This blog post is about calling a remote REST Service, e.g. some 3rd Party Application, which is publishing its data via a REST API.

This could be done with the VDS, executing a HTTP Request against this REST Service.


It is also possible to perform this inside a JavaScript, which will be executed by the IdM runtime directly, without the need to set up a VDS inside your landscape.

Unfortunately, the used Rhino JavaScript Engine used inside IdM is not able to perform AJAX calls directly, so we have to do this via Java (Thanks Kai Ullrich for the hint with “Scripting Java inside JavaScript”).

Below you find some example code.

Cheers, Jannis

// Main function: doTheAjax

function doTheAjax(Par){

    // import all needed Java Classes

    importClass(Packages.java.net.HttpURLConnection);

    importClass(Packages.java.net.URL);

    importClass(Packages.java.io.DataOutputStream);

    importClass(Packages.java.io.InputStreamReader);

    importClass(Packages.java.io.BufferedReader);

    importClass(Packages.java.lang.StringBuffer);

    importClass(Packages.java.lang.Integer);

    // variables used for the connection, best to import them via the table in a ToGeneric Pass

    var urlString = “http://host:port/rest_api“;

    var urlParameters = “attribute=value”;

    var httpMethod = “POST”; //or GET

    var username = “administrator”;

    var password = “abcd1234”;

    var encoding = uToBase64(username + “:” + password);

    // In case of GET, the url parameters have to be added to the URL

    if (httpMethod == “GET”){

        var url = new URL(urlString + “?” + urlParameters);

        var connection = url.openConnection();

        connection.setRequestProperty(“Authorization”, “Basic ” + encoding);

        connection.setRequestMethod(httpMethod);

    }

    // In case of POST, the url parameters have to be transfered inside the body

    if (httpMethod == “POST”){

        // open the connection

        var url = new URL(urlString);

        var connection = url.openConnection();

        connection.setRequestProperty(“Authorization”, “Basic ” + encoding);

        connection.setRequestMethod(httpMethod);

        connection.setDoOutput(true);

        connection.setDoInput(true);

        connection.setRequestProperty(“Content-Type”, “application/x-www-form-urlencoded”);

        connection.setRequestProperty(“charset”, “utf-8”);

        connection.setRequestProperty(“X-Requested-With”, “XMLHttpRequest”);

        //connection.setRequestProperty(“Content-Length”, “” + Integer.toString(urlParameters.getBytes().length));

        connection.setUseCaches(false);

        var os = new DataOutputStream(connection.getOutputStream());

        os.writeBytes(urlParameters);

        os.flush();

        os.close();

    }

    //get the result and print it out

    var responseCode = connection.getResponseCode();

    var is = connection.getInputStream();

    var isr = new InputStreamReader(is);

    var br = new BufferedReader(isr);

    var response = new StringBuffer();

    var line;

    while ((line = br.readLine()) != null) {

        response.append(line);

    }

    br.close();

    uWarning(“Sending ” + httpMethod + ” Request to URL: ” + urlString);

    uWarning(“Response Code: ” + responseCode);

    uWarning(“Response: ” + response.toString());

    connection.disconnect();

}

To report this post you need to login first.

11 Comments

You must be Logged on to comment or reply to a post.

  1. Matt Pollicove

    Jannis,

    This is excellent information.  As you know, I’m very interested in leveraging these technologies, so some sort of use cases where this would be helpful would be appreciated.

    What kind of source might we be connecting to? Google Apps? Salesforce? What kind of information moves back and forth? I’ll assume Identity info. How is the data processed and displayed?

    Just some thoughts, and keep yours coming, they make me think!

    Cheers,

    Matt

    (0) 
    1. Jannis Rondorf Post author

      Hi Matt,

      I am using this kind of integration to call a (custom) REST Service on a Lotus Notes Domain Controller to create an email user. Why not using the “Standard” Lotus Notes Connector? Because I am integrating in an existing Lotus Notes <-> LDAP sync process.

      I am passing first name, last name, user id, 5 other attributes, and receiving back an email address of the new mail box, which I am saving on the MX_PERSON. Nice hmm?

