|
|
-
For almost two years, I have been part of the team developing Microsoft Identity Lifecycle Manager "2." I've been on that project almost from its inception, first as a program manager, and now as a developer. So I will devote a series of posts to telling you about the product, with the intention of providing a view of its innards.
Microsoft Identity Lifecycle Manager "2" provides these facilities:
- The synchronization of passwords, and data concerning users, groups and other types of entities, among the various data stores of an enterprise. This functionality was inherited from the legacy product, Microsoft Identity Integration Server 2003, and incorporated wholesale in Microsoft Identity Lifecycle Manager "2."
- Self-service smart card management. That functionality was inherited from a product that Microsoft purchased from Alacris, and released last year, along with an update to Microsoft Identity Integration Server, as Microsoft Identity Lifecycle Manager 2007.
- Self-service distribution list and security group management.
- Self-service personnel information management.
- Self-service password re-set.
The third beta was made available in July, and we are currently progressing toward a release candidate.
The most important concept in the product that of organizing things into sets. Hence, that will be the subject of my next post.
|
-
Recently, I had to write a test case that posed an interesting problem.
The product that I am working, Identity Lifecycle Manager "2" uses the concept of sets. Sets are defined by XPath filter expressions. When a user submits a request to create, read, update or delete a resource, then that resource, as well as associated resources, may transition into or out of any number of sets.
We have a Request type for representing user's requests, and when we determine the set transitions that will result from a request, we add the information about those set transitions to the Request object. Each set transition is represented by a piece of XML that looks roughly like this:
<SetTransition>
<ResourceIdentifier>xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx</ResourceIdentifier>
<SetIdentifier>xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx</SetIdentifier>
<Join>1</Join>
<Leave>0</Leave>
</SetTransition>
A Request object has a SetTransition property of the ReadOnlyCollection<string> type, with each string in the collection being an XML representation of a set transition. We don't have to reason about the set transitions programmatically any further in our C# code, so it suffices that they are exposed as strings of XML, rather than as strongly-typed objects.
Now, in my test case, I create a Request, dip it into the part of our request processor that figures out the set transitions, and then decide whether it calculated the set transitions correctly. It should be apparent that deciding whether the set transitions were calculated correctly is a matter of querying a .NET collection of strings of XML, to determine whether that XML contains the correct data.
As a general solution for querying data of any sort, LINQ seemed to be the appropriate tool for the job, and that did turn out to be the case. Specifically, it was possible for me to craft my test so that I could ask, in a single statement, whether the transitions of two particular resources into two particular sets was detected:
var count =
(
from document in
(
from item in request.SetTransitions
select XDocument.Parse(item)
)
where
(
( //There is a transition to or from the set.
(
from element in document.Descendants()
where
(
(
( string.Equals(element.Name.ToString(), "SetIdentifier", StringComparison.Ordinal))
&&
( string.Equals(element.Value, setIdentifier.GetGuid().ToString(), StringComparison.Ordinal))
)
)
select element
).Count() == 1
)
&&
( //The transition is to the set.
(
(
from element in document.Descendants()
where
(
(
( string.Equals(element.Name.ToString(), "Join", StringComparison.Ordinal))
&&
( string.Equals(element.Value, bool.TrueString, StringComparison.OrdinalIgnoreCase))
)
)
select element
).Count() == 1
)
&&
(
(
from element in document.Descendants()
where
(
(
( string.Equals(element.Name.ToString(), "Leave", StringComparison.Ordinal))
&&
( string.Equals(element.Value, bool.TrueString, StringComparison.OrdinalIgnoreCase))
)
)
select element
).Count() == 0
)
)
&&
( //The senior manager and the president are transitioning.
(
from element in document.Descendants()
where
(
(
( string.Equals(element.Name.ToString(), "ResourceIdentifier", StringComparison.Ordinal))
&&
(
( string.Equals(element.Value, seniorManagerIdentifier.GetGuid().ToString(), StringComparison.Ordinal))
||
( string.Equals(element.Value, presidentIdentifier.GetGuid().ToString(), StringComparison.Ordinal))
)
)
)
select element
).Count() == 1
)
)
select document
).Count();
if ((int)count == 2)
{
FilterEvaluationTest.WriteColoredLine(ConsoleColor.Green, "Recursive transitions are anticipated.");
}
else
{
return;
} So, there you have it: a single C# LINQ statement that does the equivalent of looping through an array of strings of XML, parsing each of them, looking for particular values.
|
-
Yes, when I was a teen in the '80s, I was guilty of creating a mix tape, and worse, of giving it to someone. I learned from that experience that musical tastes are very personal, and that it is truly phenomenal that any artist is able to sell records to more than one person, yet less, in some cases, millions of people.
