Sun Identity Manager 8.1 Resources Reference

Adapter Details

Resource Configuration Notes

None

Identity Manager Installation Notes

To add the Scripted Host resource to the Identity Manager resources list, you must add the following value in the Custom Resources section of the Configure Managed Resources page.

com.waveset.adapter.ScriptedGatewayResourceAdapter

The Sun Identity Manager Gateway (gateway.exe) must be installed on the host specified in the Host field for the adapter.

Usage Notes

Resource Actions

The Scripted Gateway adapter allows you to create a set of actions that perform basic provisioning functions such as creating, updating, deleting, and retrieving user accounts. Each of these actions is defined in a Windows batch file.

The adapter supports the following provisioning actions:

Action

Purpose

Required?

create 

Creates a new user. 

No, but if not provided, users cannot be created. 

delete 

Deletes an existing user. 

No, but if not provided, users cannot be deleted. 

getAllUsers 

Gets information about all users on the resource 

Yes. 

getUser 

Fetches attributes for an existing user. 

Yes. 

update 

Updates attributes for an existing user. 

No, but if not provided, users cannot be updated. 

The $WSHOME/sample/ScriptedGateway directory contains a set of sample resource action definitions that could be used to provision users to a theoretical gateway script-based host application. You must customize these definitions to your environment.

For general information about resource actions, see Chapter 50, Adding Actions to Resources.

Scripts

The Scripted Gateway adapter implements actions as batch files that execute on the gateway. These scripts must be written to run on the version of Windows that has been installed on the machine running the scripts. The same account that runs the Gateway also runs the scripts.

Scripts should follow Windows conventions and exit with a return code of 0, which indicates success. Returning a non-zero code (chosen by the script writer) indicates the operation may not have been correctly completed.

Scripts may output text to the Windows standard error or standard output stream. Depending on the nature of the operation, the context of the operation, and the type of failure, the text may be displayed in the results for that operation.

For the getUser and getAllUsers operations, this text is parsed in the standard output stream to determine the attributes of each user.

The following types of environment variables can be exported to the scripts:

The following example illustrates an example generated environment:

WSUSER_Email=testuser@waveset.com
WSUSER_First Name=JUnit
WSUSER_Full Name=JUnit TestUser
WSUSER_Last Name=TestUser
WSUSER_User ID=USER5647
WSUSER_ws_action_type=WindowsBatch
WSOBJ_ID=testuser
WSOBJ_NAME=testuser
WSRSRC_NAME=Scripted Gateway
WSRSRC_CLASS=com.waveset.adapter.ScriptedGatewayResourceAdapter
WSRSRC_Host=localhost
WSRSRC_List Objects Timeout=900000
WSRSRC_Request Timeout=30000
WSRSRC_TCP Port=9278
WSRSRC_connectionLimit=10

Generally, if an attribute’s value is null, the corresponding environment variable may be omitted instead of having a value of a zero-length string.

For more information about the variables available in a script, see Chapter 50, Adding Actions to Resources.

Result Handling

The AttrParse mechanism processes the results returned by the getUser and getAllUsers actions through the standard output stream. See Chapter 49, Implementing the AttrParse Object for details about implementing AttrParse objects.

For getUser actions, AttrParse returns a map of user attributes. For the getAllUsers action, it generates a map of maps. Each entry for the returned map contains the following.

The collectCsvHeader and collectCsvLines AttrParse tokens must be used to determine attributes and values. Do not use other AttrParse tokens that perform similar operations.

Gateway Timeouts

The Scripted Gateway adapter allows you to use the RA_HANGTIMEOUT resource attribute to specify a timeout value, in seconds. This attribute controls how long before a request to the gateway times out and is considered hung.

You must manually add this attribute to the Resource object as follows:

<ResourceAttribute name=’Hang Timeout’ 
  displayName=’com.waveset.adapter.RAMessages:RESATTR_HANGTIMEOUT’ type=’int’ 
  description=’com.waveset.adapter.RAMessages:RESATTR_HANGTIMEOUT_HELP’ value=’
  NewValue’> 
</ResourceAttribute>

The default value for this attribute is 0, indicating that Identity Manager will not check for a hung connection.

Security Notes

This section provides information about supported connections and privilege requirements.

Supported Connections

The Sun Identity Manager Gateway is required.

Required Administrative Privileges

The administrative account that the gateway runs under must be authorized for all operations defined in the scripts.

Provisioning Notes

The following table summarizes the provisioning capabilities of the Scripted Gateway adapter.

Feature  

Supported?  

Create account 

Yes 

Update account 

Yes 

Delete account 

Yes 

Enable/disable account 

Yes 

Rename account 

No 

Pass-through authentication 

No 

Before/after actions 

No 

Data loading methods 

Import directly from resource 

Reconciliation 

Account Attributes

The Scripted Gateway adapter does not provide default account attributes because the account attributes vary greatly.

You must define an account attribute in which the Identity System user attribute is named accountId.

Resource Object Management

Not supported.

Identity Template

None. You must supply the identity template with a valid value.

Sample Forms

None

Troubleshooting

Use the Identity Manager debug pages to set trace options on the following class:

com.waveset.adapter.ScriptedGatewayResouceAdapter