      You are pointing it out correctly, you are be able to connect to 3rd party systems / cloud services with this.

      But honestly, this is nothing new. You are just calling a REST aka web service right inside JavaScript. At the end, you would be able to get rid of replace the VDS for integrating with GRC with calling the web services directly.

      Cheers, Jannis

      (0) 
        1. Thomas Liebeck

          Sometimes I am wondering if SAP NW IDM is following any pattern to connect target / source systems. Everybody is doing stuff in his own way using (cool and advanced but) different concepts and generating a variety of code nearly impossible to maintain. Every IDM configuration for customers seems to be unique no overall design pattern seems to be in place. The is a perfect consultant lock in tool because nobody will understand the solution other the developer.

          I would expect a consistent connector framework to a bunch of standard target applications like AD, LDAP, Database, Notes, SOAP/REST, RACF, SAP ABAP and whatever you name standard. I would expect a connector development kit for custom connectors and I would expect that all SAP shipped connector follow the same pattern and are created with this developent kit..

          A connector might support operations like

          – add (create)

          – modify (change)

          – rename (change the naming attribute in th etarget system)

          – move (doe smake only sense in directory systems)

          – modify password (just a modify but sometimes with special considerations)

          – search (just a read or better read is a dedicated search with the key of the object)

          – delete (delete the object / record in the target system)

          Supporting this you nearly can do any kind of stuff using the default connectors written by people who (hopefully) do understand the target system and will maintain the code in case of new target system versions. As an IDM consultant I am not intersted to write basic code to access a target system I would like to focus on provisioning logic instead.

          (0) 
          1. Jannis Rondorf Post author

            Thomas,

            it seems you are searching for a connector framework for IdM? This is available with the Virtual Directory Server of IdM. Here are some links for reference:

            SAP NetWeaver Identity Management 7.2 Documentation

            SAP Netweaver Identity Management Connector – (NW-IDM-CON 7.1)

            SAP NetWeaver Virtual Directory Server

            But as always, it depends on the used technology: You are able to set up connectivity to the same system type in various ways. See connecting to AS ABAP: You would be able to use a VDS connector therefore (if available), or call JCO directly (as now implemented).

            Jannis

            (0) 
  2. Matt Pollicove

    Jannis,

    This is excellent information.  As you know, I’m very interested in leveraging these technologies, so some sort of use cases where this would be helpful would be appreciated.

    What kind of source might we be connecting to? Google Apps? Salesforce? What kind of information moves back and forth? I’ll assume Identity info. How is the data processed and displayed?

    Just some thoughts, and keep yours coming, they make me think!

    Cheers,

    Matt

    (0) 
  3. Benjamin GOURDON

    Thanks for sharing this information. Really great stuff.

    @Matt, I especially think for customers considering the service desk to be the central point of contact. This kind of tips lets easily exchange information on opened tickets dealing with user lifecycle management.

    Cheers,

    Ben

    (0) 
  4. Tero Virta

    Cool stuff Jannis (and Kai). Now who do we get to write an example of WSDL type of WS call with JavaScript using the infrastructure shipped with IdM 🙂

    regards, Tero

    (0) 
    1. Jannis Rondorf Post author

      lol 😆

      Generating a WSDL proxy of course will not work with the current infrastructure shipped with IdM. As the WSDL handling is more complex than just executing a HTTP POST call, I suggest following below (if you have a simple Java WSDL example, send it to me, I will have a look):

      • Use Eclipse to generate a WSDL proxy
      • Write a small plain old Java Wrapper around this proxy with decent in/output params / objects
      • Pack into a jar file and add to the runtime classpath
      • In JavaScript, import your Java Wrapper and execute the functionality by this way

      Regards, Jannis

      (0) 
  5. Anurag Parikh

    Jannis and Kai,

    I am planning to call a REST service to (using OAUTH  for authorization ) for making an account inactive in cloud on account disable on-premise. The cloud provider has a decent API and I am planning to use powershell. Any disadvantages of doing above that way vs doing it in JAVA.

    Best

    AP

    (0) 

Leave a Reply