A.1 Driver Configuration

In iManager:

Click to display the Identity Manager Administration page.
Open the driver set that contains the driver whose properties you want to edit:
1. In the Administration list, click Identity Manager Overview.
2. If the driver set is not listed on the Driver Sets tab, use the Search In field to search for and display the driver set.
3. Click the driver set to open the Driver Set Overview page.
Locate the driver icon, then click the upper right corner of the driver icon to display the Actions menu.
Click Edit Properties to display the driver’s properties page.

By default, the Driver Configuration page displays.

In Designer:

Open a project in the Modeler.
Right-click the driver icon or line, then select click Properties > Driver Configuration.

The Driver Configuration options are divided into the following sections:

A.1.1 Driver Module

The driver module changes the driver from running locally to running remotely or the reverse.

Java: Use this option to specify the name of the Java class that is instantiated for the shim component of the driver. This class can be located in the classes directory as a class file, or in the lib directory as a .jar file. If this option is selected, the driver is running locally. Select this option to run the driver locally.

The Java class name is: com.novell.nds.dirxml.driver.rest.RESTDriverShim

Native: This option is not used with the REST driver.

Connect to Remote Loader: Used when the driver is connecting remotely to the connected system. Designer includes two suboptions:

Remote Loader Client Configuration for Documentation: Includes information on the Remote Loader client configuration when Designer generates documentation for the driver.
Driver Object Password: Specifies a password for the Driver object. If you are using the Remote Loader, you must enter a password on this page. Otherwise, the remote driver does not run. The Remote Loader uses this password to authenticate itself to the remote driver shim.

Name: Displays the java class name.

Driver Object Password: Use this option to set a password for the driver object. If you are using the Remote Loader, you must enter a password on this page or the remote driver does not run. This password is used by the Remote Loader to authenticate itself to the remote driver shim.

A.1.2 Authentication

The authentication section describes the parameters required for authentication to the connected system. This section is not applicable for the Identity Manager driver for REST. The authentication method for REST driver is Anonymous, Basic or OAuth2.0.

A.1.3 Startup Option

The Startup Option section allows you to set the driver state when the Identity Manager server is started.

Auto start: The driver starts every time the Identity Manager server is started.

Manual: The driver does not start when the Identity Manager server is started. The driver must be started through Designer or iManager.

Disabled: The driver has a cache file that stores all of the events. When the driver is set to Disabled, this file is deleted and no new events are stored in the file until the driver state is changed to Manual or Auto Start.

A.1.4 Driver Parameters

The Driver Parameters section lets you configure the driver-specific parameters. When you change driver parameters, you tune driver behavior to align with your network environment.

The parameters are presented by category:

Driver Settings

Custom Java Extensions: Select Show if you have developed custom Java classes to extend the driver shim’s functionality. Otherwise, select Hide.

Document Handling: Select Implemented if you have developed a custom Java class to process data as XML documents. Otherwise, select None.
- Class: Specify the class by using a complete package identifier. For example, com.novell.DocumentModifier.
- Init Parameter: Specify the parameter to pass to the init() method of the specified class. The init method is responsible for parsing the information contained in this string. Leave this field blank if the configuration string is not required for the class.
Schema: Select Implemented if you have developed a custom Java class to provide the application schema to the driver and specify the Class and Init Parameter values. Otherwise, select None.

For more information, see Section B.0, Using Java Extensions.

Subscriber Settings

Authentication Method: Select the method for authentication with the RESTful service. The available options are:

Anonymous: The user name and password is not required in Anonymous authentication method.
Basic: The driver uses the specified ID and password for authentication when processing the requests.
OAuth2.0: The driver uses the specified access token URL, ID and password for authentication when processing the request.

If Anonymous is selected, fill in the following parameters:

Parameters	Description
Authorization Header Fields	Click the icon to create authorization header fields. Header Name: If the remote server requires an authentication ID, specify the ID in the field. Otherwise, leave the field empty. Header Value: Specify the authentication password for the remote server if you specified an header name. Otherwise, leave the field empty.
Truststore file	Specify the name and path of the keystore file containing the trusted certificates used when the remote server is configured to provide server authentication. For example, C:\security\truststore. Leave this field empty when server authentication is not used.
Set mutual authentication parameter	Specify Show to set mutual authentication information. Specify Hide to not use mutual authentication. Keystore file: Specify the path and the name of the keystore file that contains the trusted certificates for the remote server to provide mutual authentication. For example, C:\security\keystore. Leave this field blank when mutual authentication is not used. NOTE:From 1.1.2.0400 release, the value for Keystore type must be pkcs12. Keystore password: Specify the password for the keystore file. Leave this field blank when mutual authentication is not used.
Http Connection Timeout	Specify the HTTP connection timeout value. The driver waits for the time specified and terminates the HTTP connection. The timeout value must be greater than zero.
Proxy host and port	Specify the host address and the host port when a proxy host and port are used. For example: 192.10.1.3:18180. Or, if a proxy host and port are not used, leave this field empty.
HTTP errors to retry	Specify the HTTP errors that must return a retry status. Error codes must be a list of integers separated by spaces. For example, 307 408 503 504.
Base URL for REST Resources	Specify the common part of the REST resource URL. This is the part of the URL remaining after excluding the URL extension of the resource. For example, http://ipaddress:port/.

