Novell Doc: Identity Manager 3.5.1 Driver for SOAP Implementation Guide

C.1 Driver Configuration

In iManager:

Click Identity Manager > Identity Manager Overview, then click Search to search for the driver set that is associated with the driver.
Browse to the driver, then click the upper right corner of the driver icon.
Click Edit Properties > Driver Configuration.

In Designer:

Open a project in the Modeler, then right-click the driver line and click Properties > Driver Configuration.

There are different sections under Driver Configuration. In this document, each section is listed in a table. The table contains a description of the fields, and the default value or an example of the value that should be specified in the field.

C.1.1 Driver Module

The driver module changes the driver from running locally to running remotely or the reverse.

In iManager:

Click Identity Manager > Identity Manager Overview, then click Search to search for the driver set that is associated with the driver.
Browse to the driver, then click the upper right corner of the driver icon.
Click Edit Properties > Driver Configuration > Driver Module.

See Table C-1 for a list of the driver module options.

In Designer:

Open a project in the Modeler, then right-click the driver line and select Properties > Driver Configuration.
Select the Driver Module tab.

See Table C-1 for a list of the driver module options.

Table C-1 Driver Module Options

Option	Description
Java	Used to specify the name of the Java class that is instantiated for the shim component of the driver. This class can be located in the classes directory as a class file, or in the lib directory as a .jar file. If this option is selected, the driver is running locally.
Native	Used to specify the name of the .dll file that is instantiated for the application shim component of the driver. If this option is selected, the driver is running locally.
Connect to Remote Loader	Used when the driver is connecting remotely to the connected system.
Remote Loader Client Configuration for Documentation	Includes the Remote Loader client configuration information in the driver documentation that is generated by Designer.

C.1.2 Driver Object Password

In iManager:

Click Identity Manager > Identity Manager Overview, then click Search to search for the driver set that is associated with the driver.
Browse to the driver, then click the upper right corner of the driver icon.
Click Edit Properties > Driver Configuration > Driver Object Password > Set Password.

See Table C-2 for more information.

In Designer:

Open a project in the Modeler, then right-click the driver line and click Properties > Driver Configuration.
Click Driver Module > Connect to Remote Loader > Driver Object Password > Set Password.

See Table C-2 for more information.

Table C-2 Driver Object Password

Option	Description
Driver Object Password	Use this option to set a password for the driver object. If you are using the Remote Loader, you must enter a password on this page or the remote driver does not run. This password is used by the Remote Loader to authenticate itself to the remote driver shim.

C.1.3 Authentication

The authentication section stores the information required to authenticate to the connected system.

In iManager:

Click Identity Manager > Identity Manager Overview, then click Search to search for the driver set that is associated with the driver.
Browse to the driver, then click the upper right corner of the driver icon.
Click Edit Properties > Driver Configuration > Authentication.

See Table C-3 for a list of the authentication options.

In Designer:

Open a project in the Modeler, then right-click the driver line and select Properties > Driver Configuration.
Click Authentication.

See Table C-3 for a list of the authentication options.

Table C-3 Authentication Options

Option	Description
Authentication ID or User ID	Specify a user application ID. This ID is used to pass Identity Vault subscription information to the application. Example: Administrator
Authentication Context or Connection Information	Specify the IP address or name of the server the application shim should communicate with.
Remote Loader Connection Parameters or Host name Port KMO Other parameters	Used only if the driver is connecting to the application through the Remote Loader. The parameter to enter is hostname=xxx.xxx.xxx.xxx port=xxxx kmo=certificatename, when the host name is the IP address of the application server running the Remote Loader server and the port is the port the Remote Loader is listening on. The default port for the Remote Loader is 8090. The kmo entry is optional. It is only used when there is an SSL connection between the Remote Loader and the Metadirectory engine. Example: hostname=10.0.0.1 port=8090 kmo=IDMCertificate
Driver Cache Limit (kilobytes) or Cache limit (KB)	Specify the maximum event cache file size (in KB). If it is set to zero, the file size is unlimited. Click Unlimited to set the file size to unlimited in Designer.
Application Password or Set Password	Specify the password for the user object listed in the Authentication ID field.
Remote Loader Password or Set Password	Used only if the driver is connecting to the application through the Remote Loader. The password is used to control access to the Remote Loader instance. It must be the same password specified during the configuration of the Remote Loader on the connected system.

