Wednesday, March 23, 2016

Why IAM Projects Fail?

I was presenting to a potential Identity Management & Governance customer the other day. I talked about Why IAM Projects Fail and the Pain Points from our field experience.

Gartner has this nice diagram to explain Why IAM Projects Fail. A summary can be found here

See the proportion of People vs Products? In the market, there is really not much difference between the various IDM/IDG products. I can safely say their features are almost 85-90% similar. It's the implementors & customers' key stakeholders ("People") that makes the difference between a successful and failure IAM project.

A good People combination will spend more time in defining Principles, Practices, Policies and Processes. 

The Pain Points are from our field experience.

Again (coincidentally?), the biggest pain is People.

  • No ownership/main-driver (no full-time PM) 
  • Not trained 
  • Not really know what they really need (Keep changing requirement) 
  • Not enough support from application teams 
  • No well thought-of test plans & not following test plans

Sounds familiar? Well, the fact is we still encounter them in almost all IDM/IDG projects.


Wednesday, March 9, 2016

OpenAM - http://null:8080/auth/XUI/#login/

At times, like today, I do encounter http://null:8080/auth/XUI/#login/ error when trying to log in to OpenAM.

A quick workaround is to close the browser and open a new browser or go into Incognito mode.

PS: On the browser that I encountered the above issue, I did have another OpenAM session running. But it was pointing to a totally different domain. No time to think straight yet. :) Just a quick note here since I have captured the logs for further investigation.

Updated on 10th March 2016

Peter was referring to Configuration > Authentication > Core.

I tested in my environment. It worked! Thank you! Thank you!


Wednesday, March 2, 2016

OpenAM Fresh Install Issue - HTTP Status 500 - AMSetupFilter.doFilter

Out of laziness, I reused an existing Tomcat instance that had OpenAM 12 installed and configured.

It's fast! 

Stop Tomcat; Remove OpenAM 12 war file and the exploded OpenAM 12 directory; Deploy OpenAM 11 was file; Start Tomcat. 

Bomb! As soon as Tomcat started, I encountered HTTP Status 500 error.

Took me a while to realize that I have not yet cleaned up the hidden OpenAM configuration.

[ec2@am0 ~]$ cd .openamcfg/
[ec2@am0 .openamcfg]$ ls -altr
total 16
-rw-rw-r--.  1 ec2:ec2   25 Mar  1 18:55 AMConfig_data_opt_am1200_webapps_auth_

This file pointed to a configuration directory where OpenAM 12 was previously installed. Now that OpenAM 11 was installed, the above AMSetupFilter.doFilter error appeared.

Stop Tomcat.

[ec2@am0 .openamcfg]$ rm -fr AMConfig_data_opt_am1200_webapps_auth_

Start Tomcat again.