IDM Designer, v5.0

 

 

IDM Designer is used by GlobalID as a rule engine and for integration to Active Directory.

GlobaID will only work with the following steps being done:

1. Installation

  • Unzip the Identity_Manager_4.8_Designer_Windows.zip

  • Run the install.exe in the designer_install folder

  • Choose the language and click “Ok”

  • Click “Next”

  • Scroll down and accept the license agreement, click “Next”

  • Accept the default folder, click “Next”

  • Choose shortcuts and click “Next”

  • Accept the Review/Summary, click “Install”

  • Wait for installation to finish

  • Select or de-select the “Launch Designer…” check mark, click “Done”

 

2. Project Creation

  • Start Designer

  • Select a placement for the project workspace; this will be the default for future.

  • Optional: answer “Yes” to check for designer updates

  • Optional: answer “Yes” to check for packages updates

  • Click the “Run Designer” icon

  • Under “Import a project” select “Identity Vault”

  • Name the project “GlobalID”, click “Next”

  • Type in the Host (IP/DNS), admin user (LDAP format) in eDirectory and type in the password.

  • Check “Secure Connection”, optionally allow “Save password”, click “Next”

  • Accept the certificate permanently, click “OK”

  • In the Import Project from Identy Vault, click “Browse”

  • Click “System” on the left side, and on the right select “driverset1”, click “OK”

  • Click “Finish” to finish the Import Project from Identy Vault

  • A migrate Linkages warning might pop-up, click “OK”

  • Click “OK” to the result - all should be green.

  • “GlobalID - Developer” should be shown

  • Right-click the newly created object and select “Properties”

    • Select “Server List” in the left menu

    • Click “Add in the right menu”

    • Select the server DN in the drop-down menu

    • Select the appropriate settings. GlobalID comes with IDM Standard.

  • Right-click the Yin/Yang icon and select “Properties”

    • Select “Server List” in the left menu

    • Add the IDM server to the list of “Selected Servers”

 

3. Import GlobalID Core IDM Drivers

 

The Camunda Driver is responsible for starting the BPM processes in Camunda. This includes the issue, revoke and renew process. The processes will wait for the user to finish the processes, some processes, like revocation, will run without user interaction.

Household driver set default adresses, and rules based ordering from AD groups, renewal, disable of expired certificates, calculates and set the user attributes based on the users current active certificates.

3.1 HouseHold Driver - Import

  • On the GlobalID server make the catalog /var/log/idm/Household

  • In the “GlobalID - Developer” right click the yellow and B/W server icon.

  • Choose “Import from Configuration File”.

  • Browse to the HouseHold.xml file that came with the GlobalID software in the subdirectory “Drivers”

  • Click “OK” to import

  • In the “Enter the password for ‘LDAP Password’” type in the ADMIN users password, and repeat the same in the re-enter field; leave all other settings as default, click “Finish”

  • A migrate Linkages warning might pop-up, click “OK”

  • Click “OK” to the result, all should be green.

 

3.2 HouseHold Driver - Config

  • Right click the arrow from the server to the Household driver

  • Click “Properties” in the popup menu.

  • Click “GCVs” (Global Configuration Values)

  • Scroll down and change the setting under “Default Addresses” to match the customer.

  • Click “OK”.

 

  • Change the view to “Outline” and “Show Model Outline”

  • Under HouseHold right click the “FindExpiredCertificates” and click “Edit”

  • Under Servers set the checkmark for the server

  • Close the Job Editor with “Save Changes”

 

  • Change the view to “Outline” and “Show Model Outline”

  • Under HouseHold right click the “FindExpiringCertificates” and click “Edit”

  • Under Servers set the checkmark for the server

  • Close the Job Editor with “Save Changes”

  • Click the Disks to save all changes.

 

3.3 Camunda Driver - Import

  • On the GlobalID server make the catalog /var/log/idm/CamundaDriver

  • In the “GlobalID - Developer” right click the yellow and B/W server icon.

  • Choose “Import from Configuration File”.

  • Browse to the CamundaDriver.xml file

  • Click “OK” to import

  • Leave all settings as default, click “Finish”

  • A migrate Linkages waning might pop-up, click “OK”

  • Click “OK” to the result, all should be green.

 

3.4 Camunda Driver - Config

  • Right click the arrow from the server to the Camunda Driver

  • Click “Properties” in the popup menu.

  • Click “Driver configuration” and click the tab “Driver parameters”, secondary tab “Subscriber Options”

  • Make a JKS file with the public server certificate that Tomcat is using and copy it to /var/opt/GlobalID on the server.
    (JKS files can be created using Java Keytool or a helper application like “Keytool Explorer”)

  • Change the “Truststore file” to path and name of the JSK file on the server (e.g. /var/opt/GlobalID/globalidpub.jks).

  • Change the “Base URL for REST Resource” to the Tomcat REST Endpoint (https://<host>:8443)

  • Click “GCVs” and click the tab “CamundaDriver”, scroll down and set Camunda Configuration → Camunda APICode to a valid API name (as specified during the Camunda installation on the GlobalID server in
    /var/opt/GlobalID/camunda-rest.properties, e.g. “camunda”)

  • Click “Named password” in the left menu, and select the APIKey. Click “Edit” to set a valid password for the APIkey. The “Named password” must match the API key specified on the GlobalID server in /var/opt/GlobalID/camunda-rest.properties
    ”Name” must match the name of the API key, as specified in the eDirectory server object “GlobalIDSystemAPIKeys”

  • Click “OK”

  • Click “OK”

  • Click the Disks to save all changes.

 

3.5 Deploy the IDM Configuration

  • In the “GlobalID - Developer” right click the yellow and B/W server icon.

  • Choose “Live” → “Deploy…”.

  • A Deployment summary is shown; click “Deploy” to update the running IDM configuration.

  • Click “Define Security Equivalences”

  • Multi select all drivers.

  • Click “Add”

  • Browse to the Admin in the system.sa container

  • Click “OK” for the Identity Vault

  • Click “OK” for Security Equivalences

  • Click “Exclude Administrative Roles”

  • Multi select all drivers.

  • Click “Add”

  • Browse to the Admin in the system.sa container

  • Click “OK” for the Identity Vault

  • Click “OK” for Deply - Exclude Administrative Roles

  • Click “OK” to Exit the deployment

 

For each Driver:

  • Right click the arrow from the server to the driver

  • Click “Live” → “Start Driver”

  • The dialog should say “Started on <hostname>”

    • if not consult the log file in /var/log/idm

  • Click “OK”

  • Repeat for each driver