In this post i will discuss a security solution that one can use to secure their ADF essentials or ADF application. The solution to secure the application utilizes OpenLDAP and fortress. Fortress provides both RBAC(Role based access control) and ARBAC(Administrative role based access control) and OpenLDAP serves as a LDAP directory. Fortress also comes with a set of easy to use API’s through which you can manage permissions, users, roles, organizations,SOD (segregation of duties) policies both dynamic and static, temporal constraints etc, so all in all its a complete open source identity and access management solution and if you don’t want to go through the trouble of using the API’s and implementing your own solution, you can use the enmasse policy server or commander application that comes with the download to manage these things for you.
The added advantage here is that it includes policy and permission enforcement for which, if you were using ADF security, you’d have to use OES and some other servers and integrate them with your application.
Basic directory structure :-
A fortress domain includes majorly five organizational units as mentioned below:-
- ou=ARBAC: This organizational unit further contains admin permissions, admin roles, permission organizations and user organizations.
- ou=RBAC: This organizational unit further contains user’s and roles’ constraints, applicable SOD policies , normal permissions and application roles.
- ou=Policies: This node contains the password policies which can be assigned to the user.
- ou=config: This node contains the configuration information which at runtime will be used to determine the directory information by fortress.
- ou=people: This is the default organizational unit where the users are created.
I will leave this post here with the links and references where you can read more about fortress and install it. In the next post i will cover how to configure and use fortress with a ADF application.