A resourceful book for Identity Management professionals – OpenAM by Indira Thangasamy
In today’s world, where information exchange over interconnected computer networks is critical for running businesses as well as personal lives, securing identities and controlling access privileges, known as Identity Management, has become a top priority for the professionals engaged in IT Security. Identity Management addresses all three objectives of information security: Confidentiality, Integrity and Availability. Identity Management in its’ simple terms involves Identity Provisioning, the creation and modification of identity data and Access Management, the definition and enforcement of access policies protecting digitial resources. The book, OpenAM, by Indira Thangasamy, deals with product features, installation, administration and implementation of OpenAM software – an Access Management tool used to generally to secure access to digitial resources such as portals and web-based applications.
ForgeRock, an Identity and Access Management software company, took up the initiative to keep the OpenSSO development supported
ForgeRock OpenAM protects web applications from unauthorized access and provides Single Sign-On (SSO), Federation and fine grained Entitlements as well as risk based access management. It was originally developed as an open source product by Sun Microsystems and was called OpenSSO. After Oracle acquired Sun, ForgeRock, an Identity and Access Management software company, took up the initiative to keep the OpenSSO development supported, rebranding the product and driving development of new features under the new name of OpenAM. Oracle continues to provide limited support for the existing versions of OpenSSO enterprise edition as it is due to be replaced by the Oracle access management solution, OAM 11g.
Each chapter in this book starts with an overview of the main topic being discussed and bullet points of the sub topics covered, and ends with a brief but powerful summary of the knowledge gained along with a very short glimpse of next chapter. Though the book is titled after OpenAM, a ForgeRock product, the terms OpenAM and OpenSSO are often used interchangeably throughout. The book has the following contents.
- Brief introduction of what Identity is and why organizations need Identity management, along with the fundamental difference between Identity and Access management
- History of OpenSSO and how OpenAM evolved from OpenSSO
- The four prominent features of OpenAM – Access management, Federation, Securing Web Services, and Entitlements
- Detailed instructions for installation and administration of OpenAM in single server and multi server deployments with and without SSL
- Enforcing authentication and authorization rules, configuring authentication types and creating custom authentication modules
- Implementing SSO – a) installing agents on web servers or application servers hosting web applications b) enforcing policies, and c) testing SSO
- Password management including Password resets, prevention of DoS attacks by implementing Account Lockout and delegation of password reset capability to selected users
- Identity store vs. configuration store of OpenAM, creating data stores for various LDAP directories
- Performing Identity related activities, using OpenAM, such as creating, modifying, searching and deleting user identities
- Use cases that involve Salesforce and Google Apps integration with OpenAM
- OpenAM logging and auditing options available
- Troubleshooting scenarios during installation, password reset, authentication and usage of command line tools stages
Though no prior knowledge of OpenAM is required for reading the book, I feel that the reader will gain the most out of the book if s/he is familiar with fundamental concepts of LDAP directories. The command line examples in the book are mainly for Linux users. Also, it would be helpful to have some basic knowledge of Java prior to reading the book.
The author did a great job in explaining the Access Management mechanisms such as Single Sign-On and Federation in general, while highlighting the ease of OpenAM’s implementation. By reading the book, one can get familiar with the installation and usage of OpenAM. There could have been more information covering the Entitlements capabilities of OpenAM and more examples of SSO Policy creation. I hope the author would add these in future editions.
Overall, I strongly recommend this book to Security Administrators as well as Identity Management consultants engaged in implementing OpenAM. It is a good book to be used in conjunction with OpenAM product documentation available on ForgeRock website, which is updated for the latest product changes from time to time.