So I generally don't discuss music with folk. I listen to my music, and they presumably listen to theirs. (Although, actually, if they happen to pull up next to me at a traffic light on a sunny day, when I have the top down on the Mustang, then they will in fact be listening to my music, but that's another issue.)
In this case, I have a selfish reason for expressing a musical preference. It is for a band that is huge in the UK and Europe, but which has not quite broken through in the US yet--well, not until this week anyway, when their latest album went into the top 10 in its first week fo release. If sufficient records get sold in the US, then they'll play live dates in the States, and I'll get to see them, which, from videos of their live performances, is evidently quite a fabulous experience.
Anyway, the duo in question is "Goldfrapp." If you like Moby or perhaps Dido, then do try Goldfrapp. I'd recommend starting with the Supernature album, their third, and then moving on to Seventh Tree, the new fourth album in their oevre. If you buy track-by-track, then I'd recommend, "Fly Me Away," "Ride a White Horse," "Cologne Cerrone Houdini," "Number 1," and "Strict Machine." That should get you hooked if they are at all your kind of thing.
|
-
Back in November, I added a post about how to get SharePoint and a regular ASP.NET application to co-exist, something that got easier with Windows Sharepoint Services 3.0.
But what if that other application is not a regular ASP.NET application of your own making, but Exchange 2007 Outlook Web Access?
Certainly, it would be uncommon to have those two applications deployed together on the same box, but if you are evaluating, or testing applications built on top of, Microsoft Identity Lifecycle Manager "2," then the scenario may be one that presents itself. Here on the Microsoft Identity Lifecycle Manager "2" development team, we commonly use what are called "all-in-one-boxes" for initial testing: domain servers with Exchange 2007 running locally, along with Windows SharePoint Services, and Microsoft Identity Lifecycle Manager "2" itself. At least, I hope that this post might help someone scratching their heads about Internet Information Services 7 administration.
Anyhow, here is trick:
1. Open the Internet Information Services manager.
2. Add an application called EWS to the SharePoint site. Configure its basic settings so that they are identical to those of the EWS application that will have been installed under the default site by Exchange 2007.
3. Do the same with an application called owa: under the SharePoint site, duplicate the owa application that Exchange 2007 installed under the default site.
4. Choose the SharePoint site, and select Edit Bindings. Add a binding for https that duplicates the default site's bindings for https.
|
-
I subscribe to a bunch of IT industry e-mail newsletters. Yesterdays mail from CIO Insight was headed, "Slowdown in IT Hiring." Today's mail, from the same source was headed, "IT Employment Hits New Highs." Turns out that the same dude wrote both--Eric Chabrow. Does even he not read his stuff?
|
-
Intel's announcement of its Canmore chip at the Consumer Electronics Show in Las Vegas seems to me to augur real convergence in digital media. According to the report in The Seattle Times, "[the Canmore chip packs high-end audiovisual processors, a 3-D graphics card and TV tuner capabilities alongside a PC processor core. It's designed for TVs, set-top boxes, stereos and other consumer-electronics gear that will be able to access the Internet without the help of PC."
That's what one wants, I think. Convergence in this space will not be accomplished by having all kinds of media come to you via your PC, but rather by having all kinds of media come to you via your TV. Your TV already brings you television broadcasts, on-demand content, DVD movies, console games, and photos retrieved from some location on your home network. The only thing missing here is a decent Internet experience.
