Active Roles 7.5 - Solutions Guide

This section covers the controlsForOutput and control XML elements that your SPML request must include to specify a set of controls to return to the SPML Provider client.

Element name: controlsForOutput

Element description: Specifies a collection of OutControl-type controls to return to SPML client.

Child clements: control

Attributes:

Table 8: Attributes for controlsForOutput
attribute name	attribute description
xmlns	Declares the namespase for all child elements of the controls element. This attribute must be set to quest:ars:SPML:2:0

Element name: control

Element description: Describes a control to return to SPML Provider client with an SPML response.

Parent elements: controlsForOutput

Child elements: None

Attributes:

Table 9: Attributes for control
attribute name	attribute description
name	Specifies the name of the control.

The control elements used to specify controls to return with SPML response must be defined as follows:

Sample SPML request

This section provides a sample SPML request and the SPML response that illustrate how to use Active Roles controls in your SPML requests.

This sample shows how an SPML Provider client can send a request to modify the specified user object. With this request, the client sends the AllowApproval built-in control set to Confirm, and the CustomControl control set to MyCustomValue. The request also contains the controlsForOutput element, which specifies that Active Roles Administration service will return values of the OperationStatus and CustomControl controls in the SPML response.

TIP: For more information about the use of the AllowApproval and OperationStatus controls, refer to the Active Roles SDK.

NOTE: You need to modify the sample SPML request in order to adjust it to your environment. Before using this sample, set the ID attribute of the psoID element to the distinguished name of the user account you want to modify.

SPML request

<?xml version="1.0"?>

<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

<soap:Body>

<spml:modifyRequest xmlns:spml="urn:oasis:names:tc:SPML:2:0">

<control name="AllowApproval">Confirm</control>

<control name="CustomControl">MyCustomValue</control>

</controls>

</controlsForOutput>
<spml:psoID ID="CN=JDOE,OU=Users,DC=mycompany,DC=com"/>

<spml:modification>
<modification name="description" operation="replace" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value>New description</value>

</modification>

</spml:modification>

</spml:modifyRequest>

</soap:Body>

</soap:Envelope>

SPML response

<?xml version="1.0" encoding="UTF-16"?>

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">

<soap:Body>

<control name="OperationStatus">Completed</control>

<control name="CustomControl">ReturnedValue</control>

</controls>

<pso>

<data>

<value xsi:type="xsd:string">Admin1</value>

</attr>

<value xsi:type="xsd:string">person</value>

<value xsi:type="xsd:string">organizationalPerson</value>

</attr>

<value xsi:type="xsd:string">CN=Person,CN=Schema,CN=Configuration,DC=dom,DC=lab,DC=local</value>

</attr>

<value xsi:type="xsd:base64Binary">Aodvua6TAE+Ja9O3vnRntg==</value>

</attr>

<value xsi:type="xsd:string">New description</value>

</attr>

</data>

</pso>

</modifyResponse>

</soap:Body>

</soap:Envelope>

Supported Azure Features

Active Roles 7.4 SPML Provider supports Azure user, group, and contact creation.

NOTE: You must complete Azure AD configuration, before using SPML for user, group, and contact creation in Azure AD. For more information, see Azure AD and Office 365 Management Administrator Guide.

Sample SPML request for Azure user, group, and contact creation

Sample SPML request for Azure User Creation

<?xml version="1.0"?>

<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

<soap:Body>

<data>

<value>AzureUser</value>

</attr>

<value>Azure test user</value>

</attr>

<value>AzureUser</value>

</attr>

</attr>

<value>AzureUser@ARStestdev.onmicrosoft.com</value>

</attr>

</attr>

</attr>

<value>FALSE</value>

</attr>

<value>AzureUser@ARStestdev.onmicrosoft.com</value>

</attr>

</attr>

<value>AzureUser@ARStestdev.onmicrosoft.com</value>

</attr>

</attr>

<value>AzureUser</value>

</attr>

</data>

</addRequest>

</soap:Body>

</soap:Envelope>

Sample SPML request for Azure Group Creation.

