didmos is the powerful software for Identity & Access Management from DAASI International. It consists of six expandable open source modules which can be individually adapted to your infrastructure.
didmos – the IAM Software Suite
Everytime an organisation decides to establish an Identity & Access Management system, similar questions arise:
- How should data exchange operate among the different systems (data models, interfaces, access information etc.)?
- How can internal permissions be represented in the best way?
- How can specific organisational procedures (administration processes, self-service functions for users etc.) be modelled optimally?
Although these questions are similar in each organisation, their answers are always different and depend on the specific requirements and structures of the respective organisation. That is why proprietary standard software is often an unsatisfactory solution.
Modules for more flexibility
In contrast to a constrained standard solution, didmos is highly flexible, as it consists of six adjustable modules.
All modules are well coordinated with each other; together they form a flexible, broad and comprehensive Identity & Access Management system, that can be adapted to individual requirements and desires. Additionally, didmos provides ideal conditions to be integrated into your existing IT landscape through high standards compliance and and a strong focus on expandability.
In summary, didmos is not a proprietary standard software, but an individual and lasting all-in-one solution that adapts to all conditions and requirements with the help of its module structure.
The LDAP user interface, or LUI in short, forms the core of didmos and consists of three elements: a front-end component for administering users or for their self-administration, a backend for business logic and workflow engine, and a metadirectory as persistence layer. The workflow engine can, for instance, illustrate approval processes.
The LUI back-end allows for an endless range of possibilities to add different modules. As it is compliant with the international standard SCIM-v2 for the distribution of identities within a cloud, LUI is universally applicable. As this module is completely customisable, even your corporate design can be included.
Within the didmos framework, the authenticator is a universally applicable authentication tool. It can even work for all kinds of other applications. The modular structure, which makes the Authenticator highly flexible, allows for the it to be deployed in any SSO environment. The implementation of the SAML and OpenID Connect protocols enables users to login with either internal or external accounts, using i.e. social login via Facebook, Twitter, etc. This way users only need one account instead of setting up one account for each service they wish to use. The possibility to include the open source software PrivacyIDEA, ensures maximum data security with multi-factor authentication.
didmos Federation Services is a toolkit designed to help with the unique challenges of federated IAM environments. The toolkit is going to be continuously amended and expanded with the help of the community as well as by observing technological developments in the field. Each tool is designed in a way to allow them to seamlessly work with didmos modules, such as didmos Authenticator but can also be used as a stand-alone solution.
Pwd Synchroniser allows the event-based synchronisation of passwords from an Active Directory domain controller to other directories, such as OpenLDAP. The simple installation as a Windows service, the encrypted caching on the domain controller as well as the recording of the synchronisation processes make Pwd Synchroniser an effective module for the integration of Active Directory.
ETL Flow stands for extract, transform, load, workflow; accordingly it extracts data from different sources, such as ERP-, SAP-, XML-, or SQL databases to synchronize them in a central metadirectory. The crucial processes are identifying data based on weighted attributes (duplicate detection), merging data into one coherent data set based on automatically generated attributes (data harmonisation) as well as automated group formation.
Provisioner can transfer identity information into connected target systems in real time. Relevant changes are written as a JSON document into the queuing system RabbitMQ, from there a dedicated worker picks them up to install the changes in the target system. In order to do this, the worker relies on an ICF connector framework which allows the use of different interfaces, i.e. SOAP, REST, LDAP or SQL; or even individual connectors to integrate proprietary systems.
didmos Core is at heart of the didmos suite. It contains several functions for the administration of access control and objects (i.e. users and groups). All of the functions use REST webservices to operate, these include creating, deleting, and changing objects. Didmos Core was written in Python. It deploys the pertinent standard SCIM-v2 and can even define individual endpoints if a certain function is not set up by default in SCIM.
Didmos Core was developed based on flexibility and extensibility. It is highly adaptable to meet any possible requirement. In case of particularly specific requirements, it is possible to implement completely new generic functions. This way, developers are always able to accommodate individual needs. Developers can rely on fully tested components to minimise the risk of errors. Lastly, didmos Core also allows for the integration of customised applications with their own respective webservice interfaces to realise various specialised functions.
didmos is based on the latest open source technology and meets all the requirements for building a high-performance IAM system. In order to guarantee this quality in the future and to meet the individual requirements of innovative organisations, DAASI International is constantly developing didmos further.
If you would like to find out more about the features we are currently developing or which additional features are planned, you can access the actual roadmap in our public Wiki.
The source code of the individual modules of our current didmos version can be found in our GitLab at:
Become part of our developer community!
Behind every good open source solution, there is an active community. With the „didmos Users“ mailing list members have the opportunity to ask questions about didmos, and make suggestions for new features. Additionally, there will be regular updates on new features and updates for the software.
Apart from the open list, there is also a closed list „didmos Developer“. It caters to developers and allows them to discuss the code and the (further) development of the software. Membership is only granted upon request.
Everyone interested is welcome to join the user list. The registration page also includes the mailing list archive.
If you are interested in joining the developer list, or have questions about this list, please contact us.
In all didmos lists general communication rules apply.
When posting to the list please observe the netiquette as defined in RFC 1855 and the following general principles:
- The language of the mailing list is English. Nonetheless, German inquiries will of course also be answered, especially on the didmos Users list.
- Do some research before asking questions, please especially consult the FAQs and documentation first.
- Please always provide sufficient context: The list is not intended to provide time savings to some while using time resources of others. So please be precise and provide all background information so that likewise precise answers can be given.
