Skip to end of metadata
Go to start of metadata

Space Index

0-9 ... 8 A ... 22 B ... 11 C ... 12 D ... 7 E ... 13
F ... 3 G ... 5 H ... 6 I ... 4 J ... 1 K ... 0
L ... 4 M ... 8 N ... 4 O ... 2 P ... 9 Q ... 0
R ... 18 S ... 32 T ... 3 U ... 14 V ... 1 W ... 8
X ... 1 Y ... 0 Z ... 2 !@#$ ... 0    

0-9

Page: 1 Database initialization
1 Database initialization The supported databases are Oracle RDBMS, Microsoft SqlServer, MySQL and MariaDB. 1.1 MySQL setup In order to configure mysql database you need access to the database administration tool (mysql) with superuser permissions using a
Page: 1.- Manuals
   
Page: 2 Soffid IAM console installation
2 Soffid IAM console installation JVM must be installed. Minimum version is 1.6. 2.1 Linux Prerequisites You will need access to the root user to install Soffid IAM console. If your Linux is a sudo based distribution you will have to execute: sudo bash In
Page: 2.- Addons
Page: 3 Soffid Sync server installation
3 Synchronisation server installation  First of all, open your favorite browser and surf on the internet to Soffid Download Manager. Click on Synchronization server and download the latest version for your OS.   As soon as Soffid Synchronization server fi
Page: 3.- Addon development
Soffid allows to build addons that can customize data model, business logic and user interface. There are six different types of addons: BPM process archive (par). They follow the JBPM archive guidelines plus some additional files for managing user interf
Page: 4 Agent configuration
4 Agent configuration 4.0 Download connector First of all, open your favorite browser. Surf on the internet to Soffid Download Manager. Click on Connectors and choose the latest version of the connector for your environment. 4.1 Install the connectors Sec
Page: 5 Provisioning
5 Provisioning 5.1 Domains and users types In order to adapt identities to the particularities and requirements of each user repository, the following groupings are available: User type: In order to use different password policies we will use different us

A

Page: account object
An account object holds the information belonging to a shared account Attribute Type Description accountId Long account id accountName String account name system String managed system (agent) name accountDescription String account description accountDisab
Page: Accounts
A user needs an account for each system to which it should access. Accounts should normally be user accounts and belong to exactly one user. We can see user accounts on user management screen, and will mostly be created by Soffid. Thereafter, there are ot
Page: Active Directory back channel configuration
In order to configure Active Directory back channel, you must use the eris command line tool. Being at IAM-Sync installation directory change to eris or eris64 directory and execute: eris-ad-service CONFIGURE url agent where url is the master syncserver u
Page: AD connector
Active Directory connector can manage user and groups by using LDAPS protocol. To user LDAPS protocol, the following parameters are required: Host name of the domain controler Active Directory distingished name in X500 format. e.g.: dc=soffid,dc=local Adm
Page: Add High Availability to MariaDB by using Corosync and Pacemaker
Node 1 Node 2 Install Corosync and Pacemaker. It is recommended to use apt or yum because these programs will handle dependencies for you, making the process much easier. Install Corosync and Pacemaker. Cluster nodes need a key in order to authenticate th
Page: Add-on configuration
The retrieve password configuration have three parameters: Required questions: indicates if the system will check if the user questions are or not answered correctly. Disabled: if this option is selected, the system will not check if the user questions ar
Page: Adding new
Adding new PolicySet, Policy, PolicySetIdReference or PolicyIdReference It is possible to add different elements to a PolicySet. When you click on 'Add new' a popup will asks you what kind of element do you want to add. In order to create a new Policy or
Page: Addon container
Addon containers can be deployed on Soffid console, using addon management page. This addons are bare jar files that are containing some other addons as well as an index file, named META-INF/soffid-plugin.xml. This file can contain the following tags: Tag
Page: Addon management
Addon Management Addons and server plugins can be developed using Addon Development Guide. Once this addon is developed, it can be deployed through server plugin screen. There are two main types of addons: System connectors, also refered as plugins are li
Page: Addon spring descriptor
Addons must have a addon-applicationProperties.xml spring descriptor. Hibernate DAOS should be declared as the next example states. They can reference any bean present at Soffid console, including sessionFactory. It's advisable to use two global intercept
Page: Addon startup
Some addons needs to execute some code on startup. To achieve this, the startup must implement and declare a SpringService that implements the es.caib.seycon.ng.servei.ApplicationBootService interface. This interface has two methods that will be called af
Page: Addon upgrades
Soffid addons should be able to manage data schema changes. Soffid gives addons a standard procedure to perform data and schema upgrades. The data upgrade process is performed in three steps: The addons to upgrade are deployed into soffid console using ad
Page: Administrator access
  For domain member hosts, ESSO will remove all existing local accounts except for those with a dependand service. So, in order to access with administrator privileges, user must use a domain account with local administrator privilege, or either an author
Page: Agents
Once the server plugins and loaded into Soffid, agents can be configured in order to synchronize repository information. Each agent will be have the following items: Code: Name. Type: Server Plugin to use. Server where to run on. If “Any mainserver” is sp
Page: Agents account management
The agent configuration sets the way accounts are created and disabled. Whenever a user is modified, the following rules will be applied to check if the user should have or not an account on this agent: The user type is check against valid user types If t
Page: Attribute definition
At configuration page, you can define the custom attributes identities should have. At current version, four types of attributes can be defined: String Photo Binary data Date Email address User reference This attributes can be ordered for user convenience
Page: Attribute management
Soffid administrator can easily define how to get, store and provision identity attributes. Identity attributes should be defined at configuration page. Once defined, they are visible at users page. Finally, the connectors page allows to specify the incom
Page: Attribute Mapping
Starting on Soffid 1.4, Soffid administrator have the chance to easily customize attribute mappings without having to code it using Java. When a agent allows this kind of customization, a new tabnamed "Attribute mapping" will appear. On this tab, the user
Page: Attribute rules
When Soffid Identity Providers authenticates a user in behalf of a service provider, it can give some user attributes to the latest. This attributes can be send by the identity provider attached to the authentication response, or the service provider can
Page: Authorizations
Soffid defines a full range, fine grained permissions. From this page, administrator will be able to assign this fine-grained permissions to roles. Theese roles should be created at Soffid system. They may be created into Soffid application system, but co
Page: Authorizations descriptor
The authorization descriptor is an XML describing the different authorizations that can be granted to users. This file should be located at /com/soffid/addon/authorization.xml The template for this file is: <?xml version="1.0" encoding="utf-8"?> <autoritz
Page: AWS Connector
Managed systems Amazon WS IAM module Interfaces Users, Roles Requirements It is needed a user with IAM privileges. Parameters Credential ID Credential secret Notes It cannot detect password changes to be propagated to other systems.   Object mappings You

