The provisioning connectors that are used in OpenIAM are web services that accept and respond with messages that are compliant with SPML 2 specification. Once the connector services receives a message it determine the actions that it wants to take. However, based on the specificiation there are certain checks that it needs to go through to ensure compliance. Connectors that offered by OpenIAM carry out the following steps:
- Validate that the message includes the required attributes
- Map the information that is sent to the connector to the attributes used by the target system. The attributes stored within OpenIAM will usually be different than what is required by the target system. To account for this difference, OpenIAM allows you to define a mapping for each target system. For example, if we are mapping to Active Directory we may have the following fields:
Note: The above rules for each attribute are defined using Groovy Script, java like scripting language.
- Respond with the appropriate response object once an operation has completed.
Creating a Custom Connector
As mentioned above, connectors in OpenIAM are simply web services that implement an interface whose operaitons access SPML 2 compliant request and response object. The interface is shown below:
Connector Interface - Core Operations
Core Operations for the connectors are defined in the ConnectorService interface. Alternatively, you may also generate this from the ConnectorService.wsdl
The following implementation class show how we can extract information from the request objects that are sent to these operations.
Add Operation
The following code snippet shows how to extract user and related information.
modify Operation
delete Operation