Novell Doc: Identity Manager 3.5.1 Driver for SOAP Implementation Guide - Creating a Driver Object by Using a Driver Configuration File

4.1 Creating a Driver Object by Using a Driver Configuration File

The SOAP driver comes with two configuration files that can be used to create a Driver object:

SOAP-SPML-IDM3_5_0-V1.xml: The Service Provisioning Markup Language (SPML) configuration file
SOAP-DSML-IDM3_5_0-V1.xml: The Directory Services Markup Language (DSML) configuration file

For more information about the sample files, see Section 4.3, Understanding the SPML Configuration and Section 4.2, Understanding the DSML Configuration.

4.1.1 Importing the Driver Configuration File in Designer

Designer allows you to import the driver configuration files for the SOAP driver. These files create and configure the objects and policies needed to make the driver work properly. The following instructions explain how to create the driver and import the driver’s configuration.

There are many different ways of importing the driver configuration file. This procedure only documents one way.

Open a project in Designer. In the Modeler, right-click the Driver Set object, then select New > Driver.
From the drop-down list, select SOAP DSML or SOAP SPML, then click Run.
Configure the driver by filling in the fields. Specify information specific to your environment. For information on the settings, see Table 4-1 and Table 4-2.
After specifying parameters, click Finish to import the driver.
After the driver is imported, customize and test the driver.
After the driver is fully tested, deploy the driver into the Identity Vault. See Deploying a Driver to an Identity Vault in Designer 2.1 for Identity Manager 3.5.1 .

4.1.2 Importing the Driver Configuration File in iManager

The SOAP preconfiguration files are an example configuration file. You installed this file when you installed the Identity Manager Web components on an iManager server. Think of the preconfiguration file as a template that you import and customize or configure for your environment.

In iManager, select Identity Manager Utilities > Import Drivers.
Select a driver set, then click Next.

If you place this driver in a new driver set, you must specify a driver set name, context, and associated server.
Select how you want the driver configurations sorted:
- All configurations
- Identity Manager 3.5 configurations
- Identity Manager 3.0 configurations
- Configurations not associated with an IDM version
Select SOAP DSML or SOAP SPML, then click Next.
Configure the driver by filling in the configuration parameters, then click Next. For information on the settings, see Table 4-1 and Table 4-2.
Define security equivalences using a user object that has the rights that the driver needs to have on the server

The Admin user object is most often used for this task. However, you might want to create a DriversUser (for example) and assign security equivalence to that user. Whatever rights that the driver needs to have on the server, the DriversUser object must have the same security rights.
Identify all objects that represent administrative roles and exclude them from replication.

Exclude the security-equivalence object (for example, DriversUser) that you specified in Step 6. If you delete the security-equivalence object, you have removed the rights from the driver. Therefore, the driver can’t make changes to Identity Manager.
Click Finish.
Configure additional settings for the driver.

For more information, see Configuring the Driver.

4.1.3 Configuration Parameters

The following table explains the parameters you must provide during initial driver configuration.

NOTE:The parameters are presented on multiple screens and some parameters are only displayed if the answer to a previous prompt requires more information to properly configure the policy.

Table 4-1 Configuration Parameters for the SOAP DSML Driver

Field	Description
Driver name	Specify the name of the driver object in Identity Manager.
Configure Data Flow	Specify the driver channels you want to be active. eDirectory to DSML: Sends Identity Vault events to the application. DSML to eDirectory: Receives events from the application. Bi-Directional: Activates both the eDirectory™ and the DSML channels.
<nds>, <input>, <output> element handling	Select one of the following: Remove/Add Elements: The driver shim removes and adds the required XML elements of nds, input, and output. These required elements are removed from XML documents sent to the application and are added to XML documents received from the application before sending the document to the Metadirectory engine. This is the preferred option for the SOAP driver. Pass Elements Through: Turns off element handling. The required XML elements of nds, input, and output aren’t added or removed to XML documents as necessary.
Driver is Local/Remote	Select one of the following: Local: Runs the driver shim from the server holding the driver set. Remote: Runs the driver from a remote server using the Remote Loader. If you specify this option, click Next, then specify Remote Loader configuration information. For more information, see Deciding Whether to Use the Remote Loader in the Novell Identity Manager 3.5.1 Administration Guide .
URL of the remote DSML server: (Conditional) Subscriber Channel fields NOTE:These fields are displayed only if you select eDirectory to DSML or Bi-Directional in the Configure Data Flow field.	Specify the URL of the remote DSML server and the port number that the server listens on. For example: http://137.66.10.13:18180/soap The server is a software component that listens for, processes, and returns the results for valid DSML requests. HINT:If you configure the driver to use SSL, the URL must begin with https rather than http.
Authentication ID (Conditional) Subscriber Channel fields	If the remote server requires an Authentication ID, specify it in the field. Otherwise, leave the field empty.
Authentication Password (Conditional) Subscriber Channel fields	Specify the Authentication Password for the remote server if you specified an Authentication ID above. Otherwise, leave these fields empty.
Listening IP address and port (Conditional) Publisher Channel fields NOTE:These fields are displayed only if you select DSML to eDirectory or Bi-Directional in the Configure Data Flow field.	Specify the IP address of the server where the SOAP driver is installed and the port number that this driver listens on. You can specify 127.0.0.1 if there is only one network card installed in the server. Choose an unused port number on your server, for example, 127.0.0.1:18180. The driver listens on this address for requests, processes the requests, and returns a result.
Authentication ID (Conditional) Publisher Channel fields	Specify the Authentication ID of the remote DSML server to validate incoming requests. If the remote server does not send an Authentication ID, leave this field empty.
Authentication Password (Conditional) Publisher Channel fields	Specify the Authentication Password of the remote server to validate incoming requests, if you specified an Authentication ID above. Otherwise, leave these fields empty.
Remote Host Name and Port (Conditional) Remote Loader fields NOTE:These fields are displayed only if you select Remote in the Driver is Local/Remote field.	Specify the host name or IP address of the server running the remote loader server and port. Example: 137.66.10.13:8090 Port 8090 is the default port the Remote Loader service listens on.
Driver password (Conditional) Remote Loader fields	The driver password is used by the Remote Loader to authenticate itself to the Identity Manager server. It must be the same password that is specified in the driver object password on the Remote Loader server.
Remote password (Conditional) Remote Loader fields	The remote password is used to control access to the Remote Loader. It must be the same password that is specified as the Remote Loader password on the Remote Loader server.