B

Page: Binding Data Model Collections
Components of type listbox and grid behave as complex containers of objects collections. These components can be assigned a Xpath expression that does not identify a single object, but a collection of objects or values. In this case, the system will gener
Page: Binding data model context
To easiest the readability and maintainability of the code, and to shorten in XPath paths, some components can works as a relative xpath context for the contained ZK components . When a container type object is associated with a data model element, binds
Page: Binding data model simple values to zk components
In the previous section, we saw how to declare a sample data model. To bind a component to a data model element, the bind attribute can be used. The bind attribute value must be composed of the data source path to be used, a colon separator, and the xPath
Page: Browsing executed reports
All reports executed by the user or executed by a time schedule will be displayed at executed reports tab. The user can download it in native (PDF) format, but XML and HTML formats are available as well. The user can also remove any executed report. Mind
Page: Building dynamic data model
While building the data model using XML files is possible, it's advisable to use more dynamic data models in the production environment. Alternatively, ZKIB module provides a set of classes that ease interaction with data models based on JDBC databases an
Page: Bulk assign
Bulk assign It is possible to select several accouts, roles or assignments at same time to apply them the same action. By clicking on bulk assign a pop up will appear. The actions to choose and the fields to fill in are the same that appear in the tabs an
Page: Business logic addon
A business logic addon should follow the conventions and guidelines used to develop Soffid IAM. It must be composed of: Hibernate entities and mappings DAOs to access those hibernate entities. They must contain transformation methods to build value object
Page: Business Process addon (par)
Soffid Business Processes use JBoss JBPM engine. You can find the original JBPM documentation here. In order to develop a new business process addon you need Eclipse Java EE IDE for Web Developers and three pluguins installed on it: JBPM pluguin. You can
Page: Business process definitions
You can upload new process definitions and enable or disable existing ones. Existing process definition can be updated by uploading a new version. On process definition upgrade, if it's enabled on process definition metadata, existing, not finished, workf
Page: Business processes
In order to add extra functionality to console users can upload different business processes (a.k.a. Workflows) that can be found in Soffid download area. To use them, the process definitions must be deployed as new process in “Business process definition
Page: Business units (Groups)
Organizational units are managed in a hierarchical fashion. Each group has the following attributes: Code: Short name. Description: Full name. Quota: Quota allocated to the shared folder. Drive letter: If specified, a shared folder for this user will be c

C

Page: Change Password URL
There is a service point to allow users change their passwords. Simply redirect the user to: https://servername:port/protected/changePassword The user will be required to enter identify itself and enter a new password. Optionally, you can enter a web page
Page: Collection class
The collection object implements a subset of the standard DOM HTMLCollection Attributes: length Long Number of items in collection.   Methods item id: long returns Element Find the element with id order number. The first element is 0. namedItem id: string
Page: collection-finder handler
Similar to collection-handler, this handler retrieves the list objects contained on a parent collection.  Attribute Usage collection EL expression that contains the objects collection if EL expression that must be evaluated to true prior to handler action
Page: Collection-handler Handler
This handler is applicable when the persistence of this object is managed by the parent dataNode. The allowed attributes are: Attribute Usage collection EL expression that identifies the collection onto which the business object must be added or removed i
Page: Components as a data source
The listbox component has a dual role, as a data consumer and as a data source. We've seen how listbox component can act as a data consumer in the previous pages. No we'll see how is it acting as a data source. Any zul component can use the listbox path a
Page: Configuring Soffid WSSO
The system is configured using Apache configuration files, plus some ECMA script files that can be located anywhere you want. If you are using Ubuntu Server, it is necessary remove apache_mpm_worker module and install apache_mpm_prefork one. In general, S
Page: Configuring terminal emulation SSO
To configure SSO on terminal emulations, an HLL API bridge has been built. This bridge allows direct communication with the terminal emulator in order to create accurate SSO rules that can be triggered based on the screen display. Next, you have a sample
Page: Creating a multi-master MariaDB cluster
This topic will cover the process to create a two node Maria DB cluster. The cluster will be configured to allow Soffid console to use either database node, which in turn will replicate data changes to the other one. Node 1 action Node 2 action Create and
Page: Creating a user interface data model
There are three alternative ways to implement user interface data model. The first one is to retrieve information from an XML file. Its use is simple and easy to implement during user interface prototyping phase. A second alternative is to create a set of
Page: custom-attribute handler
Generates virtual attributes derived from other attributes or external elements of the application. It can be applied to any DataNode to add attributes that were not originally present at the underlying business object. Those attributes will be presented
Page: custom-finder handler
The custom-finder provides coverage for situations where you need a more sophisticated handler and is not worth implement it using a script. In this case a class that implements the FinderHandler interface must be developed, and the custom-finder specifyi
Page: Custom-handler Handler
The custom-handler provides coverage for situations where you need a more sophisticated handler and it is not worth to use a bsh script., In this case the persistence must be done be a java class that implements the PersistenceHandler interface, and the c

