Sun Identity Manager 8.1 Web Services

Deciding Which Attributes to Manage

When configuring an Identity Manager server to use SPML 2.0, the first step is to decide which attributes you want to manage through your target.

Note –

You can have more than one attribute in the target.

Decide which attribute sets, or object classes, the interface clients can employ to manage users in the Identity Manager instance using this interface. This set of attributes is a PSO. You must know how to map these attributes to and from a User view using a form.

This section describes how to configure a system using PSOs that contain the following attributes for a DSML object class called spml2Person:

You must map these attributes to the User view.

This section also provides short examples that demonstrate how to manage PSOs using SPML 2.0 support in Identity Manager.

Identity Manager provides a sample set of SPML configuration objects in the sample/spml2.xml file. The sample/spml2.xml file is not imported when the repository is initialized, so you must manually import the file. See the contents of this file for detailed information.

Note –

The spml2ObjectClass attribute is not present in the User schema by default. If this attribute is not already enabled, you must manually add the spml2ObjectClass attribute to your schema before Identity Manager can function as an SPML 2.0 server.

The spml2ObjectClass attribute has been defined in the schema.xml file supplied with Identity Manager, but the section where you add this attribute to the configuration is commented out. Assuming that your production schema is in a file derived from that original, you can uncomment that section, import or re-import the schema file, and restart Identity Manager to enable use of the SPML 2.0 feature.

After deciding on the format of a PSO, enable the service as described in the following sections. These sections also contain information about configuring the web.xml file and what features have been added for SPML 2.0.