DUO Application On-boarding

# Login to SailPoint.

# Navigate to Applications ---> Application Definition

# Select the Application Type as DUO and provide the required details.

# Navigate to Settings, provide the Duo Connection Credentials and Integration Credentials.

# Navigate to Schema, configure Account and Group object.

# Navigate to correlation and configure the attribute-based account correlation.

Ex: username -->bprLogin 

# Test the connection and preview the accounts

# Save

Note: 

Difference between the DUO Connection Credentials & DUO Integration Credentials :

DUO Connection Credentials : To read the accounts

DUO Integration Credentials  : To integrate with DUo mobile application

 

How to check Log4j version in SailPoint using rule?

 <?xml version='1.0' encoding='UTF-8'?>

<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">

<Rule created="1640624033221" id="ff8080817dee757a017dfcd00dc503e0" language="beanshell" name="Log4j 2 version">

  <Signature>

    <Inputs>

      <Argument name="log">

        <Description>`

          The log object is associated with the SailPointContext.

        </Description>

      </Argument>

      <Argument name="context">

        <Description>

          A sailpoint.api.SailPointContext object that can be used to query the database if necessary.

        </Description>

      </Argument>

    </Inputs>

  </Signature>

  <Source>

  String version = org.apache.logging.log4j.util.PropertiesUtil.class.getPackage().getImplementationVersion();

    return version;

  </Source>

</Rule>

Classic Ports to know

# 22 = SSH (Secure Shell) - log  into a Linux instance

# 21 = FTP (File Transfer Protocol)

# 22 = SFTP (Secure File Transfer Protocol) upload files using SSH

# 80 = HTTP - access unsecured websites

# 443 = HTTPS - access secured websites

# 3389 = RDP (Remote Desktop Protocol) - log into a windows instance

How to set up JVM property for Log4j 2 in SailPoint?

# To fix the Log4j 2 vulnerability, we have to add -Dlog4j2.formatMsgLookups=true in catalina.sh and iiq file.

# Navigate to iiq path

cd /opt/apache/bin

# Update the JAVA options (vi iiq)

JAVA_OPTS="-Xms128m -Xmx256m -Dsun.lang.ClassLoader.allowArraySyntax=true -Djava.awt.headless=true -Dlog4j2.formatMsgLookups=true"

# Save & exit (:wq!)

# Navigate to catalina.sh path

 cd /opt/apache/webapps/idenityiq/WEB-INF/bin

# Update the JAVA options (vi catalina.sh)

rem Register custom URL handlers

rem Do this here so custom URL handles (specifically 'war:...') can be used in the security policy

set "JAVA_OPTS=%JAVA_OPTS% -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dlog4j2.formatMsgLookups=true"

# Save & exit (:wq!)

# Restart the server.

./shutdown.sh

./startup.sh

How to apply E-Fix in SailPoint?

# First copy the ZIP file to identityiq location.

# Check the ZIP file in identityiq whether it is copied or not.

# Extract the ZIP file.

# Update all jars

# Restart the server.

===============================################============================

# cp /home/sudo/idenityiq-8.1-8.1p3-IIQCB-4601.zip /opt/apache/webapps/identityiq

# cd /opt/apache/webapps/identityiq

# ls -ltr

# unzip idenityiq-8.1-8.1p3-IIQCB-4601.zip

# A (Shift+A)

# cd /opt/apache/bin

./shutdown.sh

./startup.sh

How to copy Jar/ZIP file from S3 bucket (AWS-EC2 instance) to Linux server?

# aws s3 cp s3://S3 Bucket Name/Jar File /home/Root User or Any user/

# aws s3 cp s3://iamdir-OIM-dev-vendorbinaries-s3/jd-gui-1.6.6.jar /home/sudo/