Canmore is one of the two pieces that is required. The other piece is a piece of software that makes broadcast content retrieved via a TV cable or satellite dish, and Internet pages readily browsable and usable as if they were all the same thing. Picture various cables going into the back of any convergence device, and a souped-up browser on the TV that makes content from all of those sources readily browsable and usable.
|
-
It turns out that if you have an Alienware Area 51 desktop, you need a rather unusual power cable in order to get the thing plugged into the wall. Whereas home computer power supplies invariably take a power cable with a C14 or C15 connector, the Area 51 power supply takes a power cable with a C19 connector. No, you can't buy a power cable like that at Fry's. Infinite Cables in Markham, Ontario, Canada, took my order via their Web site late on Friday December 21st Pacific Time and got the cable to me early on the morning of December 26th, in spite of it having to cross a national, customs border Needless to say, I'll be buying any kind of cable I ever need from them in future.
|
-
-
|
Goto Control Panel -> Security -> Windows Firewall -> Allow a Program Through Windows Firewall -> File and Print Sharing -> Apply
|
-
|
In IIS 7, create a new Application under the SharePoint Web Site, and select the Classic .NET AppPool as the application pool. Just works. No need to explicitly exclude the path from SharePoint management.
|
-
|
I find it extremely useful to be able to send files to NotePad from Windows Explorer, by right-clicking and choosing NotePad from the Send To menu. (Especially because our system for building and testing code depends on "dirs", t[est]dirs", "sources" and "t[est]sources" files that don't have extensions.) Of course, NotePad is not in the Send To menu by default. This tip from 2002 tells one how to add items to the Send To menu, but the directions do not apply to Windows Server 2008, on which, (a) the Documents and Settings folder exists, but is not accessible, even to an administrator with User Account Proctection turned off, and (b) the Send To folder is to be found elsewhere. On Windows Server 2008, if you want to add items to your Send To menu, you can find the Send To folder under C:\Users\<your user name>\AppData\Roaming\Microsoft\Windows. Note that the AppData folder is a hidden folder by default.
|
-
-
-----------------------------------------------------------------------------------------------------
Microsoft offers a broad range of technologies and products to enable a customer’s identity and access infrastructure. This web-cast and virtual lab series is designed to educate Technical Decision Makers (TDMs), and IT Professionals about Microsoft’s IDA solution areas centered around the following products:
- Windows Rights Management Services (RMS)
- Active Directory Federation Services (ADFS)
- Microsoft Identity Integration Server MIIS)
- Certificate Lifecycle Manger (CLM)
- Active Directory (AD)
These webcasts are structured under different categories. The categories take attendees from Product/Solutions Overview, what the product is and how it can help the customer’s infrastructure, to Deployment, and through the different categories to, “What is New for the Future”.
To register for any if these webcasts, including our kickoff webcast: “Identity and Access Vision and Strategy”, visit this link: IDA Webcasts
We will be adding more webcasts to this list, so please be sure to visit the site again!
-----------------------------------------------------------------------------------------------------
|
-
|
Connected Systems Division |
|
|
|
|
|
Summary |
|
Early-Adopter Program for MIIS 2003 SP2 with the Management Agent for SAP now OPEN!!! |
|
Valued Partners, Customers and MIIS Development Community,
I am writing to announce that MIIS 2003 SP 2 and the Management Agent for SAP are available now to MIIS 2003 SP2 Early-Adopter Program participants.
A list of what’s new in this release is provided below.
Our Early-Adopter Program actually incorporates a Supported Technology Adopter Program (the “TAP”) and an Unsupported Beta Program.
It provides access to both MIIS 2003 SP2 and the new Management Agent for SAP. The Management Agent for SAP will require MIIS 2003 SP2.
Customers accepted into the TAP will enjoy free support through the migration to MIIS 2003 SP 2, as well as opportunity to provide feedback to improve the quality of the release.
This provides a valuable opportunity to reduce your risk and deployment time through an upgrade that requires moving your MIIS production database onto SQL Server 2005, and your rule extensions to .NET 2.0.
An important requirement for participating in the TAP is a commitment to deploy MIIS 2003 SP2 into production by the end of January 2007.
Customers who are not participants in the TAP can still enjoy early access to the release, and will have structured opportunities for feedback.
Please read on for details on how to enroll in the program.
For more information, please email miissp2b.
