Article
Search
Share This
Popular content
Recent comments
User login
Synchronizing Users into Google Apps with IDM
3481
Problem
A Forum reader recently asked:
"I'm looking to use the IDM SOAP driver to synchronize users into Google Applications using Google Provisioning API - as documented here:
http://code.google.com/apis/apps/gdata_provisioning_api_v2.0_reference.html#Authentication
I need to be able to dynamically set the Authorization header in the http request to allow the providing of the auth token as required.
Looking at the SOAP driver docs, I can set a value for this HTTP header in the driver config. But the problem is that the Google-provided auth token is set dynamically - and it expires after 24 hours. Looking further in the SOAP driver docs, I see I can provide HTTP header values for "url", "method" and "soap-action" in the operation-data within each event. Can I also specify other HTTP header values in the operation-data with each event?
I'm planning to use calls to the Google Java classes to dynamically generate the authorization token into a local variable. Then I would write this into the operation-data with each event, so that the HTTP/XML request to Google has all the required headers. Any ideas on this?"
And here's the response from Johann Akerstrom ...
Solution
Recently I finished the last lines of code to a Google Apps Connector. Have a look at http://www.cosmoskey.com/products. It has been submitted to the Google Enterprise Solutions Gallery. It should show up on http://www.google.com/enterprise/gallery/apps/admin.html soon. The Google Enterprise guys are doing weekly runs to generate the solution list.
If you venture down the path of calling the Google apps' provisioning Java code directly, it will fail. That's because the Google Apps provisioning API is based on Java 1.5. Calling Java 1.5 classes from Java 1.4 (IDM's version) will fail with runtime exceptions - Google uses a lot of the new Java 1.5 features in the API. I investigated the option of using some of the tools out there that convert Java 1.5 code/classes to 1.4. This failed miserably, since the Google code uses some java 1.5 internationalization code, which the converters had problems converting.
The options you're left with are either of the following:
1. Follow the RSS/ATOM provisioning method published by Google. In the Connector I've built, this is in fact what I've done. I've built a Java 1.4-compatible provisioning API that is called by a Java driver shim.
2. Build a client/server architecture using RMI, XML-RPC, SOAP or something similar, where you use a lightweight Java 1.4-based client to call a service running Java 1.5.
Related Articles
User Comments
IDM Java Version
Submitted by klasen on 13 December 2007 - 5:43am.
IDM 3.5 uses Java 1.5 - except on Netware. There it is still 1.4.
- Login to post comments
Google Apps Integration Session at BrainShare 2008
Submitted by pmckeith on 21 February 2008 - 5:57am.
TUT179 Google Apps: Using Novell Products to Federate and Control Access in a Hosted Application Environment
The practice of outsourcing through Application Service Providers (ASP) has been growing. The ASP model can offer advantages such as reduced costs and administrative burden, but it can also raise questions about identity and access controls. In this session we will show how Novell Access Manager and Novell Identity Manager address issues such as the following:
- How does an organization manage accounts in a hosted system?
- How can terminated employees be prevented from accessing company data?
- How can new users be provisioned quickly with access to the hosted system?
- Will users need to remember additional credentials in order to log in?
This session will answer these questions by demonstrating the integration of the Google Apps productivity and collaboration suite—a free or low-cost solution for individuals, academic institutions and businesses. We will demonstrate single sign-on between your existing directory (Novell eDirectory, Active Directory or LDAP) and Google Apps using the OASIS SAML (Secure Assertion Markup Language), an open standard language supported by Novell Access Manager. Novell Identity Manager, with the Novell Identity Manager Connector for Google Apps (from CosmosKey), will be used to demonstrate provisioning and deprovisioning of accounts in Google Apps.
- Login to post comments
2