Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Identity Manager 8.2.1 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Customizing the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Mapping processes in One Identity Manager Setting up Job servers
The One Identity Manager Service functionality Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager
Visual Basic .NET scripts usage Notes on message output Notes on using date values Tips for using Windows PowerShell scripts Using dollar ($) notation Using base objects Calling functions Pre-scripts for use in processes and process steps Using session services Using #LD-notation Script library Support for processing scripts in the Script Editor Creating and editing scripts in the Script Editor Copying scripts in the Script Editor Testing scripts in the Script Editor Testing script compilation in the Script Editor Overriding scripts Permissions for running scripts Editing and testing script code with the System Debugger Extended debugging in the Object Browser
One Identity Manager query language Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration One Identity Manager as SCIM 2.0 service provider SOAP Web Service One Identity Manager as SPML provisioning service provider Processing DBQueue tasks One Identity Manager Service configuration files

Uninstalling SOAP Web Service

To uninstall a web application

  1. Launch autorun.exe from the root directory of the One Identity Manager installation medium.

  2. On the start page of the installation wizard:

    1. Change to the Installation tab.

    2. In the Web-based components pane, click Install.

    This starts the Web Installer.

  3. On the Web Installer start page, click Uninstall a web application and click Next.

  4. On the Uninstall a web application page, double-click the application that you want to remove.

    The icon is displayed in front of the application.

  5. Click Next.

  6. On the Database connection page, select the database connection and authentication method and enter the corresponding login data.

  7. Click Next.

  8. Confirm the security prompt with Yes.

  9. The uninstall progress is displayed on the Setup is running page.

  10. Once installation is complete, click Next.

  11. On the Wizard complete page, click Finish.

  12. Close the autorun program.

Examples of calls

You will find an overview of the methods supplied under SOAP Web Service . In the following there are some examples of a web service client calls in the programming language C#.

Preparation

Authentication is carried out by means of an authentication string containing an authentication module and the login data to use. You must create an instance of the web service and the object for the login data to log in to the system. The login data is passed to following calls.

Example:

var svc = new Q1IMServiceSoapClient();

var login = new LoginInformation

{ AuthString = "Module=DialogUser;User=viadmin;Password=" };

Table 189: Examples of authentication
Authentication module Example

System users

Module=DialogUser;User=<user name>;Password=<password>

Employee

Module=Person;User=<central user account>;Password=<password>

Active Directory user account (role-based)

Module=RoleBasedADSAccount

Active Directory user account (manual input/role-based)

Module=RoleBasedManualADS;User=<AD user name>;Password=<AD password>

For detailed information about the One Identity Manager authentication modules, see the One Identity Manager Authorization and Authentication Guide.

GetListObject

This method returns an array of objects, which correspond to the given WHERE clause. The returned array contains the object's primary key and a [DISPLAY] special key, which contains the object's display value.

Example:

Q1IMService.KeyValuePair[][] objects = svc.GetListObject(login, "Person",

"FirstName like 'Hal%'");

GetListObjectWithDisplays

This method works in the same way as GetListObject and allows you to enter details of additional columns to be loaded.

Example:

In the example, the FirstName and LastName columns are available.

Q1IMService.KeyValuePair[][] objects = svc.GetListObjectWithDisplays(login, "Person",

"FirstName like 'Hal%'",

new [] {"FirstName", "LastName"});

GetCompleteSingleObject

All the properties of the object that is defined by the primary key are loaded by the method.

Example:

Q1IMService.KeyValuePair[] singleValues = svc.GetCompleteSingleObject(login,

"Person", "UID_Person", "746a5662-054b-4531-a889-1c135dad4c05");

GetSingleObject

Properties of a single object are loaded with this method.

Example:

In the example, the FirstName and LastName columns and the display value are loaded. The display value is given in the [DISPLAY] key.

Q1IMService.KeyValuePair[] values = svc.GetSingleObject(login, "Person",

"UID_Person", "746a5662-054b-4531-a889-1c135dad4c05",

new[] { "FirstName", "LastName" });

ChangeSingleObject

This method changes individual properties of an object.

Example:

In the example, the Description column of the employee with the corresponding UID_Person is modified.

var values = new[]

{

new Q1IMService.KeyValuePair

{

Key = "Description",

Value = "Created by webservice"

}

};

svc.ChangeSingleObject(login, "Person", "UID_Person",

"746a5662-054b-4531-a889-1c135dad4c05", values);

ChangeSingleObjectEx

Modifying an object with this method is done in the same way as with ChangeSingleObject, but here the primary key value is passed as a Key-Value-Pair-Array.

Example:

var values = new[]

{

new Q1IMService.KeyValuePair

{

Key = "Description",

Value = "Created by webservice"

}

};

var keys = new[]

{

new Q1IMService.KeyValuePair

{

Key = "UID_Person",

Value = "746a5662-054b-4531-a889-1c135dad4c05"

}

};

svc.ChangeSingleObjectEx(login, "Person", keys, values);

DeleteSingleObject

This method deletes an object.

Example:

In this example, the employee with the corresponding UID is deleted from the database.

svc.DeleteSingleObject(login, "Person",

"UID_Person", "746a5662-054b-4531-a889-1c135dad4c05");

DeleteSingleObjectEx

Using this method, you can delete objects with a multicolumn primary key (from example, from M:N tables).

