How to Create SPML Applications for SIM

Version: Sun Identity Manager 8.1
References: https://docs.oracle.com/cd/E19225-01/820-5597/ahvap/index.html
https://docs.oracle.com/cd/E19225-01/820-5597/ahvch/index.html

1. The necessary JAR files can be found in "$WSHOME//WEB-INF/lib" directory. The following JAR files are needed to built SIM SPML applications:

• openspml.jar
• mail.jar
• soap.jar

2. Given below is sample JAVA code to demonstrate the use of SPML client:

import java.net.MalformedURLException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.openspml.client.LighthouseClient;
import org.openspml.message.ExtendedRequest;
import org.openspml.message.FilterTerm;
import org.openspml.message.ModifyRequest;
import org.openspml.message.SearchRequest;
import org.openspml.message.SearchResponse;
import org.openspml.message.SearchResult;
import org.openspml.message.SpmlResponse;
import org.openspml.util.SpmlException;

/**
 * Sun Identity Manager: SPML Client
 * Test class for demonstration purposes
 * @author oracle
 */
public class SIMSPMLClient
{
    // SIM environment information
    private static final String simServiceAccountUser = "configurator";
    private static final String simServiceAccountPassword = "configurator";
    private static final String simPort = "8080";
    private static final String simHostname = "localhost";
    private static final String simWebServiceURL = "http://" + simHostname + ":" + simPort +"/idm/servlet/rpcrouter2";
   
    // Class logger
    private static final Logger logger = Logger.getLogger(SIMSPMLClient.class.getName());
   
    /**
     * Test Driver
     * @param args
     */
    public static void main(String[] args)
    {
        LighthouseClient client = null;
        String accountId = null;
        String resourceAccountName = "Database Table";
       
        try
        {
            // Setup SIM SMPL client
            client = new LighthouseClient();
            client.setUrl(simWebServiceURL);
            client.setUser(simServiceAccountUser);
            client.setPassword(simServiceAccountPassword);
          
            // Call method to modify user attributes
            accountId = "jdoe";
            HashMap<String, Object> modAttrs = new HashMap<String, Object>();
            modAttrs.put("email", "jdoe@gmail.com");
            modAttrs.put("status", "Active");
            modifyUserAttributes(client, accountId, modAttrs);
          
            // Provision target resource
            accountId = "gbass";
            HashMap<String, Object> resAttrs = new HashMap<String, Object>();
            resAttrs.put("resources", "Database Table"); //delimited by comma
            resAttrs.put("status", "Created");
            //modifyUserAttributes(client, accountId, resAttrs);
           
            // Deprovision target resource, but does not remove assignment in SIM
            ExtendedRequest dreq = new ExtendedRequest();
            dreq.setOperationIdentifier("deleteUser");
            dreq.setAttribute("accountId","gbass");
            dreq.setAttribute("accounts","Database Table");
            //SpmlResponse res = client.request(dreq);
            //System.out.println(res.getResult());
           
            // Deprovision target resources and removes assignment
            HashMap<String, Object> resRmAttrs = new HashMap<String, Object>();
            resAttrs.put("resources", "");
            //modifyUserAttributes(client, accountId, resRmAttrs);

            // Call custom workflow
            String simWorkFlowName = "Custom-Workflow";
            String username = "jmann";
            HashMap<String, Object> wfAttrs = new HashMap<String, Object>();
            wfAttrs.put("ACTION", "MODIFY");
            wfAttrs.put("__UID__", username);
            wfAttrs.put("__NAME__", username);
            wfAttrs.put("__PASSWORD__", "jmann");
            wfAttrs.put("EMAIL", "jmann8@gmail.com");
            wfAttrs.put("LASTNAME", "");
            wfAttrs.put("USERNAME", username);
            //callSimWorkFlow(client, simWorkFlowName, wfAttrs);

