Child pages
  • Configuring Connection to Custom Applications Using the Application Tables Connector since v3.3.2
Skip to end of metadata
Go to start of metadata


Enterprises often have custom applications that have been developed. These applications often have their own user repositories and custom-developed relational database structures to capture user and security information. The Application Tables Connector allows you to provision user information to these custom tables.

The Application Tables connector is a webservice-based connector and is deployed as a part of the standard install of the OpenIAM Identity Manager.

The following section will describe how to configure the Application Tables connector and to make all related configurations.



Step 1: Configuring the Connector

The Application Tables connector is a webservice-based connector and is deployed as a part of the standard install of the OpenIAM Identity Manager.

To configure the Connector, select Provisioning → Connectors → select a Connector. Refer to Viewing and Editing Provisioning Connectors.

You can develop a custom Connector. Refer to Adding a New Connector, Developing Connectors.

 

Field NameField DescriptionExample Value
Connector NameThis is the unique identifier of the Connector, helping the User to identify it.AppTableConnector
Communication ProtocolSelect "CLEAR" if not SSL.Clear
Connector Interface TypeCan be Local or Remote. Local Connector is an embedded service.Local
Service URLThe URL of the ESB on which the connector resides. The context path (openiam-esb) is the path to the ESB. The rest of the URL is static.localhost:9080/openiam-esb/idmsrvc/ApplicationTablesConnector

On the Connector details screen you can ensure that the Connector has been registered correctly:


Step 2: Configuring the Managed System

The "Managed System" screen allows the administrator to enter the connection string and to assign the Managed System to the Connector. The connection information is used to tell the Application Table Connector how to connect to the database. Remember, we are provisioning to the database that contains our example table.

To configure the properties of the Managed System, select Provisioning → Managed System → "Edit" icon. Refer to Viewing and Editing Managed Systems.

To add a new Managed System, select Provisioning → Managed System → Create Managed System. Refer to Adding a Managed System.

FieldField DescriptionExample Value
Linked Resource AppTableMSys
Managed System Resource NameEnter any value that will help you identify this connection.AppTableMSys
StatusSet to "Active" to enable this connection.ACTIVE
ConnectorSet to the Connector created in Step 1.AppTableConnector
Connection StringSpecify the connection string where MY_CUSTOM_APPLICATION is a name of schema.jdbc:mysql://localhost:3306/MY_CUSTOM_APPLICATION
Communication ProtocolSet to "CLEAR" unless a certificate has been installed to enable secure communication with your application.CLEAR
Login IDEnter the ID that the Connector will use to connect to your custom application to create and delete users.root
PasswordEnter the password for the login ID entered above. OpenIAM will store this information in encrypted form in its database. 
JDBC Driver URLEnter the URL toaccess the software component enabling OpenIAM to interact with your database.com.mysql.jdbc.Driver

Skip Group Provision

 

UNCHECKED

Once you have defined connection information, you should validate it. Click on the "Test Connection" button to ensure that this is correct. See Testing the Managed Systems Connection.


Step 3: Configuring the Policy Maps

This section describes how to map attributes in OpenIAM to the columns in your database table. The Policy Map allows you to do this. In the example bellow, the "Attribute Name" column lists the columns in our table.

Important

The attribute names should be the same as the column names.

Indicate the type of Attribute that we are working with: String, Date, Integer. It can be selected in the "Data Type" column.

Tip

For the Application Tables connector, its important to mark the "OBJECT TYPE" column as "PASSWORD" for the password column in your table. If you do not, then the password reset and the change password operations will fail.

To configure the Policy Map, go to Provisioning → Managed System → "Edit" icon → Policy Map. For instructions refer to Defining Policy Maps.

The following screen-shot shows the Policy Map configuration.

Example schema for MySQL DB for default configuration located in file example.sql


Step 4: Configuring the Resource Attributes

To add a new attribute, go to Access Control → Resource  click "Edit" icon   Create New Attribute. See Managing Resource Attributes.

The attributes to be added are provided in the table below.

Notice

The property names must be the same as the ones used in the example.

Property NameExample Value
USER_TABLEUser table name.
GROUP_TABLEGroup table name.

USER_GROUP_MEMBERSHIP

The table name to keep the user-group memberships.

GROUP_GROUP_MEMBERSHIP

The table name to keep the group-group memberships.

GROUP_GROUP_MEMBERSHIP_GRP_ID

Name of column for parent group ID in group to group membership table

GROUP_GROUP_MEMBERSHIP_GRP_CHLD_ID

Name of column for child group ID in group to group membership table

GROUP_TO_GROUP_PK_COLUMN_NAME

Name of column for primary key (optional) in group to group membership table.

Remove attribute if not needed

USER_GROUP_MEMBERSHIP_GRP_ID

Name of column for group ID in user to group membership table

USER_GROUP_MEMBERSHIP_USR_ID

Name of column for user ID in user to group membership table

USER_TO_GROUP_PK_COLUMN_NAME

Name of column for primary key (optional) in group to group membership table.

Remove attribute if not needed

INCLUDE_IN_PASSWORD_SYNC

Enable password synchronization?

Values (Y – yes and N - no)

PRINCIPAL_PASSWORD

Name of column (the same as on PolicyMap page) for password in User table.

Must be filled if INCLUDE_IN_PASSWORD_SYNC = Y

INCLUDE_IN_STATUS_SYNC

Enable status synchronization?

USER_STATUS_FIELD

Name of column (the same as on PolicyMap page) for status in User table.

Must be filled if INCLUDE_IN_STATUS_SYNC = Y

USER_STATUS_ACTIVE

the value of ACTIVE status. Must be filled if INCLUDE_IN_STATUS_SYNC = Y

USER_STATUS_INACTIVE

the value of INACTIVE status. Must be filled if INCLUDE_IN_STATUS_SYNC = Y


Step 5: Assigning the Resource to Roles

Once the columns have been defined, this Resource should be linked to a Role. This will determine, based on the Role, what Users should be provisioned into your custom application.

Go to Access Control → Role → Select a Role → Role Entitlements → Entitled to Resources.

Alternatively, go to Access Control → Resource → Select a Resource → Entitlements → Entitled Roles.

Read more in Managing Resource Entitlements.

 

 

 

  • No labels