Read Google Apps Users for IDM Implementation
In my recent blog (Why we use Amazon AWS as our SAP System Landscape), I gave our SAP Landscape information hosted on Amazon Cloud Services.
But, we do have On Premise Landscape in our office and we’ve ERP, CRM IDES, NetWeaver Solutions (Portal, PI, BPM in all releases) and Active Directory.
To manage the Identities in all systems is a big issue for us. So we decided to implement NetWeaver Identity Management (IdM) 7.20 for 2 reasons:
- To learn and setup a demo landscape for IdM
- To manage identitied for FIT Consulting
But we have to decide which system will be the leading system. We decided to use our email provider (Google Apps) accounts and assigned groups to decide the authentication and authorization for users.
For this, we need to read the accounts and assigned groups from Google Apps.
For this, we used Google Data Protocol (http://code.google.com/apis/gdata/)
Here is a code snipped attached to this blog written to read the Users and Assigned Groups from Google Apps. (Thanks Salih Atak for help in Coding)
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import sample.appsforyourdomain.AppsForYourDomainClient;
import com.google.gdata.client.appsforyourdomain.AppsGroupsService;
import com.google.gdata.data.appsforyourdomain.AppsForYourDomainException;
import com.google.gdata.data.appsforyourdomain.generic.GenericEntry;
import com.google.gdata.data.appsforyourdomain.generic.GenericFeed;
import com.google.gdata.data.appsforyourdomain.provisioning.UserEntry;
import com.google.gdata.data.appsforyourdomain.provisioning.UserFeed;
import com.google.gdata.util.ServiceException;
public class GoogleGetUsers {
public static void main(String[] args) {
// TODO Auto-generated method stub
try {
AppsForYourDomainClient client =
new AppsForYourDomainClient("<serviceuser>@<domain>.com", "<password>", "<yourdomain.com>");
// To make calls to the groups provisioning, you need to obtain a
// groups service object from authenticated client:
if (new File("C:/GoogleApps/GoogleGetUsers.csv").exists() && !new File("C:/GoogleApps/GoogleGetUsers.csv").delete()){
return;
}
FileWriter fstream = new FileWriter("C:/GoogleApps/GoogleGetUsers.csv", true);
BufferedWriter out = new BufferedWriter(fstream);
out.write("Username;Groups\n");
UserFeed usr = client.retrieveAllUsers();
AppsGroupsService groupsService = client.getGroupService();
String line = "";
for (UserEntry u : usr.getEntries()) {
GenericFeed grup = groupsService.retrieveGroups(u.getId()
.substring(u.getId().lastIndexOf("/") + 1), true);
for (GenericEntry g : grup.getEntries()) {
line = u.getId().substring(u.getId().lastIndexOf("/") + 1);
line += ";"
+ g.getId().substring(
g.getId().lastIndexOf("/") + 1,
g.getId().lastIndexOf("%"));
line += "\n";
out.write(line);
}
}
out.close();
} catch (AppsForYourDomainException e) {
e.printStackTrace();
} catch (ServiceException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}Whats Next?
Our next step will be to read the exported data and import into IdM to tirgger Provisioning Framework.
Just a side point of interest - you are of course using the Google Data protocol, which, based on AtomPub, is closely related to OData and therefore SAP NetWeaver Gateway. Wonder whether we'll see these worlds come closer?
dj
Hi DJ,
As NetWeaver Gateway still requires specific Basis Release, we'll see it widely when everyone have at least NW 7.02 or NW 7.3
Hi DJ, Hi Huseyin,
DJ: I hope that SAP will provide a OData ABAP client to make use of the OData resources out there.
Huseyin: Only the Gateway needs to be on the latest release level. The Backend systems must only get a small AddOn.
Best regards
Gregor
Hi Gregor,
No doubt.
But I mean who wants to keep an extra server/system to manage?
I prefer to run it on an existing system
Hi Huseyin,
interesting article. Do you know if it's possible to read out e-mail addresses for gmail users as well?
Regards
Matthias
Sorry, not much of a Java programmer, but let me see if I get this straight... From what I think I see in the code, you are connecting to GApps via this Java code and dumping a user list to a CSV file?
If so, how are you triggering this load? This looks like a really good way to demonstrate ways of linking the Enterprise to the Landscape.
Matt