SPML Provider implements the SPML v2 core protocol and supports core operations that are required for conformance to the official SPML v2 specification. The following table lists the core operations supported by SPML Provider.
Operation |
Description |
listTargets |
Lists targets available for provisioning through SPML Provider and the SPML Provider's supported set of capabilities for targets. |
add |
Creates a new object on the target. |
modify |
Changes the specified object on the target. |
lookup |
Obtains the XML that represents the specified object on the target. |
delete |
Removes the specified object from the target. |
In addition to core operations required for conformance to the SPML v2 specification, SPML Provider supports a set of optional operations (Capabilities) that are functionally related. The following tables list the Capabilities supported by SPML Provider.
Search capability
Operation |
Description |
search |
Obtains every object that matches the specified query. |
iterate |
Obtains the next set of objects from the result set selected for a search operation. |
closeIterator |
Informs SPML Provider that the client no longer intends to iterate the search result. |
Suspend capability
Operation |
Description |
suspend |
Disables/deprovisions the specified object on the target. |
resume |
Re-enables the specified object on the target. |
active |
Checks whether the specified object on the target has been suspended. |
Password Capability
Operation |
Description |
setPassword |
Specifies a new password for a user account. |
expirePassword |
Marks as invalid the current password for a user account. |
For detailed information on the SPML v2 operations, refer to the “Operations” section in the official SPML v2 specification, available for download at http://www.oasis-open.org/specs/index.php#spmlv2.0.
SPML Provider implements the SPML v2 core protocol and supports the DSML v2 Profile for SPML operations. SPML Provider comes with a sample client that includes examples illustrating how to construct SOAP messages that contain SPML payloads to perform common directory operations.
To work with the examples in the SPML Provider sample client
For instance, you might click Create new user to view, modify, and perform the SPML v2 request that creates a user object.
You may need to modify the SOAP message in order to adjust it to your environment. Thus, with the Create new user example, you have to set the ID attribute of the <ContainerID> element to the distinguished name (DN) of the container where you want to create a new user.
Support for configuration options enables administrators to set the SPML Provider sample client configuration in order to test the SPML Provider functionality under actual conditions. Administrators can, for example, specify the desired settings for the sample container object (OU) that will be used in sample SPML v.2 operations.
The configuration settings of the SPML Provider sample client can be found in the sample.config file located in the Samples sub-folder of the SPML Provider installation folder.
The sample.config file contains data in the XML format. You can open and edit the configuration file with a common text editor such as Notepad. The default configuration settings in the sample.config file look as follows:
<samples>
<server>localhost</server>
<url>ARServerSPML/spmlprovider.asmx</url>
<sampleContainerName>OU=MyOU,DC=Company,DC=com</sampleContainerName>
</samples>
The following table provides reference information for XML elements used in the sample.config. file.
Element |
Parent element |
Description |
server |
samples |
Specifies the name of the computer running SPML Provider. |
url |
samples |
Specifies Web address of SPML Provider. The default address is ARServerSPML/spmlprovider.asmx. |
sampleContainerName |
samples |
Specifies the distinguished name of the container (OU) used in the sample SPML v.2 requests. |
The following table lists all examples included in the Core Operation samples.
Operation |
Description |
---|---|
List targets available for provisioning with SPML Provider |
This example illustrates how to retrieve the targets available for provisioning with SPML Provider. To do this, SPML Provider performs the listTargets operation. The request message includes the following XML elements:
The response lists the supported targets, including the schema definitions for each target and the set of capabilities that SPML Provider supports for each target. The contents of the <listTargetsResponse> element conform to the OASIS SPML v2 specification. |
Create new user Create new user (using direct access mode) |
These examples illustrate how to create a user account object in two operation modes. To create a new object, SPML Provider performs the add operation. The request message includes the following XML elements:
The operation response indicates whether the user account is successfully created. Note that in direct access mode, to provision a user account, you should complete the following steps:
|
Create new user (approval aware) |
This example illustrates how to create a user account if this operation is subject to approval by designated approvers. For more information about approval activities and workflows, refer to Active Roles Help and Active Roles SDK. If the creation of user is subject to approval, to perform the operation, your SPML request must contain the AllowApproval built-in control. For information about how to use controls in SPML requests, see Support for Active Roles controls earlier in this document. To create a new object, SPML Provider performs the add operation. The request message includes the following XML elements:
The operation response contains the OperationStatus control value that indicates the creation operation status. For example, if the user creation operation is subject to approval, the OperationStatus control returns the Pending value. In this case, the operation is waiting for approval by designated approvers. For more information about possible values of the OperationStatus control, see Active Roles SDK. |
Create a user whose logon name is not in compliance with Active Roles policies |
This example illustrates an attempt to create a new user account whose logon name does not conform to the Active Roles policies. Because the user logon name does not conform to the Active Roles policies, the creation operation fails and the operation response includes an error message returned by Active Roles. For example, an attempt to set the sAMAccountName attribute to a string of more than 20 characters causes the user creation operation to fail, with the response containing a message that provides some details on the error condition. |
Create new group |
This example illustrates how to create the group object SPMLGroup in the mycompany.com domain. To create a new object, SPML Provider performs the add operation. The request message includes the following XML elements:
|
Modify user attributes |
This example illustrates how to modify the description attribute of the John Smith user object in the mycompany.com domain. To modify the object attribute, SPML Provider performs the modify operation. The request message includes the following XML elements:
|
Add user to group |
This example illustrates how to add the John Smith user account to the SPMLGroup group object in the mycompany.com domain. To do this, SPML Provider preforms the modify operation.
|
Look up user attributes |
This example illustrates how to get the XML representation of the John Smith user in the mycompany.com domain. To get the XML representation of an object, SPML Provider performs the lookup operation. The request message includes the following XML elements:
The response contains the object identifier, the XML representation of the object and its attributes, and information about SPML Provider capabilities that are supported on the object (the capability-specific data that is associated with the object). |
Delete user |
This example illustrates how to delete the John Smith user account. To do this, SPML Provider performs the delete operation. The request message includes the following XML elements:
|
Delete group |
This example illustrates how to delete the SPMLGroup group object in the mycompany.com domain. To do this, SPML Provider performs the delete operation. The request message includes the following XML elements:
|
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy