| Subcribe via RSS

SailPoint IIQ: Move Over, Rover

I’m getting ready to do some customer training on Sailpoint IIQ v6.0. Getting ready for the trip has been a good impetus to get my rear end in gear and get up to date. I’ve been running Sailpoint IIQ v5.5 “bare metal” on my MacBook Pro pretty much since Sailpoint IIQ v5.5 was released. I have procrastinated getting Sailpoint IIQ v6.0 installed on my laptop. (Mainly because I have Sailpoint IIQ v6.0p5 running in the mad scientist lab on ESXi accessible via VPN.)

Side By Side Approach

So, it was time to install Sailpoint IIQ v6.0, but… I don’t and didn’t want to obliterate my Sailpoint IIQ v5.5p6 installation; I have too many customizations, test applications and rules I don’t want to loose and still want to be able to run live. I’ve been running Sailpoint IIQ with a context root of /identityiq and with a MySQL database user of identityiq.

When I run multiple versions of Sailpoint IIQ side by side on the same machine, I’ve adopted the practice of running each installation as /iiqXY where XY is the version number. So I wanted to run /iiq55 and /iiq60 side by side from the same application server. (I could also take the approach of running multiple instances of application server and run one installation from one port, say 8080, and another from another port, say 8081.)

So how to “lift and load” the existing installation at /identityiq to /iiq55 without reinstalling everything and re-aggregating all my sources? Here’s what I did.

DISCLAIMER: I’m neither advocating nor de-advocating this. Do this at your own risk, especially if your environment differs from mine. I make no claims or warranty of any kind. This worked for me. If it helps you… great.

The Environment

Here was my environment:

Operating System Mac OS X, Mountain Lion, v10.8.3
Application Server Apache Tomcat v6.0.35
JRE Java SE JRE (build 1.6.0_43-b01-447-11M4203) (64-bit)
SailPoint IIQ SailPoint IIQ v5.5p6
IIQ Database MySQL 5.5.15

Shut Everything Down

First, I shut everything down. This basically meant just spinning down the entire Tomcat application server. The command you might use and the location of your application server scripts may differ:

$ cd /Library/Apache/Tomcat6/bin
$ ./shutdown.sh

More »

Tags: , , , ,

Quick Guide to Rebranding SailPoint IIQ

January 18th, 2012 | No Comments | Posted in IdM Engagement, Vendor Specific

So you’ve got Sailpoint IIQ all installed and humming on your enterprise servers, and your boss walks in and says “My boss says the CIO wants this rebranded for better internal look and feel, to keep confusion down for identity self-service requests. Can you have it done by Monday?!”

Your answer, even if it’s Friday, should be “Yes, sir!!” Here’s how you can do it, covering just the basics. In this exercise, we’ll cover rebranding:

  • The login banner page
  • The IIQ headers on each page, and…
  • The overall CSS colors on each page providing the final L&F

Let’s get started.


The tools and “skillz” you will need (as they say) will actually lean more on the graphics side than on the Java or HTML development side for this exercise. In fact, other than careful and proper placement of the resulting graphics files inside your deployed application and application server file system, graphical capabilities and understanding of CSS are going to be your primary concerns. If you are not very good at handling a graphical editor like Adobe Photoshop or GIMP, now’s the time to call your friend, Sally, over in Marketing to lend you a hand.

Assuming you know where Sailpoint IIQ is “rooted” on your application server, we’re going to graphically reconstitute a few files. We’ll assume a Tomcat installation here, which should carry over quite nicely for a JBoss AS installation as well. WebSphere, Glassfish, WebLogic and you other app server flavored peeps out there, try to follow along.

For Tomcat, assuming an installed/deployed path of /srv/tomcat6/webapps, you should/would have /srv/tomcat6/webapps/identityiq for your application root. So then, we’re going to graphically reconstitute:

  • $APP_ROOT/images/login.gif
  • All the header*.gif files in $APP_ROOT/images and…
  • identityIIQ-logo.gif

Furthermore, we’re going to, at a bare minimum, twiddle the background-color CSS attribute on five (5) CSS files. We’ll detail all that when we get to the section on CSS.
More »

Tags: , , , , , , , , ,

Developer Tomcat Settings for Sailpoint IIQ Sandboxing

October 10th, 2011 | No Comments | Posted in IAM Development, IAM Engagement

Working on IAM projects and out on client sites for Qubera Solutions, our technical peeps all have developer sandboxes we use for prototyping, setting up read-only connectors to outlying systems (eg. PeopleSoft, AD, LDAP, JDBC connections, etc.), doing RBAC analysis and just about anything GRC related. We sandbox just about everything we can or run pre-configured VMware VMs on laptops outfitted with as much memory as we can. (My Macbook Pro is spiked out at 8gb RAM.)

Generally we use Tomcat for the app server piece but not always. None of this is earth-shattering news. Any developer or integrator of note at Any Company USA and around the world is going to have at least “A” sandbox running if not multiple. Just whether those sandboxes are configured and tweeked properly is going to be the only question, really.

As it relates to Sailpoint IIQ, first of all, me running a Macbook Pro, it’s technically “not supported.” But the IIQ deployment, like Oracle Waveset, is just a WAR. For the middleware piece (the DB layer aside), you essentially deploy a WAR, import your objects from XML, and you are off and running. Nevertheless, the “non-supported” aspect of a MacBook tended to rear its ugly head and I had frequent hangups in Tomcat until I tweeked a few things. It turns out setting my JAVA_OPTS to the following not only helps, but seems to be recommended from a trusted source. (I don’t have permission to credit here, much as I would like, so just take it for what it’s worth.)

I’ll “split this up” in a syntactically correct way so this doesn’t extend the page on the blog entry, but you can put these settings all on one line; hopefully that is obvious:

JAVA_OPTS="-server -Xms3072m -Xmx3072m -XX:NewSize=1024m -XX:MaxNewSize=1024m"
JAVA_OPTS="$JAVA_OPTS -XX:MaxPermSize=1024m -XX:CodeCacheMinimumFreeSpace=2M"
JAVA_OPTS="$JAVA_OPTS -XX:ReservedCodeCacheSize=64M"
JAVA_OPTS="$JAVA_OPTS -Dsun.lang.ClassLoader.allowArraySyntax=true"

More »

Tags: , , , , , , , , , , , , , , , ,