Request Workflow Connector

The Java-based Request Workflow connector is built with the Identity Java Connector Integration Framework. It sends SOAP requests over HTTP to the configured DirX Identity endpoint and receives SOAP responses from the SOAP service.

The connector is implemented in the class ReqWfConnector in the package com.siemens.dxm.connector.reqwf.

The connector implements the common methods for the DirX Identity Connector API: add, modify, delete and search.

The add, modify and delete methods create an appropriate request workflow subject type and invoke a new request workflow instance. The search method simply returns success and an empty list of entries.

The connector supports basic authentication as well as server and client-side SSL/TLS authentication. It does not support WS-Security protocols yet.

The main goal of the connector is to create new request workflow instances for delivered SPMLv1-based requests for account and group objects.

Prerequisites

The connector is based on the Identity Java Connector Integration framework. The framework is contained in the library dxmConnector.jar.

It uses the common JAX-WS framework for sending and receiving SOAP requests and responses over HTTP. Usage of a JRE 1.7 is required to be able to run the connector.

Configuration

The connector receives its configuration by the connector framework in a format that is specified there and reflects an XML document. Note that Identity Manager presents configuration options in a more convenient manner. Especially bind credentials, SSL flag and service address are typically collected from appropriate LDAP entries found by selecting the appropriate connected directory and bind profile.

The following text discusses the configuration options based upon the XML format. These options are either specified attributes in the XML schema of the element <connection> (referred to as standard properties) or can be specified as <property> sub-elements of the <connection> element (referred to as non-standard properties).

The connector evaluates the following standard and non-standard properties:

Standard attributes:

server (mandatory)

this property provides the server part of the endpoint URL.

Example: localhost

port (mandatory)

this property provides the port of the endpoint URL.

Example: 4000

ssl (optional)

If no URL is given, this property defines which protocol to use. If true, https is selected; otherwise the connector sets http.

user (mandatory)

the username used for HTTP basic authentication. These credentials are used to authenticate for request workflow creation. Use a DirX Identity user with sufficient access rights; for example, the DomainAdmin.

password (mandatory)

the password used for HTTP basic authentication along with the user property.

The connector evaluates the following non-standard properties beneath the <connection> element:

path (mandatory)

this property provides the path of the URL.

Example: workflowService/services/WorkflowService

timeout (optional)

the socket read timeout in seconds. The default is 0 seconds, which indicates infinite.

domain (optional)

use this property in an environment with multiple Provisioning domains. Use it to check the connected Provisioning domain name.

Example: cn=My-Company

primaryWorkflowDN (optional)

this property can be used to specify the DN of the request workflow which will be used for account objects. It will be also used for group objects if no secondaryWorkflowDN is configured. If no primaryWorkflowDN option is configured, then the "When applicable" section of the active request workflow is evaluated and a suitable request workflow definition is instantiated.

secondaryWorkflowDN (optional)

use this property to specify the DN of the request workflow which will be used solely for group objects. If it is missing, the primaryWorkflowDN is used also for group objects. The secondaryWorkflowDN option is ignored if no primaryWorkflowDN is configured.

Here is a configuration sample using some of the described properties:

<connector name="TS" role="connector" className="com.siemens.dxm.connector.reqwf.ReqWfConnector">
<connection
  type="RequestWorkflow"
  server="localhost"
  port="40000"
  ssl="FALSE"
  user="cn=DomainAdmin,cn=My-Company"
  password="{SCRAMBLED}aG5WPw==">

  <property name="path"
    value="workflowService/services/WorkflowService"/>
  <property name="domain" value="cn=My-Company"/>
  <property name="primaryWorkflowDN"
    value="cn=Manual Provisioning,cn=Service
    Management,cn=Default,cn=Definitions,cn=wfRoot,cn=My-Company"/>

  <property name="secondaryWorkflowDN" value=""/>

  <property name="timeout" value=""/>
</connection>
</connector>