chap-provisioning.xml revision d1a1c16f546ed980d06b400fe4f7a0c050740c52
<?xml version="1.0" encoding="UTF-8"?>
<!--
! CCPL HEADER START
!
! This work is licensed under the Creative Commons
! Attribution-NonCommercial-NoDerivs 3.0 Unported License.
! To view a copy of this license, visit
! or send a letter to Creative Commons, 444 Castro Street,
! Suite 900, Mountain View, California, 94041, USA.
!
! You can also obtain a copy of the license at
! See the License for the specific language governing permissions
! and limitations under the License.
!
! If applicable, add the following below this CCPL HEADER, with the fields
! enclosed by brackets "[]" replaced with your own identifying information:
! Portions Copyright [yyyy] [name of copyright owner]
!
! CCPL HEADER END
!
! Copyright 2011 ForgeRock AS
!
-->
<chapter xml:id='chap-provisioning'
xmlns='http://docbook.org/ns/docbook'
version='5.0' xml:lang='en'
xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
xsi:schemaLocation='http://docbook.org/ns/docbook http://docbook.org/xml/5.0/xsd/docbook.xsd'
xmlns:xlink='http://www.w3.org/1999/xlink'
xmlns:xinclude='http://www.w3.org/2001/XInclude'>
<title>Provisioning</title>
<section>
<subtitle>Configuration</subtitle>
<section>
<subtitle>Connector Info Provider Service</subtitle>
<para>ad</para>
<programlisting language="javascript">
{
"connectorsLocation" : string,
"remoteConnectorServers" : [remoteConnectorServer objects]
}
</programlisting>
<variablelist>
<varlistentry>
<term>connectorsLocation</term>
<listitem>
<para>string, optional</para>
<para>Specifies the directory where the OpenICF connectors are placed. Default
value and location is <code>connectors</code></para>
</listitem>
</varlistentry>
<varlistentry>
<term>remoteConnectorServers</term>
<listitem>
<para>array of RemoteConnectorServer objects, optional</para>
<para>A list of remote connector servers managed by this service.</para>
</listitem>
</varlistentry>
</variablelist>
<simplesect>
<title>RemoteConnectorServer objects</title>
<programlisting language="javascript">
{
"name" : "testServer",
"host" : "127.0.0.1",
"port" : 8759,
"useSSL" : false,
"timeout" : 0,
"key" : "Passw0rd",
"trustManagers" :
[
"X509TrustManager",
"BlindTrustManager"
]
}
</programlisting>
<variablelist>
<varlistentry>
<term>name</term>
<listitem>
<para>string, required</para>
<para>The name of the remote connector server object. Used to identify the
remote connector server in connector reference object.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>host</term>
<listitem>
<para>string, required</para>
<para>Remote host to connect to.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>port</term>
<listitem>
<para>string, optional</para>
<para>Remote port to connect to. Default value: <code>8759</code></para>
</listitem>
</varlistentry>
<varlistentry>
<term>useSSL</term>
<listitem>
<para>boolean, optional</para>
<para>Specifies to use or not SSL to connect. Default value:
<code>false</code></para>
</listitem>
</varlistentry>
<varlistentry>
<term>timeout</term>
<listitem>
<para>integer, optional</para>
<para>Specifies the timeout (in milliseconds) to use for the connection.
