The following sections provide information about how the SOAP driver supports these standard driver features:
A local installation is an installation of the driver on the Metadirectory server. The SOAP driver can be installed on the operating systems supported for the Metadirectory server.
For information about the operating systems supported for the Metadirectory server, see System Requirements for the Identity Manager Engine in the NetIQ Identity Manager Setup Guide.
The SOAP driver can use the Remote Loader service to run on a server other than the Metadirectory server. The SOAP driver can be installed on the operating systems supported for the Remote Loader.
For information about the supported operating systems, see System Requirements for the Remote Loader in the NetIQ Identity Manager Setup Guide.
The SOAP driver supports custom entitlements for creating and automatically managing the relationship of identities to resource assignments. The driver uses a CSV file to map the target system permissions into corresponding resources in the Resource Catalog. If an administrator then assigns a resource to a user in the User Application or in iManager, that change is reflected in the target system and similarly, if the target system administrator makes a change to the user permission, that change is reflected in the Identity Vault and the corresponding resource is updated with permission assignment.
The Permission Collection and Reconciliation Service package (NOVLCOMPCRS 2.0.0) contains the content necessary for Permission Collection and Reconciliation service. You must install this package on the driver if you want the driver to support custom and administrator-defined entitlements. You can turn Permission Collection and Reconciliation service on or off using GCVs provided with this service.
Before continuing, ensure that you go through the prerequisites needed for enabling this service. For general prerequisites, see Prerequisites
in Synchronizing Permission Changes from the Connected Systems
in the NetIQ Identity Manager Driver Administration Guide. In addition to the general prerequisites, ensure that the SOAP driver version is 4.0.0.1.
Also, you need to set up administrative user accounts and configure a password policy for them. For more information, see Setting Up Administrative User Accounts
and Setting Up Administrative Passwords
in the NetIQ Identity Manager Driver Administration Guide.
To use the Permission Collection and Reconciliation service included in the SOAP driver, you can either create a new driver with the latest packages or upgrade packages on an existing driver. For more information about creating a driver, see Section 3.1, Creating the Driver Object in Designer or Section 3.3, Adding Packages to an Existing Driver.
The SOAP driver can consume the entitlement information from the CSV file. The CSV is present on the server where Identity Manager is installed. This file must contain values of the target system permissions in the format specified below. The target system administrator should maintain a separate CSV file for every custom entitlement. For example, a CSV file can contain details about granting access to the employees for the BuildingAccess entitlement. A CSV file that contains BuildingAccess entitlement details represents this information in the following format:
Building A,Engineering,The engineering building Building B ,Accounting,The accounting building Building C,Facilities,The facilities building Building D ,Warehouse ,The warehouse
where Building A is the entitlement value, Engineering is the display name in the User Application for the entitlement value Building A, and The engineering building is the description for the entitlement value. This description is displayed in the User Application.
The SOAP driver is capable of synchronizing passwords.
Unlike most other drivers, the SOAP driver synchronizes protocols instead of objects. It synchronizes the SPML 1.0 and DSML 2.0 protocols. The driver contains the following features:
HTTP transport of data between the Identity Vault and a Web service
Example configurations for SPML and DSML
Customization of HTTP Request-Header fields
By default, a basic authorization request header with an ID and password is provided for the Subscriber channel.
SSL connections using the HTTPS protocol
Subscriber HTTP and HTTPS proxy servers
Definition and selection of multiple Subscriber connections in the policy at runtime
Potential to act as an HTTP or HTTPS listener for incoming connections on the publisher channel
Potential extensibility through customized Java code
For more information, see Section B.0, Using Java Extensions.