Samples Guide
OpenIDM 4.5 Samples Guide
https://github.com/OpenIdentityPlatform/OpenIDM/wiki/old/OpenIDM-4.5-Samples-Guide.pdf
OpenIDM samples
audit-jms-sample: JMS Audit Sample - Show Audit Events Published on a JMS Topic
This sample is copied from sample1 and adds the usage of the JMS Audit Event Handler.
This sample will provide instructions to utilize an instance of Apache ActiveMQ. Follow the instructions here to start ActiveMQ.
audit-sample: Audit Sample - Show extended audit capability
The sample demonstrates configuring a MySQL database to receive the audit logs for access, activity, sync, and recon using the OpenICF ScriptedSQL connector. It can be used alongside any of the other OpenIDM samples by copying the accompanying files into the respective directories.
customendpoint: configuration of a OpenIDM custom endpoint (API)
illustrates the configuration of a OpenIDM custom endpoint (API), and the structure of custom endpoint scripts
fullStack: Integration with OpenAM for strong, flexible authentication and single-sign on
This sample demonstrates how to use OpenIDM together with OpenAM and OpenDJ, showing how the entire Open Identity Platform can be used to maximize identity and access management (IAM) functionality. Any application for which your users need access can be secured with OpenAM, and the data for those users can be maintained with OpenIDM.
OpenAM and OpenIDM are both powerful products on their own, but even more so when used together. Each has their core use-cases - access management and provisioning - both of which are necessary to build a complete IAM solution. It is perfectly reasonable to setup both products in an organization, each doing their separate job but having no direct interaction with each other. However, using OpenAM to secure OpenIDM improves the available functionality in both OpenIDM and OpenAM, above and beyond what is available when they run separate from each other.
OpenIDM benefits from the strong access management that OpenAM provides - more authentication options, multi-factor authentication, powerful authentication chaining, and single-sign on. OpenAM also benefits when used this way - the OpenIDM user profile management functionality is far more feature-rich than what is provided by default in OpenAM. OpenIDM provides a sophisticated data validation service and has an easily-extensible, flexible environment to build upon.
getting-started: Getting Started With OpenIDM
Getting Started how OpenIDM reconciles user data between two data stores
historicalaccountlinking: Historical Account Linking LDAP <-> Internal Repository
This sample shows you historical account linking between OpenIDM's managed users and a local LDAP directory server, such as OpenDJ. OpenIDM is the source of records and drives all changes to downstream systems. Managed users in OpenIDM maintain a list of all the accounts that have been linked to, on the local LDAP server. This list is stored in the "historicalAccounts" field of the managed user entry, and contains all past and current linked accounts. Each account is represented as a relationship and contains information about the date linked/unlinked and whether the account is currently active.
infoservice: configuration of a OpenIDM custom endpoint (API)
illustrates the configuration of a OpenIDM custom endpoint (API), and the structure of custom endpoint scripts
kerberos: Kerberos Sample - OpenIDM Managed Users --> Kerberos
This sample demonstrates management of kerberos users via OpenIDM internal managed user objects. The provisioner for this sample assumes that OpenIDM is running on a host separate from the kerberos host.
multiaccountlinking: The Multi-Account Linking Sample
illustrates how OpenIDM addresses links from multiple accounts to one identity.
This sample is based on a common use case in the insurance industry, where a company (Example.com) employs agents to sell policies to their insured customers. Most of their agents are also insured. These different roles are sometimes known as the multi-account linking conundrum.
With minor changes, this sample works for other use cases. For example, you may have a hospital that employs doctors who treat patients. Some of their doctors are also patients of that hospital.
multiplepasswords: Multiple Passwords
This sample shows you how to set up multiple passwords for OpenIDM's managed users internal repository and how to sync them each to different LDAP targets.
powershell2AD: PowerShell Connector - AD samples
The tools/ folder contains a bunch of samples for the OpenICF PowerShell Connector.
powershell2AzureAD: Azure AD PowerShell Connector Sample
This sample will demonstrate the capabilities of the Azure AD Powershell Connector. In addition, this will also show how these scripts get applied, in OpenIDM, with a mapping from 'AzureAD User Accounts and Groups' to 'Managed Users and Roles'.
provisioners: example configuration files for many different OpenICF connectors
This folder contains example configuration files for many different OpenICF connectors. The goal is for these to aid in the process of creating a new OpenIDM project configuration. It is expected that these will need to be updated in various ways to make them work with the particular remote system in question.
roles: Roles Samples: All you ever wanted to know about Roles in OpenIDM
The samples available in the sub-directories provide all the information you need to manage Roles in OpenIDM, via either REST or via the Administrative UI.
sample1: One-Way XML -> Internal Repository
The sample demonstrates reconciliation between an external XML file and the OpenIDM internal repository, with data flowing from the XML file into the internal repository.
sample2: One-way LDAP -> Internal Repository
The sample shows you reconciliation between the OpenIDM internal repository and a local LDAP directory server, such as OpenDJ, with data flowing from OpenDJ into the internal repository. No changes are pushed from OpenIDM to OpenDJ.