           // Disable resource account
           accountId = "gbass";
           //disableResourceAccount(client, accountId, resourceAccountName);

           // Enable resource account
           //enableResourceAccount(client, accountId, resourceAccountName);
          
           // Create SIM account
           HashMap<String, String> attrs = new HashMap<String,String>();
           attrs.put("lastname", "Parker");
           attrs.put("firstname", "Peter");
           attrs.put("email", "pparker@gmail.com");
           attrs.put("password","Password1");
           //client.createUser("pparker", attrs);
          
           // Delete SIM account
           List<String> accounts = new ArrayList<String>();
           //client.deleteUser("pparker", accounts);
           
           // Search SIM User based on accountId
           SearchRequest req = new SearchRequest();
           req.addAttribute("lastname");
           req.addAttribute("email");
           FilterTerm ft = new FilterTerm();
           ft.setOperation(FilterTerm.OP_EQUAL);
           ft.setName("accountId");
           ft.setValue("jdoe");
           req.addFilterTerm(ft);
           SearchResponse res = (SearchResponse)client.request(req);
           System.out.println(res.getResults());
           List results = res.getResults();
           if (results != null) 
           {
               for (int i = 0 ; i < results.size() ; i++)
               {
                   SearchResult sr = (SearchResult) results.get(i);
                   System.out.println("Identifier=" + sr.getIdentifierString() + " sn=" + sr.getAttribute("lastname").getValue() + " email=" + sr.getAttribute("email").getValue());
              }
           }         
       }
      
       catch (SpmlException ex)
       {
           logger.log(Level.SEVERE, null, ex);
       }
      
       catch (MalformedURLException ex)
       {
           logger.log(Level.SEVERE, null, ex);
       }
      
       finally
       {
           if (client != null)
           {
               try
               {
                   client.logout();
               }
              
               catch (SpmlException ex)
               {
                   logger.log(Level.SEVERE, null, ex);
               }
           }
       }
    }

   
    /**
     * Modification request to modify attributes on a user.
     * SIM user attributes and resource attributes can be modified by this method.
     * Also provisioning of resource account can be made.
     * @param client        SPML client with service account logged in
     * @param accountId     Identifier to match against SIM account and make modifications
     * @param attributes    Attributes to modify on user
     * @return              SIM SPML response
     * @throws SpmlException
     */
    public static SpmlResponse modifyUserAttributes(LighthouseClient client, String accountId, Map<String, Object> attributes) throws SpmlException
    {
        // Create a request to send to SIM
        ModifyRequest req = new ModifyRequest();
        req.setIdentifier(accountId);
       
        // SIM attributes to modify
        for (Map.Entry<String, Object> entry : attributes.entrySet())
        {
            req.addModification(entry.getKey(), entry.getValue());
        }

        // Send request to SIM and SIM sends a response back
        SpmlResponse response = client.request(req);
        logger.log(Level.INFO, "Response Code: {0}", new Object[] {response.getResult()});
       
        return response;
    }

   
    /**
     * Call a SIM work flow to be executed.
     * @param client        SPML client with service account logged in
     * @param workflow      Name of SIM work flow
     * @param attributes    Attributes includes accountId to be processed by work flow
     * @return              SIM SPML response
     * @throws SpmlException
     */
    public static SpmlResponse callSimWorkFlow(LighthouseClient client, String workFlowName, Map<String, Object> attributes) throws SpmlException
    {
        // Create a request to send to SIM
        ExtendedRequest req = new ExtendedRequest();
        req.setOperationIdentifier("launchProcess");
        req.setAttribute("process", workFlowName);
       
        // SIM attributes to sent to work flow
        for (Map.Entry<String, Object> entry : attributes.entrySet())
        {
            req.setAttribute(entry.getKey(), entry.getValue());
        }

