Ben Walter has been working as an Identity, Security and Access Governance Specialist for over 15 years in differing roles across various sectors in Australia and New Zealand, each having their own unique requirements and constraints.

You can view a timeline of illicit actors against these systems here Illicit Actors.

Currently employed with EY Identity, building a better working world with our customers.

While Ben has had exposure to the varying product suites, the majority has been with the Micro Focus/NetIQ products. During this time he has written the following articles:

MaxMind Precision GeoLocation for Access Manager 4.4.4+This setup is based on @csr‘s Maxmind Geolocation Provider for Risk Based Authentication with NAM 4.1 Cool Solution. You can safely have both JAR files in the IDP’s lib directory.
(27th Mar '19)
Reporting Events to AbuseIPDBAbuseIPDB is a project dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet.
(10th Aug '18)
Using Identity Manager Roles as Access Manager RolesThis aims to join the dots between Identity Manager Role(s) and Access Manager Role(s) in a dynamic way.
(15th Feb '18)
DNSSEC, SPF, DKIM and DMARC explainedSecuring email authenticity can be easy, once you have everything in place. Trying to find a single location with all the information can be a little more difficult.
(23rd May '17)
Generic Identity, Security and Access Management DiagramWe were trying to hunt for a diagram that showed a combined, generic consolidated overview of Identity, Security, and Access Management that was slightly biased towards Micro Focus. After a few hours on Google, we gave up and created our own.
(16th May '17)
Auto Build a Designer Package Repository from built PluginsUsing packages, to manage code between your IDM environments, allows for consistent transfer of code and easy management. Sharing packages between multiple team members can become cumbersome, unless you setup your own repository.
(6th Mar '17)
Header issues with IDM Applications on TomcatWe experienced two issues with User Application v4.5 running on Tomcat. The first issue has been mentioned quite a few times on the forums and ncisrael provided a fix for. This is the issue of Compatibility Mode in Internet Explorer where the Header Portlet does not show.
(21st Jan '16)
IDM 4.5 OSP SAML2 SOAP EnvelopesFor those that missed the unclear documentation, only NetIQ Access Manager is "supported" for SAML 2.0 into OSP. Future releases are planned to make this actual federation (i.e. any IDP), but that is some time off.
(11th Dec '15)
Understanding Sentinel disk usageEveryone knows that Sentinel is a great product, but with a great product comes great disk usage (even with secondary configured). This article is meant to be a guide only to how the disk is used and some recommendations that may assist in managing this disk usage. The sizes below are based on our single production server that monitors AD and eDir, so is not HA or large scale enterprise.
(2nd Oct '15)
Identity Manager Applications, PAT, and FirewallConsider this common scenario: The Identity Manager applications (IDMProv, osp, dash, landing, sspr) all running on the one instance of Tomcat; You want to PAT (Port Address Translation) from 80/443 to 8080/8443 so you utilise common URLs without ports; Tomcat needs to run as novlua and therefore can not bind as 80 or 443. This presents a challenge, especially if you wish to use the SuSEfirewall2.
(28th Sep '15)
Forwarding Sentinel events to BMC with MSENDIf your Enterprise Operations Management solution is the BMC suite, Sentinel can easily be configured to send correlated event information using the msend binary as an Execute Action.
(15th Sep '15)
Making Identity Tracking work with Microsoft Active Directory completelyWhile Identity Tracking (IdT) is a powerful add-on that allows you to view an identity’s activity from a holistic approach, there are some limitations due to restrictions by the event source.
(14th Aug '15)
Access Manager Local Firewall on SLESPreviously I had posted a script for port redirection on the Identity Server. I’ve since found this doesn’t work too well when the local SLES firewall is enabled. The following is a better solution.
(14th Apr '15)
Access Manager SSO to Remedy ARSRemedy ARS can be a powerful tool for managing parts of the ITIL framework. A powerful tool also requires powerful access controls. NetIQ Access Manager can easily be configured to control access to Remedy while still making it less cumbersome for end users.
(26th Jan '15)
Recovering Sentinel Partitioned Event Data from Raw DataWe encountered a very rare event where the Event Partition Data (index of raw event data) failed to be written to the secondary storage. While the compressed raw data was still intact and written to the secondary storage, it could not be queried as the index of its content was missing.
(9th Oct '14)
Sentinel Backup ScriptsThese two scripts simplify the management of Sentinel Backups by only keeping the last 2 of each (daily/full) compressed backups.
(28th Aug '14)
