The SOAP driver comes with two configuration files that can be used to create a Driver object:
SOAP-SPML-IDM3_5_0-V1.xml: The Service Provisioning Markup Language (SPML) configuration file
SOAP-DSML-IDM3_5_0-V1.xml: The Directory Services Markup Language (DSML) configuration file
For more information about the sample files, see Section 4.3, Understanding the SPML Configuration and Section 4.2, Understanding the DSML Configuration.
Designer allows you to import the driver configuration files for the SOAP driver. These files create and configure the objects and policies needed to make the driver work properly. The following instructions explain how to create the driver and import the driver’s configuration.
There are many different ways of importing the driver configuration file. This procedure only documents one way.
Open a project in Designer. In the Modeler, right-click the Driver Set object, then select
.From the drop-down list, select
or then click .Configure the driver by filling in the fields. Specify information specific to your environment. For information on the settings, see Table 4-1 and Table 4-2.
After specifying parameters, click
to import the driver.After the driver is imported, customize and test the driver.
After the driver is fully tested, deploy the driver into the Identity Vault. See
Deploying a Driver to an Identity Vault
in
Designer 2.1 for Identity Manager 3.5.1
.
The SOAP preconfiguration files are an example configuration file. You installed this file when you installed the Identity Manager Web components on an iManager server. Think of the preconfiguration file as a template that you import and customize or configure for your environment.
In iManager, select
> .Select a driver set, then click
.If you place this driver in a new driver set, you must specify a driver set name, context, and associated server.
Select how you want the driver configurations sorted:
All configurations
Identity Manager 3.5 configurations
Identity Manager 3.0 configurations
Configurations not associated with an IDM version
Select
or , then click .Configure the driver by filling in the configuration parameters, then click Table 4-1 and Table 4-2.
. For information on the settings, seeDefine security equivalences using a user object that has the rights that the driver needs to have on the server
The Admin user object is most often used for this task. However, you might want to create a DriversUser (for example) and assign security equivalence to that user. Whatever rights that the driver needs to have on the server, the DriversUser object must have the same security rights.
Identify all objects that represent administrative roles and exclude them from replication.
Exclude the security-equivalence object (for example, DriversUser) that you specified in Step 6. If you delete the security-equivalence object, you have removed the rights from the driver. Therefore, the driver can’t make changes to Identity Manager.
Click
.Configure additional settings for the driver.
For more information, see Configuring the Driver.
The following table explains the parameters you must provide during initial driver configuration.
NOTE:The parameters are presented on multiple screens and some parameters are only displayed if the answer to a previous prompt requires more information to properly configure the policy.
Table 4-1 Configuration Parameters for the SOAP DSML Driver
Field |
Description |
---|---|
|
Specify the name of the driver object in Identity Manager. |
|
Specify the driver channels you want to be active. : Sends Identity Vault events to the application. : Receives events from the application. : Activates both the eDirectory™ and the DSML channels. |
|
Select one of the following: : The driver shim removes and adds the required XML elements of nds, input, and output. These required elements are removed from XML documents sent to the application and are added to XML documents received from the application before sending the document to the Metadirectory engine. This is the preferred option for the SOAP driver. : Turns off element handling. The required XML elements of nds, input, and output aren’t added or removed to XML documents as necessary. |
|
Select one of the following: : Runs the driver shim from the server holding the driver set.