<?xml version="1.0"?>

<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

<soap:Body>

<data>

<value>group</value>

</attr>

<value>My test group</value>

</attr>

<value>false</value>

</attr>

<value> GroupName@company.com</value>

</attr>

<value> GroupName</value>

</attr>

</attr>

<value> GroupName</value>

</attr>

<value>false</value>

</attr>

</attr>

</data>

</addRequest>

</soap:Body>

</soap:Envelope>

Sample SPML request for Azure Contact Creation

<?xml version="1.0"?>

<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

<soap:Body>

<data>

<value>AzureContact</value>

</attr>

<value>AzureContact</value>

</attr>

<value>Contact</value>

</attr>

</attr>

<value>AzureContact@test.com</value>

</attr>

</data>

</addRequest>

</soap:Body>

</soap:Envelope>

Supported operations

SPML Provider implements the SPML v2 core protocol and supports core operations that are required for conformance to the official SPML v2 specification. The following table lists the core operations supported by SPML Provider.

Table 10: Core operations supported by SPML Provider
Operation	Description
listTargets	Lists targets available for provisioning through SPML Provider and the SPML Provider's supported set of capabilities for targets.
add	Creates a new object on the target.
modify	Changes the specified object on the target.
lookup	Obtains the XML that represents the specified object on the target.
delete	Removes the specified object from the target.

In addition to core operations required for conformance to the SPML v2 specification, SPML Provider supports a set of optional operations (Capabilities) that are functionally related. The following tables list the Capabilities supported by SPML Provider.

Search capability

Table 11: Capabilities supported by SPML Provider
Operation	Description
search	Obtains every object that matches the specified query.
iterate	Obtains the next set of objects from the result set selected for a search operation.
closeIterator	Informs SPML Provider that the client no longer intends to iterate the search result.

Suspend capability

Table 12: Suspend capability
Operation	Description
suspend	Disables/deprovisions the specified object on the target.
resume	Re-enables the specified object on the target.
active	Checks whether the specified object on the target has been suspended.

Password Capability

Table 13: Password capability
Operation	Description
setPassword	Specifies a new password for a user account.
expirePassword	Marks as invalid the current password for a user account.

For detailed information on the SPML v2 operations, refer to the “Operations” section in the official SPML v2 specification, available for download at http://www.oasis-open.org/specs/index.php#spmlv2.0.

Samples of use

SPML Provider implements the SPML v2 core protocol and supports the DSML v2 Profile for SPML operations. SPML Provider comes with a sample client that includes examples illustrating how to construct SOAP messages that contain SPML payloads to perform common directory operations.

To work with the examples in the SPML Provider sample client

From the Start menu on the computer on which SPML Provider is installed, select Active Roles SPML Provider to open the home page of the sample client in your Web browser.
On the Samples of Use home page, under How do I, click the example you want to examine.

For instance, you might click Create new user to view, modify, and perform the SPML v2 request that creates a user object.

On the page that opens, in the SPMLv2 request box, view the SOAP message that will be sent to SPML Provider.

You may need to modify the SOAP message in order to adjust it to your environment. Thus, with the Create new user example, you have to set the ID attribute of the <ContainerID> element to the distinguished name (DN) of the container where you want to create a new user.

Click the Send Request button to send the SOAP message to SPML Provider.
In the SPMLv2 response box, view the SOAP message returned by SPML Provider in response to your request.
To examine another example, return to the home page, and then click the desired example.

Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación

Seleccione su producto:

Con el fin de ofrecerle un mejor servicio, complete el campo Motivo del chat:

Soluciones recomendadas para su problema

Active Roles 7.5 - Solutions Guide

Specifying controls to return to the SPML Provider client

Sample SPML request

SPML request

SPML response

Supported Azure Features

Sample SPML request for Azure user, group, and contact creation

Supported operations

Samples of use