Nice Demo of OpenAM log analysis using the ELK stack


The folks at Identropy have put together a nifty video showing analysis of OpenAM audit log events using the ELK stack (Elasticsearch, Logstash, Kibana).

Check it out here:



Post a Comment

Popular posts from this blog

Apache reverse proxy with LDAP authentication

Here is a sample Apache conf file that demonstrates the following
Reverse proxy to a backend Java application (/ui is proxied to an app running on port 9010).LDAP authentication against a local LDAP server running on port 1389The REMOTE_USER header is set to the authenticated ldap uid, and passed to the back end Java application.  
My purpose here is to have a super light weight proxy that simulates having a "real" Access Management system in front of the application.  This is strictly for development. The idea is to move authentication out of the application. In production the application is going to be front ended by a PEP (an Oracle OAM Webgate, for example) that will set the REMOTE_USER header based on the users established SSO session.

Here is the config file






Keep reading

Stupid Oracle vktm tricks to improve VirtualBox performance

In the process of creating a demo VirtualBox image running OEL 6 and the Oracle database 11.2.0.3.0 I noticed the idle CPU consumption was quite high (8% on the guest, 35% on the host).

The culprit turned out to be the Oracle database vktm process. This is a time keeping process - and it calls gettimeofday() *very* frequently.  This can have a negative performance impact in virtualized environments.

A colleague who is a database whiz suggested the following trick:


sqlplus / as sysdba
alter system set "_high_priority_processes"='LMS*' scope=spfile; 

This removes the vktm process from the list of high priority processes.

After this change (you need to bounce the database) the idle CPU consumption comes down to 1-2% or so. A nice improvement!

It goes without saying that this is:

a) Totally unsupported
b) Probably dangerous. This will most certainly break things in the database - such as statistics, auditing, etc.
c) For demo/development use only. If you care about your d…
Keep reading

SAML Federation in OAM 11g R2

Image
Oracle Access Manger 11G R2 adds SAML Relying Party support as a native feature. You no longer need to stand up and integrate OIF if you want to federate with another IdP.

SAML IdP support didn't quite make it into the first OAM R2 release - so you will still need OIF. This is on the roadmap - so stay tuned.

In this article I will show how easy it is to set up OAM as a SAML relying party.

I am using OIF configured as the sample IdP. See my previous article on setting up OIF to self federate (handy for experimenting). Assuming you have OIF configured you should be able to bring up the test SP SSO page: http://demo:7499/fed/user/testspsso


You will be challenged for credentials. After logging in you will see this:




Great. Now we have a working IdP we can proceed to setting up OAM as a relying party.

As a pre-requisite make sure you have federation services enabled in OAM 11G (System Configuration -> Available Services)

Bring up the OAM Console and navigate to System Configuration …
Keep reading