Connector Configuration Setup
Overview:
This document is for setting up the connector configuration for any connected target system specific splice.
Prerequisite:
- The Form attributes and their datatype are known to the configurator.
- TargetSystem service account-specific connection detail
- Authentication Type
- There should be a configurations folder present in the same directory where the connector application jar has been deployed/copied
Configuration Directory Structure
/<Deployable Directory>
/<Deployable Directory>/configurations
/<Deployable Directory>/configurations/scim
/<Deployable Directory>/configurations/schemas
Configuration Detail:
Every connector require 2 types of configuration one is scim configuration and schema configuration for a different type of resources.
There is 2 YAML file one for specific to IDHUB connector application and another for splice related configuration.
Resource Configuration:
All resource-specific configuration is kept under directory /<Deployable Directory>/configurations/schemas .
There is a file for each type of resource. For example for resource Account, there will be a file Account.json
Each resource file will have a JSON object with the following attribute
id:
id of the resource in a specific format "urn:sath:params:scim:schemas:core:<compatible version number>:<Resource Name>"
name:
Resource name as string i.e Account
description:
Description of the resource as a string
attributes:
An array of JSON Object for different Resource specific attributes of IDHUB system.
Each object will have 3 attributes
name
as string
type
as string
required
as boolean
meta
This is a JSON object which has 2 attributes. This doesn't need to change until asked by the Service provider on IDHUB new version release.
resourceType
location
schema
Same as id attribute
matching-attributes
This is a list of attribute names which will be used by splice to determine unique resource in the target system.
i.e.
"matching-attributes": [
"username",
"email"
]
attribute-map
This is a mapping of the IDHUB Resource attribute with the TargetSystem Resource corresponding attribute.
"attribute-map": {
"<TargetSystem Attribute Name>": {
"type": "string",
"attribute": "<IDHUB Attribute Name>"
},
......
}
Check the sample below.
scripts
This is a JSON object which holds TargetSystem CRUD operation related scripts if required and the TargetSystem response mapping.
This has the following attributes
insert
List of Insert script as a string
update
List of update script as a string
delete
List of delete script as a string
select
List of select/search script as a string
mappingToExistingToResponse
This is list of JSON object.
Check sample doc for format and reference for setup
configs
This is a json object which hold target system specific config for search resource.This changes for different type of target sytem.
Check sample below for reference.
{
"id": "urn:sath:params:scim:schemas:core:1.0:Account",
"name": "Account",
"description": "User Account",
"schemas": "urn:sath:params:scim:schemas:core:1.0:Account",
"attributes": [
{
"name": "DisplayName",
"type": "string",
"required": true
},
{
"name": "UserLogin",
"type": "string",
"required": true
},
{
"name": "PhoneNumber",
"type": "string",
"required": true
},
{
"name": "email",
"type": "string",
"required": true
},
{
"name": "entitlements",
"type": "array",
"required": true
}
],
"meta": {
"resourceType": "Schema",
"location": "/v2/Schemas/urn:sath:params:scim:schemas:core:1.0:Account"
},
"matching-attributes": [
"uid",
"mail"
],
"attribute-map": {
"givenName": {
"attribute": "DisplayName",
"type": ""
},
"sn": {
"type": "",
"query": ".displayName"
},
"displayName": {
"attribute": "DisplayName"
},
"uid": {
"attribute": "UserLogin"
},
"email": {
"attribute": "email",
"type": "",
"query": "{mail: .emails[].value}"
},
"phone": {
"attribute": "PhoneNumber",
"type": ""
},
"memberOf": {
"attribute": "entitlements",
"type": "array"
},
"modifyTimestamp": {
"attribute": "lastReconTimestamp",
"type": ""
},
"manager": {
"attribute": "manager",
"type": ""
}
},
"scripts": {
"insert": [
