How To Start Writing A Simple IDM 8.0 Connector
In IDM 8.0 it is slightly different how do you create a connector and in this blog I’ll show the first initial steps only.
You have to create a configuration package similar to e.g. com.sap.idm.connector.sfsf. Since it is your own package it will be named like com.mycompany.connector.<type>
If you look inside SFSF package it contains a SFSF repository type defined. It also contains all the configuration information, such as constants, scripts, repository types, processes and jobs.
Once you create such package in developer studio, then it will appear as repository type in the web UI admin interface which you access https://<host>:<port>/idm/admin
Then you select a package name
Then you create a new repository type in the newly created package.
And choose the repository type template that best suits your needs
Then you can define the repository constants
And for each constant you have to define whether it is repo, repo type or repo type with override constant
The differences are explained in the help here.
Do not forget to mark password repository constants as encrypted
Then you have to select the datatype if it is not string like in the case with Job references.
Once selected you are given the options to select possible values with the “…” button
At the beginning you will have no jobs to select from. So you need to create e.g. Initial Load job to make the initial synchronization with your target repository:
and here you can choose your newly created repository type.
and after you have created your job you will be able to reference it.
Then going to the admin web user interface https://<host>:<port>/idm/admin you can navigate to System Configuration/Repositories and Create/Create New Repository you will be able to select your newly created repository type.
and the constants you defined will be visible bellow to be filled in by the user.
Of course you have to define the Provisioning, Modify and Deprovisioning processes and assign them in the event processes tab
This the frame. Open to suggestions what else could be added to improve this blog or the process.
Great Blog, Fedya. We need more content like this so that people understand Version 8!
Thank you for sharing!
It looks like ..
looks great to someone who know everything like you.
looks mysterious to someone who know little like me.
Dongsu,
We have all been there. It just takes patience, practice, and learning. You'll get there! 🙂
Thanks Fedya for this blog. It will help a lot to build SAP IDM Connector.
I have one questions -
How to define provisioning, deprovisioning and modify processes? Do I need to create new one under the processes -> Triggers or we can just copy-paste the available provisioning,
deprovisioning and modify from other packege and use.
If we need to create new provisioning then it would be great if you could share the steps.
Regards,
C Kumar
Hi,
I'd suggest to choose the cleaner approach to create new ones - as you say under triggers.
Or if you cave matching process you can copy and check it.
You can use the graphical workflow designer in Eclipse. First you can create your workflow from business point of view - e.g. create groups (if necessary), create user, create company, address etc (if needed), then assign user membership. You do this with clicking on the action task type on the side palette and then click on the flow line where you want to put it (notice it is click-and-click not drag-and-drop). Once you have the business workflow in place you can then fill in the passes of the action tasks.
Best wishes,
Fedya
Thanks for reply Fedya!
I will try to create new provisioning as you suggested.
Regards,
C Kumar
Hi Kumar,
did you success to create new provisioning?
regards,
dongsu
Fedya,
How many constants did you add?
Is INITIAL_LOAD mandatory or optional?
If mandatory, how did you get that?
And can you show me how did you make Initial load job?
There must be many passes.
Regards,
dongsu
Hi Dongsu,
the number of constants depends on your repository type. Normally what is needed are hostname, port, protocol, username, password, same if you need proxy, connect and read timeout, system privilege and INITIAL_LOAD conastant.
Initial load is necessary, because it does the initial synchronization between the Identity Store and the repository.
Under Jobs - create a new Repository Job and name it initial load. You can name it otherwise also. It is important that you define INITIAL_LOAD constant which is of type job reference and points to your job.
You are right there needs to be the appropriate passes - at least create account attribute , system privilege and account privilege, then read users and write them to your Identity Store.
Thanks for asking - reminds me that this blog need to be continued...
Best wishes,
Fedya
Dear Fedya,
Is there any document describing this kind of knowledge?
Connector architecture, scripts and stored procedures which scripts call, Job and passes,
When we assign system privilege, how IDM do provision to target system automatically, etc.
I am expecting actual IDM implementation project next year and connecting to non-sap system is major requirements of it because there are many custom built target systems in most customer IT environment.
Regards,
dongsu
Hi Dongsu,
there is some documentation on the Connector Development Kit which suggests using Virtual Directory Server. There are other simpler ways to build a connector and this would be the subject of the customer engagement initiative.
For your project you could check if the non-SAP systems support some of the common standard protocols which are also supported by SAP Identity Management like LDAP, SPML, ODBC, JDBC, REST etc.
Best wishes,
Fedya
Hi,
in addition we are discussing an option to start a Customer Engagement Initiative on connectors in two aspects - new connector development kit and some cloud connectors and particular a connector to SAP Cloud Identity service and possible scenarios.
If you are interested you can write to my mail <firstname>.<lastname>@sap.com
Dongsu Park, Matt Pollicove, C Kumar
Best wishes,
Fedya Toslev
Hello Fedya,
Thanks for providing this opportunity.
I would be happy to work on new connector development kit with you. I have sent a mail now. Please check.
Regards,
C Kumar
Sure,
Glad to join.
dongsu
Hi Fedya,
great blog. Thanks for sharing.
I have registered for the CEI however would it be in 8.0 or 7.2? We are still in 7.2 but interested in taking part in the program.
Kind regards,
Jai
Hi Jai,
it will be on 8.0.
best wishes,
Fedya
Hi Fedya and Kumar,
Is there an update on the Connector Development Kit for IDM 8.0? I'm having trouble locating documented standard pirating procedures that cover the creation of repository jobs and the components of jobs in Eclipse IDE.
Thanks,
Casey