- Contribute: If you know the answer to a question posted, please go ahead and help out with an answer. Answers do not need to be perfect and might nonetheless be helpful.
- Be polite, don’t SHOUT, don’t be rude and always bear in mind that there are different levels of technical expertise involved. No question is stupid and may be asked, please just make sure the question is not yet answered in the FAQs.
About the Lists
This list is for exchange of people and organisations on all didmos subjects. It is the primary community communication channel, where didmos users can exchange their experiences with the product, discuss features, and ask questions on configuration. The list will be monitored by DAASI International staff but there are no SLAs as to response times etc. If customers are interested in professional support with guaranteed response times and professional advice, we advise you to pursue a support contract, e.g. for help desk hours with a guaranteed first reaction within four business hours.
Anyone interested in didmos can subscribe to this list.
This is a list for those, that contribute to the code and / or the documentation of the project. Technical details on best practices, feature design, standard protocols used in didmos (e.g. SCIM, OIDC, etc.) and any other development related topics.
This is a closed list, mainly intended for exchange among the developers, which mostly are DAASI International staff and DAASI International freelancers. Anyone committed to providing code and / or documentation is nevertheless welcome to apply for membership.
Over the past years, didmos has grown tremendously. New modules and features have transformed the framework into a multifunctioncal and complex IAM suite.
The public DAASI International Wiki provides in their documentation a comprehensive guide and assistance for your IAM project.
didmos – Try Now!
Our demo version has not yet reached the maximum of possible functionality. However, we are continuously working on its expansion and regularly add new features for you.
User Name: superadmin
In addition to the online demo, you can also use the didmos demo deploy to test didmos locally in your own environment.
Enjoy the testing experience!
- OpenLDAP-Server – The persistence layer of identity management in didmos
- didmos Core – Implementation of essential processes
didmos Core, espacially SCIM-v2, is operable via a REST-Interface and directs the right management (of build-in RBAC-compatible Policy Decision Point) and also the storage of LDAP-servers.
- didmos Authenticator – Authentication and access management
- didmos LUI – A self-service interface, which, with the appropriate role membership, can be used as an admin tool
- didmos Provisioner – Provisioning of data in favor of arbitrary target systems
- An Active Directory as an example of a provisioned system
Configurated Features so Far
Selfservice / Authenticator
- Multi-lingual: the portal is available in multiple languages
- LDAP Login: login with LDAP password
- Social Login: login with social account (i.e. Facebook)
- New Account: creating a new account, including acceptance of terms and conditions or else, email verification, and password strength review
- My Data: displaying and changing separate files
For example, name and surname as boxes with just one value, telephone number with any values and unchangeable username and email address. It is possible to configure any arbitrary attribute. Additionally, all group and role memberships are displayed
- Change Password: option to change the password
- Request Admin Access: requesting the role “admin”. A request will be issued in the admin-portal, which can be accepted or declined by an officiate admin
- My History: logs and displays all changes of user attributes within your account including information about who they were implemented by
- Delete Account: option to delete the account
- Themes: configure individual designs via Themes. (Selected theme within the demo will not be saved, but can be implemented if desired)
- Logout: log out of the account
- Self-service: starts the workflow to retrieve a lost password
- Multi-Tenancy: different organisations can work with different sets of data at the same time
- Userlist : list of all saved users with the options to create new user, select users to change their information, deactivate or delete an account. Here, a new user can be registered in existing groups
- Grouplist: list of all groups with the option to create new groups and edit existing groups. It is further possible to add new members, delete existing members, or to examine certain user records
- Role Requests: edit requests with admin rights
- Lazy Loading: data is only loaded upon request
This infrastructure will be gradually expanded by:
- additional functionalities within the interface
- additional source as well as target systems
didmos is like modular system designed for flexible functionalities. This demo is a specific configuration of many different possible versions. Due to the set-up of didmos, nearly everything, especially in terms of design, can be realised entirely customised to meet your requirements.
What Services Does DAASI International Offer for didmos?
DAASI International of course offers the full range of services for their own software suite:
- Consulting: DAASI International is happy to consult you on the different possibilities of integrating didmos into you IT infrastructure. Of course, we can also support with any subsequent project with didmos.
- Configuration and Integration: DAASI International will gladly help implementing didmos within your IT landscape, and will configure didmos according to you instructions and requirements, all within the means of an introductory project.
- Development of Extensions: If one of your requirements cannot be met by didmos, DAASI International can develop the necessary solution directly in didmos for you. It is possible to encapsulate this particular piece of code in a way that it does not become part of the out-of-the-box solution, and thus is not automatically delivered to other customers. Nonetheless, we always prefer open source licencing, provided that the extension code does not contain confidential information.
- Managed Service Software Maintenance: DAASI International offers software maintenance contracts for the core software as well as customer-specific extensions, with a maintenance contract we can guarantee updates, bug fixing, and the maintenance of the in the project originally delivered functionality. This is an equivalent to 3rd level support in addition to the operation of a customer-specific test system, with which every new release can be tested.
- Managed Services Productive Operation: Moreover, DAASI International can take care of the productive operation by taking over monitoring, maintenance, reporting, and updates for the implementation. This can be provided for installations on servers (on-premise) or as SaaS solution, in the latter case DAASI International will host didmos in a German data centre.
- Helpdesk: The customer is responsible for the productive operation here. However, DAASI International will answer questions, and helps with errors with an SLA of four hours. Moreover, changes to the configuration can be ordered via the help desk contingent.
- Trainings: The experts of DAASI International will train your employees in regards to the set-up, utilisation, and maintenance of didmos.