|
(Conditional) Subscriber Channel fields NOTE:These fields are displayed only if you select or in the field. |
Specify the and the port number that the server listens on.For example: http://137.66.10.13:18180/soap The server is a software component that listens for, processes, and returns the results for valid DSML requests. HINT:If you configure the driver to use SSL, the URL must begin with https rather than http. |
(Conditional) Subscriber Channel fields |
If the remote server requires an , specify it in the field. Otherwise, leave the field empty. |
(Conditional) Subscriber Channel fields |
Specify the for the remote server if you specified an above. Otherwise, leave these fields empty. |
(Conditional) Publisher Channel fields NOTE:These fields are displayed only if you select or in the field. |
Specify the IP address of the server where the SOAP driver is installed and the port number that this driver listens on. You can specify 127.0.0.1 if there is only one network card installed in the server. Choose an unused port number on your server, for example, 127.0.0.1:18180. The driver listens on this address for requests, processes the requests, and returns a result. |
(Conditional) Publisher Channel fields |
Specify the of the remote DSML server to validate incoming requests. If the remote server does not send an , leave this field empty. |
(Conditional) Publisher Channel fields |
Specify the of the remote server to validate incoming requests, if you specified an above. Otherwise, leave these fields empty. |
(Conditional) Remote Loader fields NOTE:These fields are displayed only if you select in the field. |
Specify the host name or IP address of the server running the remote loader server and port. Example: 137.66.10.13:8090 Port 8090 is the default port the Remote Loader service listens on. |
(Conditional) Remote Loader fields |
The driver password is used by the Remote Loader to authenticate itself to the Identity Manager server. It must be the same password that is specified in the driver object password on the Remote Loader server. |
(Conditional) Remote Loader fields |
The remote password is used to control access to the Remote Loader. It must be the same password that is specified as the Remote Loader password on the Remote Loader server. |
Table 4-2 Configuration Parameters for the SOAP SPML Driver
Field |
Description |
---|---|
|
Specify the name of the driver object in Identity Manager. |
|
Specify the driver channels you want to be active. Sends Identity Vault events to the application. : Receives events from the application. : Activates both the eDirectory and the SPML channels. |
|
Select one of the following: : The driver shim removes and adds the required XML elements of nds, input, and output. These required elements are removed from XML documents sent to the application and are added to XML documents received from the application before sending the document to the Metadirectory (Identity Manager) engine. This is the preferred option for the SOAP Driver. : Turns off element handling. The required XML elements of nds, input, and output aren’t added or removed to XML documents as necessary. |
|
Select one of the following: : Runs the driver shim from the server holding the driver set.
|
(Conditional) Subscriber Channel fields NOTE:These fields are displayed only if you select or in the field. |
Specify the URL of the remote SPML Provisioning Service Point (PSP). For example: http://137.66.10.13:18180/soap A PSP is a software component that listens for, processes, and returns the results for valid SPML requests. HINT:If you configure the driver to use SSL, the URL must begin with https rather than http. |
(Conditional) Subscriber Channel fields |
Specify the authentication ID of the remote SPML PSP. If the remote SPML PSP requires an authentication ID. Otherwise, leave the field empty. |
(Conditional) Subscriber Channel fields |
Specify the authentication password for the remote SPML PSP to validate incoming requests, if you specified an authentication ID above. Otherwise, leave this field empty. |
(Conditional) Publisher Channel fields NOTE:These fields are displayed only if you select or in the field. |
Specify the IP address of the server where the driver is installed and the port number that this driver listens on as a PSP. You might specify 127.0.0.1 if there is only one network card installed in the server. Choose an unused port number on your server. Example: 127.0.0.1:18180 The driver listens on this address for the SPML requests, processes them, and returns a result. |
(Conditional) Publisher Channel fields |
Specify the authentication ID to validate incoming SPML requests. |
(Conditional) Publisher Channel fields |
Specify the authentication password to validate incoming SPML requests. |
(Conditional) Remote Loader fields NOTE:These fields are displayed only if you select in the field. |
Enter the hostname or IP address of the server running the Remote Loader server and port. Example: 137.66.10.13:8090 Port 8090 is the default port the Remote Loader service listens on. |
(Conditional) Remote Loader fields |
The driver password is used by the Remote Loader to authenticate itself to the Identity Manager server. It must be the same password that is specified in the driver object password on the Remote Loader server. |
(Conditional) Remote Loader fields |
The remote password is used to control access to the Remote Loader. It must be the same password that is specified as the Remote Loader password on the Remote Loader server. |