1.2 Support for Standard Driver Features

The following sections provide information about how the SOAP driver supports these standard driver features:

1.2.1 Local Platforms

A local installation is an installation of the driver on the Metadirectory server. The SOAP driver can be installed on the operating systems supported for the Metadirectory server.

For information about the operating systems supported for the Metadirectory server, see System Requirements for the Identity Manager Engine in the NetIQ Identity Manager Setup Guide.

1.2.2 Remote Platforms

The SOAP driver can use the Remote Loader service to run on a server other than the Metadirectory server. The SOAP driver can be installed on the operating systems supported for the Remote Loader.

For information about the supported operating systems, see System Requirements for the Remote Loader in the NetIQ Identity Manager Setup Guide.

1.2.3 Entitlements

The SOAP driver supports custom entitlements for creating and automatically managing the relationship of identities to resource assignments. The driver uses a CSV file to map the target system permissions into corresponding resources in the Resource Catalog. If an administrator then assigns a resource to a user in the User Application or in iManager, that change is reflected in the target system and similarly, if the target system administrator makes a change to the user permission, that change is reflected in the Identity Vault and the corresponding resource is updated with permission assignment.

The Permission Collection and Reconciliation Service package (NOVLCOMPCRS 2.0.0) contains the content necessary for Permission Collection and Reconciliation service. You must install this package on the driver if you want the driver to support custom and administrator-defined entitlements. You can turn Permission Collection and Reconciliation service on or off using GCVs provided with this service.

Prerequisites

Before continuing, ensure that you go through the prerequisites needed for enabling this service. For general prerequisites, see Prerequisites in Understanding Permission Collection and Reconciliation Service in the NetIQ Identity Manager Driver Administration Guide. In addition to the general prerequisites, ensure that the SOAP driver version is 4.0.0.1.

Also, you need to set up administrative user accounts and configure a password policy for them. For more information, see Setting Up Administrative User Accounts and Setting Up Administrative Passwords in the NetIQ Identity Manager Driver Administration Guide.

To use the Permission Collection and Reconciliation service included in the SOAP driver, you can either create a new driver with the latest packages or upgrade packages on an existing driver. For more information about creating a driver, see Section 3.1, Creating the Driver Object in Designer or Section 3.3, Adding Packages to an Existing Driver.

CSV File Format

The SOAP driver can consume the entitlement information from the CSV file. The CSV is present on the server where Identity Manager is installed. This file must contain values of the target system permissions in the format specified below. The target system administrator should maintain a separate CSV file for every custom entitlement. For example, a CSV file can contain details about granting access to the employees for the BuildingAccess entitlement. A CSV file that contains BuildingAccess entitlement details represents this information in the following format:

Building A,Engineering,The engineering building
Building B	,Accounting,The accounting building
Building C,Facilities,The facilities building
Building D	,Warehouse	,The warehouse

where Building A is the entitlement value, Engineering is the display name in the User Application for the entitlement value Building A, and The engineering building is the description for the entitlement value. This description is displayed in the User Application.

1.2.4 Password Synchronization Support

The SOAP driver is capable of synchronizing passwords.

1.2.5 Information Synchronized

Unlike most other drivers, the SOAP driver synchronizes protocols instead of objects. It synchronizes the SPML 1.0 and DSML 2.0 protocols. The driver contains the following features:

  • HTTP transport of data between the Identity Vault and a Web service

  • Example configurations for SPML and DSML

  • Customization of HTTP Request-Header fields

    By default, a basic authorization request header with an ID and password is provided for the Subscriber channel.

  • SSL connections using the HTTPS protocol

  • Subscriber HTTP and HTTPS proxy servers

  • Definition and selection of multiple Subscriber connections in the policy at runtime

  • Potential to act as an HTTP or HTTPS listener for incoming connections on the publisher channel

  • Potential extensibility through customized Java code

    For more information, see Section B.0, Using Java Extensions.