Custom Connector


  • Custom Connector
IdentityIQ includes many connectors  through which it can connect to external systems, both to read their data and to process provisioning requests.
Need to create a custom connector to connect to an application for which IdentityIQ does not have a built-in connector.

Design

Custom Connector design involves  :
  1. connector features 
  2. object types
  3. object schemas.
Connector Features  :
  1. AUTHENTICATE:  authenticating a user and password 
  2. CREATE:     to create a resource object (e.g. account or group)
  3. DELETE:     to delete a given resource object (by ID)
  4. DISCOVER_SCHEMA:  report schemas (account or group) including both attribute names and types (valid types are BOOLEAN, DATE, INT, LONG, PERMISSION, SECRET, STRING)
  5. ENABLE:    enabling or disabling of a resource object
  6. GET:  to read and return a map of a specific resource object (by ID)
  7. ITERATE:   return an iterator of resource objects (possibly a filtered set)
  8. PERMISSIONS: return permission attributes
  9. SET_PASSWORD:  set the password of a resource object
  10. UNLOCK:   to unlock a resource object
  11. UPDATE:    updates of resource objects

Object Types :

account and group, though new object classes can be defined if required.

Define Schemas :

The connector‘s schema can support any of these data types:
  • Boolean
  • Date
  • Int
  • Long
  • Permission (SailPoint class with rights and targets)
  • Secret (an attribute that should not be logged or displayed to any end users)
  • String
Implementing the openconnector :
  • The custom connector architecture uses the openconnector framework provided by SailPoint in the openconnector package.  
  • All custom connectors must inherit from openconnector.AbstractConnector, which in turn implements the openconnector.Connector interface. 
  • The connectors are stateful and require configuration, use, and finally closure. 

To create a custom connector based on this framework, complete these steps:

  1. Create the Java project, package, and class.
  2. Write the methods for the required features.
  3. Compile and deploy.

Create the Project, Package and Class :

  1. Start a new Java project, adding all the IdentityIQ libraries to the build path (these are located in IIQ’s WEB-INF/lib directory), or leverage the services standard build infrastructure for the build process.
  2. Create a new package called openconnector.
  3. Create a new class in the openconnector package with the desired class name for the new  connector.

Write the Required Methods :


  • getSupportedObjectTypes() 
  • getSupportedFeatures()
  • configure() *
  • setObjectType() *
  • close()
  • testConnection() 
  • discoverSchema()
  • authenticate()
  • read()
  • iterate()
  • provision()
  • delete() 
  • create() 
  • update() 
  • enable() 
  • disable() 
  • unlock() 
  • setPassword()

NOTE: Methods can throw any of the following exceptions: ConnectorException, AuthenticationFailedException, UnsupportedOperationException, ObjectAlreadyExistsException, ObjectNotFoundException, or ExpiredPasswordException.

Compile and Deploy :

Compile the connector and deploy it in the IdentityIQ installations WEB-INF/lib directory.

Integration with IdentityIQ :


The final step in the implementation process is integrating the connector class with IdentityIQ. The class must be connected to an application type in IdentityIQ, and an application must be defined with that application type so the class will be used for interacting with the resource. This involves these steps:
  1. Define the connector type in the ConnectorRegistry.
  2. Define the .xhtml page which specifies required and optional connection parameters.
  3. Create an application which uses the connector.



UseCase :
1  Custom connectors are just a custom Adaptor(In SUN IDM terminologies).Developed in case of specific requirements. In case there are no OOB connectors available for some target resource, in that case you need to develop custom connectors.
2   Custom connectors are always extends AbstractConnector.
3   It needs to implement following functions
a)      Iterate
b)     Read
4   The above two functions will make the connector as a governace connector, which will only fetch records from target system.
5  To add provisioining features you need to add some of the functions like
a)      Update
b)     Create
c)      Delete
d)     Enable
e)     Unlock
f)       Setpassword
g)      Authenticate
h)     Testconnection  -- this method is written to check whether your connection with target system is alive or not.

Procedures to write and integrate a custom connector

1)     Write the openconnector java file. Put it in correct package structure inside ….. identityiq \WEB-INF\classes
2)     Create application xml (.xml) file which will be containing the application template. Put this file in location ….. identityiq \WEB-INF\config\connector 
3)     Create application ui file (.xhtml) which will be containing the User interface for providing the entries for connection   .. identityiq\define\applications\  
4)     Now provide the entry of application xml file in connectorRegistry.xml file present in WEB-INF/config folder.
5)     The entry should be like WEB-INF/config/connector/TestOpenConn.xml at last of the connectorRegistry.xml file.
6)     Now you need to import the connectorRegistry file into your system.



Application xml

1  connector="sailpoint.connector.OpenConnectorAdapter" – This part should be always constant for custom openconnectors.
2   featuresString="PROVISIONING, NO_RANDOM_ACCESS, DISCOVER_SCHEMA" – This you can provide many supported operations like PROVISIONING, GROUP_PROVISIONING, SYNC_PROVISIONING, AUTHENTICATE, MANAGER_LOOKUP, SEARCH, UNLOCK, ENABLE, PASSWORD
3   - These you need to provide in your xml.
     - This should also be there in file.
5  - This tag is required to give details of fields present in account as well as group schema.
6   - This tag is given when create, update account or group policy required.
7   Sample file -    TestOpenConn.xml
8  This file need to be present at ….\identityiq\WEB-INF\config\connector

Application UI

1    This will be simple xhtml file. Please find the attached one.   

      TestOpenConnector.xhtml



2  This file need to be present at ….\identityiq\define\applications



Import connectorRegistry

1   Log on to iiq console
2 From the prompt run the following command
3     >import connectorRegistry.xml
4  See whether your application is properly imported at your system or not.

Testing the iterate part

1  To check whether your connector is working fine or not, Just his the following command after configuring an application for your connector in sailpoint.
2  IIQ Console
3   >connectorDebug AppName iterate account

Sample open connector
























Subscribe to: Posts (Atom)