open source identity management - konference … semancik - open...the midpoint story started...
TRANSCRIPT
![Page 1: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/1.jpg)
Open SourceIdentity Management
OpenAlt 2015
Radovan SemančíkNovember 2015
![Page 2: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/2.jpg)
Ing. Radovan Semančík, PhD.Software architect
Co-owner of Evolveum (open source company)Architect of midPoint projectApache committer (Directory API)
![Page 3: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/3.jpg)
What is this Identity Management?
![Page 4: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/4.jpg)
Let's start with a story ...
● Pirate Brethren, Inc.
● Fictional company
● Starts small
● Lean, efficient
● Grows quickly
● Focus on profit
![Page 5: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/5.jpg)
Simple and easy start
Keeping access rights matrix in spreadsheetSome manual work but still quite OK
![Page 6: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/6.jpg)
It gets quite complex very soon ...
![Page 7: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/7.jpg)
Login Nightmares
Shippin' DeLuxe v99.02
Login: mjones
Password:
NaviGATE+
Username: p0054358
Password:Forgot password?
CrashSoft Woknous
Login: jones3
Password:
Realm: PIRACY
Login: marryPassword:
![Page 8: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/8.jpg)
# LDAPv3# base <dc=example,dc=com> with scope subtree# filter: (entryUUID=48b2295e-c131-4300-835a-fa85c863233e)# requesting: ALL#
# jack, people, example.comdn: uid=jack,ou=people,dc=example,dc=commail: [email protected]: JackobjectClass: personobjectClass: inetOrgPersonobjectClass: organizationalPersonobjectClass: topuid: jackcn: cpt. Jack Sparrowsn: Sparrow
no feedback
manual synchronization(unreliable, slow, costly)
untrackedchanges
Policy
Reality
![Page 9: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/9.jpg)
# LDAPv3# base <dc=example,dc=com> with scope subtree# filter: (entryUUID=48b2295e-c131-4300-835a-fa85c863233e)# requesting: ALL#
# jack, people, example.comdn: uid=jack,ou=people,dc=example,dc=commail: [email protected]: JackobjectClass: personobjectClass: inetOrgPersonobjectClass: organizationalPersonobjectClass: topuid: jackcn: cpt. Jack Sparrowsn: Sparrow
AUDIT$
$ $
$VERY COSTLY… and it has to be repeated ...
![Page 10: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/10.jpg)
Call Center Goes Crazy
Password reset Password reset
Password resetPassword reset
Password reset Password reset
Password reset
Access request
Access request
![Page 11: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/11.jpg)
Let's do this IAM* thing. Everybody is doing that.
*) Identity and Access Management
![Page 12: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/12.jpg)
Manager's View
Application
Application
Application
Application
SSO
Users
Application
ImplementationDetails
![Page 13: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/13.jpg)
High Level Architect's View
Application
Application
Application
Application
SSO
Users
Application
LDAP
ImplementationDetails
HR
ImplementationDetails
ImplementationDetails
ImplementationDetails
![Page 14: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/14.jpg)
Reality
Application
Application
Application
Application
SSO
Users
Application
LDAP
HR
Unsupported
No standard(ugly script needed)
Unsupported
!Customschema
Incompatibleschema
Relationaldatabase
Extremely expensive
!Expensive
Homedirectory
Local copy
Incompatibleidentifiers
![Page 15: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/15.jpg)
“Single directory” approachis not going to work
… and this has been known since 2006 (at least)
![Page 16: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/16.jpg)
What are we going to do now?
![Page 17: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/17.jpg)
DO NOT PANIC!
SSO is what you think you want
IDM is what you really need
![Page 18: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/18.jpg)
What is this Identity Management (IDM)
thing, again?
![Page 19: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/19.jpg)
Identity and Access Management
IdentityRepository
HR
Application
Application
Application
Application
AM
IdentityManagement
Users
CRM
SystemAdmin
RequesterApprover
Application
![Page 20: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/20.jpg)
How IDM works?
IdentityRepository
HR
Application
Application
Application
Application
AM
IdentityManagement
![Page 21: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/21.jpg)
Automatic user provisioning
IdentityRepository
HR
Application
Application
Application
Application
AM
IdentityManagement
PoliciesRBACRules
![Page 22: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/22.jpg)
Business As Usual
IdentityRepository
HR
Application
Application
Application
Application
AM
IdentityManagement
![Page 23: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/23.jpg)
Password reset (self-service)
IdentityRepository
HR
Application
Application
Application
Application
AM
IdentityManagement
![Page 24: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/24.jpg)
Employee Leaves Company
IdentityRepository
HR
Application
Application
Application
Application
AM
IdentityManagement
![Page 25: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/25.jpg)
Automatic user deprovisioning
IdentityRepository
HR
Application
Application
Application
Application
AM
IdentityManagement
PoliciesRBACRules
![Page 26: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/26.jpg)
Business As Usual
IdentityRepository
HR
Application
Application
Application
Application
AM
IdentityManagement
![Page 27: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/27.jpg)
Bidirectional Synchronization
IdentityRepository
HR
Application
Application
Application
Application
AM
IdentityManagement
![Page 28: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/28.jpg)
Policy enforcement
IdentityRepository
HR
Application
Application
Application
Application
AM
IdentityManagement
PoliciesRBACRules
![Page 29: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/29.jpg)
What Identity Management does?
● Provisioning
● Synchronization
● Self-service
● Password management
● Credentials distribution
(SSH, X.509)
● RBAC
● Organizational structure
● Entitlement management
● Identifier management
● Data mapping
● Segregation of duties
● Workflow
● Notifications
● Auditing
● Reporting
● Governance
● ...
![Page 30: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/30.jpg)
Who needs Identity Management?