"dn: cn=${this.uid},ou=${this.ou},dc=iamsath,dc=com\nobjectClass: top\n#person\nobjectClass: person\nsn: ${scim.givenName}\ncn: ${scim.uid}\ntelephoneNumber: ${scim.phone}\nseeAlsodescription:\n#org person\nobjectClass: organizationalPerson\nx121Address:\nregisteredAddress:\ndestinationIndicator:\npreferredDeliveryMethod:\ntelexNumber:\nteletexTerminalIdentifier:\ninternationaliSDNNumber:\nfacsimileTelephoneNumber:\nphysicalDeliveryOfficeName:\nou: People\n# inet org person\nobjectClass: inetorgperson\naudio:\nbusinessCategory:\ncarLicense:\ndisplayName: ${scim.displayName}\ngivenName: ${scim.givenName}\nhomePhone: ${scim.phone}\ninitials:\nlabeledURI:\nmail: ${scim.email}\no: ${scim.organization}\npager:\nroomNumber:\nsecretary:\nuid: ${scim.uid}"
],
"update": [
"dn: cn=${this.uid},ou=${this.ou},dc=iamsath,dc=com\nobjectClass: top\n#person\nobjectClass: person\nsn: ${scim.givenName}\ncn: ${scim.uid}\ntelephoneNumber: ${scim.phone}\nseeAlsodescription:\n#org person\nobjectClass: organizationalPerson\nx121Address:\nregisteredAddress:\ndestinationIndicator:\npreferredDeliveryMethod:\ntelexNumber:\nteletexTerminalIdentifier:\ninternationaliSDNNumber:\nfacsimileTelephoneNumber:\nphysicalDeliveryOfficeName:\nou: People\n# inet org person\nobjectClass: inetorgperson\naudio:\nbusinessCategory:\ncarLicense:\ndisplayName: ${scim.displayName}\ngivenName: ${scim.givenName}\nhomePhone: ${scim.phone}\ninitials:\nlabeledURI:\nmail: ${scim.email}\no: ${scim.organization}\npager:\nroomNumber:\nsecretary:\nuid: ${scim.uid}"
],
"delete": [],
"select": [],
"mappingToExistingToResponse": [
{
"id": "cn=${ldif.cn}, ou=${ldif.ou}, dc=iamsath, dc=com",
"externalId": "${ldif.dn}",
"UserLogin": "${ldif.uid}",
"givenName": "${ldif.givenName}",
"DisplayName": "${ldif.displayName}",
"email": "${ldif.mail}",
"PhoneNumber": "${ldif.telephoneNumber}",
"manager": "${ldif.manager}",
"lastReconTimestamp": "${ldif.modifyTimestamp}",
"entitlements": "${ldif.memberOf}"
}
]
},
"configs": {
"OBJECT_CLASS_PRESENT": "(objectClass=person)"
}
}
SCIM Configuration
SCIM configuration is the place to define the scope of what connector can support and some metadata related to the connector. This needs to be updated by the service provider.
The ServiceProfiderConfig.json file looks like this.
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"
],
"documentationUri": "https://www.sath.com/idhub/documentation",
"patch": {
"supported": false
},
"bulk": {
"supported": false,
"maxOperations": 0,
"maxPayloadSize": 0
},
"filter": {
"supported": false,
"maxResults": 0
},
"changePassword": {
"supported": false
},
"sort": {
"supported": false
},
"etag": {
"supported": false
},
"authenticationSchemes": [
{
"name": "OAuth Bearer Token",
"description": "Authentication scheme using the OAuth Bearer Token Standard",
"specUri": "http://www.rfc-editor.org/info/rfc6750",
"documentationUri": "no documentation",
"type": "oauthbearertoken",
"primary": true
},
{
"name": "HTTP Basic",
"description": "Authentication scheme using the HTTP Basic Standard",
"specUri": "http://www.rfc-editor.org/info/rfc2617",
"documentationUri": "no documentation",
"type": "httpbasic"
}
],
"meta": {
"location": "scim/v2/ServiceProviderConfig",
"resourceType": "ServiceProviderConfig",
"created": "2019-09-03T00:00:00Z",
"lastModified": "2019-09-03T00:00:00Z",
"version": "W\/\"3694e05e9dff594\""
}
}
Application Configuration:
application.yml
info:
app:
name: Connector API Application
description: IDHUB Connector Application
version: X.X.X
compatible-core-version: X.X
security:
oauth2:
client:
client-id: IDEShim
client-secret: <service auth token>
grant_type: client_credentials
access-token-uri : https://<IDHUB Base URL>/auth/realms/IDHub/protocol/openid-connect/token
management:
endpoints:
web:
exposure:
include: info,health,httptrace
idhub-core:
url: https://<IDHUB Base URL>/api/core
target-system:
name: LDAP Account Manager
server:
port: <Connector Application PORT>
spring:
security:
user:
name: <Service Account ID>
password: <Service Accpunt Password>
splice.yml
The sample given below for LDAP target system
spring:
profile: splice
name: <Splice name>
environment: test
version: <splice-version>
target-system:
name: ldap
host: <hostname/IP>
port: 389
username: cn=Directory Manager
password: <Encrypted password>
searchbase: dc=iamsath,dc=com
-