Default value: <code>0</code></para>
</listitem>
</varlistentry>
<varlistentry>
<term>key</term>
<listitem>
<para>string, required</para>
<para>The secret key to use to authenticate for the remote connector
server.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>trustManagers</term>
<listitem>
<para>not specified</para>
<para>This is not implemented yet. The service uses the default JVM
TrustManager. </para>
</listitem>
</varlistentry>
</variablelist> </simplesect>
</section>
<section>
<subtitle>OpenICF Provisioner Service</subtitle>
<para>ad</para>
<programlisting language="javascript">
{
"name" : "xml",
"connectorRef" : null,
"poolConfigOption" : null,
"operationTimeout" : null,
"configurationProperties" : null,
"objectTypes" : null,
"operationOptions" : null
}
</programlisting>
<simplesect>
<title>Connector Reference Object</title>
<programlisting language="javascript">
{
"bundleName" : "org.forgerock.openicf.connectors.file.xml",
"bundleVersion" : "1.1.0.0-SNAPSHOT",
"connectorHostRef" : "host"
}
</programlisting>
<variablelist>
<varlistentry>
<term>bundleName</term>
<listitem>
<para>string, required</para>
<para>The <code>ConnectorBundle-Name</code> of the OpenICF connector.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>bundleVersion</term>
<listitem>
<para>string, required</para>
<para>The <code>ConnectorBundle-Version</code> of the OpenICF connector.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>connectorName</term>
<listitem>
<para>string, required</para>
<para>The Connector implementation calss name.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>connectorHostRef</term>
<listitem>
<para>string, optional</para>
<para>The name of the RemoteConnectorServer object. </para>
</listitem>
</varlistentry>
</variablelist>
</simplesect>
<simplesect>
<title>Pool Configuration Object</title>
<programlisting language="javascript">
{
"maxObjects" : 10,
"maxIdle" : 10,
"maxWait" : 150000,
"minEvictableIdleTimeMillis" : 120000,
"minIdle" : 1
}
</programlisting>
</simplesect>
<simplesect>
<title>Operation Timeout Object</title>
<para>This configuration sets the timeout of the operations.</para>
<programlisting language="javascript">
{
"CREATE" : -1,
"TEST" : -1,
"AUTHENTICATE" : -1,
"SEARCH" : -1,
"VALIDATE" : -1,
"GET" : -1,
"UPDATE" : -1,
"DELETE" : -1,
"SCRIPT_ON_CONNECTOR" : -1,
"SCRIPT_ON_RESOURCE" : -1,
"SYNC" : -1,
"SCHEMA" : -1
}
</programlisting>
</simplesect>
<simplesect>
<title>Object Types Object</title>
<para>The configuration object specifies the supported object types. The property name
defines the <code>objectType</code> used in the URI.</para>
<para><code>system/${systemName}/${objectType}</code></para>
<para>The configuration based on <link
xlink:href="http://tools.ietf.org/html/draft-zyp-json-schema-03">JSON
Schema</link> with some extensions. </para>
<programlisting language="javascript">
{
"account" :
{
"$schema" : "http://json-schema.org/draft-03/schema",
"id" : "__ACCOUNT__",
"type" : "object",
"nativeType" : "__ACCOUNT__",
"properties" :
{
"name" :
{
"type" : "string",
"nativeName" : "__NAME__",
"nativeType" : "JAVA_TYPE_PRIMITIVE_LONG",
"flags" :
[
"NOT_CREATABLE",
"NOT_UPDATEABLE",
"NOT_READABLE",
"NOT_RETURNED_BY_DEFAULT"
]
},
"groups" :
{
"type" : "array",
"items" :
{
"type" : "string",
"nativeType" : "string"
},
"nativeName" : "__GROUPS__",
"nativeType" : "string",
"flags" :
[
"NOT_RETURNED_BY_DEFAULT"
]
}
}
}
}
</programlisting>
<table>
<title>JSON Schema extensions</title>
<tgroup cols="2">
<tbody>
<row>
<entry>Object level extension</entry>
<entry>
<variablelist>
<varlistentry>
<term>nativeType</term>
<listitem>
<para>string, optional</para>
<para>The native OpenICF object type. </para>
</listitem>
</varlistentry>
</variablelist>
</entry>
</row>
<row>
<entry>Property level extension</entry>
<entry>
<variablelist>
<varlistentry>
<term>nativeType</term>
<listitem>
<para>string, optional</para>
<para>The native OpenICF attribute type. </para>
</listitem>
</varlistentry>
<varlistentry>
<term>nativeName</term>
<listitem>
<para>string, optional</para>
<para>The native OpenICF attribute name. </para>
</listitem>
</varlistentry>
<varlistentry>
<term>flags</term>
<listitem>
<para>string, optional</para>
<para>The native OpenICF attribute flags. The
<emphasis>required</emphasis> and the
<emphasis>multivalued</emphasis> are defined by the JSON
Schema. </para>
<para><emphasis>required</emphasis> = <code>"required" :
true</code></para>
<para><emphasis>multivalued</emphasis> = <code>"type" :
"array"</code></para>
</listitem>
</varlistentry>
</variablelist>
</entry>
</row>
</tbody>
</tgroup>
</table>
</simplesect>
<simplesect>
<title>Operation Options Object</title>
<para>Operation option can define how to act on certain operation. </para>
<programlisting language="javascript">
{
"SYNC" :
{
"denied" : true,
"onDeny" : "DO_NOTHING",
"objectFeatures" :
{
"__ACCOUNT__" :
{
"denied" : true,
"onDeny" : "THROW_EXCEPTION",
"operationOptionInfo" :
{
"$schema" : "http://json-schema.org/draft-03/schema",
"id" : "FIX_ME",
"type" : "object",
"properties" :
{
"_OperationOption-float" :
{
"type" : "number",
"nativeType" : "JAVA_TYPE_PRIMITIVE_FLOAT"
}
}
}
},
"__GROUP__" :
{
"denied" : false,
"onDeny" : "DO_NOTHING"
}
}
}
}
</programlisting>
<variablelist>
<varlistentry>
<term>denied</term>
<listitem>
<para>boolean, optional</para>
<para>This property can denie the operation execution if the value is
true.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>onDeny</term>
<listitem>
<para>string, optional</para>
<para>If the <code>denied</code> is true then service use this value only.