Option

Description

Authentication ID

User ID

Specify a user application ID. This ID is used to pass Identity Vault subscription information to the application.

Example: Administrator

Authentication Context

Connection Information

Specify the IP address or name of the server the application shim should communicate with.

Remote Loader Connection Parameters

Host name

Port

KMO

Other parameters

Used only if the driver is connecting to the application through the Remote Loader. The parameter to enter is hostname=xxx.xxx.xxx.xxx port=xxxx kmo=certificatename, when the host name is the IP address of the application server running the Remote Loader server and the port is the port the Remote Loader is listening on. The default port for the Remote Loader is 8090.

The kmo entry is optional. It is only used when there is an SSL connection between the Remote Loader and the Metadirectory engine.

Example: hostname=10.0.0.1 port=8090 kmo=IDMCertificate

Driver Cache Limit (kilobytes)

Cache limit (KB)

Specify the maximum event cache file size (in KB). If it is set to zero, the file size is unlimited.

Click Unlimited to set the file size to unlimited in Designer.

Application Password

Set Password

Specify the password for the user object listed in the Authentication ID field.

Remote Loader Password

Set Password

Used only if the driver is connecting to the application through the Remote Loader. The password is used to control access to the Remote Loader instance. It must be the same password specified during the configuration of the Remote Loader on the connected system.

C.1.4 Startup Option

The Startup Option allows you to set the driver state when the Identity Manager server is started.

In iManager:

Click Identity Manager > Identity Manager Overview, then click Search to search for the driver set that is associated with the driver.
Browse to the driver, then click the upper right corner of the driver icon.
Click Edit Properties > Driver Configuration > Startup Option.

See Table C-4 for a list of the startup options.

In Designer:

Open a project in the Modeler, then right-click the driver line and select Properties > Driver Configuration.
Click Startup Option.

See Table C-4 for a list of the startup options.

Table C-4 Startup Options

Option	Description
Auto start	The driver starts every time the Identity Manager server is started.
Manual	The driver does not start when the Identity Manager server is started. The driver must be started through Designer or iManager.
Disabled	The driver has a cache file that stores all of the events. When the driver is set to Disabled, this file is deleted and no new events are stored in the file until the driver state is changed to Manual or Auto Start.
Do not automatically synchronize the driver	This option only applies if the driver is deployed and was previously disabled. If this is not selected, the driver re-synchronizes the next time it is started.

C.1.5 Driver Parameters

In iManager:

Click Identity Manager > Identity Manager Overview, then click Search to search for the driver set that is associated with the driver.
Browse to the driver, then click the upper right corner of the driver icon.
Click Edit Properties > Driver Configuration > Driver Parameters.

See Table C-5 for a list of the driver parameters.

In Designer:

Open a project in the Modeler, then right-click the driver line and select Properties > Driver Configuration.
Click Driver Parameters.

See Table C-5 for a list of the driver parameters.

