Yodel Identity Management for Development for Yodel Ltd.
Summary
Complete, working design for a federated identity management system integrating Active Directory and OpenLDAP
Description
Like other similar organisations, Yodel have a relatively small central workforce staffing the administrative functions and sort centres, and a large number of drivers making deliveries. The latter are a mix of employees, contractors and the self-employed. They only require very limited systems access, typically to one or two mobile applications delivered via hand-held terminal devices (HHTs).
Identity management across Yodel’s core systems was managed using Microsoft Active Directory, but it was too expensive to extend this to all drivers. Yodel therefore asked me to look at a federated solution, using OpenLDAP for driver and similar accounts. This would need to support a complex role structure, and be fully integrated with existing on-boarding and off-boarding processes.
I developed a solution around a pair of microservices, one handling the interactions with OpenLDAP and Active Directory, another handling the user and role data and interactions with Oracle.
I created a fully worked-up design, including details such as the authentication process for HHTs. In order to make sure the design was viable I created a working test system, and documented the .NET and Java code required to perform key actions, including secure password management and audit functions.
The following shows key use cases supported by the solution:
Problems and Challenges
Complexities around using the federated accounts with Oracle applications Requirement for both simple "job roles" and more granular detailed access roles
Outcomes
Working and fully documented design ready for adoption in the next phase of development of the new core system
Timescale
October 2016 - January 2017
Tools and Technologies
Technologies: Active Directory, OpenLDAP, Oracle database, .Net and Java
Tools: Idea IntelliJ, Visual Studio, Jira/Confluence, VMWare Workstation
Abstract
A federated solution for identity management combining Active Directory and OpenLDAP, supporting a complex role structure, and fully integrated with existing on-boarding and off-boarding processes. I created a fully worked-up design with a test system and documented code required to perform key actions.