Using Active Roles SPML Provider
Using Active Roles SPML Provider
To access SPML Provider, use the following URL:
http://<HostName>/ARServerSPML/SPMLProvider.asmx
where the <HostName> stands for the name of the computer where SPML Provider is installed.
NOTE: The SPML Provider Web service is described by a Web Services Description Language (WSDL) file. To obtain a WSDL description of SPML Provider, navigate to http://<HostName>/ARServerSPML/SPMLProvider.asmx?WSDL.
Operation mode
SPML Provider can be configured to operate in:
- Proxy mode In this mode, SPML Provider accesses Active Directory, Azure AD, or AD LDS using the Active Roles proxy service. In proxy mode, SPML Provider extends Active Roles. Because SPML Provider uses open standards such as HTTP, XML, and SOAP, a greater level of interoperability with Active Roles is possible than is available with the Active Roles ADSI Provider.
- Direct access mode In this mode, SPML Provider directly accesses Active Directory, Azure AD, or AD LDS.
In proxy mode, SPML Provider can manage objects in Active Directory domains and AD LDS instances that are registered with Active Roles as managed domains and managed AD LDS instances, respectively. In direct access mode, SPML Provider can manage only objects in the domain or AD LDS instance to which SPML Provider is connected using the configuration setting such as the domain controller or AD LDS server.
|
TIP: To take advantages of the powerful functionality of Active Roles, we recommend that you use proxy mode whenever possible |
Support for Active Roles controls
Active Roles implements special parameters called Active Roles controls (hereafter controls). The controls allow you to customize request processing.
In proxy mode, SPML Provider clients can send controls to the Active Roles Administration Service with an SPML request to perform an administrative operation. The Administration Service can process the controls. On the other hand, the Administration Service can return its own control to the SPML Provider client, and then the client can process that control. The controls a client sends to the Administration Service are referred to as InControls whereas the controls the Administration Service returns to the client are referred to as OutControls.
This section covers the following subjects:
- Sending the InControl-type controls to the Active Roles Administration Service with an SPML request.
- Specifying a set of the OutControl-type controls that the Active Roles Administration Service will return with an SPML response.
For more information about Active Roles controls and for the list of available built-in controls, see Active Roles SDK.
|
IMPORTANT: All elements described in this section must be defined at the beginning of your SPML request. For a sample of use, see later in this document. |
Sending controls to the Active Roles Administration Service
This section covers the controls and control XML elements that your SPML request must include to send controls to the Active Roles Administration Service.
Element name: controls
Element description: Specifies a collection of InControl-type controls to send to Administration Service.
Child elements: control
Attributes:
Table 6: Controls attributes
xmlns |
Declares the namespase for all child elements of the controls element. This attribute must be set to quest:ars:SPML:2:0 |
Element name: control
Element description: Describes a control to send to the Administration Service.
Parent elements: controls
Child elements: None
Attributes:
Table 7: Control attributes
name |
Specifies the name of the control. |
The control value in the control element body must be specified as follows:
<control name=%control name%>%control value%</control>
To send an empty control, use the following syntax:
<control name=%control name% />