D

Page: Data model manipulation
The data model can be manipulated directly using the JXPathContext interface or indirectly through components, Whenever the user changes the contents of a ZK component, which is bound to a data model object, the change is propagated to the model, which in
Page: Data schema descriptor
Schema description The schema must be expressed as an XML file. This file should be located at a core addon module and be named plugin-ddl.xml. This DDL file can contain descriptions for tables, indexes and foreign keys. Tables A table is composed of a <t
Page: Data validation
The validation tag is responsible for performing basic checks regarding mandatory attributes and valid attribute values before being submitted to the persistence handler. The validation tag may contain one or more attribute-validation and script-validatio
Page: Definition of dynamic models using XML descriptors
It is possible to define the underlying data model without having to write java code. To do this, you must use an XML descriptor which describes the DataNodes and their relationships. An skeleton XML descriptor has the following structure: <?xml version="
Page: Developers guide
Page: Directory class
This class is able to look for directories content. A directory object has the following attributes and methods: Constructor: Directory file: string Creates a directory object bound to the specified path.   Methods: length returns int Indicates the number
Page: Document class
When an action is associated with a Web application, it creates a document that identifies the full HTML document. This object assigned to the document variable. Thus, scripts can access the web contents and its DOM tree in runtime. The document object im

E

Page: EJB find handler: ejb-finder
Handles the method to retrieve business objects via a stateless session bean. Supports the following attributes:   Attribute Usage jndi JNDI path to EJB Home interface method EJB Bean method to get business objects if EL expression that must be evaluated
Page: Ejb-handler Handler
It is responsible for persisting the object via a stateless session bean. The following attributes are supported: Attribute Usage jndi JNDI path to EJB Home interface if EL expression that must be evaluated to true prior to handler action unless  EL expre
Page: Element class
The objects of type Element are created for each input element with a ref-as attribute, or are obtained from the Document itself. It implements a subset of the DOM class HtmlElement. Attributes: childNodes Collection Vector of children elements. disabled
Page: ESSO
Soffid ESSO is a full Enterprise Single Sign on solution, with some distinguishing features: Keeps track of users sessions active on the network. Automatically reconfigure user preferences and desktop behaviour according to whether or not it is connected
Page: ESSO Configuring Rules for Single Sign On
Configuring Single Sign-on SSO system is configured based on the detection of administrator defined User Interface patterns. The system currently supports native Windows applications, Java applications and Web applications. The UI Patterns are expressed w
Page: ESSO Installation
Installation Supported platforms Soffid ESSO supports Windows XP or later workstations. Interactive installation To install Soffid ESSO, you must follow these steps:   Download the latest available installer version from: Soffid Download Manager. Run it a
Page: ESSO Related configuration parameters
There are some configuration parameters that can be tuned on Soffid console. Parameter Value SSOServer Comma separated of synchronization servers the ESSO should connect to seycon.https.port TCP/IP synchronization servers are listening to. By default 760
Page: ESSO Scripting Language
Scripting language  The scripting language used is a full ECMAScript interpreter. Nevertheless, it's not a Javascript interpreter as it's used on web browsers. It only has the core elements of ECMAScript (Objects, Arrays, String, etc.) and a set of object
Page: ESSO SendKeys syntax
SendKeys syntax The sendKeys function aims to perform as the user pressing keystrokes. Thus, the function SendKeys ("ABC") simulates to press those three letters. The keystrokes will ibe done independently of the application that generates them. Thus, it
Page: ESSO User Manual
Esso Options: On a host with ESSO installed an icon with Soffid Logo will appear on Windows taskbar. If user clicks on with the mouse right button it will be able to do some different actions:  Enable/Disable ESSO: In order to inject ESSO rules, Soffid ES
Page: Execute or schedule reports
To execute reports, from either executed or scheduled reports, press on the "Generate report" button.   Afterwards, select the report you want to execute: The parameters for this report will be displayed, allowing the user to customize it: Finally, the us
Page: Expired password report
  This workflow displays a list of accounts whose passwords are near to expire.  The process allows you to specify a set of search parameters like: days remaining to expiration date, account type and user type. So, the days remaining until the expiration
Page: Expression Panel
Expression type page allows you to create a different kinds of Variables or Conditions. There are nine different possibilities for the expression. You must choose one. It is not possible to create an expression type with the attribute and the value for th

