System Directory Server) periodically.
To complete this action, Linda opens the electronic form associated with the connector used to provision Robert with the resource. Then, she enters Robert's modified password in the Password field of the form, and saves the information to the database. Oracle Identity Manager verifies the modified password meets the criteria of the password policy. If it does, Oracle Identity Manager swaps the existing password with the modified password in the resource.
Linda is ready to use Oracle Identity Manager to create a password policy for a resource to which a user is provisioned. This policy is initiated when the user's resource-related password is modified in Oracle Identity Manager. When this occurs, Oracle Identity Manager verifies the modified password meets the criteria of the password policy. If it does, Oracle Identity Manager replaces the existing password with the modified password in the resource.
To create a password policy, perform the following steps:
1.
Restart Oracle Identity Manager Server, the Administrative and User Console, and the Design Console.
Populate the fields of the Oracle Identity Manager Design Console login window, as follows (and click Login):
Field
Value
User ID
xelsysadm
Password
abcd1234
The Oracle Identity Manager Design Console appears:
3.
Open the Password Policies form (found in the Administration folder of the Oracle Identity Manager Explorer).
4.
Use the following table to create top-level information for the password policy:
Field
Value
Policy Name
Sun Password Policy
Policy Description
Password Policy for Sun Java System Directory Server
The upper region of the Password Policies form should appear, as follows:
5.
Use the following table to create criteria for the password policy:
Field
Value
Custom Policy option
[selected]
Maximum Length
8
Minimum Numeric Characters
1
Note: By creating this criteria for the password policy, Oracle Identity Manager does not modify Robert's password for Sun Java System Directory Server unless the password contains 1-8 characters and has at least one numeric character. For example, oracle1 is a valid password; however, Robert's user ID of RLAVALLI is not (because the ID does not contain a numeric character).
For more information about fields, buttons, options, check boxes, and tabs of the Password Policies form, refer to the Oracle Identity Manager Design Console Guide.
As a result, when Robert's resource-related password is modified in Oracle Identity Manager, the product verifies the modified password meets the criteria of the password policy. If it does, Oracle Identity Manager replaces the existing password with the modified password in the resource.
In the previous section of this OBE, Linda created a password policy for Sun Java System Directory Server. She is ready to assign this policy to a component of the connector she used to provision Robert to the resource. This component, the resource object, is a virtual representation of the resource and contains everything required to provision a user to that resource. It is the central record for all entities related to the resource.
To assign a password policy to a resource, perform the following steps:
1.
Open the Resource Objects form (found in the Resource Management folder of the Oracle Identity Manager Explorer).
2.
Enter iPlanet User in the Name field. Click Query.
Note: iPlanet User is the resource object of the connector Linda used to provision Robert to Sun Java System Directory Server. Because this component is a virtual representation of the resource, by assigning the password policy to the resource object, Linda is associating the policy with the resource.
3.
Click the Password Policies Rule tab.
Note: Linda is clicking this tab because she is to assign a password policy to the iPlanet User resource object.
4.
Use the following table to assign a password policy to the iPlanet User resource object (click Add to assign the policy):
Sun Password Policy is the name of the password policy Linda defined in the section of this OBE titled Creating a Password Policy. The priority setting of 1 is an identification number for the rule-policy association.
5.
Click Save.
Linda assigned the password policy for Sun Java System Directory Server to a component of the connector she used to provision Robert to the resource. This component is the connector's resource object.
She is ready to create a status for another component of the connector: the process task. The process task is used to modify the user's password in the resource. The status is an indicator to the administrator that the task is completed successfully.
In the previous section of this OBE, Linda assigned her password policy to the connector she used to provision Robert to Sun Java System Directory Server. As a result, at runtime, after Robert's resource-related password is modified in Oracle Identity Manager, the product verifies the modified password meets the criteria of the password policy. If it does, Oracle Identity Manager replaces the existing password with the modified password in the resource.
Linda is ready to create a status for the process task used to modify the user's password in the resource. This status is an indicator to the administrator that the task is completed successfully.
Presently, this process task status does not exist. Therefore, Linda must create it. Then, she can assign it to the process task.
To create a status for a process task, perform the following steps:
1.
Click the Status Definition tab of the Resource Objects form.
Note: Linda is clicking this tab because she is to create a status for a process task.
2.
Use the following table to create a process task status (click Add to create the status):
Field
Value
Status
PasswordUpdated
Launch Dependent check box
[cleared]
Note: Linda clears the Launch Dependent check box because there are no dependencies between the PasswordUpdated status and statuses for other process tasks.
3.
Click Save.
Linda created the PasswordUpdated status. She is ready to assign this status to the process task used to modify the user's password in Sun Java System Directory Server. This status is an indicator to the administrator that the task is completed successfully.
4.
Open the Process Definition form (found in the Process Management folder of the Oracle Identity Manager Explorer).
5.