Sentinel PostgreSQL Maintenance ScriptSentinel’s PostgreSQL database can take up a large amount of disk space, especially if you are utilising the Sentinel Identity Tracking solution. This is a result of the way PostreSQL functions. When a row in a table is deleted or updated, it is only marked as such and the physical disk space is not tagged as re-usable. These are called tuples and are cleaned up by calling the VACUUM function.
(25th Aug '14)
Resolving Sentinel's Certificate Constraint IssueSome of you may have struck the Certificates does not conform to algorithm constraints issue with Sentinel and been a bit confused by the original response of “A proper resolution is to use custom certificates on the logging applications that use strong encryption (key sizes of 1024 or more). Once all applications have been updated, the restriction can be put back in place.” as stated in TID 7014219.
(22nd Aug '14)
Sentinel Log ParserSentinel 7 writes Performance Snapshots to the server0.0.log file every 15 minutes with information that can be useful for diagnosing performance issues and planning expansions of the solution.
(21st Jul '14)
Securing JBoss with User ApplicationA lot of this content was taken from this URL, but I’ve listed here what is required for most situations. First, we’ll assume that JBoss and User Application have been installed at the default location of /opt/novell/idm/ and that the Advanced/Provisioning module has been installed with the default context of IDMProv.
(28th Jan '14)
Sentinel Dynamic List and Map Data Add/Remove ScriptThis single script allows for adding and removing of Dynamic List or Map Data lines.
(29th Aug '13)
dxcmd switchesSo, I was having a problem on a server that had more than 1 NIC but eDirectory was attached to only one of the IPs. When I’d run dxcmd, it would continually attach to the NIC that didn’t have eDirectory bound. For the life of me, I couldn’t find documentation on how to specify the IP address for dxcmd and any of the standard windows help switches ( /?, etc) were not working (of coarse I didn’t try the *nix switches as this was a Windows installation).
(26th Jul '13)
Identity Server Port Redirection ScriptAs described in TID 7008345 – 300101016 error diplayed at the browser when IDP server accelerated by the Access Manager 3.2 AG appliance, you may require the Identity Server to route requests on port 443 to the listening port of 8443.
(31st May '12)
IDProvider call from User App (IDM 4.0.1)The ID-Provider provides a quick and powerful way to generate unique ID’s. Here, we will discuss how to set it up so that a User App Workflow can call the ID Provider and get a sequential unique value for object creation.
(26th May '11)
Kerberos Single Sign-on with Passwords through Access ManagerThe new PasswordFetch class offers the ability to retrieve passwords from eDirectory when they are not supplied via the original authentication Method. This provides a guide to configuring Access Manager with Kerberos Class while utilising the Password Fetch Class.
(19th Apr '11)
Using ktab to generate a Kerberos Ticket File without spn.exe or ktpass.exeThe NetIQ Documentation clearly describes how to set up Kerberos for Access Manager, but it does not take into account when the iDP is running on Windows and that server is a member server of the domain. spn.exe requires the User ID, which is the server name according to the documentation, but this is already taken by the Computer object in Active Directory.
(20th May '10)
DMZ Configuration with Access ManagerA Forum reader recently asked: “I am setting up NAM in the lab, with the configuration of the Identity Server and Access Gateway in the DMZ. I am not experienced it this type of setup, since we currently have iChian on the inside of the network, so this is going to be a completely different setup...
(6th Apr '10)
Novell Access Manager SSLVPN NAT ScriptThe script below can be added to init for adding and removing the necessary iptables entry to route traffic from the SSLVPN subnet to the server’s interface.
(10th Jul '09)
Access Manager Single Sign-on to NetStorageA guide to configuring Access Manager to enable SSO to NetStorage
(8th Jul '08)
Configuring Access Manager for UserApp and SAMLIf the IDM User Application is installed, it is often in a larger context. One of the common requirements is to integrate User Application or specific parts into a portal, granting the users a single sign-on experience. Another common requirement is a strong authentication, e.g., via a certificate login to the portal.
(2nd Apr '08)
eDirectory on Windows Scheduled Online BackupThis nice, easy tool allows for the online backup of eDirectory to a specified location, so the file system backup can consume the files.
(1st Apr '08)
How to SSLize User Application on JBoss using eDirectory's Certificate Authority for LinuxStep by step guide for enabling HTTPS with an eDirectory signed certificate
(13th Dec '07)

Time for some of those shameless plugs in no particular order, alphabetical, that are 100% unrelated to my employment:

AWStats AbuseIPDB Apache ClouDNS DuoCircle Dynu Google Analytics iwantmyname JQuery Juniper Networks MariaDB Micro Focus NetIQ NTP Pool Project Optus PHP SMS Broadcast SUSE Uptime Robot