F

Page: Federation overview
When federation addon is enabled, a new option will be available on the console menu: Identity Federation. Using this menu will bring you a new page with two tabs: The first ones shows the identity federation members, both identity Providers and Service P
Page: File class
It allows easy manipulation of files using the File class. Constructor: File file: string mode: string Create an object of type File for the specified file. If mode is “r”, the file will be opened in read mode. If mode is “w”, the file will be opened in w
Page: Fixed size file connector
The Fixed columns connector provides a way to load authoritative data from fixed record size files. This connector is bundled together with 1.2.0 version of CSV file connector. The main parameters for this connectors are: Parameter Description Debug If en

G

Page: Get logs from server
  This workflows permits to look up server logs from console. The logs are created on server filesystem. In order to read them from console you can install read logs workflow. When a user starts a read logs process the server.log file is upload and annexe
Page: Global functions
This functions can be used in an action element: debug text: string Sends a message to the debug console. sleep millis: int Stops script execution for the specified milliseconds. Never stops the execution of the application. env text: string returns strin
Page: Google Apps Connector
Google apps connector can manage user and groups using Google Directory API Prerequisites To get a service account and private key, follow this link: Creating a service account. You must: Register a new project Enable AdminSDK API Register a new OAuth ser
Page: grant object
A user objects are maps that hold the information belonging to a single user account Attribute Type Description id Long grant id grantedRole String granted role name grantedRoleSystem String granted role managed system (agent) name grantedRoleId Long gran
Page: group object
A roie object is a map that holds the information belonging to a shared account Attribute Type Description groupId Long group id name String group name description String group description parent String parent group name server String home server host nam

H

Page: High Availability
High availability configuration is supported on each layer of the Soffid stack. Database replication Soffid supports two kinds of database replication: Builtin asymetric replication Database engine replication Builtin asymetric database replication There
Page: Hll class (version 1.4.0)
The Hll class gives the script engine access to Hll terminal emulators. When a hll pattern matches the emulator screen, a hll object of class Hll will be crated and can be used by the action script.   Attributes: sessionId string Full URL of the document.
Page: Hosts
Host screen let administrator manage static IP address assigned to any host. Dynamic IP addresses are automatically managed by Soffid ESSO. A host has the following attributes: Name Network it belongs IP Address. If desired, the  button will search a free
Page: How to perform unsolicited login
Soffid Identity Provider supports unsolicited login profile. In order to enable it, you must be sure that federation metadata for the target service provider allows it. It is configured using the AuthnRequestsSigned attribute of the SPSSODescriptor tag:  
Page: How web single sign-on works
Web Single Sign On acts introducing credentials to the underlying web application in behalf of the user. To perform its job, WSSO can: Identify the user when needed Modify pages generated by the web application in order to adapt them to the single sign on
Page: HOWTO SSL access to Active Directory
This howto will show you how to install the Certificate Services in Windows Acive Directory Servers. Before beginning, make sure the Internet Information Server (IIS) is installed in your server. Installing the Certificate Services Click Start, select Con

I

Page: IAM
Page: Identity Federation
Soffid Identity Federation addon helps administrators to manage an Identity Federation.   The main supported standard for Identity Federation is SAML. SAML allows to completely detach the identification process from web applications, known as Service Prov
Page: Identity Providers
Identity providers are responsible for identifying users. They also are responsible for giving service providers information regarding the identified user To let a identity provider join the federation, simple create it under the Identity Providers folder
Page: Installation
In order to install Web Single Sign on, the following components must be installed and running Soffid IAM Console version 1.2.1 or later Soffid IAM Synchronization server 1.2.1 or later Soffid SAML Identity Provider version 1.0.0 or later An Apache server

J

Page: JSON Web services connector
This connector allows the integration with any Web service able to consume and generate JSON documents.   The mecanism used to synchronize objects is displayed at next picture: Soffid object is transformated to a target object. Usual attribute mappings an

K

L

Page: LDAP Connector
Managed systems LDAP Servers Interfaces Users, Accounts, Roles, Grants and Groups Requirements It is needed a user with full administrator acces. Parameters User name in DN format, including base name if needed Password Hostname LDAP Base name Use membero
Page: Linux Connector
Managed systems Linux systems (either 32 or 64 bits) Interfaces Users, Groups & Roles Requirements A Soffid Synchronization Server must be installed on the managed system Parameters Shell to assign to new users Directory to create home directories into Wh
Page: Local configuration properties
seycon.properties files gives administrator a way to customize and improve synchronization server behavior. Some of the following parameters will always be present, some others should be created by the administrator. Parameter Description user database ow
Page: LOPD
This addon easies the management of data files affected by the Spanish Data Protection Law 15/99. This addon includes into console a new menu entry 'Files with personal data' that allows users to organize all information about files with protected content

