Blogs

Tying OIA Global Users to Business Units

This post describes how to link an OIA global user to a business structure (or business unit as it's also known in OIA or even BU).

The most obvious way to link users to BUs is to display the BU in the Identity Warehouse and add users through the Users tab.

But that's not very efficient, especially when you have to add hundreds or thousands of users to the BU.

In those cases, use a BU rule. After creating the rule, you'll need to run the rule.

1. Display the BU in the Identity Warehouse (Identity Warehouse>Business Structures).

2. Click the Rules link located below the tabs.

3. Click New Rule.

4. Follow the wizard steps. The important screen is Add Conditions where you will specify what the rule is applied to. For example, you can specify the following:

  • Object: user
  • Attribute: Primary Email
  • Condition: contains
  • Value: acme.com

5. Select which business structure the user will be assigned to if the condition is met, on the Select Business Structure screen. 

6. Save the rule.

7. Run the rule now.

OIA Orphaned Accounts

When you import resource accounts from a file that have no corresponding OIA global user, the imported account is an orphan.

By default, OIA creates a report listing the orphaned accounts and does not import those orphaned accounts.

To see if any orphaned accounts exist as a result of an import, go to Adminstration>Import/Export Logs>View Details for the import. Then click the Show Exceptions button. You can export the exceptions also using the Export button. These are OIA CORRELATION ERRORs.

Orphaned accounts can also occur when an OIA global user is deleted and the resource account remain in OIA. These orphaned accounts can be found by choosing Identity Warehouse>Users>Orphaned Accounts. This screen lets you assign the orphaned account to an existing OIA global user if necessary.

Alternatively, OIA can handle orphaned accounts (those with correlation errors) found during imports differently using the following property located in the iam.properties file (../oia/conf/iam.properties):
# CORRELATION PARAMETERS
# dropOrphanAccounts=true => accounts not correlated are not imported
# dropOrphanAccounts=false => accounts not correlated are imported

How to Assign the Environment Admin Role to an OAAM User Account

I post this information because the OAAM Environment Administrator role is not included in the tomcat-users file distributed with OAAM 10.1.4.5. Every once in a while, I find a need to use the role during a project. This will

Product: Oracle Adaptive Access Manager, Adaptive Risk Manager (ARM)

Version: 10.1.4.5

Background: All the OAAM roles that can be enabled are located in the .../oarm/WEB-INF/web.xml file.

To enable any of the roles found in the web.xml file, the roles must be added to the .../conf/tomcat-users.xml file.

Here's the role that already exists in the web.xml file:

<security-role-ref>
       <role-name>EnvAdmin</role-name>
       <role-link>web_EnvAdmin</role-link>
</security-role-ref>

Here's the line that needs to be added in the tomcat-users.xml file:

<role rolename="web_EnvAdmin" description="Environment Admin"/>

The role must also be assigned to user account(s) through whatever means your system authenticates.

The Beginning - 2 Minute Audit

We are conducting a new experiment called the Two-Minute Audit.

Most Internet users don't know how to determine whether a website is trustworthy or not. This is really a problem when a website asks for personal information. We'd like to offer a way for every user, regardless of their level of web-security skills, to quickly determine if a website can be trusted.

Here's an example. Your son wants you to order a year book for his school from a website. You pull up the website and find the website wants the following information before you can order the yearbook:

Full name
Home address
Email address
Username for the site
Password

After you create the account you also need to enter your credit card number, expiration date, and three-digit confirmation code.

Before you enter all that information you should take a moment and look over the website and determine it it is worthy of storing your personal information.

That's where the Two-Minute Audit comes in. The Two-Minute Audit will help you review the website and get a feel for how well the owner is protecting your personal information. The Two-Minute Audit is not a guarantee of anything, but it will help you weed out websites that don't take protecting your information seriously.

Cybersecurity legislation advances in Congress

In the midst of partisan "every thing", here is one bi-partisan bill.

http://www.washingtonpost.com/blogs/checkpoint-washington/post/cybersecurity-legislation-advances-in-congress/2011/12/02/gIQAh2nBLO_blog.html

I haven't had a chance to read the relevant content. But it does look like sharing pertinent information with in reason, voluntarily is what is addressed.

When I was talking to a few CSO's, common dilema still remains. "Relevant and pertinent information" for investigative purposes still remains seemingly a herculean task. A financial or health care institution which may produce gigabytes of "log" on a daily basis will find its rather taunting to filter out the noise.

It's International Fraud awareness week

Apparently ACFE has declared this week to be the Fraud awareness week. Check out www.fraudweek.com

How Oracle Adaptive Access Manager (OAAM) address FFIEC supplement to Authentication in an Internet Banking Environment.

By Arun Kothanath

Disclaimer:

The following write up is a response to the FFIEC supplement of June 2011 by Integral Business Solutions from it’s experience in the field of fraud management and deployment of OAAM. These are suggestive material only and are not to be recommendations from Oracle or Integral Business solutions. Institutions should implement appropriate risk assessment and mediation mechanisms according to their own business requirements.

Background

On June 28, 2011, the Federal Financial Institutions Examination Council (FFIEC) issued a Supplement to the Authentication in an Internet Banking Environment guidance first issued in Oct. 2005. The FFIEC considered that further guidance was appropriate due to the continued growth of electronic and mobile banking and greater sophistication of the associated threats, which have increased risks for financial institutions and their customers.

The FFIEC member agencies have directions to members to initiate assessments against these expectations by January 2012.

Overall this supplement emphasizes specifically on a few things such as,

-       Importance of risk assessment and risk management (as described in the 2005 release)

Cut your WebLogic startup time in half on Linux

One reason 11g applications start slow on Linux is because they run out of random numbers. Seriously. I’ll give you a command that will solve this problem and cut your startup times in half, but first I want you to know more about this issue.

What is entropy?

Think of entropy as the randomness of white noise from the natural world. Computers do not generate entropy. Rather, we count on computers to always give the same results for a given set of inputs. So entropy must be sourced from outside of a CPU.

CobiT

I'm studying for the CISSP exam and have come across COBIT again, as I have many times in the past. This time I decided to learn about COBIT in more detail.

Here's a list of information about COBIT:

  • COBIT stands for Control Objectives for Information and related Technology.
  • COBIT was created by ISACA and IT Governance Institute (ITGI).
  • COBIT is a framework of controls consisting of good practices. COBIT's documentation uses the term good practices instead of the more commonly used "best practices." That's different. I'll look for the reason for the subtle difference in terminology.
  • COBIT practices are focused more on control than execution. I'll keep that in mind as I read and I'm hopeful that I'll be able to explain this.

The executive overview provided in COBIT 4.1 contains the following definition of IT governance. I like it so much that I'll quote it here.

"IT governance is the responsibility of executives and the board of directors, and consists of the leadership, organizational structures and processes that ensure that the enterprise’s IT sustains and extends the organization's strategies and objectives."

The document is COBIT 4.1, ISBN 1-933284-72-2. Find it at the following web address:

Cloudy Computing

Have you been hearing about cloud computing as much as I am ? According to Gartner you should have, a growth from 5% in 2009 to 37% , of CEO’s who are interested in Cloud Computing.  It is also interesting to note that 3 out of 4 in this “interest group” were not interested in server virtualization, SOA or SaaS, which are deemed to be the corner stones for the so defined cloud computing.

Interesting to note from Mark McDonald (Group VP, Gartner) - “the peak of inflated expectations”, ” trough of disillusionment”

Syndicate content