Default value: <code>DO_NOTHING</code></para>
<itemizedlist>
<listitem>
<para><code>DO_NOTHING</code> On operation the service does
nothing.</para>
</listitem>
<listitem>
<para><code>THROW_EXCEPTION</code> On operation the service throws
<emphasis>ForbiddenException</emphasis> exception.</para>
</listitem>
</itemizedlist>
</listitem>
</varlistentry>
</variablelist>
</simplesect>
<glossary>
<title>Java Type Glossary</title>
<para>The OpenICF Framework supports the following Java types but the JSON
representation uses only <code>String</code>, <code>boolean</code>,
<code>Number</code>, <code>null</code>, <code>List</code> and <code>Map</code>
types. The service uses this glossary to convert back and forth between the different
types. </para>
<!-- ..
typeMap.put(JAVA_TYPE_BIGDECIMAL, BigDecimal.class);
typeMap.put(JAVA_TYPE_BIGINTEGER, BigInteger.class);
typeMap.put(JAVA_TYPE_PRIMITIVE_BOOLEAN, boolean.class);
typeMap.put(JAVA_TYPE_BYTE_ARRAY, byte[].class);
typeMap.put(JAVA_TYPE_CHAR, char.class);
typeMap.put(JAVA_TYPE_CHARACTER, Character.class);
typeMap.put(JAVA_TYPE_DATE, Date.class);
typeMap.put(JAVA_TYPE_PRIMITIVE_DOUBLE, double.class);
typeMap.put(JAVA_TYPE_DOUBLE, Double.class);
typeMap.put(JAVA_TYPE_FILE, File.class);
typeMap.put(JAVA_TYPE_PRIMITIVE_FLOAT, float.class);
typeMap.put(JAVA_TYPE_FLOAT, Float.class);
typeMap.put(JAVA_TYPE_GUARDEDBYTEARRAY, GuardedByteArray.class);
typeMap.put(JAVA_TYPE_GUARDEDSTRING, GuardedString.class);
typeMap.put(JAVA_TYPE_INT, int.class);
typeMap.put(JAVA_TYPE_PRIMITIVE_LONG, long.class);
typeMap.put(JAVA_TYPE_LONG, Long.class);
typeMap.put(JAVA_TYPE_NAME, Name.class);
typeMap.put(JAVA_TYPE_OBJECTCLASS, ObjectClass.class);
typeMap.put(JAVA_TYPE_QUALIFIEDUID, QualifiedUid.class);
typeMap.put(JAVA_TYPE_SCRIPT, Script.class);
typeMap.put(JAVA_TYPE_UID, Uid.class);
typeMap.put(JAVA_TYPE_URI, URI.class);. -->
<glossdiv><title>Java Types</title>
<glossentry xml:id="xml">
<glossterm>JAVA_TYPE_URI</glossterm>
<glossdef>
<para>Some reasonable definition here.</para>
</glossdef>
</glossentry>
</glossdiv>
<!-- ... -->
<glossdiv><title>Operations</title>
<glossentry xml:id="AUTHENTICATE">
<glossterm>AUTHENTICATE</glossterm>
<glossdef>
<para>
<link xlink:href="http://openicf.forgerock.org/connector-framework/apidocs/org/identityconnectors/framework/api/operations/AuthenticationApiOp.html">AuthenticationApiOp</link>
</para>
</glossdef>
</glossentry>
<glossentry xml:id="CREATE">
<glossterm>CREATE</glossterm>
<glossdef>
<para>
<link xlink:href="http://openicf.forgerock.org/connector-framework/apidocs/org/identityconnectors/framework/api/operations/CreateApiOp.html">CreateApiOp</link>
</para>
</glossdef>
</glossentry>
<glossentry xml:id="DELETE">
<glossterm>DELETE</glossterm>
<glossdef>
<para>
<link xlink:href="http://openicf.forgerock.org/connector-framework/apidocs/org/identityconnectors/framework/api/operations/DeleteApiOp.html">DeleteApiOp</link>
