Saturday, 20 August 2011

Trigger Happy Oracle Identity Manager - part 8 - OIM user triggers part A

This is part 8 of the Oracle Identity Manager trigger saga.

Creating a user in the OIM can trigger tasks, before and after insert, before and after update, before and after delete. The tasks are like other tasks and they start process task. The process form they use, use the standard form for creating OIM users, which includes the User Defined Field.

The data of these forms can be mapped to the input fields of the adapters behind the tasks triggered.

Sunday, 10 July 2011

Risk Management by obscurity works

The old adage is that security by obscurity doesn't work to protect against security threats. This is true. A solution that uses propriety solutions known only to a small community, doesn't remove the vulnerability. It does though, lower the probability that somebody is able to exploit the vulnerability.
The less people know the technology the less likely it is somebody is able to exploit the vulnerability. The economics of the exploits also work in favour of the obscurity. Since the investment of the hacker in learning the ins and outs, specially the outs of the vulnerability are not likely to payoff in large amounts.
That means obscure solutions do lower the overall risk since that is a combination of the vulnerability and the probability together with the impact. For instance for cases where the Impact for the user has a limited amount of payback for hacker.
A defense in depth approach could for parts of the solution include obscure solutions when there are no other solution or standard solutions (e.g. non obscure) are too expensive or complex.

Saturday, 29 January 2011

Trigger Happy Oracle Identity Manager - part 7 - enable user or disable user

When a user is enabled all the tasks that have the attribute "Enable Process or Access to application" are triggered. The attribute is set with a special drop down list box in the task definition form of the process definition.
All the tasks in all the resource objects linked to this OIM user are triggered. One could question why Oracle development hasn't chosen the construction with the lookup.usr triggers like has been described in an other post. But that is the wonderful world of OIM.
For this series is good, yet another way to trigger tasks in the Oracle Identity Manager world.

The drop down list box also contains the option "Disable Process or Access to application" and the "No effect" option.
This is a trigger just setup for the enabling the user.