Today enterprise system consists of complex software components that keep duplicate data across wide spread system. Having such data spread across heterogeneous applications and services, it can be difficult to identify and resolve conflicts among all the sources of identity or generic data—such as when a user’s job title is changed in one application but not in others, or when a data file is modified on a distributed server in a complex environment. Inconsistencies like these—when an employee leaves, for example—increase the potential for security breaches and audit failures.
In short, maintaining data consistency across multiple data repositories requires the ability to synchronize information quickly and efficiently
IBM Security Directory Integrator helps create a single authoritative source of data residing in silos in various sources such as data-bases, directories, files and applications. Using configurable business rules, identities can be correlated to reconcile data from various data sources and create a unique set of data. This solution also helps solve various virtual directory use cases with a hybrid approach: It creates a centralized data store, but still provides the capabilities to manage and authenticate users at the original sources where they were created and continue to be maintained.
This article talks about how to synchronize between data between HR system that is maintained in Domino application and Banking loan origination application running on WebSphere Portal using IBM Security Directory Integrator
Details on the Domino HR systems
Open the HR application and analyze the view and documents for the mapping
Now open Security directory integrator and create a new assembly line to add Lotus Notes Connector which is provided out of the box by the IBM.
Once it is added, you can now, add connector configuration to connect to domino DB. Connector provides local client, local server and diiop, Since most of the cases, Security Directory Integrator may not be deployment on to the domino and to avoid additional license for local client, diiop becomes quite nimble. To connect domino diiop, you may use http port or ior port. In this example, we shall use IOR and to get this string, you can look to the domino html directory as below and copy the diiop_ior.txt
And paste into the address field on the connector. IIOP requires a domino java library file: the remote one called ncso.jar which is found under the data\domino\java directory of your Domino installation. Copy that lib into the Jars directory under Integrator installation base.
Ensure that you have selected iterator mode and DB view as follows
Now to add the target connector, we use db connector for portlet application data repository
Now we have source and destination and Security directory integrator to attribute mapping directly from the UI.
To test this, you click on the Run the console
Console provides the trace logs showing the results
Now web or social collaboration application like WebSphere Portal or IBM Connections will show up the synchronized data over respective applications
This is common scenario, where data may need to be augmented with related data in another system. When an organization plans to create a web-based application for both employees and customers, several concerns must be considered. The externally facing application will most likely have its own authentication service in the demilitarized zone (DMZ) that is securely separated from the existing internal security systems.
Of course, there are other use case of IBM Security directory integrator. One common problem shared by many organizations is the presence of numerous sources of identity data. Sometimes, a business need can require an organization to establish a new directory that is continuously maintained with information from the sources as data is modified there. Other times, the need may require all systems to have a minimum amount of information from all the other systems. Business needs will dictate the technical approach. In both scenarios, however, Security Directory Integrator can be used to detect changes in all systems, properly transform data to match the requirements of each individual system, and ensure that valid data is propagated in near real time