Chat now with support
Chat with Support

Identity Manager 8.0 - Configuration Guide

One Identity Manager Software Architecture Working with the Designer Customizing the One Identity Manager Default Configuration Checking Data Consistency Compiling a One Identity Manager Database Working with Change Labels Basic System Configuration Data
One Identity Manager Authentication Module Database Connection Data Configuration Parameters for System Configuration Setting up the Mail Notification System Enabling More Languages for Displaying and Maintaining Data Displaying Country Information Setting Up and Configuring Schedules Password Policies in One Identity Manager Reloading Changes Dynamically TimeTrace Databases Machine Roles and Server Functions Files for Software Update Operating Systems in Use System Configuration Reports Using Predefined Database Queries Managing Custom Database Objects within a Database
The One Identity Manager Data Model Granting One Identity Manager Schema Permissions Working with the User Interface
Object definitions for the User Interface User Interface Navigation Forms for the User Interface Statistics in the One Identity Manager Extending the Launchpad Task Definitions for the User Interface Applications for Configuring the User Interface Icons and Images for Configuring the User Interface Language Dependent Data Representation
Process Orchestration in One Identity Manager
Declaring the Job Server One Identity Manager Service Configuration Handling Processes in the One Identity Manager
Tracking Changes with Process Monitoring Conditional Compilation using Preprocessor Conditions One Identity Manager Scripts Maintaining Mail Templates Reports in the One Identity Manager Custom schema extensions Transporting One Identity Manager Schema Customizations Importing Data Web Service Integration SOAP Web Service One Identity Manager as SPML Provisioning Service Provider Searching for Errors in the One Identity Manager Processing DBQueue Tasks One Identity Manager Configuration Files

Uninstalling the SOAP Web Service

Uninstalling the SOAP Web Service

To uninstall a web application

  1. To uninstall a web application, use the Web Installer.
    1. Execute the program autorun.exe from the root directory on the One Identity Manager installation medium.
    2. Go to the Installation tab and select Web-based components and click Install. This starts the Web Installer.

    - OR -

    1. Start the Web Installer from Start | One Identity | One Identity Manager | Configuration | Web Installer.
  2. Select Uninstall a One Identity Manager web application on the Web Installer start page and click Next.
  3. All installed web applications are displayed on the page, Uninstall a One Identity Manager web application.
    1. Select the web application you want to remove by double-clicking on it.
    2. Select the authentication module in the Authentication method section and authenticate yourself.
    3. Click Next to start uninstalling.
    4. Confirm the security prompt with Yes.
  4. The uninstall progress is displayed on the Setup is running page. After installation is complete, click Next.
  5. Click Finish on the last page to end the program.

Examples of Calls

You will find an overview of supplied methods under SOAP Web Service . In the following there are some examples of a web service client calls in the programming language C#.

Preparation

Authentication is carried out though an authentication string which contains an authentication module and the login data to use. You must create an instance of the web service and the object for the login data to log in to the system. The login data is passed to following calls.

Example:

var svc = new Q1IMServiceSoapClient();

var login = new LoginInformation

{ AuthString = "Module=DialogUser;User=viadmin;Password=" };

Table 340: Examples of Authentication
Authentication Module Example
System user Module=DialogUser;User=<user name>;Password=<password>
Employee Module=Person;User=<central user account>;Password=<password>
Active Directory user account (role based) Module=RoleBasedADSAccount
Active Directory user account (manual input/role based) Module=RoleBasedManualADS;User=<AD user name>;Password=<AD password>

You can find an overview of the authentication module under One Identity Manager Authentication Module.

GetListObject

This method returns an array of objects, which correspond to the given WHERE clause. The returned array contains the object's primary key and a special key, [DISPLAY], which contains the object's display value.

Example:

Q1IMService.KeyValuePair[][] objects = svc.GetListObject(login, "Person",

"FirstName like 'Hal%'");

GetListObjectWithDisplays

This method works in the same way as GetListObject and allows you to enter details of additional columns to be loaded.

