Identity Manager 4.0.1 ID Provider Driver Implementation ... - NetIQ

More documents

Recommendations

Info

The ID Provider driver can be used in two different scenarios: • “Scenario 1: Using the Identity Vault to Store the ID Provider Policies” on page 8 • “Scenario 2: Using an LDAP Database to Store the ID Provider Policies” on page 9 Scenario 1: Using the Identity Vault to Store the ID Provider Policies This is the most commonly used scenario for this driver. The ID Provider policies are created and stored in the Identity Vault when the driver is created and configured. Figure 1-1 shows how a unique ID is generated. Figure 1-1 Identity Vault Stores the ID Provider Policies Identity Vault IDM Engine [root] system data services users ID Policies policies1 policies2 user1 user2 New user add event 1 policies3 ID 3 LDAP Interface Read last ID from policy, generate new ID, and write back new ID to policy 2 1. A new User object is created in the Identity Vault, then the ID Provider driver picks up the Create event. 8 Identity Manager 4.0.1 ID Provider Driver Implementation Guide
2. The ID Provider driver reads the last ID that was generated from the ID Provider policies in the Identity Vault and generates a new ID. The ID is then written back to the ID Provider policies in the Identity Vault to track the unique IDs. 3. The ID Provider driver then assigns the new ID to the new User object. All events are tracked and stored in the Identity Vault. Scenario 2: Using an LDAP Database to Store the ID Provider Policies This scenario allows you to use an LDAP database to store the ID Provider policies instead of using the Identity Vault. Figure 1-2 shows how a unique ID is generated with the LDAP database. Figure 1-2 LDAP Database Stores the ID Provider Policies Identity Vault IDM Engine Read last ID from policy, generate new ID, and write back to new ID to policy LDAP Directory [root] 2 [root] data system users services user1 user2 New user add event 1 ID Policies policies1 policies2 policies3 ID 3 1. A new User object is created in the Identity Vault, then the ID Provider driver picks up the Create event. 2. The ID Provider driver reads the last ID that was generated from the ID Provider policies in the LDAP database and generates a new ID. The ID is then written back to the ID Provider policies in the LDAP database to track the unique IDs. 3. The ID Provider driver then assigns the new ID to the new User object in the Identity Vault. 1.3 Schema Architecture The Identity Vault’s schema must be extended to support the ID Provider driver functionality. The following two tables describe the schema attributes and classes. Understanding the ID Provider Driver 9
Page 1 and 2: www.novell.com/documentation ID Pro
Page 3 and 4: Contents About This Guide 5 1 Under
Page 5 and 6: About This Guide This guide explain
Page 7: 1 1Understanding the ID Provider Dr
Page 11 and 12: 2 2Installing Driver Files The ID P
Page 13 and 14: 3 3Creating a New Driver Object Aft
Page 15 and 16: Connect To Remote Loader: Select Ye
Page 17 and 18: Parameter Default Value Description
Page 19 and 20: 3.2.1 Default Policies By default,
Page 21 and 22: 4 4Upgrading an Existing Driver The
Page 23 and 24: 5 5Configuring ID Clients An ID cli
Page 25 and 26: 6 6Managing the ID Provider Driver
Page 27 and 28: 7 7Troubleshooting Viewing driver p
Page 29 and 30: A ADriver Properties This section p
Page 31 and 32: Cache limit (KB): Specify the maxim
Page 33 and 34: A.2 Global Configuration Values Glo

Identity Manager 4.0.1 ID Provider Driver Implementation ... - NetIQ

Create successful ePaper yourself

Delete template?

Save as template?