M

Page: mailList object
A user objects are maps that hold the information belonging to a single user account Attribute Type Description id Long internal mail list id name String mail list name ( the initial part, before the @ sign) domain String mail list domain ( the remaining
Page: MailService class
Simple tool to send emails. The MailService object has the following methods. Constructor: MailService   Create an object of type MailServer.   Methods: setServer server: string Specifies the name of the mail server. setFrom from: String Specifies the nam
Page: Main synchronization server configuration
  In the main synchronization server two news fields must be fill in: Use master DB: enabled/disabled BackupDB: url from backup database If this fields are not fill in the replica addon will create all tables, populate data and create automatically tasks
Page: Manage report definitions
On the report definitions tab, you can browse the list of uploaded reports. For each report, the administrator can customize: Report name Type and description for each parameter List of people or groups authorized to execute such a report. Administrator c
Page: Managing scheduled reports
Report administrator can query at any time the reports scheduled. For each report, administrator is allowed to change the target users of the report as well as the point int time to execute it. Administrator can also remove report schedules.
Page: membership object
A membership object contains the user account information as well as the group the user belongs to Attribute Type Description user Map<String,Object> user object group Map<String,Object> group object
Page: Monitoring and reporting
Monitoring and reporting Audit The audit trail page allows to query for audit records. Each action done at soffid console will be reported. You can query by actor, action and object. Access log The access log page allows to query for access logs. They mus
Page: Monitoring and reporting v1.2
Monitoring and reporting Audit The audit trail page allows to query for audit records. Each action done at soffid console will be reported. You can query by actor, action and object. Access log The access log page allows to query for access logs. They mus

N

Page: NetworkResource class
Connect and disconnect network services (disks and printers). Constructor: NetworkResource   Creates an object of type NetworkResource.   Methods: connectPrinter resource: string model: string Connects a remote printer to the local spooler. connectDrive l
Page: Networks
Operator can define the subnets that compose the internal network, in order to manage the IP address space. The main goal is to manage a limited resource as IP address is. Soffid supports both static and dynamic IP assignment. Anyway, static IP management
Page: new-instance-bean handler
This handler allows the craetion of a new business object and assign default attribute values. The value of the bean attributes is specified using multiple instances of the bean-attribute tag Attribute Usage className Name of the business object class if
Page: new-instance-script handler
It is responsible for instantiating new objectswithin a finder on user request .   Attribute Usage if EL expression that must be evaluated to true prior to handler action unless  EL expression that must be evaluated to false prior to handler action With t

O

Page: Oracle Connector
Managed systems Oracle BBDD Interfaces Users Requirements A user with sysdba access is needed. Parameters Sysdba user name User's password Database URL. Use something like jdbc:oracle:thin:@host:port:sid Optional password to use on password protected role
Page: Oracle EBS connector
Managed systems Oracle E-Business Suite Interfaces Users Requirements User that can access to the database Parameters User name User's password Database URL. Use something like jdbc:oracle:thin:@host:port:sid Users management Users created on Soffid will

P

Page: Page index
Page: Password synchronization
The passwords a user have on an agent will be synchronized with any other "single user account" the user has on this agent. Shared accounts will never get its password synchronized. Password in an agent will be also synchronized with any other account the
Page: People Soft connector
Managed systems People Soft Interfaces Authoritative Identity Source Requirements User that can access to the database Parameters User name User's password Database URL. Use something like jdbc:oracle:thin:@host:port:sid Authoritative Identity Source mana
Page: Policy
In order to create a Policy, identifier, rule combining algorithm and version are needed. You can also write a description. Identifier must be an URI, it is recommended to use numbers for version and the rule combining algorithm determine how the differen
Page: Policy Set
  In order to create a PolicySet, identifier, policy combining algorithm and version are needed. You can also write a description. Identifier must be an URI, it is recommended to use numbers for version and the policy combining algorithm determine how the
Page: Processes and Tasks
Processes and Tasks Soffid console is concerned about task delegation and workflow management. Any user is capable of creating new processes or can be assigned as actor for a task belonging to a process. Process definitions are managed through Business pr
Page: Processes and Tasks v1.2
Processes and Tasks Soffid console is concerned about task delegation and workflow management. Any user is capable of creating new processes or can be assigned as actor for a task belonging to a process. Process definitions are managed through Business pr
Page: Provisioning identities
Soffid provides the connectors needed to provision accounts on the most widely used systems. For instance: Active Directory LDAP Linux files (/etc/password) CSV files Samba Oracle Database SAP R/3 Business Objects Soffid makes a clear difference between i
Page: Purge audit process
The business process execution generates a huge account of internal audit information. As long as this information is not longer useful after some period, this process is design to clean the superfluous audit log, keeping the basic audit information that

