About the IDM Integration Module/Composer


Note: This tip is in regards to the Cool Solutions article
http://www.novell.com/coolsolutions/tip/19865.html, which mentions the availability of the Novell Identity Manager Integration Module 2.1 for Enterprise.

For those who are not aware, Composer is part of the Silverstream aquisition, and it is one of the coolest things to come out of it! To be fair, it is pretty clear that a lot of the widgetry in iManager and other Web apps from Novell benefited heavily from the Silverstream code that came onboard.

Composer is the XML mapping tool. Among other things, it includes the screen scraping components for pretty much anything you could imagine. It can screen scrape a TN3270 session to an old mainframe (or even a new mainframe!) with quite a bit of skill. It can also handle a 5250 session, a telnet, or ssh session. And it can scrape an HTML page; so if you have some modern app that does change password only through a web page, you could screen-scrape that as well.

This is extremely powerful when you need to support an application running on a box when there is no way EVER that they would let you run a process on the remote machine. If they do allow it, you could consider the AS400 (Midrange), Top Secret, RACF mainframe, or Linux/Unix drivers for IDM instead. These are prebuilt drivers that will be much easier to implement. They do most everything you need to synchronize users in and out of those systems to your ID Vault.

As long as you can get a login with enough rights to do what you need on the remote mainframe (web page, or other system), then you can use Composer and its design tool Designer (not to be confused with the new Designer for Identity manager, which is the Eclipse based offline IDM design tool). You can map incoming items in the <input> document that IDM will send on the subscriber channel, to do whatever is requested, and return a proper <output> document.

This sounds like a lot of work, and it actually is. However, if you can get your hands on a sample project to work from, it is significantly easier. That is, once you see how much of the work needs to be done - the basics of a forming a document - it is much easier to extend and finish what you need. Hopefully, Novell will publish some example projects that include the basics of an Add, a Modify, Query, Delete, and Password documents and how to handle them.

The syntax basically uses XPATH or ECMAScript to read and write the XML document, and then do something with the data. There are tools for sending keyboard commands, recognizing fields, and so on.

The project gets deployed as a JAR file, that gets loaded on the eDirectory server and run there. Alas, that means that updates to the project need a eDirectory restart, so I would recommend developing on a eDirectory replica where it doesn't matter if you need plenty of restarts.


How To-Best Practice
Comment List