More than 30 IDM realisations in Czech Republic and abroad

AMI Praha Reference Upgrade AIM
Česká pošta

Upgrade AIM

Česká pošta

The SUN Identity Manager application, which is used to centrally manage accounts and roles between individual IT systems, has been upgraded from version 6.0 to version 8.1.

Project goal

The aim of the project was to convert the functionality of central account and role management in SUN Identity Manager (IDM) from version 6.0 to version 8.1.

As part of this upgrade, a development environment for the IDM application was to be created, including connected systems (such as SAP, MS AD, LDAP).

At the same time, the code had to be refactored to be easily portable between the different environments (development-test-production). This involved unifying the infrastructure of these environments.

Project description

The project team consisted of a project manager, senior architect and junior IDM specialist (AMI Praha) and senior IDM specialist (Tempest). A senior architect from SUN Microsystems, which implemented the original Identity Manager solution, also participated in the analysis.

The customer’s side of the project was represented by a project manager, an architect, about 6 specialists on sub-issues (e.g. AD, SAP, certificates, LDAPs, operations) and one security representative.

The project schedule was fulfilled up to the analysis and design phase. Then it was extended by almost 6 months mainly due to lack of capacity on the CP side.

Solution description

Original state before the start of the project

The SUN Identity Manager application (version 6.0) for identity and role management has been implemented at the CP in a test and production environment. Due to the differences in these environments, the configuration of the application was also different, in addition to several places directly in the code. SAP (internal user source), LDAP (external user source and managed system), MS AD (managed system), QCA and VCA (certificate source) and czpLDAP (managed system, which serves as the identity source for the second IDM, the so called CzpIDM (version 7.1) is in the CP DMZ and manages accounts on NovellLDAP (data source for the CzechPoint application) and assigns certificates from QCA and VCA to them.

The application was slow and some bulk actions like certificate reconciliation or synchronization from SAP took days.


The analysis mapped all functionality that was to be retained. According to the project objectives, a new infrastructure for all environments was then designed, the exact migration procedure to the new version including data migration and the necessary code refactoring.

Target state

The infrastructure was built on the development and test environments according to the production environment and the SUN Identity Manager application in the latest version 8.1 (now Oracle Waveset) was installed. Within the application, all functionality was migrated to the new version and environment dependent variables were parameterized into a single configuration file for easier code management and better portability between environments. Adapters were used to connect the end systems, which allowed less interference with functionality compared to the newer connectors. As part of the upgrade, IDM performance was optimized for bulk process processing and selected functionality modifications (certificate matching and role management) were made.


  • Latest version of IDM 8.1 with support until 2017
  • Connection to Microsoft Active Directory 2008 R2 64bit and Exchange 2010
  • Ability to debug operational issues and fix them more easily
  • Order of magnitude faster bulk operations
  • Matched environments (development-test-production) allow for better testing and easier development of new functionality
  • Better code management through the use of SVN (versioning system) and NetBeans IDE for IDM

Another projects for the client

Are you interested in this reference?