If Basic is selected, fill in the following parameters:

Parameters	Description
Authentication ID	Specify the authentication ID used for basic authorization on the HTTP header.
Authentication Password	Specify the authentication password used for basic authorization on the HTTP header.
Authorization Header Fields	Click the icon to create authorization header fields. Header Name: If the remote server requires an authentication ID, specify the ID in the field. Otherwise, leave the field empty. Header Value: Specify the authentication password for the remote server if you specified an header name. Otherwise, leave the field empty.
Truststore file	Specify the name and path of the keystore file containing the trusted certificates used when the remote server is configured to provide server authentication. For example, C:\security\truststore. Leave this field empty when server authentication is not used.
Set mutual authentication parameters	Specify Show to set mutual authentication information. Specify Hide to not use mutual authentication. Keystore file: Specify the path and the name of the keystore file that contains the trusted certificates for the remote server to provide mutual authentication. For example, C:\security\keystore. Leave this field blank when mutual authentication is not used. Keystore password: Specify the password for the keystore file. Leave this field blank when mutual authentication is not used.
Http Connection Timeout	Specify the HTTP connection timeout value. The driver waits for the time specified and terminates the HTTP connection. The timeout value must be greater than zero.
Proxy host and port	Specify the host address and the host port when a proxy host and port are used. For example: 192.10.1.3:18180. Or, if a proxy host and port are not used, leave this field empty.
HTTP errors to retry	Specify the HTTP errors that must return a retry status. Error codes must be a list of integers separated by spaces. For example, 307 408 503 504.
Base URL for REST Resources	Specify the common part of the REST resource URL. This is the part of the URL remaining after excluding the URL extension of the resource. For example, http://ipaddress:port/.

If OAuth2.0 is selected, fill in the following parameters:

Parameters	Description
Access Token URL	Specify the URL of the server used for requesting token access.
User Name	Specify the user name for authentication. This parameter is optional.
User Password	Specify the password for authentication. This parameters is optional
Authorization Query Options	Click the icon to create authentication query options for OAuth2.0 authorization method. The supported OAuth authorization types for REST driver are Client Credentials and Resource Owner Credentials. You can create any one of these authorization types. Query Name: Specify the name of the query. For example, grant_type. You also can configure client_id, client_secret, and resource as query names. Query Value: Specify the value for the query. For example, client_crendentials or password.
Authorization Header Fields	Click the icon to create authorization header fields. Header Name: If the remote server requires an authentication ID, specify the ID in the field. Otherwise, leave the field empty. Header Value: Specify the authentication password for the remote server if you specified an header name. Otherwise, leave the field empty.
Truststore file	Specify the name and path of the keystore file containing the trusted certificates used when the remote server is configured to provide server authentication. For example, C:\security\truststore. Leave this field empty when server authentication is not used.
Set mutual authentication parameters	Specify Show to set mutual authentication information. Specify Hide to not use mutual authentication. Keystore file: Specify the path and the name of the keystore file that contains the trusted certificates for the remote server to provide mutual authentication. For example, C:\security\keystore. Leave this field blank when mutual authentication is not used. Keystore password: Specify the password for the keystore file. Leave this field blank when mutual authentication is not used.
Http Connection Timeout	Specify the HTTP connection timeout value. The driver waits for the time specified and terminates the HTTP connection. The timeout value must be greater than zero.
Proxy host and port	Specify the host address and the host port when a proxy host and port are used. For example: 192.10.1.3:18180. Or, if a proxy host and port are not used, leave this field empty.
HTTP errors to retry	Specify the HTTP errors that must return a retry status. Error codes must be a list of integers separated by spaces. For example, 307 408 503 504.
Base URL for REST Resources	Specify the common part of the REST resource URL. This is the part of the URL remaining after excluding the URL extension of the resource. For example, http://ipaddress:port/.

Resources

Configure Resources to synchronize: Click the icon to add a class name of the user resource present in application schema.

Schema name: Specify the class name of the user resource in the application schema. For example, Users, Groups, and Entitlement.
Configure Handlers: Select the appropriate customer handlers. The available options are Default and Custom.

If you select Custom, fill in the following parameters:
Rest Handler Details: Click the icon to add rest custom handler information.

URL Extension: Specify the relative URL extension where the resource is located. The driver shim appends this URL extension to the base URL. The URL extension also includes the necessary URL placeholder. A placeholder is defined as a variable embedded within the URL. The driver-operation-data element replaces this with the URL token element during data transformation.