Enter iPlanet User in the Name field. Click Query.
Note: iPlanet User is the process of the connector Linda used to provision Robert to Sun Java System Directory Server. This process contains tasks that represent actions for Oracle Identity Manager to perform with the resource. One action is modifying Robert's password in the resource. This action is represented by the Password Updated process task.
Linda is to assign the PasswordUpdated status she created in this procedure to the Password Updated process task. By doing so, at runtime, she can see that the task is completed (because the status is an indicator of the task's successful execution).
6.
Double-click the row header of the Password Updated process task.
Note: If a Closing Form window appears, click Yes.
7.
Click the Task to Object Status Mapping tab of the Editing Task window.
Note: Linda clicks this tab because she is establishing a link between the PasswordUpdated status of the iPlanet User resource object and the Password Updated task of the iPlanet User process. By doing so, she is assigning the status to the process task.
8.
Highlight the Completed item. Double-click the Object Status lookup field to the right of the item. From the Lookup window that appears, select the PasswordUpdated status. Click OK.
9.
Save and close the Editing Task window.
Note: If a Closing Form window appears, click Yes.
The PasswordUpdated status is assigned to the Password Updated process task. When this task is completed (that is, Oracle Identity Manager modifies Robert's password in Sun Java System Directory Server), the status of the connector changes from Provisioned to PasswordUpdated. As a result, Linda knows the task is executed successfully.
Linda is ready to use Oracle Identity Manager to modify Robert's password for Sun Java System Directory Server. When this occurs, Oracle Identity Manager verifies the modified password meets the criteria of the password policy she created. If it does, Oracle Identity Manager replaces the existing password with the modified password in the resource.
In the previous section of this OBE, Linda assigned the PasswordUpdated status to the Password Updated process task. When this task is completed (that is, Oracle Identity Manager verifies the modified password meets the criteria of the password policy and then modifies Robert's password in Sun Java System Directory Server), the status of the connector changes from Provisioned to PasswordUpdated. As a result, Linda knows the task is executed successfully.
To modify a user's password, perform the following steps:
1.
Populate the fields of the Oracle Identity Manager Administrative and User Console login page, as follows (and click Login):
Field
Value
User ID
xelsysadm
Password
abcd1234
2.
Open the Manage User form (found in the Users folder of the Oracle Identity Manager Explorer).
From the result set, click the link that contains the ID for RLAVALLI.
5.
On the User Detail form, select Resource Profile from the combo box.
6.
Click the Edit link that appears to the right of the Provisioned status for the iPlanet User connector.
Note: The iPlanet User connector represents the Sun Java System Directory Server resource.
7.
In the Password field of the process form, change the password RLAVALLI has with Sun Java System Directory Server (from rlavalli to robert1). Click Save.
Note: The password Linda enters is encrypted for security purposes. Also, the password meets the criteria of the password policy Linda defined for this resource. Specifically,the password contains seven characters and has one numeric character.
The Resource Profile form appears:
The status of the iPlanet User connector, PasswordUpdated, appears in the Status column of the Resource Profile form. Oracle Identity Manager modified the password Robert has with Sun Java System Directory Server.
Linda is ready to verify these login credentials (that is, the existing user ID and the modified password) can be used to access this resource. For this OBE, this is accomplished by using Sun ONE Server Console.
In this OBE, Linda used Oracle Identity Manager to change a user's resource-related password. Specifically, she modified the password Robert has with Sun Java System Directory Server.
Now, she must ensure Robert's login credentials (that is, the existing user ID and the modified password) can be used to access the resource. For this OBE, this is accomplished by using Sun ONE Server Console.
To access the resource,
perform the following steps:
Within Windows Explorer, double-click the startconsole.exe file (found in the C:\Program Files\Sun\MPS directory). Linda created this directory when she installed Sun Java System Directory Server.
3.
Populate the Sun ONE Server Console Login window, as follows (and click OK):
Field
Value
User ID
RLAVALLI
Password
rlavalli
Administration URL
http://localhost.oracle.com:53017
Note:rlavalli is Robert's former password with Sun Java System Directory Server. This password is encrypted for security purposes.
The following error message appears:
Important: This message appears because the previous password can no longer be used to login to Sun Java System Directory Server.
4.
Click OK. Populate the Sun ONE Server Console Login window, as follows (and click OK):
Field
Value
User ID
RLAVALLI
Password
robert1
Administration URL
http://localhost.oracle.com:53017
Note:robert1 is Robert's modified password with Sun Java System Directory Server. This password is also encrypted for security purposes.
Sun ONE Server Console appears:
Robert's modified credentials (that is, his existing ID and updated password) can be used to access Sun Java System Directory Server. Oracle Identity Manager changed the user’s password with this resource.
Bookmark
Place
the cursor over this icon to load and view all the screenshots for this tutorial.
(Caution: Because this action loads all screenshots simultaneously, response
time may be slow depending on your Internet connection.)