Q

R

Page: Recertification
This addon provides the functionality to review users permissions. In order to install it is nedeed to upload the recertification addon and three workflows: Recertification process Recertification group process (Review authorizated users list) Recertifica
Page: Recertification info
  In the Recertification Info page, authorizated users can review the recertification process, know the status, pending tasks, tasks done, etc.
Page: Reconcile
The main purpose of reconcile process is to provide a mechanism to pull the existing accounts, roles and permissions from a managed system, in order to do a fast deployment of Soffid-IAM solution, or to detect unauthorized changes to salves repositories.
Page: Reconcile accounts
Reconcile accounts In this tab you can see the Account Name, its description and the action to be performeed. The other fields will be enabled or disabled depending on the action chosen. There are four possible actions to apply to an account. Create a new
Page: Reconcile assignments
Reconcile assignments In this tab user will see a list of role assignments that are not on Soffid. The user can select ones he want to import to Soffid.  Ignored assignments belonging to existing users will be removed at next user synchronization. Pay att
Page: Reconcile roles
Reconcile roles In this tab you can see a role list fetched from the managed system with names and descriptions. There are two possible options: LOAD the roles or IGNORE them. In Soffid roles are bound to an Application, so in order to use the LOAD option
Page: Registry class
Manipulate the windows registry. Constructor: Registry path: string Create an object of type Registry   Global objects Registry.HKEY_LOCAL_MACHINE Tree Key LOCAL_MACHINE Registry.HKEY_CURRENT_USER Tree CURRENT_USER key Registry.HKEY_USERS Tree Key USERS R
Page: Replica
This addon allows synchronization server to work offline. In order to install it, access to a host with the same database system is needed. First, you need to create an empty database and the user for it management. Then you can install the replica addon
Page: Replica agent
  The replica agent is automatically created after a backup database is defined. This agent is in charge to replicate all changes in main database to replica database. The agent information can no be edited. Only the server can be modified in order to act
Page: Reports
The report addons offers an easy way to generate reports based on Soffid data model. In order to manage reports, three authorization levels are allowed: Permission to access report screen. Allows the user to executed the explicitly granted reports Permiss
Page: Resource Management
Resource Management ISoffid can managte three different kinds of resources: Human resources, Technological resources and Information Systems. Human Resources Users The user is the core object of the system. In Soffid, a user means a person. Every user can
Page: Resource Management v1.2
Resource Management ISoffid can managte three different kinds of resources: Human resources, Technological resources and Information Systems. Human Resources Users The user is the core object of the system. In Soffid, a user means a person. Every user can
Page: Retrieve password
This add-on provides the functionality to reset the user's password when they answer a defined questions. In order to install it is needed to upload the retrieve password add-on. Once installed it is needed to be configured (see Retrieve password configur
Page: Retrieve user password
When the users want retrieve their passwords, they must have completed their questions and answers. If the system does not require it when the user start his session, he can complete it in his profile. Also, he can add and delete questions. If the user ha
Page: Review authorized users list
  At this moment, the authorizated user decide for each user if it must be recertificate or disable. If the 'Active User' checkbox is not checked the user will be disabled on Soffid. For each other users a Recertification User process will be lanch.
Page: Role Mining Addon
How to install Soffid Role Mining:   1 incomplete First of all, download the latest version of Role mining from here: http://www.soffid.com/download/enterprise/ Download the latest's Role Mining version.   2 incomplete Log in your SOFFID IAM Server. Go to
Page: role object
A roie object is a map that holds the information belonging to a shared account Attribute Type Description roleId Long role id system String managed system (agent) name name String role name application String application system name passwordProtected boo
Page: Rule
In order to create a new Rule you must click on 'Add new' button, identifier and effect are needed. You can also write a description. Identifier must be an URI, effect determines if the rule will permit or deny the Target according to the conditions. Ever