Table C-5 Driver Parameters

Parameter	Description
Driver Settings
<nds>, <input>, <output> Element Handling	Specify Remove/add elements if you want the driver shim to remove and add the required XML elements <nds>, <input>, and <output>. The required elements are removed from XML documents sent to the application and are added to XML documents received from the application before presenting the document to the Metadirectory engine. Otherwise, specify Pass elements through to turn off this element handling.
Custom Java Extensions	Select Show if you have developed custom Java classes to extend the driver shim’s functionality. Otherwise, select Hide. For more information, see Section A.0, Using Java Extensions.
Document Handling	Select Implemented if you have developed a custom Java class to process data as XML documents.
Byte array handling	Select Implemented if you have developed a custom Java class to process data as a byte array.
Subscriber Transport Layer Replacement	Select Implemented if you have developed a custom Java class to replace the default HTTP transport layer for the Subscriber channel.
Publisher Transport Layer Replacement	Select Implemented if you have developed a custom Java class to replace the default HTTP transport layer for the Publisher channel.
Schema	Select Implemented if you have developed a custom Java class to provide the application schema to the driver.
Subscriber Setting
URL of the Remote DSML Server	Specify the URL of the remote server and the port number that the server listens on. The URL should begin with http:// unless you have configured SSL settings, in which case it should begin with https:// and use a DNS hostname rather than an IP address.
(Conditional) Authentication ID	If the remote server requires an authentication ID, specify the ID in the field. Otherwise, leave the field empty.
(Conditional) Authentication Password and Re-Enter Authentication Password	Specify the authentication password for the remote server if you specified an Authentication ID above. Otherwise, leave the field empty.
Remove Existing Password	Click the box to remove the existing password. Then specify the new password in the Authentication Password and Re-Enter Authentication Password fields. You cannot change the password without selecting the box.
Truststore File	Specify the name and path of the keystore file containing the trusted certificates used when the remote server is configured to provide server authentication. For example: c:\security\truststore. Leave this field empty when server authentication is not used.
Set mutual authentication parameters	Specify Show to set mutual authentication information. Specify Hide to not use mutual authentication.
Proxy Host and Port	Specify the host address and the host port when a proxy host and port are used. For example: 192.10.1.3:18180. Or, if a proxy host and port are not used, leave this field empty.
Handle HTTP session cookies	Some HTTP applications set cookies and expect them to be present on future requests. Select Handle Cookies if you want the driver to keep track of session cookies. Cookies are only kept until the driver is stopped.
Process empty subscriber documents	Indicates whether or not the Subscriber channel should send the empty documents to the target application. Documents could be empty if the policy or the style sheets strip the XML without vetoing the command.
Customize HTTP Request Header Fields	Select Show to enable customized header fields or select Hide to disable the feature. Each of the following fields is conditional, depending on if you select User or Ignore. Authorization: If you select Use, specify the key and value in the appropriate fields. This header is automatically used if you enter an authentication ID and password in the Subscriber Settings. Context Type: If you select Use, specify the key and value in the appropriate fields. SOAPAction: If you select Use, specify the key and value in the appropriate fields. Optional Request Header: If you select Use, specify the key and value in the appropriate fields. You can specify up to three optional request headers.
Publisher Settings
Listening IP address and port	Specify the IP address of the server where the SOAP driver is installed and the port number that this driver listens on. If you imported a sample configuration file, this field contains the IP address and port that you specified in the wizard.
(Conditional) Authentication ID	Specify the Authentication ID of the remote server to validate incoming requests. If the remote server does not send an Authentication ID, leave this field empty. If you imported a sample configuration file, this field contains the IP address and port that you specified in the wizard.
(Conditional) Authentication Password and Re-Enter Authentication Password	Specify the authentication password of the remote server to validate incoming requests if you entered an Authentication ID above. Otherwise, leave these fields empty.
Remove existing password	Click the box to remove the existing password, then specify the new password in the Authentication Password and Re-Enter Authentication Password fields. You cannot change the password without selecting the box.
KMO name	Specify the KMO name to be used in eDirectory. When the server is configured to accept HTTPS connections, this name becomes the KMO name in eDirectory. The KMO name is the name before the “-” (dash) in the RDN. Leave this field empty when a keystore file (see Keystore file below) is used or when HTTPS connections are not used.
Keystore file	Specify the keystore name and path to the keystore file. This file is used when the server is configured to accept HTTPS connections. Leave this field empty when a KMO name is used (see KMO name above) or when HTTPS connections are not used.
Keystore password	Specify the keystore file password used with the keystore file specified above when this server is configured to accept HTTPS connections. Leave this field empty when a KMO name is used or when HTTPS connections are not used.
Server key alias	Specify a Server key alias when this server is configured to accept HTTPS connections. Leave this field empty when a KMO name is used or when HTTPS connections are not used.
Server key password	When this server is configured to accept HTTPS connections, this is the key alias password (not the keystore password). Leave this field empty when a KMO name is used (see above) or when HTTPS connections are not used.
Require mutual authentication	When using SSL, it is common to do only server authentication. However, if you want to force both client and server to present certificates during the handshake process, you should require mutual authentication.
Heartbeat Interval in Seconds	Specify the heartbeat interval in seconds. Leave this field empty to turn off the heartbeat. For more information about the heartbeat, see Section 7.8, Adding a Driver Heartbeat.