Couple of question in Sun Access Manager v 6.x planning to migrate to 7.x later.
Currently the authentication and authorization are done by J2ee application and there isnt any AM and we were planning to implement AM for SSO first time.
1) Is there a way that i can configure the Authentication chain in AM to meet 2 requirements a) LDAP b) Accessing Oracle Database for finding out the user's account status/ rome details.
My aim is that once the user authenticated against LDAP, within the same session i would like to reach to the Oracle DB and get his role status to send it across HTTP headers with user id. Is this technically feasible?
2) Can someone give an idea on when and why to use Sun Role Manager when there is an Sun IDM provisioning tool exist from Sun suite to provision users and roles to the waveset repository and to Ldap. I am a newbie to this area and has no clue on the existence of the Role Manager and why is there a need to have these two tools (IDM and Role manager) if we can achieve all with IDM alone. I also notice the integration of IDM and Role Manager to import/export user/account/roles back and forth. Is the Role Manager a required one and we can't achive all without this by having IDM alone. Any thoughts on this will be greatly appreciated
1. The AM agent can return ldap attributes after authentication. What you can do is use Sun Directory Server Proxy to provide a virtual view of both LDAP and your DB to AM.
2. Sun Role Manager is a tool for role mining and attestation, ie it helps with compliancy verifications which is required by many businesses these days. Sun Identity Manager does not need Sun Role Manager if you just want to provision roles for your users, however, as it appears to be the case in your envirionment, the roles created by IDM are exported to SRM for compliance verifications.