● < 100 identities: you are fine with manual work
● 100 – 1K identities: you might need it
● 1K - 10K identities: you need it
● > 10K identities: you desperately need it!
IDM Rule of the Thumb:
![Page 31: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/31.jpg)
This IDM looks like the best thing since the sliced bread.
What's the catch?
![Page 32: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/32.jpg)
This IDM looks like the best thing since the sliced bread.
What's the catch?
The commercial IDM products are expensive.
![Page 33: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/33.jpg)
This IDM looks like the best thing since the sliced bread.
What's the catch?
The commercial IDM products are expensive.
Very, very expensive.
![Page 34: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/34.jpg)
Open Source to the Rescue
There was no practical FOSS solution until 2010
(Sun Identity Manager was the king)
2010-2011: Syncope, OpenIDM, midPoint, ...
(that was the time when Oracle acquired Sun)
Now there are two leading open source* IDMs:
● Apache Syncope
● Evolveum midPoint
*) by “open source” I mean both license and practice
![Page 35: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/35.jpg)
Evolveum midPoint?
![Page 36: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/36.jpg)
IdentityRepository
HR
Application
Application
Application
Application
AM
IdentityManagement
Users
CRMApplication
midPoint
![Page 37: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/37.jpg)
The midPoint Story
● Started 2010-2011 (5 years, 14 releases)
● Github, Apache 2.0 License
● ~500K lines of code (Java)
● State-of-the-art IDM features
ProvisioningSynchronizationRBAC
GovernanceConsistency Workflow
Audit Authorization
Management
Self-serviceDelegated administration
Data mapping REST
PolicyEntitlements
Segregation of duties
HA
IdentifiersNotifications
ConnectorsLocalization
Parametric roles
Password resetOrganizational structure
Web UI
Expressions
SchemaConditions Extensibility
Scripting
Bulk actions
![Page 38: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/38.jpg)
MidPoint Big Picture
midPoint
IdentityConnectors
TargetSystems
SourceSystems
![Page 39: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/39.jpg)
IdentityRepository
HR
Application
Application
Application
AM
IdentityManagement
Users
CRM
midPoint
Complete Open Source Solution
OpenLDAP
CAS
![Page 40: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/40.jpg)
Conclusion
![Page 41: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/41.jpg)
Identity and Access Management
IdentityRepository
HR
Application
Application
Application
Application
AM
IdentityManagement
Users
CRM
SystemAdmin
RequesterApprover
Application
![Page 42: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/42.jpg)
IAM Letter Soup
IdentityRepository
HR
Application
Application
Application
Application
AM
ProvisioningSystem
Users
CRM
SystemAdmin
RequesterApprover
Application
IDM AMLDAP
AD
Provisioning
RBAC
Administration
Sync
Workflow
Connector
LDAP
SSO
Federation
SAML
OAuth
Authentication
Two-factor
OpenID Connect
UMA
Integration
Policy
![Page 43: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/43.jpg)
Access Management● Authentication
● Single Sign-On (SSO)
● Quite expensive
● Provisioning
● RBAC
● Synchronization
● Password management
● Self-service
● … and much more
● Cost reduction
Identity Management
What people want What people need
![Page 44: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/44.jpg)
Access Management● Authentication
● Single Sign-On (SSO)
● Quite expensive
● Provisioning
● RBAC
● Synchronization
● Password management
● Self-service
● … and much more
● Cost reduction
Identity Management
What people want What people need
STARTHERE
![Page 45: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/45.jpg)
Questions and Answers
ProvisioningSynchronizationRBAC
GovernanceConsistency Workflow
Audit Authorization
Management
Self-serviceDelegated administration
Data mapping REST
PolicyEntitlements
Segregation of duties
HA
IdentifiersNotifications
ConnectorsLocalization
Parametric roles
Password resetOrganizational structure
Web UI
Expressions
SchemaConditions Extensibility
Scripting
Bulk actions
![Page 46: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/46.jpg)
Radovan Semančík
www.evolveum.com
Thank You
![Page 47: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/47.jpg)
Extra Slides
![Page 48: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/48.jpg)
(Much) More Information
● midPoint Wiki• https://wiki.evolveum.com/display/midPoint/Home
● Architecture and Design (in Wiki)• Wiki pages under [Architecture and Design] page
• “Live” architecture documentation
• Includes UML diagrams
• We try to keep it (reasonably) up to date
● midPoint Mailing List
![Page 49: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/49.jpg)
Example midPoint Deployment Architecture
midPoint
midPoint Identity Repository(Relational DB)
Custom HR
System
CSVFile
ScheduledExports
FlatFileConnector
Active Directory
ADSI
AD Connector(remote)
SQL
DB TableConnector
Oracle Database
Database Applications
Microsoft Applications
Administrator
User Self-Service(Web GUI) Identity
ManagementPolicies
(rules, processes)
Web GUI
IDM Logic
![Page 50: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/50.jpg)
Identity Connectors
● Common Identity Connector Framework• Sun Identity Connector Framework → ConnId
● Compatible connectors• AD, DB Table, DB2, MySQL, Oracle, RACF, Solaris, SPML, VMS,
FlatFile, XML, Solaris, SAP, ...
• LDAP: OpenLDAP, 389ds, OpenDJ, eDirectory, Active Directory
• CSV file, Office365, SAS, GitLab, Lotus, LifeRay
![Page 51: Open Source Identity Management - Konference … Semancik - Open...The midPoint Story Started 2010-2011 (5 years, 14 releases) Github, Apache 2.0 License ~500K lines of code (Java)](https://reader035.vdocuments.site/reader035/viewer/2022063007/5fbb0d2b41aada789972a54c/html5/thumbnails/51.jpg)
Live Demo
http://demo.evolveum.com/Documentation: search for “Live demo” in wiki.evolveum.com