        // Send request to SIM and SIM sends a response back
        SpmlResponse response = client.request(req);
        logger.log(Level.INFO, "Response Code: {0}", new Object[] {response.getResult()});

        return response;
    }

    /**
     * Disables a resource account in SIM
     * @param client        SPML client with service account logged in
     * @param accountId     SIM user whose resource account is going to be disabled
     * @param accountName   Resource account to disable
     * @return
     * @throws SpmlException
     */
    public static SpmlResponse disableResourceAccount(LighthouseClient client, String accountId, String accountName) throws SpmlException
    {
        ExtendedRequest req = new ExtendedRequest();
        req.setOperationIdentifier("disableUser");
        req.setAttribute("accountId", accountId);
        req.setAttribute("accounts", accountName);
        SpmlResponse response = client.request(req);
        logger.log(Level.INFO, "Response Code: {0}", new Object[] {response.getResult()});
        return response;
    }

    /**
     * Enable a resource account in SIM
     * @param client        SPML client with service account logged in
     * @param accountId     SIM user whose resource account is going to be disabled
     * @param accountName   Resource account to disable
     * @return
     * @throws SpmlException
     */
    public static SpmlResponse enableResourceAccount(LighthouseClient client, String accountId, String accountName) throws SpmlException
    {
        ExtendedRequest req = new ExtendedRequest();
        req.setOperationIdentifier("enableUser");
        req.setAttribute("accountId", accountId);
        req.setAttribute("accounts", accountName);
        SpmlResponse response = client.request(req);
        logger.log(Level.INFO, "Response Code: {0}", new Object[] {response.getResult()});
        return response;
    }
}

How to Setup and Use OpenSPML Browser with SIM

Version: Sun Identity Manager 8.1
References: https://docs.oracle.com/cd/E19225-01/820-5597/6ngvvl0av/index.html

Setup OpenSPML Browser
1. Set WSHOME environment variable and include "WSHOME/bin" in the PATH environment variable. WSHOME is the directory you installed the Sun Identity Manager components. Given below is an example of setting up these variables in the bash profile:

# User specific environment and startup programs
ORACLE_HOME=/home/oracle/db/app/oracle/product/11.2.0/dbhome_1
ORACLE_SID=orcl
JAVA_HOME=/home/oracle/jrockit-jdk1.6.0_81
WSHOME=/home/oracle/idm
PATH=$WSHOME/bin:$JAVA_HOME/bin:$PATH:$HOME/bin

export JAVA_HOME ORACLE_HOME WSHOME ORACLE_SID PATH

2. Set execute permission for "WSHOME/bin/lh" file.

chmod 744 $WSHOME/bin/lh

3. Execute the following command to start the OpenSPML browser:

lh spml

Using OpenSPML Browser
1. Setup the connection parameters on the "Connect" tab. Then click "Test" to test the connection.

Server URL: http://HOSTNAME:PORT/idm/servlet/rpcrouter2
Username: configurator
Password: configurator

Success Message

2. Now you'll be able to perform the operations on the OpenSPML browser. Below are examples:

Add

Modify

How to Setup Database Table Resource in SIM

Version: Sun Identity Manager 8.1
Description: This post will show you how to setup a database table resource in Sun Identity Manager. An Oracle database table is used as an example.
Reference: https://docs.oracle.com/cd/E19225-01/820-6551/gijbf/index.html

How to Create / Delete Users in SIM

Version: Sun Identity Manager 8.1

References: https://docs.oracle.com/cd/E19225-01/820-5822/byaci/index.html

Create User

1. Log in to the Sun Identity Manager console.

2. Click "Accounts" on the menu bar.

 

3.  On the "User List" box, select "New User" from "-- New Actions --" drop down menu.

4. Fill out the necessary fields on the "Create User" form. Then save.

5. Click OK.

Delete User

1. Navigate to Accounts -> List Accounts.

2. Check mark the user to delete and then select "Delete" under "-- User Actions --" drop down menu.

3. Confirm deletion of user.

4, Result page is displayed.