</para>
</glossdef>
</glossentry>
<glossentry xml:id="GET">
<glossterm>GET</glossterm>
<glossdef>
<para>
<link xlink:href="http://openicf.forgerock.org/connector-framework/apidocs/org/identityconnectors/framework/api/operations/GetApiOp.html">GetApiOp</link>
</para>
</glossdef>
</glossentry>
<glossentry xml:id="RESOLVEUSERNAME">
<glossterm>RESOLVEUSERNAME</glossterm>
<glossdef>
<para>
<link xlink:href="http://openicf.forgerock.org/connector-framework/apidocs/org/identityconnectors/framework/api/operations/ResolveUsernameApiOp.html">ResolveUsernameApiOp</link>
</para>
</glossdef>
</glossentry>
<glossentry xml:id="SCHEMA">
<glossterm>SCHEMA</glossterm>
<glossdef>
<para>
<link xlink:href="http://openicf.forgerock.org/connector-framework/apidocs/org/identityconnectors/framework/api/operations/SchemaApiOp.html">SchemaApiOp</link>
</para>
</glossdef>
</glossentry>
<glossentry xml:id="SCRIPT_ON_CONNECTOR">
<glossterm>SCRIPT_ON_CONNECTOR</glossterm>
<glossdef>
<para>
<link xlink:href="http://openicf.forgerock.org/connector-framework/apidocs/org/identityconnectors/framework/api/operations/ScriptOnConnectorApiOp.html">ScriptOnConnectorApiOp</link>
</para>
</glossdef>
</glossentry>
<glossentry xml:id="SCRIPT_ON_RESOURCE">
<glossterm>SCRIPT_ON_RESOURCE</glossterm>
<glossdef>
<para>
<link xlink:href="http://openicf.forgerock.org/connector-framework/apidocs/org/identityconnectors/framework/api/operations/ScriptOnResourceApiOp.html">ScriptOnResourceApiOp</link>
</para>
</glossdef>
</glossentry>
<glossentry xml:id="SEARCH">
<glossterm>SEARCH</glossterm>
<glossdef>
<para>
<link xlink:href="http://openicf.forgerock.org/connector-framework/apidocs/org/identityconnectors/framework/api/operations/SearchApiOp.html">SearchApiOp</link>
</para>
</glossdef>
</glossentry>
<glossentry xml:id="SYNC">
<glossterm>SYNC</glossterm>
<glossdef>
<para>
<link xlink:href="http://openicf.forgerock.org/connector-framework/apidocs/org/identityconnectors/framework/api/operations/SyncApiOp.html">SyncApiOp</link>
</para>
</glossdef>
</glossentry>
<glossentry xml:id="TEST">
<glossterm>TEST</glossterm>
<glossdef>
<para>
<link xlink:href="http://openicf.forgerock.org/connector-framework/apidocs/org/identityconnectors/framework/api/operations/TestApiOp.html">TestApiOp</link>
</para>
</glossdef>
</glossentry>
<glossentry xml:id="UPDATE">
<glossterm>UPDATE</glossterm>
<glossdef>
<para>
<link xlink:href="http://openicf.forgerock.org/connector-framework/apidocs/org/identityconnectors/framework/api/operations/UpdateApiOp.html">UpdateApiOp</link>
</para>
</glossdef>
</glossentry>
<glossentry xml:id="VALIDATE">
<glossterm>VALIDATE</glossterm>
<glossdef>
<para>
<link xlink:href="http://openicf.forgerock.org/connector-framework/apidocs/org/identityconnectors/framework/api/operations/ValidateApiOp.html">ValidateApiOp</link>
</para>
</glossdef>
</glossentry>
</glossdiv>
</glossary>
</section>
</section>
</chapter>