sample2b: Bi-directional LDAP <-> Internal Repository
The sample shows you reconciliation between the OpenIDM internal repository and a local LDAP directory server, such as OpenDJ, with data flowing from OpenDJ into the internal repository, and from the internal repository into OpenDJ.
sample2c: Synchronizing LDAP Group Membership
This sample is the same as sample2b except that it focuses on one special attribute, ldapGroups, which is used to synchronize LDAP group membership.
sample2d: Synchronizing LDAP Groups
This sample is the same as sample2c except that it focuses on synchronizing LDAP groups.
sample3: Scripted SQL
This sample demonstrates creating a new custom scriptedSQL connector, using the custom-scripted-connector-bundler-4.0.0-SNAPSHOT.jar that is included in the tools directory of the OpenIDM zip file. The sample relies on the new custom connector that you will create with the connector bundler. It provides an example configuration and a handful of Groovy scripts that are used to communicate with an SQL server.
sample5: Synchronization of Two Resources
This sample demonstrates flowing data between external resources. It simulates two directory resources using XML files. It is different from sample4 in that it routes changes through managed/user, rather than having them directly mapped to each other. It also demonstrates the use of a reconciliation report delivered via email.
sample5b: "All-or-Nothing" Synchronization of Two Resources
This sample demonstrates flowing data between external resources just as in the regular sample5 on which it is based. It simulates two directory resources using XML files. It extends sample5 in that it configures a compensation script that attempts to ensure either all the synchronization or none of the synchronization is performed after making a change to a managed user.
sample6: LiveSync Between Two LDAP Servers (Microsoft Active Directory and OpenDJ)
This sample demonstrates use of two real LDAP connections, and both reconciliation and LiveSync. The configurations provided are tailored for working with Microsoft Active Directory and OpenDJ, however they could be easily changed to work with any standard LDAP servers.
sample7: Scripting a SCIM-like Schema
This sample demonstrates using scripting to expose users according to a SCIM-like schema.
sample8: Logging in Scripts Sample
This sample demonstrates logging capabilities available to OpenIDM scripts, providing you an alternative method for debugging your scripts.
sample9: Async reconciliation Sample
This sample demonstrates how to perform an asynchronous action from a reconciliation.
schedules: schedules and cron
scriptedJMSSubscriber: Scripted JMS Text Message Sample
IDM has the ability to subscribe to messaging protocols through its MessagingService. This sample will demonstrate using a Scripted JMS Message Handler to perform CRUDPAQ operations by subscribing to a ActiveMQ message queue.
scriptedazure: Groovy Connector to Azure AD Graph API
This sample demonstrates how to use Groovy to connect to AD Graph API. This sample enables the basic create, read, update, and delete (CRUD) operations for groups and users.
scriptedcrest2dj: Scripted CREST to OpenDJ
This sample demonstrates how to use Scripted CREST to connect to OpenDJs REST API. This sample enables the basic create, read, update, and delete (CRUD) operations for groups and users. This sample requires a fresh install of OpenIDM and OpenDJ directory server 3.5. It does not work with earlier versions of OpenDJ REST to LDAP.
scriptedrest2dj: Scripted REST to OpenDJ
This sample demonstrates how to use Scripted REST to connect to OpenDJs REST API. This sample enables the basic create, read, update, and delete (CRUD) operations for groups and users.
syncfailure: Configuring the provisioner to use sync-failure handling
The files in this directory contain fragments to add to provisioner configuration to enable the sync-failure handling supported by OpenIDM.
taskscanner: Cron Sunset Task
trustedservletfilter: Trusted Servlet Filter Sample
This sample demonstrates how to use a custom servlet filter and the "Trusted Request Attribute Auth Module" in OpenIDM to let the servlet filter perform authentication against another service.
usecase: Workflow Use Cases
This section describes a number of sample workflows, that demonstrate typical use cases for OpenIDM. The use cases, provided in /path/to/openidm/samples/usecase, work together to describe a complete business story, with the same set of sample data. Each of the use cases is integrated with the Self-Service UI
- Usecase1 - Initial Reconciliation
- Usecase 2 - New User Onboarding
- Usecase 3 - User Access Request
- Usecase 4 - Orphan Account Detection and Manual Linking Started From Reconciliation
- Usecase 6 - Password Change Reminder
workflow: Workflow Sample
This sample demonstrates a typical use case of a workflow for provisioning new users and the self-service UI to finalize their account. It is designed to simulate an employee requesting an outside contractor be granted access to the system (in this case, the system is OpenIDM's repository and a "remote" datasource represented by an xml file).
OpenIDM enables you to consolidate multiple identity sources for policy and workflow-based management. OpenIDM can consume, transform and feed data to external sources so that you maintain control over the identities of users, devices and other objects.
OpenIDM provides a modern UI experience that allows you to manage your data without writing a single line of code. The standard RESTful interfaces also offer ultimate flexibility so that you can customize and develop the product to fit the requirements of your deployment.