How to Install Sun Identity Manager

Version: Sun Identity Manager 8.1

Operating System: Oracle Linux 6 (64-bit)

Components Tested On: Tomcat 6.41, Java 6.38 (64-bit)

References: https://docs.oracle.com/cd/E19225-01/ 

Prerequisites

Install Tomcat 6

1. Download the Tomcat 6 here. Select Binary Distributions => Core => tar.gz.

File: apache-tomcat-6.0.41.tar.gz

2. Execute the following command to extract the tar.gz file. A "apache-tomcat-6.0.41" directory is created. The location of that directory is refer to as the TOMCAT_HOME directory. 

tar -xvf apache-tomcat-6.0.41.tar.gz

3. Add the following lines to the top of $TOMCAT_HOME/bin/setclasspath.sh file:

# Location of a JDK
JAVA_HOME=/home/oracle/jdk1.6.0_38 

# Location of your unpacked Tomcat
CATALINA_HOME=/home/oracle/apache-tomcat-6.0.41

export JAVA_HOME CATALINA_HOME

4. When configuring Tomcat to support UTF-8, add the URIEncoding="UTF-8" attribute to the connector element in the $TOMCAT_HOME/conf/server.xml file, for example:

    <Connector port="8080" protocol="HTTP/1.1" 
               connectionTimeout="20000" 
               redirectPort="8443"
               URIEncoding="UTF-8" />

5. When configuring Tomcat to support UTF-8, also add -Dfile.encoding=UTF-8 in your Java VM options. Add the following line to the top of “$TOMCAT_HOME/bin/catalina.sh”:

export JAVA_OPTS="-Dfile.encoding=UTF-8"

6. To start the Tomcat server, execute $TOMCAT_HOME/bin/startup.sh script. To stop the Tomcat server, execute $TOMCAT_HOME/bin/shutdown.sh script.

Installing Sun Identity Manager
1. Download the file from https://edelivery.oracle.com.
Product Pack: Sun Products
Platform: Oracle Solaris on SPARC (32-bit)
Sun Products Media Pack for Oracle Solaris on SPARC (32-bit)
Sun Identity Manager 8.1
File: V19877-01.zip (158M)

2. When installing Identity Manager on UNIX® or Linux systems, the /var/opt/sun/install

directory must exist and be writable by the user running the installer.

sudo mkdir -p /var/opt/sun/install
sudo chown oracle:oracle /var/opt/sun/install/

3. Make a directory to unzip the SIM file.

mkdir /home/oracle/sim
cd /home/oracle/sim
mv /home/oracle/Downloads/V19877-01.zip /home/oracle/sim/
unzip V19877-01.zip

4. Execute the following commands to start the installer:

# Make the install script executable
chmod 750 install

# The argument is needed to run installer on a 64-bit machine
JAVA_OPTS=-Dos.arch="x86" ./install

5. Below are screen shots to walk you through the installation wizard:

Welcome Screen
Click Next

Click Yes (Accept License)

Select New Installation
Then click Next

Specify path to install SIM components.
This path will be refer to as WSHOME.

Before clicking "Launch Setup", add the
additional jars in "$WSHOME/WEB-INF/lib" directory

- JavaMail API 1.4.7 (mail.jar)

- JavaBeans Activation Framework 1.1 (activation.jar)

- GlassFish Server (glassfish3/mq/lib/jms.jar)

Specify the repository path.

Select "No, I will configure Identity Manager myself"

Click Execute

Click Next

6. Navigate into WSHOME and package everything into a WAR file.

cd /home/oracle/idm
jar -cvf ../idm.war *

7. Move the WAR file into TOMCAT_HOME/webapps directory. Restart the Tomcat server.

8. Once the Tomcat server is running, go to "localhost:8080/idm" to access the Sun Identity Manager console.

ID: administrator
Password: administrator
or
ID: configurator
Password: configurator