If the PasswordSync servlet is using JMS to send messages to Identity Manager, you need to add Identity Manager’s JMS Listener resource adapter. The JMS Listener resource adapter periodically checks the JMS Message Queue for messages placed there by the PasswordSync servlet. If the Queue contains a new message, it sends it to Identity Manager for processing.
Log on to the Identity Manager Administrator Interface (Identity Manager Administrator Interface).
Select Resources -> Configure Types from the main menu.
The Configure Managed Resources page opens as shown in Figure 11–10.
Verify that the JMS Listener checkbox in the Managed? column is selected as shown in Figure 11–10.
If the box is not selected, select it and click Save.
Click List Resources in the secondary menu.
Locate the Resource Type Actions drop-down menu and select New Resource.
The New Resource page is displayed.
To add the JMS Listener Adapter, select JMS Listener from the drop-down menu (as shown in Figure 11–11) and click New.
Configure the following settings on the Resource Parameters page, and then click Next.
Destination Type. Specify the This value is typically set to Queue. (Topics are not usually relevant because there is one subscriber and potentially multiple publishers.)
Initial context JNDI properties. Define the set of properties that are used to build the initial JNDI context.
You must define the following name/value pairs:
java.naming.factory.initial. Specify the classname (including the package) of the Initial Context Factory for the JNDI Service Provider.
java.naming.provider.url. Specify the URL of the machine running the JNDI service.
You might have to define additional properties. The list of properties and values should match those specified on the JMS settings page on the JMS server. For example, to provide the credentials and bind method, you might need to specify the following sample properties:
java.naming.security.principal — Bind DN (for example, cn=Directory manager)
java.naming.security.authentication — Bind method (for example, simple)
java.naming.security.credentials — Password
JNDI name of Connection factory. Enter the name of a connection factory, as defined on the JMS server.
JNDI name of Destination. Enter the name of a destination, as defined on the JMS server.
User and Password. Enter the account name and password of the administrator that requests new events from the queue.
Reliable Messaging Support. Select LOCAL (Local Transactions). The other options are not applicable for password synchronization.
Message Mapping. Enter java:com.waveset.adapter.jms.PasswordSyncMessageMapper. This class transforms messages from the JMS server into a format that can be used by the Synchronize User Password workflow.
On the Account Attributes wizard page (Figure 11–12), click Add Attribute and map the following attributes, which are made available to the JMS Listener Adapter by PasswordSyncMessageMapper.
IDMAccountId — This attribute is resolved by the PasswordSyncMessageMapper, based on the resourceAccountId and resourceAccountGUID attributes passed in the JMS message.
password — The encrypted password forwarded in the JMS message.
The Identity Template wizard page opens as shown in Figure 11–13. Note that the attributes you added in the previous step are available in the Attribute Mappings section of the Resource Wizard (Figure 11–13).
Click Next and configure the options on Identity System Parameters page as needed.
See Sun Identity Manager 8.1 Resources Referencefor more information about setting up the JMS Listener resource adapter.