IDM SOAP SPML Notes



By: dave_parry

April 7, 2011 5:39 pm

Reads: 291

Comments:0

Rating:0

I have been working with this lately and hope I can provide some help to anyone else approaching this driver.

I will put down a general disclaimer here and say what I am providing here works for me but carries no guarantees whatsoever and is “caveat emptor” and probably fattening.

I had a soap spml driver connecting to a web application and providing a data feed of user create and modify information to the application. This was working fine and delivered some improvements to the delimited text feed I had provided earlier.

For providing a feed out from IDM the subscriber setup works pretty much out of the box. The URL for the Provisioning service point returns a response packet and handles the incoming user data.

The SPML publisher

The next request was to feed back one user attribute from the application into IDM.

I found in approaching this very little in the way of information and or working examples.

There is also a known “problem” with trying to modify existing users from the publisher channel. This is discussed in section 5.3 of the IDM 3.6 SOAP driver documentation.

In configuring the driver publisher settings, they are all empty apart from:
content type default of text/xml, the default mutual authentication not required, the default heartbeat of 1 and the listening IP and port.

The listener here is actually the remote loader so my setting here is the loopback address and the port is almost anything.

Listening IP address and port set to : 127.0.0.1:18180

This setting is not as the subscriber settings a URL, and any trailing slash or whatever will prevent the driver from starting.

The driver should then run and you can try to send information in.

SPML tests

I set up some tests for sending packets in. I used soapui-x32-361 and I have exported my soapui project SPML test.xml and added it to this document. It requires to be added as a text file so the suffix needs removing. This project contains working examples of SPML lookup, add and modify, it also includes a modify that I use to set an association. I have also added the same soap packets within a text file as working examples for anyone using a different approach.

When imported into soapui you will need to edit the interface URL for the soapbinding to point to the server address running your remote loader and the port that was set above for the listener.

I do not know if these examples conform correctly to the protocol standard. I found no examples that worked straight off with this driver, so I found some examples and changed them and these at least do work.

Running the tests

The lookup example

This is matching on the user CN, the user in the example is soaptest.

The return from the lookup provides the DN, and whether the user is associated and also the specific user attributes you request, cn and description in the example.

The add example

I started with an add so that I could check my modify would work correctly within the limitations.

The value in the spml:identifier, spml:id is used as the value for the association.

You must of course include enough information for the driver user create process requirements, default DN and both names etc.

Modify example

The modify is straightforward when the user is associated.

The spml:id value must match the association, then the modify works ok.

My method

I have proposed our application to do the requested modifications as follows.

lookup and get required details (we will do the association on an employee number)

if not associated run the modify to set association.

Within the driver publisher input transform rules, directly after the SPML input transform I have a policy to do
if operation modify and attr “description”= setassociation then
set dest DN add association
strip op attr description and break

lookup again, and when associated
set association in modify and run modify

This works well enough for my requirements here.

I hope the tests and examples are enough to help anyone else to get started in this driver. Thanks.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Categories: Uncategorized

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Comment