Example:

In the example, the columns FirstName and LastName are available.

Q1IMService.KeyValuePair[][] objects = svc.GetListObjectWithDisplays(login, "Person",

"FirstName like 'Hal%'",

new [] {"FirstName", "LastName"});

GetCompleteSingleObject

All the properties of the object, defined through the primary key, are loaded by the method.

Example:

Q1IMService.KeyValuePair[] singleValues = svc.GetCompleteSingleObject(login,

"Person", "UID_Person", "746a5662-054b-4531-a889-1c135dad4c05");

GetSingleObject

Properties of a single object are loaded with this method.

Example:

In the example, the columns FirstName and LastName and the display value are loaded. The display value is given in the key [DISPLAY].

Q1IMService.KeyValuePair[] values = svc.GetSingleObject(login, "Person",

"UID_Person", "746a5662-054b-4531-a889-1c135dad4c05",

new[] { "FirstName", "LastName" });

ChangeSingleObject

This method changes individual properties of an object.

Example:

In the example, the column Description of the employee with the corresponding UID_Person is modified.

var values = new[]

{

new Q1IMService.KeyValuePair

{

Key = "Description",

Value = "Created by webservice"

}

};

svc.ChangeSingleObject(login, "Person", "UID_Person",

"746a5662-054b-4531-a889-1c135dad4c05", values);

ChangeSingleObjectEx

Modifying an object with this method is done in the same way as with ChangeSingleObject, but here the primary key value is passed as a Key-Value-Pair-Array.

Example:

var values = new[]

{

new Q1IMService.KeyValuePair

{

Key = "Description",

Value = "Created by webservice"

}

};

var keys = new[]

{

new Q1IMService.KeyValuePair

{

Key = "UID_Person",

Value = "746a5662-054b-4531-a889-1c135dad4c05"

}

};

svc.ChangeSingleObjectEx(login, "Person", keys, values);

DeleteSingleObject

This method deletes an object.

Example:

In this example, the employee with the corresponding UID is deleted from the database.

svc.DeleteSingleObject(login, "Person",

"UID_Person", "746a5662-054b-4531-a889-1c135dad4c05");

DeleteSingleObjectEx

It is possible to delete objects with multicolumn primary key (as from M:N tables) with this method.

Example:

svc.DeleteSingleObjectEx (

login,

"OrgHasApp",

new []

{

new Q1IMService.KeyValuePair { Key = "UID_Org", Value = <UID> },

new Q1IMService.KeyValuePair { Key = "UID_Application", Value = <UID>}

});

CreateSingleObject

A new object is created in the database with this object.

Example:

In this example, the employee "Jon Doe" is created.

var values = new[]

{

new Q1IMService.KeyValuePair {Key = "FirstName", Value = "John"},

new Q1IMService.KeyValuePair {Key = "LastName", Value = "Doe"}

};

svc.CreateSingleObject(login, "Person", values);

exists

This method checks the existence of an object.

Example:

bool exists = svc.Exists(login, "Person",

"UID_Person", "746a5662-054b-4531-a889-1c135dad4c05");

GetSingleProperty

This method can be implemented to find a single property.

Example:

string description = svc.GetSingleProperty(login, "Person",

"UID_Person", "746a5662-054b-4531-a889-1c135dad4c05",

"Description");

InvokeCustomizer

The SOAP Web Service support a method "InvokeCustomizer", which calls a function for an object in the database. The first three parameters specify the object on which the method is called. The parameter customizerName provides the function name. An array of strings follows which contains the fully qualified name of the parameter data types. These are passed to the calling function. The following array of strings contains textual representation of the parameter.

How the function works

  • First, the database is opened and gets the object specified by objectType, pkName and pkValue.
  • Ten runtime data types, given by parameterTypes are determined.
  • After that, text representations of the parameters are converted from the value array to the corresponding runtime data types.
  • The function is called with these values.