S

Page: Sample configurations
Page: SAP connector
Managed systems SAP Interfaces Users Requirements A SAP account must be created with permission to execute user administration BAPIs using RFC Parameters User Password Host Server Client Number System number Language Unlock locked users (s/n) Users manage
Page: SCIM Connector
SCIM connector can manage user and groups using SCIM protocol compatible services.  Prerequisites To properly manage a SCIM capable server, you must: Get the credentials needed to manage it. Get the URL entry point for the service Get the URL entry point
Page: script-finder handler
It is responsible for retrieve business objects from the persistence layer using BSH scripts. The following attributes are supported Attribute Usage if EL expression that must be evaluated to true prior to handler action unless  EL expression that must be
Page: Script-handler Handler
It ca be used to persist the business objects using BSH scripts. Supports the following attributes:   Attribute Usage if EL expression that must be evaluated to true prior to handler action unless  EL expression that must be evaluated to false prior to ha
Page: secretStore object
This object is always visible from any action, and provides access to the user's passwords and secrets. User passwords are always related to a system account. This is the object used to retrieve user and password in order to inject credentials into applic
Page: Self service Portal
Self service portal The main purpose of Self Service Portal is to reduce the workload of IT department, as well as improve overall security of IT system. In order to access this module users must open http://ourserver:8080/selfservice/index.zul where ours
Page: Self service Portal v1.2
Self service portal The main purpose of Self Service Portal is to reduce the workload of IT department, as well as improve overall security of IT system. In order to access this module users must open http://ourserver:8080/selfservice/index.zul where ours
Page: ServerInfo class
This helper class allows the script to query information stored at Soffid console. Constructor: ServerInfo path: string Queried the server returning an object of type ServerInfo.   Methods: length returns int Returns the number of rows obtained. row n: in
Page: Service Providers
To join the federation, the service provider management team must deliver its "Metadata". The service provider Metadata describes how the service providers behaves: Which security algorithms does it support. The public portion of it's signing and encrypti
Page: Shibboleth Installation notes
Soffid Federation is based on shibboleth open source project. Actually the installation is a mixed procedure between Shibboleth installation and Soffid configuration. In the future Shibboleth installation will be integrated on Soffid installation in order
Page: Soffid architecture
Soffid Components Soffid IAM has three core components: Soffid Console: This is the first component to be installed. Includes web interface,  BPM and Web services. Soffid Repository: Installed on the console installation process. It is just a transactiona
Page: Soffid Configuration
Soffid is highly customizable. Despite the capability to write and deploy new addons, this is the central point where configuration parameters live. From this point you will find all the information needed to customizae Soffid.  
Page: Soffid Configuration Parameters
Some Soffid configurations parameters are shown at this page. Seycon.server.list shows where Syncserver and SyncServer backup are installed. When installing the first server synchronization, this parameter is automatically updated. If you want to install
Page: Soffid Configuration v1.2
Soffid parameters Some Soffid configurations parameters are shown at this page. Seycon.server.list shows where Syncserver and SyncServer backup are installed. When installing the first server synchronization, this parameter is automatically updated. If yo
Page: Soffid IAM Installation
To successfully install Soffid IAM, please follow the next steps: Database initialization Soffid IAM console installation Soffid Sync server installation Primary server Backup server Agent configuration Proxy installation Agent deployment Provisioning We
Page: Soffid IAM Operator manual
Page: Soffid IAM Reference Manual
Soffid console The Soffid console will allow you to manage identities and resources to be accessed by identities, including hosts, printers, shared folders or corporate applications. In order to get this task done, Soffid manages four type of resources: H
Page: Soffid IAM v1.2 User Manual
Soffid console The Soffid console will allow you to manage identities and resources to be accessed by identities, including hosts, printers, shared folders or corporate applications. In order to get this task done, Soffid manages four type of resources: H
Page: Soffid Identity Provider
Soffid Identity Provider must be installed as an agent onto a synchronization server. Even it's supported on a master or backup synchronization server, a proxy synchronization server is recommended. To install the proxy synchronization server, see instruc
Page: Soffid managed Identity Provider
Soffid managed identity providers, should have the internal check box on. Once the check is marked, the metadata text box will be disabled, since this metadata will be automatically generated by Soffid. The following information is required: Company name.
Page: Soffid upgrades
Soffid upgrades are managed using the same mechanisms as addon upgrades. Data upgrade The data upgrade process is performed in three steps: The console is upgraded using soffid installer. On console boot, the data schema is updated. To perform the schema
Page: SQL Connector
Connector properties The SQL Connector allows an easy to configure and deploy way to manage relational database based applications. The main parameters for this connectors are: Parameter Description Database type Identifies the driver to use. Currently Ma
Page: Startup / Shutdown console
On Linux systems To start Soffid console, execute service soffid-iamconsole start Upon startup, a first bootstrap log file will be stored at /opt/soffid/iam-console/jboss/server/default/log.boot.log After successfully configuring the log system, the log e
Page: Startup / Shutdown synchronization servers
On Linux systems To start Soffid syncronization sever, execute service soffid-sync start Upon startup, the log file will be generated at /var/log/soffid/syncserver.log. The syncserver.log file will be rotated daily. To stop Soffid synchronization server,
Page: Support and configuration tools
KojiKabuto.exe, the main Soffid ESSO component, picks settings and rules automatically from Soffid synchronization server at login. This configuration can be updated by running the command "KojiKabuto update". Once run, new rules will apply to all new pro
Page: Synchronization server Connectors
Page: Synchronization server setup
Setting master server up Synchronization server is configured using the configure command line tool. To configure a master synchronization server, use the following syntax: configure -main -hostname hostname -dbuser soffid -dbpass pass -dburl db_url The m
Page: Synchronization server setup (1.2.x version)
Setting master server up Synchronization server is configured using the configure command line tool. To configure a master synchronization server, use the following syntax: configure -server -hostname hostname -dbuser soffid -dbpass pass -dburl db_url The
Page: Synchronization servers
Page: System backup
Soffid relies on a database to store almost every identity data. So, the first step to perform a daily database backup. For Maria DB, look at: Backup and restore overview For Oracle, look at: Backing Up The Database For SQL Server, look at: Create a Full
Page: SystemInfo object
The SystemInfo object is always visible from any action, and provides access to information about the machine. Attributes: os string Specifies the name of the operating system: Windows / Ubuntu oSVersion string Indicates the version of the operating syste

T

Page: Target
  PolicySet and Policy targets contain the same sets of elements. The different sets are Subjects, Resources, Actions and Environments. In order to create an element for each set, it is needed to choose between select the attribute from the list provided
Page: Task user interface
To define the user interface for a task, a .zul file must be located at the ui directory, and the corresponding task tag should be located at ui.xml file. The user interface must be a ZK .zul page. This zul page must contain a task tag. This custom ZK tag
Page: Translation tables
Soffid has an easy to use mechanism to translate references or external codes into internal codes. For example, the HHRR application could be using a diferent coding scheme for business units. To deal with this data mismatch, users can extend the data mod

