Federated Access Manager Supported Data Stores and Operations

THIS INFORMATION IS STILL BEING UPDATED AND MAY CHANGE BEFORE THE FALL 2008 FEDERATED ACCESS MANAGER 8.0 RELEASE.

Federated Access Manager contains a lot of data and supports a number of products in which to store it. The following sections contain information regarding this support and the specific operations that can be performed on the data by each product.
  1. Directory Support
  2. Supported Identity Data Store Operations
  3. Notification Support

Directory Support

The table below lists the directories supported for the different types of data.


Sun Directory Server

Active Directory

IBM Tivoli Directory

LDAP v3 server (other)

User Data Store

Yes

Yes

Yes

No

Configuration Data Store\*

Yes

No

No

No

AM SDK (legacy)

Yes

No

No

No

LDAP Authentication

Yes

Yes

Yes

Yes

Membership Authentication

Yes

No

No

No

AD Authentication

N/A

Yes\*\*

N/A

N/A

Policy Subjects and Policy LDAPFilter Condition

Yes

Yes

Yes

Yes

Password Reset

Yes (with AM SDK only)

No

No

No

Account Lockout

Yes

No

No

No

Certificate Authentication

Yes

Yes`

Yes

Yes

MSISDN Authentication

Yes

Yes

Yes

Yes

Data Store Authentication (through LDAPv3 identity data store)

Yes

Yes

Yes

Yes

\* OpenDS can be configured as the embedded configuration data store during your initial Federated Access Manager configuration. It can not be configured as an external configuration data store as the Sun Directory Server can. OpenDS is not currently supported as a user data store.

\*\* There are some limitations.

As a side note, authentication also supports the JDBC repository through the JDBC authentication module.

Supported Identity Data Store Operations

IDRepo is the interface to provide basic management for user, group, role and agent entities. This interface allows support for any identity data repository with the development of a plug-in. Although currently limited to three directories, it can be expanded to include any LDAPv3 directory (like OpenLDAP or Novell Directory), a Java Database Connectivity (JDBC) directory, flat files, and others.

The matrix below specifies current support through the IDRepo interface. We have a specific implementation for each supported identity repository. The default implementation of this interface can be used and is supported for any LDAPv3 repository.

The following table lists operations supported by each data store type.


Sun DS

LDAP v3

IBM Tivoli

LDAP v3

AD

LDAP v3

LDAP v3

(generic)

AM SDK

(legacy)

User Create

Yes

Yes

Yes\*

No

Yes

User Modify

Yes

Yes

Yes\*

No

Yes

User Delete

Yes

Yes

Yes\*

No

Yes

Role create

Yes

Yes

No

No

Yes

Role Modify

Yes

Yes

No

No

Yes

Role Delete

Yes

Yes

No

No

Yes

Role Assignment

Yes

Yes

No

No

Yes

Role Evaluation for membership

Yes

Yes

No

No

Yes

Group Create

Yes

Yes

No

No

Yes

Group Modify

Yes

Yes

No

No

Yes

Group Delete

Yes

Yes

No

No

Yes

Group Assignment

Yes

Yes

No

No

Yes

Group evaluation for membership

Yes

Yes

Yes

No

Yes

Federation Attributes

Yes

Yes

Yes

No

Yes

\* Needs some fixes.

Notification Support

Data changes in directories need to be propagated to OpenSSO in a timely manner. The data in OpenSSO is updated in two ways:

  1. Polling of the directories
  2. Notifications from the directories

For notification, Federated Access Manager subscribes to persistent search notifications provided by the directories. For polling, it provides configurable parameters to specify the time intervals. When multiple instances of Federated Access Manager are running, the configuration data changes can also be propagated to those instances.

And now watch how the dancers support Goldie Hawn as she sings Star, the title tune from the 1960s film musical biography about Gertrude Lawrence and starring an excellently-cast Julie Andrews.

Comments:

Post a Comment:
Comments are closed for this entry.
About

docteger

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today