Why SOAP or REST?

IDM provides SOAP and REST APIs to access IDM functionality from outside the User Application. The APIs are well documented in the User Application Administration manual, but the listed samples focus on Java.

Of course the SOAP and REST architecture is so generic that it can be used from most programming languages.

To get you started, here is a sample stand alone PHP application that uses SOAP calls to retrieve information from IDM.

There are a couple of good reasons to access IDM with SOAP or REST calls:

You might want to write a standalone application or web page that serves a specific purpose, like

  • get some administrative data (e.g., status of requests)
  • manipulate the current requests (e.g., revoke/reroute specific requests)
  • access IDM from mobile devices

Other customers may not want their users to work with User Application, but rather create a thin special purpose application as a user interface that may better fit into the corporate strategy or into a custom portal solution.

Using SOAP or REST calls allows you to create your own front end to IDM.

Calling SOAP

There is extensive documentation about the APIs in the appendices of the User Application Admin Manual, however all samples there are written in Java.

The SOAP APIs, however, are so generic, that they can be called from most programming languages, including Java, Visual Basic, C, C#, Delphi, Perl, PHP and many more.

Two little pieces of SOAP

This Cool Solution outlines a very simple example in PHP that retrieves the provisioning stub version from User Application, then gets the requests that can be made by the given user name.

You could use this sample as starting point to create your own web GUI that allows triggering a new workflow process.

You may run the PHP file locally if you have PHP installed or you can run it on the server.
Note that you need to have PHP’s SOAP module activated in your PHP configuration (it is deactivated by default). See your PHP documentation for more detailed instructions of the PHP setup (sorry, I do not do PHP support; Google is your friend)

Update the variables in the initial lines of the code to reflect your own IDM environment: URL, user name, and password.

After declaring some helper functions, the main program will access and decode the provisioning WSDL file which contains a machine-readable description of the program interface, it’s available functions, function parameters, and return data.

Once the WSDL has been processed, you’ll have a handle into the provisioning service, the ‘Stub’ which is stored as $stub_prov. A stub is the object that represents the remote IDM service.

You can use the stub to call the available provisioning functions, like $stub_prov->getVersion() or $stub_prov->getAllProvisioningRequests( $user_dn )

Our little sample will simply call these two APIs and dump the results on an HTML page. It is up to you to continue and let the APIs do something more useful.

<html>
	<head>
		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
		<title></title>
	</head>
	<body>
		<?php
		// specify provisioning WSDL location
		$wsdl_prov  = "http://172.17.2.91:8180/IDMProv/provisioning/service?wsdl";

		// specify provisioning admin
		$idm_user	= "cn=uaadmin,ou=sa,o=data";
		$idm_pwd		= "secret";
		
		// declare generic error handler
		set_error_handler( 'error_handler' );
		set_exception_handler('exception_handler');

		
		// show message with current time stamp
		date_default_timezone_set( 'Europe/Paris' );
		function echo_time( $msg )
		{
			$now = localtime( );
			echo "$now[2]:$now[1]:$now[0] - ",	$msg, "<br>";			
		}
		
		
		// generic error handling
		function error_handler($errno, $error, $file, $line) {
			echo_time( "<font color=red><b>Error: </b> [$errno]: [$file:$line]: $error</font><br>" );
		}

		
		// generic exception handling
		function exception_handler( $exception ) {
			echo_time(  "<font color=red><b>Exception: </b>" . $exception->getMessage() . "</font><br>" );
		}
		
				
		// initialize/get IDM SOAP stub with html header
		function getSoapStub( $wsdl, $user, $pwd )
		{
			echo_time( "getSoapStub( $wsdl ) for $user .. ", $wsdl );
			$stub = null;
			try
			{
				$stub = @new SoapClient( $wsdl, 
								array(	'login'          => $user,
											'password'       => $pwd ) );
				echo_time( "getSoapStub() - OK" );
			}
			catch ( SoapFault $exception ) 
			{
				exception_handler( $exception );
			}	
			return( $stub );
		}

		
// ##########################################################################################################

		echo_time( "Start .. <br>" );
		try 
		{
			$stub_prov = getSoapStub( $wsdl_prov, $idm_user, $idm_pwd );
			if ( $stub_prov != null )
			{
				// -----------------------------------------------------------------------------------	
				
				// 1st SOAP call: get server stub version
				
				echo "<hr>";
				echo_time( "stub_prov->getVersion()" );
				$version	= $stub_prov->getVersion();

				// dump result
				echo( "var_export version = " . print_r( $version, TRUE ) );
				echo "<br>";

				if ( $version != null )
				{
					echo_time( "version->Version->major			=	" . $version->Version->major );
					echo_time( "version->Version->minor			=	" . $version->Version->minor );
					echo_time( "version->Version->revision		=	" . $version->Version->revision );
				}
				else 
				{
					echo_time( "version	=	" . $version );
				}
				
				// -----------------------------------------------------------------------------------				

				// 2nd SOAP call: get all available requests for specified user
				
				echo "<hr>";
				echo_time( "stub_prov->getAllProvisioningRequests( $idm_user )" );
				$provReqArray = $stub_prov->getAllProvisioningRequests( $idm_user );
				
				// dump result
				echo( "<pre>" );
				echo( print_r( $provReqArray, TRUE ) );
				echo( "</pre>" );
				echo "<hr>";
								
				echo( "<pre>" );
				echo print_r( $provReqArray->result->provisioningrequest, TRUE );
				echo( "</pre>" );
				echo "<hr>";
				
				// -----------------------------------------------------------------------------------				

				echo "<hr>";				
			}
		} 
		catch ( Exception $exception ) 
		{
			exception_handler( $exception );
		}
		
		echo_time( "... end " );		
		
		?>
	</body>
</html>

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.
Loading...Loading...
Categories: Uncategorized

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

No Comments
wschreiber
Jun 29, 2011
1:59 pm
Reads:
1,366
Score:
Unrated