U

Page: ui.xml descriptor
The user interface descriptor follows the attached schema: ui.xsd Versioning JBPM denotes business process definition using a sequential number. This approach is not practical for business process management. So, every ui.xml file should have a tag tag, i
Page: Upgrade management
Soffid is concerned about component versioning and how to upgrade them. A upgrade system is designed in order to easiest Soffid core components upgrade, as well as Soffid addons addition, suppression or upgrades. Soffid also defines the interface to use s
Page: Upgrading Soffid Service Pack to the latest version.
If you have received information about a new SOFFID release, you can upgrade it following this simple process: Current version of your Soffid installation can be obtained by navigating to: Start - Main Menu - Soffid Configuration - Soffid parameters. Soff
Page: Upgrading Soffid Sync Server to the latest version.
After upgrading Soffid Service Pack version, it is strongly recommended to upgrade the Soffid Synchronisation Server to the latest version. Otherwise, some issues, may arise when reconciling an account. In order to check the current Sync Server version, p
Page: User & Password Domains
In order to adapt identities to the particularities and requirements of each user repository, the following items are available: User domains Password domains User types Password policies User domain: A user domain defines how account names will be create
Page: User accounts
On the accounts tab you will be able to see the accounts that belong to the user that is currently displayed. Also you can manually add a new account for a system, rename an existing one, delete it or change its password. You can also see when the passwor
Page: User attributes
User attributes will be shown on the left bottom side of the screen. Attributes will be displayed or editabled depending of the visibility configuration of each one.   If the user lacks permission to modify them, they will appear in read only mode.  
Page: user object
A user objects are maps that hold the information belonging to a single user account Attribute Type Description userId Long user id accountId Long account id accountName String account name system String managed system (agent) name accountDescription Stri
Page: User permissions aproval
  For each active user on recertification list and when the user has reviewed his permissios and requested for them, a new task appears for the authorizated users. One of the authorizated users can take ownership and grant or not the permissions. Reject p
Page: User permissions review
  When the authorizated user have been initiate the recertification, every user to recertificate have a new process on his tasks page. He can opens this tasks and check which permissions he still needs. After review it, he must click on 'Bring forward'. A
Page: User roles
User roles can be managed from the roles tab. Any role assignment must be bound to a user through a user account. In that way, when a role is assigned to a user, the user should have an account on the system where the role lives. If now account exists, So
Home page: User's documentation Home
Welcome to Soffid community wiki. Here you will find all the information needed to, download, install, use and develope Soffid. Content will be created as we are working on our product roadmap. If you miss something important, don't mind to make suggestio
Page: Users
The user is the core object of the system. In Soffid, a user means a person. Every user can have a number of accounts spread on different imformation systems. A user has the following attributes: UserName: Short name to identify the user. It uses can be e
Page: Using dynamic models
To use dynamic models XmlDataSource tag must be replaced by datamodel. The datamodel tag has the following attributes: Attribute Usage id ZK Identifier className root DataNode class name src XML resource name for XML dynamic data model rootNode Root node

V

Page: Virtual Identity Provider
It's a common problem that a single identity provider needs to offer different profiles or service levels to different service providers. In order to be able to define this behavior, any Identity Provider can be split into many virtual identity providers.

W

Page: Web addon
Web add-ons are standard war files. The files included in the war file will be copied onto Soffid console war file. In order to keep compatibility between add-ons, it's forbidden to overwrite existing file. Instead, the war file can contain xslt files to
Page: Web service interface
Most Soffid data item can be managed using web service calls. The following web services are available as an additional addon: Service Description Accounts Manage shared accounts Applications Manage information systems, also known as applications Configur
Page: Web Single Sign-on
Nowadays, it's very common to have a mix of different technologies and products to deliver information to customers, providers or internal users. With Soffid IAM you can get the same user and password for every application, but the user still needs to ide
Page: WebSSO configuration for Drupal
Add the following settings to Apache: <Location /> ShibRequireSession off ShibRequestSetting applicationId drupal AuthType shibboleth Require shibboleth </Location> SoffidOnLoadScript .* .* 60000 /etc/apache2/soffid/drupal-login.js SoffidPostData /?q=user
Page: WebSSO configuration for PHPBB
The following attributes must be added to apache configuration <Location /> ShibRequestSetting applicationId forum ShibRequireSession off AuthType shibboleth Require shibboleth </Location> <Location /ucp.php> ShibRequireSession on ShibRequestSetting requi
Page: Window class
When an action is bound with a user interface application, it creates an object of class Window for each component at the XML descriptor with a ref-as attribute. Those components have the following methods: Methods: getText returns string Gets the text va
Page: WSSO configuration
Configuring Soffid WSSO The system is configured using Apache configuration files, plus some ECMA script files that can be located anywhere you want. In general, Soffid WSSO acts intercepting and modifying any request made to Apache. This request can be p
Page: WSSO scripting language
Scripting language The scripting language is fully compatible with ECMAScript 3rd edition plus a small set of new objects and methods. Before running the script, Soffid WSSO will create some global variables referring to the request of the user agent and

X

Page: XACML
Using this addon it is possible to add an access controls using XACML standard to Soffid console. In this case, Soffid can be able to add more complex and restricted rules to the authorizations. For example, you can have a user that can manage users only

Y

Z

Page: Zarafa Connector
Managed systems Zarafa mail server Interfaces Users, Groups & Roles Requirements A Soffid Synchronization Server must be installed on the Zarafa server. Parameters Zarafa command line tool. This uses to be zarafa-admin Zarafa administrator role. Write dow
Page: zkdb - ZK Data binding tool
zkdb is a set of Java classes and ZK components designed to easy the development of web applications driven by a data model. ZKIB aims to fill the gap between the user interface defined in ZK and logic stored mainly in EJBs. ZKIB basic components are: A d

!@#$

  • No labels