Monday, March 23, 2009

Password Synchronization in Sun IDM 8.1

PasswordSync :--

You can find this Important Topic in Sun IDM 8.1 Documentation of Business Administration - Chapter - 11

Here i am Trying to synchronize password with Active Directory - IDM and Other Resources.

PasswordSync (Tools) detects user password changes initiated on Windows domains and forwards those changes to Identity Manager.

Identity Manager then synchronizes password changes with the other resources defined in Identity Manager.( So that there no need to change the password on every where, and through Single User ID and password we can access All Resources which is connected through IDM with Active Directory. - Same Domain Controller..

What is PasswordSync?

PasswordSync feature keeps user password changes made on Windows Active Directory domains synchronized with other resources defined in Identity Manager.

Password Synchronization Tools must installed on All the Domain Controller where Resources will be connected through IDM with Active DIrectory

And password Sync installation means "lhpwic.dll" file be presant on All the Domain Controller Machine.

How it Work--

"lhpwic.dll" DLL receives password update notifications from Windows, encrypts them, and sends them over HTTPS to the PasswordSync servlet. The PasswordSync servlet is located on the application server running Identity Manager.

this notification can be send through HTTP:// & HTTPS:// Protocol to the Password Sync Servlet that must presant on Sun IDM.

This Transfer has to by 2 Ways:--

1. Direct Methods
2. Through JMS

Direct Method is not implementing every time, its for small Enterprise, and where no need to worry about the Message Delivery Notification.. and this has to be implemented through IDM Native class.

And for the Security and message Delivery COnfirmation we use Through JMS, --

Password Sync. Servlet sends the password information to Identity Manager using JMS (Java Message Service). The servlet submits password changes to the JMS Message Queue.

Identity Manager’s JMS Listener Resource Adapter checks the Queue for new messages. If a password change message is found waiting on the Queue, the JMS Listener Adapter takes the message off the Queue and imports it into Identity Manager

So that if we have to try password Sync. through JMS Method we must implemet JMS Listner in our Existing Identity Manager Environment through Managed resources.