Skip to content

volkerhehl/IDM-Vision

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits

config

config

 
 

const

const

 
 

controller

controller

 
 

helper

helper

 
 

lib

lib

 
 

middleware

middleware

 
 

plugins

plugins

 
 

public

public

 
 

resources

resources

 
 

router

router

 
 

sql

sql

 
 

views

views

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

app.js

app.js

 
 

package-lock.json

package-lock.json

 
 

package.json

package.json

 
 

Repository files navigation

IDM Vision

SAP IDM content browser and system monitoring
(c) 2020 Volker Hehl
Licence: MIT

Requirements

  • Windows (other OS may work too)
  • Git: https://git-scm.com/downloads
  • Node.js V12: https://nodejs.org/en/download/releases/ (other versions may work too - V14 currently don't work with the node-sspi module, if you need V14 but no AD user authentication, delete node-sspi from package.json before npm install)
  • Node.js build tool chain: check "Tools for Native Modules" during Node.js setup
  • SAP IDM V7.2 or V8 (other versions may work too)
  • Currently only MSSQL server supported!

Jump Start

Running IDM Vision locally, accessible without any authentication!

Install

git clone https://github.com/volkerhehl/IDM-Vision.git
cd IDM-Vision
npm install

Configure

Create config files from samples

cd config
copy idms-sample.yaml idms.yaml
copy main-sample.yaml main.yaml

Edit IDM DB connection(s) in: config/idms.yaml

idp:
  name: IDP
  description: IDP - Production
  realm: prod
  dbtype: mssql
  dbconfig:
    server: sqldb-server-hostname
    database: IDP_db
    user: IDP_user
    password: password***

    # Depending on the server configuration, you may need to add this:
    options:
      encrypt: true

Run

cd ..
node app

Open locally: http://127.0.0.1:7000

Run as Windows service

Install service using NSSM

Download NSSM: https://nssm.cc/download

Create a new service from console

nssm install IDM-Vision

Fill GUI Fields

  • Path: path to Node.js binary, for example: C:\Program Files\nodejs\node.exe
  • Startup directory: path to IDM-Vision, for example: C:\IDM-Vision
  • Arguments: app

Click Install service button

Enable Authentication

IDM-Vision authentication works in three steps:

  1. Authentication
    Currently only SSPI (Windows ADS) authentication available

  2. IDM User matching
    Find MX_PERSON via AD sam account name attribute matching

  3. IDM Privilege matching
    Find entry relations (eg. privileges) on MX_PERSON and map it to IDM-Vision roles

IDM-Vision Default Roles

  • admin - full access including admin menu
  • superuser - full acces without admin menu

Configure

Edit config/main.yaml

Remove

auth:
  method: anonymous

Add

auth:
  method: sspi (currently only SSPI authentication available)
  domain: <active directory domain name>
  source: <IDM, which contains AD-users ... must be configured in idms.yaml>
  userAttr: <MX_PERSON attribute, which matches AD sam account name>
  userNameAttr: <MX_PERSON attribute which contains user clear name>

  entries: (enable IDM entry relation matching)
    admin: (IDM-Vision admin role)
      - <MX_PERSON relation entry to activate admin privileges>
    superuser: (IDM-Vision superuser role)
      - <MX_PERSON relation entry to activate superuser privileges>

Example

auth:
  method: sspi
  domain: mydomain
  source: idp
  userAttr: P_ADSLOGON
  userNameAttr: DISPLAYNAME

  entries:
    admin:
      - PRIV:IDMVISION_ADMIN
    superuser:
      - PRIV:IDMVISION_SUPERUSER

List all privileged users

To list all Users matching IDM-Vision roles, you need admin privileges.

About

SAP IDM content browser and system monitoring

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Languages