Skip to Content
Author's profile photo Former Member

How To Start Writing A Simple IDM 8.0 Connector

In IDM 8.0 it is slightly different how do you create a connector and in this blog I’ll show the first initial steps only.

You have to create a configuration package similar to e.g. com.sap.idm.connector.sfsf. Since it is your own package it will be named like com.mycompany.connector.<type>

If you look inside SFSF package it contains a SFSF repository type defined. It also contains all the configuration information, such as constants, scripts, repository types, processes and jobs.

Once you create such package in  developer studio, then it will appear as repository type in the web UI admin interface which you access https://<host>:<port>/idm/admin

1. newpackage.png

Then you select a package name

/wp-content/uploads/2015/11/2_name_834746.png

Then you create a new repository type in the newly created package.

/wp-content/uploads/2015/11/3_newrepotype_834747.png

And choose the repository type template that best suits your needs

/wp-content/uploads/2015/11/4_newrepotype_834748.png

Then you can define the repository constants

5.RepoConstants.png

And for each constant you have to define whether it is repo, repo type or repo type with override constant

6. repoconstants.png

The differences are explained in the help here.

Do not forget to mark password repository constants as encrypted

7EncryptPasword.png

Then you have to select the datatype if it is not string like in the case with Job references.

8.DataType.png

Once selected you are given the options to select possible values with the “…” button

8.DataType_select.png

At the beginning you will have no jobs to select from. So you need to create e.g. Initial Load job  to make the initial synchronization with your target repository:

/wp-content/uploads/2015/11/9_newrepositoryjob_834778.png

and here you can choose your newly created repository type.

/wp-content/uploads/2015/11/10_chooseyourepotype_834779.png

and after you have created your job you will be able to reference it.

11IniatialLoadJObCreated.png

Then going to the admin web user interface https://<host>:<port>/idm/admin you can navigate to System Configuration/Repositories and Create/Create New Repository you will be able to select your newly created repository type.

12WebUINewRepo.png

and the constants you defined will be visible bellow to be filled in by the user.

Of course you have to define the Provisioning, Modify and Deprovisioning processes and assign them in the event processes tab

13_CRUD_Processes.png

This the frame. Open to suggestions what else could be added to improve this blog or the process.

Assigned Tags

      17 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Matt Pollicove
      Matt Pollicove

      Great Blog, Fedya. We need more content like this so that people understand Version 8!

      Thank you for sharing!

      Author's profile photo Former Member
      Former Member

      It looks like ..

           looks great to someone who know everything like you.

           looks mysterious to someone who know little like me.

      Author's profile photo Matt Pollicove
      Matt Pollicove

      Dongsu,

      We have all been there.  It just takes patience, practice, and learning.  You'll get there! 🙂

      Author's profile photo C Kumar
      C Kumar

      Thanks Fedya for this blog. It will help a lot to build SAP IDM Connector.

      I have one questions -

      How to define provisioning, deprovisioning and modify processes? Do I need to create new one under the processes -> Triggers or we can just copy-paste the available provisioning,
      deprovisioning and modify from other packege and use.

      If we need to create new provisioning then it would be great if you could share the steps.

      Regards,

      C Kumar

      Author's profile photo Former Member
      Former Member
      Blog Post Author

      Hi,

      I'd suggest to choose the cleaner approach to create new ones - as you say under triggers.

      Or if you cave matching process you can copy and check it.

      You can use the graphical workflow designer in Eclipse. First you can create your workflow from business point of view - e.g. create groups (if necessary), create user, create company, address etc (if needed), then assign user membership. You do this with clicking on the action task type on the side palette and then click on the flow line where you want to put it (notice it is click-and-click not drag-and-drop). Once you have the business workflow in place you can then fill in the passes of the action tasks.

      Best wishes,

      Fedya

      Author's profile photo C Kumar
      C Kumar

      Thanks for reply Fedya!

      I will try to create new provisioning as you suggested.

      Regards,

      C Kumar

      Author's profile photo Dongsu Park
      Dongsu Park

      Hi Kumar,

      did you success to create new provisioning?

       

      regards,

      dongsu

      Author's profile photo Former Member
      Former Member

      Fedya,

      How many constants did you add?

      Is INITIAL_LOAD mandatory or optional?

      If mandatory, how did you get that?

      And can you show me how did you make Initial load job?

      There must be many passes.

      Regards,

      dongsu

      Author's profile photo Former Member
      Former Member
      Blog Post Author

      Hi Dongsu,

      the number of constants depends on your repository type. Normally what is needed are hostname, port, protocol, username, password, same if you need proxy, connect and read timeout, system privilege and INITIAL_LOAD conastant.

      Initial load is necessary, because it does the initial synchronization between the Identity Store and the repository.

      Under Jobs - create a new Repository Job and name it initial load. You can name it otherwise also. It is important that you define INITIAL_LOAD constant which is of type job reference and points to your job.

      You are right there needs to be the appropriate passes - at least create account attribute , system privilege and account privilege, then read users and write them to your Identity Store.

      Thanks for asking - reminds me that this blog need to be continued...

      Best wishes,

      Fedya

      Author's profile photo Former Member
      Former Member

      Dear Fedya,

      Is there any document describing this kind of knowledge?

      Connector architecture, scripts and stored procedures which scripts call, Job and passes,

      When we assign system privilege, how IDM do provision to target system automatically, etc.

      I am expecting actual IDM implementation project next year and connecting to non-sap system is major requirements of it because there are many custom built target systems in most customer IT environment.

      Regards,

      dongsu

      Author's profile photo Former Member
      Former Member
      Blog Post Author

      Hi Dongsu,

      there is some documentation on the Connector Development Kit which suggests using Virtual Directory Server. There are other simpler ways to build a connector and this would be the subject of the customer engagement initiative.

      For your project you could check if the non-SAP systems support some of the common standard protocols which are also supported by SAP Identity Management like LDAP, SPML, ODBC, JDBC, REST etc.

      Best wishes,

      Fedya

      Author's profile photo Former Member
      Former Member
      Blog Post Author

      Hi,

      in addition we are discussing an option to start a Customer Engagement Initiative on connectors in two aspects - new connector development kit and some cloud connectors and particular a connector to SAP Cloud Identity service and possible scenarios.

      If you are interested you can write to my mail <firstname>.<lastname>@sap.com

      Dongsu Park, Matt Pollicove, C Kumar

      Best wishes,

      Fedya Toslev

      Author's profile photo C Kumar
      C Kumar

      Hello Fedya,

      Thanks for providing this opportunity.

      I would be happy to work on new connector development kit with you. I have sent a mail now. Please check.

      Regards,

      C Kumar

      Author's profile photo Former Member
      Former Member

      Sure,

      Glad to join.

      dongsu

      Author's profile photo Jai Suryan
      Jai Suryan

      Hi Fedya,

      great blog. Thanks for sharing.

      I have registered for the CEI however would it be in 8.0 or 7.2? We are still in 7.2 but interested in taking part in the program.

      Kind regards,

      Jai

      Author's profile photo Former Member
      Former Member
      Blog Post Author

      Hi Jai,

      it will be on 8.0.

      best wishes,

      Fedya

      Author's profile photo Former Member
      Former Member

      Hi Fedya and Kumar,

      Is there an update on the Connector Development Kit for IDM 8.0? I'm having trouble locating documented standard pirating procedures that cover the creation of repository jobs and the components of jobs in Eclipse IDE.

      Thanks,

      Casey