For example, /Users/<version>. In this example, version is the placeholder and the driver replaces this with the URL token element in the driver-operation-data element.
```
<driver-operation-data class-name="User" command="add" method="put" uri="https://172.16.0.0:XXXX/User/rest123">
        <request>
          <url-token version="1.0"/>
          <header content-type="application/json"/>
          <value>{"CN":[{"value":"rest6789"}],"Full Name":[{"value":"rest6789 rest6789"}],"Given Name":[{"value":"rest6789"}],","Surname":[{"value":"rest6789"}],"Login Disabled":[{"value":"true"}]}
          </value>
        </request>
</driver-operation-data>
```
Operation: Select the required operation for Identity Manager operation.
Method: Select the HTTP method to use. The options are: GET, POST,PATCH,PUT, and DELETE.
Optional Header Fields: Click the icon to add optional header name and value.

Publisher Options

Publisher Settings: Specify the publisher settings. You can select either Publish Mode or Poll Mode as the publisher setting. If Publish Mode is selected, the driver pushes the events to the Identity Vault. In the Publish mode, the driver exposes the REST endpoints to receive the events. These events are then pushed to the Identity Vault. If Poll Mode is selected, the driver periodically pulls the data from the connected RESTful service.

In Publish Mode is selected, fill in the following parameters:

Parameters	Description
Listening IP address and port	Specify the IP address of the server where the REST driver is installed and the port number that this driver listens on.
Authentication Method	Select the authentication method as Anonymous or Basic. If Basic is selected, fill in the following parameters: Authentication ID: Specify the Authentication ID of the remote server to validate incoming requests. If you imported a sample configuration file, this field contains the IP address and port that you specified in the wizard. Authentication Password: Specify the authentication password of the remote server to validate incoming requests.
KMO Name	Specify the KMO name to be used in eDirectory. When the server is configured to accept HTTPS connections, this name becomes the KMO name in eDirectory. The KMO name is the name before the “-” (dash) in the RDN. Leave this field empty when a keystore file is used or when HTTPS connections are not used.
Keystore file	Specify the keystore name and path to the keystore file. This file is used when the server is configured to accept HTTPS connections.
Keystore password	Specify the keystore file password used with the keystore file specified above when this server is configured to accept HTTPS connections.
Server key alias	Specify a Server key alias when this server is configured to accept HTTPS connections. Leave this field empty when a KMO name is used or when HTTPS connections are not used.
Server key password	When this server is configured to accept HTTPS connections, this is the key alias password (not the keystore password). Leave this field empty when a KMO name is used or when HTTPS connections are not used.
Require mutual authentication	When using SSL, it is common to do only server authentication. However, if you want to force both client and server to present certificates during the handshake process, you should require mutual authentication.
Heartbeat interval in minutes	Specify the heartbeat interval in seconds. Leave this field empty to turn off the heartbeat.

If Poll Mode is selected, fill in the following parameters:

Parameters	Description
Configure Resource for poll	Click the icon to add a class name of the user resource present in application schema. Schema name: Specify the class name of the user resource in the application schema. Service Endpoint: Specify the service end point of the connected RESTful service for the publisher polling. A generic example is http://ip:port/schema. For users: http://172.16.0.0:port/User?search-attr=. Method: Select the method. Optional Header Fields: Click the icon to add optional header name and value.
Polling interval in minutes	Specify the polling interval in minutes. Default is one minute. NOTE:The Subscriber Base URL is mandatory for the driver authentication when using the poll mode.
Heartbeat interval in minutes	Specify the heartbeat interval in minutes. Leave this field empty to turn off the heartbeat.

Parameters

Description

Configure Resource for poll

Click the icon to add a class name of the user resource present in application schema.

Schema name: Specify the class name of the user resource in the application schema.
Service Endpoint: Specify the service end point of the connected RESTful service for the publisher polling. A generic example is http://ip:port/schema. For users: http://172.16.0.0:port/User?search-attr=.
Method: Select the method.
Optional Header Fields: Click the icon to add optional header name and value.

Polling interval in minutes

Specify the polling interval in minutes. Default is one minute.

NOTE:The Subscriber Base URL is mandatory for the driver authentication when using the poll mode.

Heartbeat interval in minutes

Specify the heartbeat interval in minutes.

Leave this field empty to turn off the heartbeat.

If Anonymous is selected, the values you specified for authentication ID and authentication password are cleared.

A.1.5 ECMAScript

Displays an ordered list of ECMAScript resource files. The files contain extension functions for the driver that Identity Manager loads when the driver starts. You can add additional files, remove existing files, or change the order the files are executed.

A.1.6 Global Configuration

Displays an ordered list of Global Configuration objects. The objects contain extension GCV definitions for the driver that Identity Manager loads when the driver is started. You can add or remove the Global Configuration objects, and you can change the order in which the objects are executed.