If the calling function does not have any parameter, the function for the parameter "parameterTypes" and "parameter" "null" can be passed.

Example:

In this example, the method "TestMethod" is called for a Person type object with the primary key UID_Person and the given value. In this case, both parameters of type "System.String" and "System.Int32" with the values "Foo" and "4711" are passed.

svc.InvokeCustomizer (login, "Person",

"UID_Person", "0000644F-C139-4B25-8D1C-5ECB93067E79",

"TestMethod",

new [] {"System.String", "System. Int32"},

new [] {"foo", "4711"});

InvokeDialogMethod

The method can call a dialog method on an object. Dialog methods do not have any parameters and no return values. The call is similar to the InvokeCustomizer call.

Example:

In this example, the method "TestDialogMethod" is called for a specific person. "TestDialogMethod" is the name of the method corresponding to DialogMethod.MethodName.

svc.InvokeDialogMethod (login,

"Person",

"UID_Person", "746a5662-054b-4531-a889-1c135dad4c05",

"TestDialogMethod");

FireGenEvent

A specific event is generated by this method. There is the option to enter other generating parameters.

public void FireGenEvent(

string objectType, string pkName, string pkValue,

strincolumng eventName, KeyValuePair[] parameters);

Example:

In this example, the event "EXPORT_DATA" is generated without additional parameters.

svc.FireGenEvent(login, "Person",

"UID_Person", "746a5662-054b-4531-a889-1c135dad4c05",

"EXPORT_DATA", new Q1IMService.KeyValuePair[] { });

CallFunction

This method calls a One Identity Manager script function.

Example:

In the example, the script VI_BuildInitials is called.

svc.CallFunction(login, "VI_BuildInitials",

new string [] {"John", "Doe"});

One Identity Manager as SPML Provisioning Service Provider

One Identity Manager as SPML Provisioning Service Provider

The One Identity Manager enables data exchange with other vendor’s systems using SMPL. SMPL stands for Service Provisioning Markup Language and defines a standardized interface for exchanging provisioning information. SPML version 2 (SPMLv2) was published in April 2006 by the Organization for the Advancement of Structured Information Standards (OASIS, www.oasis-open.org). The interface provides a means to simplify and standardize data exchange in the context of complex provisioning solutions and environments.

The One Identity Manager can be implemented as SPML client or as SPML provider. At this point we shall only go into the One Identity Manager configuration as SPML provider. The SPML Provider supports the entire One Identity Manager schema. The objects and relations to be administrated through the SPML provider can be configured to meet customer requirements.

Detailed information about this topic

SPML Web Service

A web service called the SPML Web Service, is provided for the function of SMPL service provider. SPML Web Service conforms to SPMLv2 and its implementation is based on the OASIS publication. It makes the main operations such as adding, deleting and changing objects available as well as extensions for searching and referencing objects.

SPML Web Service supports the SPMLv2 functions defined in the following:

Table 341: SPMLv2 Supported Functions
Function Description
listTargetsRequest Returns the provider target system with its specific schema. The SPML provider supports the One Identity Manager schema exclusively.
addRequest Adds a new object in the given provider target system with the given properties.
lookupRequest Returns the properties of a object identified by a key.
modifyRequest Changes the properties of a key identified object in the given provider target system.
deleteRequest Deletes a key identified object in the provider target system.
searchRequest Returns all objects in the provider target system that fulfill the search criterion.
iterateRequest Returns other data sets from a search assuming not all of search results have been sent to the client.
closeIteratorRequest Closes an active search and informs the provider that no further results are required.

The extension "reference" makes it possible to maintain references between different provider target system objects. There are two different types of references for this.

  • Reference type "owner"

    References of type "owner" results in One Identity Manager in foreign key relations.

  • Reference type "memberOf"

    Reference of type "memberOf" result in One Identity Manager many-to-many assignments.

Related Documents