I'll Get My Coat
Identity Management? I'll Get My Coat...
Sun Identity Manager & SGD Password Cache Integration
Last week at the Grenoble Software Technical Event based at the Grenoble Engineering Center in the French Alpes I demonstrated the integration of Sun Identity Manager and the Sun Secure Global Desktop (SGD) products. One area of interest was the SGD Password Cache integration. Why is this of interest? Well let me explain the use-case.
SGDs raison d'ĂȘtre is to securely deliver your desktop anyplace anytime to almost any devise. The applications on your desktop usually require a username & password to gain access. When you launch such an application for the first time SGD attempts to authenticate you to that application using the credentials which you specified when authenticating to SGD. If this fails then SGD will prompt you for a username/password to auth against the application, this is shown below:
You can see above there's a "Save Password" checkbox that if checked will securely persist whatever you entered within SGD itself.
If you hit the default Administrative URL for SGD of http://<servername>/sgdadmin you'll be able to see the Password Cache entries, this is shown below. On the left hand side of this table is the user identity with which you authenticated to SGD itself, folllowed by the Server name which served up the application and finally the user identity which is understood by the application itself.
So imagine the popular use-case where Sun Identity Manager is being used to process employee self-service password change. A user logs onto the system and invokes the Change User Password workflow via the webpage, they specify a new password and Identity Manager pushes this password out to the resource accounts that are linked. All of a sudden the password previously stored by SGD is out of sync with the target resource, now as a convenience we want to update the SGD Password Cache directly from within the workflow associated to the changeUserPassword IDM workflow process, how is this done?
To start with I developed a NetBeans 6 Java project and imported the relevant SGD webservice jar files which where as follows:
opt/tarantella/webserver/tomcat/5.0.28_axis1.2/common/lib
axis.jar
commons-discovery-0.2.jar
commons-logging-1.0.4.jar
jaxrpc.jar
saaj.jar
xerces.jar
/opt/tarantella/webserver/tomcat/5.0.28_axis1.2/shared/lib
sgd-webservices.jar
Before we go any further I'd strongly recommend reading the SGD webservices section on wikis.sun.com kudos to the SGD engineering team for sharing information like this in Wiki form for all to use 
Those that know Sun Identity Manager workflow will understand how easy and simple it is to directly invoke java using XPRESS invoke command, the completed changeUserPassword workflow that calls the SGDHelper class to manage the SGD Password Cache can be downloaded here
Any questions or improvements feel free to chip in!
Password Cache? I'll get my coat 
Today's Page Hits: 172
Contact
www.flickr.com
|
Disclaimer I work at Sun Microsystems. The opinions expressed here are my own, and neither Sun nor any other party necessarily agrees with them.
Blogging Calendar
| « December 2009 | ||||||
| Mon | Tue | Wed | Thu | Fri | Sat | Sun |
|---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | 6 | |
7 | 8 | 9 | 10 | 11 | 12 | 13 |
14 | 15 | 16 | 17 | 18 | 19 | 20 |
21 | 22 | 23 | 24 | 25 | 26 | 27 |
28 | 29 | 30 | 31 | |||
| Today | ||||||
Thanks for sharing your knowledge and the java-class :)
I will recreate your steps and try to present the same at our company, because your presentation about the integration between IdentityManager and SGD is a perfect fit for our company.
I can't wait to perform the 'fire employee' option with the killing application end ;)
Posted by Remold Krol on January 22, 2008 at 06:50 AM CET #