Table 4-2 Configuration Parameters for the SOAP SPML Driver

Field

Description

Driver name

Specify the name of the driver object in Identity Manager.

Configure Data Flow

Specify the driver channels you want to be active.

eDirectory to SPML: Sends Identity Vault events to the application.

SPML to eDirectory: Receives events from the application.

Bi-Directional: Activates both the eDirectory and the SPML channels.

<nds>, <input>, <output> element handling

Select one of the following:

Remove/Add Elements: The driver shim removes and adds the required XML elements of nds, input, and output. These required elements are removed from XML documents sent to the application and are added to XML documents received from the application before sending the document to the Metadirectory (Identity Manager) engine.

This is the preferred option for the SOAP Driver.

Pass Elements Through: Turns off element handling. The required XML elements of nds, input, and output aren’t added or removed to XML documents as necessary.

Driver is Local/Remote

Select one of the following:

Local: Runs the driver shim from the server holding the driver set.

Remote: Runs the driver from a remote server using the Remote Loader. If you specify this option, click Next, then specify Remote Loader configuration information. For more information, see Deciding Whether to Use the Remote Loader in the Novell Identity Manager 3.5.1 Administration Guide .

URL of the remote SPML Provisioning Service Point:

(Conditional) Subscriber Channel fields

NOTE:These fields are displayed only if you select eDirectory to SPML or Bi-Directional in the Configure Data Flow field.

Specify the URL of the remote SPML Provisioning Service Point (PSP).

For example: http://137.66.10.13:18180/soap

A PSP is a software component that listens for, processes, and returns the results for valid SPML requests.

HINT:If you configure the driver to use SSL, the URL must begin with https rather than http.

Authentication ID

(Conditional) Subscriber Channel fields

Specify the authentication ID of the remote SPML PSP. If the remote SPML PSP requires an authentication ID. Otherwise, leave the field empty.

Authentication Password

(Conditional) Subscriber Channel fields

Specify the authentication password for the remote SPML PSP to validate incoming requests, if you specified an authentication ID above. Otherwise, leave this field empty.

Listening IP address and port

(Conditional) Publisher Channel fields

NOTE:These fields are displayed only if you select SPML to eDirectory or Bi-Directional in the Configure Data Flow field.

Specify the IP address of the server where the driver is installed and the port number that this driver listens on as a PSP. You might specify 127.0.0.1 if there is only one network card installed in the server. Choose an unused port number on your server.

Example: 127.0.0.1:18180

The driver listens on this address for the SPML requests, processes them, and returns a result.

Authentication ID

(Conditional) Publisher Channel fields

Specify the authentication ID to validate incoming SPML requests.

Authentication Password

(Conditional) Publisher Channel fields

Specify the authentication password to validate incoming SPML requests.

Remote Host Name and Port

(Conditional) Remote Loader fields

NOTE:These fields are displayed only if you select Remote in the Driver is Local/Remote field.

Enter the hostname or IP address of the server running the Remote Loader server and port.

Example: 137.66.10.13:8090

Port 8090 is the default port the Remote Loader service listens on.

Driver password

(Conditional) Remote Loader fields

The driver password is used by the Remote Loader to authenticate itself to the Identity Manager server. It must be the same password that is specified in the driver object password on the Remote Loader server.

Remote password

(Conditional) Remote Loader fields

The remote password is used to control access to the Remote Loader. It must be the same password that is specified as the Remote Loader password on the Remote Loader server.