We look forward to working with you in the MIIS SP 2 Early-Adopter Program!
| |
|
|
|
MIIS 2003 SP2 Overview |
|
What’s new with MIIS 2003 Service Pack 2? |
|
o Option for using SQL Server 2005 as the meta-directory data store
o Rule Extension development in Visual Studio 2005 for execution on .NET 2.0
- New Management Agents for Integration with Microsoft Technologies
o Microsoft Active Directory and Active Directory Application Mode (ADAM) on Windows Server 2003 R2
o Microsoft Exchange Server 2007 Identity Integration Feature Pack
o SQL Server 2005
- New Management Agents for Popular non-Microsoft Technologies
o SAP 4.7 and 5.0
o Oracle 10g
o Revised MA for Lotus Notes 7
o Microsoft Active Directory access over SSL
o Rule change preview
- Quality and Performance Enhancements
| |
|
|
|
|
|
|
The MIIS 2003 SP 2 Early-Adopter Program |
|
Program Structure and Benefits and How to Enroll |
|
- The Early-Adopter Program incorporates both a Supported TAP and an Unsupported Beta Program
- Benefits of Participating in the Beta Program
o Early access to MIIS 2003 SP 2 and the Management Agent for SAP
o Provide feedback to the Microsoft development team to improve the quality of the release
- Additional Benefits of Participating in the Supported TAP
o Customers accepted into the TAP will enjoy support through the migration to MIIS 2003 SP 2
o The upgrade may entail moving the MIIS database onto SQL Server 2005 and will require moving rule extensions onto .NET 2.0, and our TAP provides a valuable opportunity to reduce risk and deployment time.
o We will coordinate with you to ensure that support is available when you deploy into production.
o Support will be made available via telephone and e-mail during your scheduled deployment into production, and provide fixes if necessary.
o We will also provide telephone and e-mail support for the migration from the pre-release versions to the final released version.
o There is one nomination process for both the Supported TAP and the Unsupported Beta Program.
o To enroll in the program, you will complete a nomination form on the Microsoft Connect site, as explained below.
o Instructions will be provided by mid-November for downloading the MIIS 2003 SP 2 installation package from the Microsoft Connect Site.
o Everyone who completes the nomination form will be given access to the release.
o Based on information provided in the nomination form, we will invite a small number of customers to join the TAP.
o To participate in the TAP, you must have an existing production deployment of MIIS 2003 SP 1.
o You must commit to deploying MIIS 2003 SP 2 into production by January 2007.
o You are responsible for licenses for Windows Server 2003 Enterprise Edition, SQL Server 2005, and Visual Studio 2005 and other technologies.
o You must complete the nomination form, and complete the survey at the end of the program.
o Visit the Microsoft Connect Site.
o Sign in using a valid Windows Live ID account.
o Select Available Connections.
o If you plan to use the Management Agent for SAP, locate the MIIS 2003 Management Agent for SAP Early-Adopter Program in the list and select the Apply link to the right.
o Customers not planning on using the SAP Management Agent should locate the MIIS 2003 SP2 Early-Adopter Program entry and select the Apply link to the right.
o Select I Agree on the Terms and Conditions page.
o Complete the Registration form.
o We will be in touch my mid-November with an update on the status of your nomination and instructions for downloading the software.
|
|
| |
|
|
|
|
|
|
© Microsoft Corporation 2006
|
|
-
- For the LiveTrace.zip, as well as any code archive you download from a trusted source on the 'net, right-click on the zip and choose "Unblock" before extracting. That will allow you to avoid the "this project does not come from a trusted source" crap in Visual Studio. (And I say, "crap" not because the warning isn't a good thing, but because the feature isn't properly documented, so you have to find out tips like the one above on people's blogs).
- If you are having trouble with building the solution (and I will update the zip to repair these issues),
- Remove the test applications from the solution
- Remove the icon copy post-build event from the LiveServiceTraceViewer project.
- For self-hosted services, you need to follow the preferred practice of explicitly identifying your Base Addresses. The Live Trace Listener keys off the event of the service host binding to a base address to recognize that a service is coming online. Should have mentioned that in the documentation. Evidently I also emit crap.
- Yes, it relies on MSMQ (which is why I don't call it the "Real-Time Trace Viewer"). Neglected to mention that in this version of the documentation=more crap from me -- no wait! a queue is right there in the diagram. But I believe that the Viewer detects whether MSMQ is avaiable and tells one to install it if it is not.
|
|
|
|