Example:

svc.DeleteSingleObjectEx (

login,

"OrgHasApp",

new []

{

new Q1IMService.KeyValuePair { Key = "UID_Org", Value = <UID> },

new Q1IMService.KeyValuePair { Key = "UID_Application", Value = <UID>}

});

CreateSingleObject

A new object is created in the database with this object.

Example:

In this example, the employee "Jon Doe" is created.

var values = new[]

{

new Q1IMService.KeyValuePair {Key = "FirstName", Value = "John"},

new Q1IMService.KeyValuePair {Key = "LastName", Value = "Doe"}

};

svc.CreateSingleObject(login, "Person", values);

Exists

This method checks the existence of an object.

Example:

bool exists = svc.Exists(login, "Person",

"UID_Person", "746a5662-054b-4531-a889-1c135dad4c05");

GetSingleProperty

This method can be implemented to find a single property.

Example:

string description = svc.GetSingleProperty(login, "Person",

"UID_Person", "746a5662-054b-4531-a889-1c135dad4c05",

"Description");

InvokeCustomizer

The SOAP Web Service supports a InvokeCustomizer method, which calls a function for an object in the database. The first three parameters specify the object on which the method is called. The customizerName parameter provides the function name. An array of strings follows which contains the fully qualified name of the parameter data types. These are passed to the calling function. The following array of strings contains textual representation of the parameter.

How the function works

  • First, the database is opened and the object specified by objectType, pkName and pkValue is retrieved.

  • Then the runtime data types specified by parameterTypes are determined.

  • After that, text representations of the parameters are converted from the value array to the corresponding runtime data types.

  • The function is called with these values.

If the function to be called has no parameters, you can transfer the null value to the function for the parameterTypes and parameters parameters.

Example:

In this example, the method "TestMethod" is called for a Person type object with the primary key UID_Person and the given value. In this case, both parameters of System.String and System.Int32 type are transferred with the values "Foo" and "4711".

svc.InvokeCustomizer (login, "Person",

"UID_Person", "0000644F-C139-4B25-8D1C-5ECB93067E79",

"TestMethod",

new [] {"System.String", "System. Int32"},

new [] {"foo", "4711"});

InvokeDialogMethod

The method can call a dialog method on an object. Dialog methods do not have any parameters and no return values. The call is similar to the InvokeCustomizer call.

Example:

In this example, the "TestDialogMethod" method is called for a specific person. "TestDialogMethod" is the name of the corresponding to DialogMethod.MethodName method.

svc.InvokeDialogMethod (login,

"Person",

"UID_Person", "746a5662-054b-4531-a889-1c135dad4c05",

"TestDialogMethod");

FireGenEvent

A specific event is generated by this method. There is the option to enter other generating parameters.

public void FireGenEvent(

string objectType, string pkName, string pkValue,

strincolumng eventName, KeyValuePair[] parameters);

Example:

In this example, the "EXPORT_DATA" event is generated without additional parameters.

svc.FireGenEvent(login, "Person",

"UID_Person", "746a5662-054b-4531-a889-1c135dad4c05",

"EXPORT_DATA", new Q1IMService.KeyValuePair[] { });

CallFunction

This method calls a One Identity Manager script function.

Example:

In the example, the VI_BuildInitials script is called.

svc.CallFunction(login, "VI_BuildInitials",

new string [] {"John", "Doe"});

One Identity Manager as SPML provisioning service provider

One Identity Manager enables data exchange with other vendor systems using SMPL. SPML stands for Service Provisioning Markup Language and defines a standardized interface for exchanging provisioning information. SPML version 2 (SPMLv2) was published in April 2006 by the Organization for the Advancement of Structured Information Standards (OASIS, www.oasis-open.org). The interface provides a means to simplify and standardize data exchange in the context of complex provisioning solutions and environments.

One Identity Manager can be implemented as SPML client or as SPML provider. At this point we shall only go into the One Identity Manager configuration as SPML provider. The SPML Provider supports the entire One Identity Manager schema. The objects and relations to be administrated through the SPML provider can be configured to meet customer requirements.

Detailed information about this topic

SPML web service

A web service called the SPML web service is provided to function as an SPML service provider. SPML web service conforms to SPMLv2 and its implementation is based on the OASIS publication. It makes the main operations such as adding, deleting, and changing objects available as well as extensions for searching and referencing objects.

SPML Web Service supports the following defined SPMLv2 functions:

Table 190: SPMLv2 supported functions
Function Description

listTargetsRequest

Returns the provider target system with its specific schema. The SPML provider supports the One Identity Manager schema exclusively.

addRequest

Adds a new object in the given provider target system with the given properties.

lookupRequest

Returns the properties of an object identified by a key.

modifyRequest

Changes the properties of a key identified object in the given provider target system.

deleteRequest

Deletes a key identified object in the provider target system.

searchRequest

Returns all objects in the provider target system that fulfill the search criterion.

iterateRequest

Returns other data sets from a search assuming not all of search results have been sent to the client.

closeIteratorRequest

Closes an active search and informs the provider that no further results are required.

The Reference extension allows you to maintain references between different objects from the provider’s target system. There are two different types of references for this.

  • Reference type owner

    References of the type owner result in foreign key relations in One Identity Manager.

  • Reference type memberOf

    References of the type memberOf result in many-to-many assignments in One Identity Manager.

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation