Tivoli Identity Manager (ITIM) is quite a robust identity provisioning engine with an array of adapters for different kind of resources with an ease of customisation.
The core Application Program Interfaces of ITIM also allows external programs to interact with ITIM. However, there comes a dependency where the application needs a Java Authentication and Authorisation Service module to communicate with ITIM and version specific jar files which are updated along with the update of Websphere or ITIM updates. In case of exposed WebService of ITIM, any external client can send SOAP messages to communicate with ITIM and can have benefits of using some of the core provisioning capabilities. To construct Java clients, one needs to incorporate some of the libraries provided with the ITIM Webservice Package. In this article we will emphasise on how to create JAVA Clients because of my personal familiarity with the language. However, anyone who is familiar with WebService Architecture and development, can do with the other Programming Language to make use of the publicly exposed services.
Architecture
ITIM webservice is a J2EE application which can be optionally deployed in Websphere Application Server that hosts ITIM. Deployment of this application automatically publishes the WSDL which can be accessed and used to generate clients. There are different services for different provisioning tasks in ITIM. We will take brief looks at each of the functionality of ITIM WebServices one by one in further section. The following image is a simplified version of Webservice architecture of ITIM.
Contents of the WebService Wrapper
The ITIM WebService suite consists
ITIM Web Service Web Application- ITIM WebService Client
- ITIM Client Utilities (Some utility classes)
Documents to understand the WebService classes, methods , requests and response
Functionalities
There are several web service functionalities to utilise the core data services of ITIM. The following are a few service functionalities and classes available with the java wrapper of web services
- WSSessionService :Provides Authentication, Session Creation and password challenge authentication methods
- WSAccessService : Perform access related operations like create access , modify access or a define a group or role as access
- WSAccountService : Provides basic account services for specific services and also helps retrieving account informations
- WSPersonService : Provides basic person related operations like creating a person, modifying ,de-provisioning or suspending a person
- OrganisationalContainerService : Creates, retrieves and traverses organisation tree in ITIM)
- WSProvisioningPolicyService : Manages Provisioning Policies
- WSItimService (is a proxy Webservice combines the services of other services and can be used instead of using other webservices)
Java Client Example
Test Communication
Get ITIM Information including the user logged-in it’s accounts
|
package com.ibm.itim.ws.test; import java.net.MalformedURLException; import java.rmi.RemoteException; import javax.xml.rpc.ServiceException;import com.ibm.itim.ws.exceptions.WSInvalidLoginException; import com.ibm.itim.ws.exceptions.WSLoginServiceException; import com.ibm.itim.ws.model.WSAccount; import com.ibm.itim.ws.model.WSPerson; import com.ibm.itim.ws.model.WSSession; import com.ibm.itim.ws.services.WSItimService;import com.ibm.itim.ws.services.WSPersonService; import com.ibm.itim.ws.services.WSSessionService; import com.ibm.itim.ws.services.facade.ITIMWebServiceFactory; public class TestClient { /** * @param args * @throws MalformedURLException * @throws RemoteException * @throws WSLoginServiceException * @throws WSInvalidLoginException */ public static void main(String[] args) { // Replace the URL with passing arguments from command line String serverAddress = “http://HOST:PORT/ITIMWebServices”; String userid =”itim manager”; String password = “xxxxxxxxxx”; ITIMWebServiceFactory webServiceFactory; try { webServiceFactory = new ITIMWebServiceFactory(serverAddress); //* ITIMWebServiceFactory class is a factory which generates all the services available, like PersonService, AccountService, OrganisationalContainer Service WSItimService itimService = webServiceFactory.getWSItimService(); WSSession session = itimService.login(userid, password); WSSessionService manager =webServiceFactory.getWSSessionService(); WSPerson person = itimService.getPrincipalPerson(session); WSPersonService personService=webServiceFactory.getWSPersonService(); System.out.println(“ITIM Version: “+manager.getItimVersion()); System.out.println(“User name from ITIM is ” + person.getName()); System.out.println(“Trying to get list of accounts owned by ” + person.getName()); WSAccount[] accounts = personService.getAccountsByOwner(session, person.getItimDN()); if (accounts != null) { System.out.println(“Found ” + accounts.length + ” accounts for ” + person.getName()); for (int i = 0; i < accounts.length; i++) { WSAccount account = accounts[i];System.out.println(” “+ account.getName() + ” on service ” + account.getServiceName()); } } else { System.out.println(“No accounts retrieved”); } System.out.println(“End of test”); } catch (MalformedURLException e1) { // TODO Auto-generated catch block e1.printStackTrace(); } catch (ServiceException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (WSInvalidLoginException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (WSLoginServiceException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (RemoteException e) { // TODO Auto-generated catch block e.printStackTrace(); } } } |
Create a new person object in ITIM
This example creates a person of type “inetOrgPerson” which corresponds to the entity type “Person”.
|
package com.ibm.itim.ws.test; import java.net.MalformedURLException; import java.rmi.RemoteException; import java.sql.Date; import java.util.ArrayList; import java.util.Calendar; import java.util.Collection; import javax.xml.rpc.ServiceException; import com.ibm.itim.ws.client.constants.WSObjectCategoryConstants; import com.ibm.itim.ws.exceptions.WSInvalidLoginException; import com.ibm.itim.ws.exceptions.WSLoginServiceException; import com.ibm.itim.ws.model.WSAccount; import com.ibm.itim.ws.model.WSAttribute; import com.ibm.itim.ws.model.WSOrganizationalContainer; import com.ibm.itim.ws.model.WSPerson; import com.ibm.itim.ws.model.WSRequest; import com.ibm.itim.ws.model.WSSession; import com.ibm.itim.ws.services.WSOrganizationalContainerService; import com.ibm.itim.ws.services.WSPersonService; import com.ibm.itim.ws.services.WSSessionService; import com.ibm.itim.ws.services.facade.ITIMWebServiceFactory; public class CreatePerson { /** * @param args */ public static void main(String[] args) { System.out.println(“Usage of the class is java CreatePerson ou uid sn cn “); String serverAddress = “http://localhost:9080/ITIMWebServices”; String userid =”itim manager”; String password = “xxxxxxx”; String Ou=args[0]; String sn=args[1]; String givenName=args[2]; try { System.out.println(“Trying connection to ITIMWebServices”); ITIMWebServiceFactory webServiceFactory = new ITIMWebServiceFactory(serverAddress); WSSessionService manager = webServiceFactory.getWSSessionService(); //* System.out.println(“Trying authentication for user ” + userid); WSSession session = manager.login(userid, password); System.out.println(“User id ” + userid + ” logged in succesfully to ” + serverAddress); // Get the Person Service and get the session WSPersonService personService = webServiceFactory.getWSPersonService(); // // Get the container in which the person has to be create WSOrganizationalContainerService containerService = webServiceFactory.getWSOrganizationalContainerService(); String containerProfile = WSObjectCategoryConstants.ORGUNIT; WSOrganizationalContainer[] wsContainers = containerService.searchContainerByName(session, null,containerProfile, Ou); if (wsContainers != null && wsContainers.length > 0) { System.out.println(“Found ” + wsContainers.length + ” containers for ” + Ou); // Set the parent container for the person. If the search found // more than 1 container, select // the one you want. We arbitrarily choose the first found // container in this example. WSOrganizationalContainer parentContainer = wsContainers[0]; // Create a person value object. WSPerson wsPerson = new WSPerson(); Collection attrList = new ArrayList(); wsPerson.setProfileName(“Person”);// String uid=givenName.substring(0,1)+sn; String cn= givenName+” ” +sn; WSAttribute wsAttr = new WSAttribute(“uid”, new String[] {uid}); attrList.add(wsAttr); // Populate the mandatory cn and sn attributes wsAttr = new WSAttribute(“cn”, new String[] {cn}); attrList.add(wsAttr); wsAttr = new WSAttribute(“sn”, new String[] {sn}); attrList.add(wsAttr); wsAttr = new WSAttribute(“givenName”, new String[] {“7890”}); attrList.add(wsAttr); WSAttribute[] wsAttrs = (WSAttribute[])attrList.toArray(new WSAttribute[attrList.size()]); wsPerson.setAttributes(wsAttrs); // Submit a person create request Calendar calendar = Calendar.getInstance(); calendar.setTime(new Date(0)); WSRequest request = personService.createPerson(session,parentContainer, wsPerson, calendar); System.out.println(“Submitted person create request id = ” +request.getRequestId()); } else { System.out.println(“No container found matching ” + Ou); } System.out.println(“End of test”); } catch (WSInvalidLoginException e) { e.printStackTrace(); } catch (WSLoginServiceException e) { e.printStackTrace(); } catch (RemoteException e) { e.printStackTrace(); } catch (IllegalArgumentException e) { e.printStackTrace(); } catch (MalformedURLException e) { e.printStackTrace(); } catch (ServiceException e) { e.printStackTrace(); } } } |
* WSPerson class is used to construct the person object
- Only for testing purpose. This code has a lot of hardcoded stuff.
ITIMWebServiceFactory webServiceFactory = new ITIMWebServiceFactory(serverAddress);
WSSessionService manager = webServiceFactory.getWSSessionService();
System.out.println(“Trying authentication for user ” + userid);
WSSession session = manager.login(userid, password);
WSPersonService personService=webServiceFactory.getWSPersonService();
accountService = webServiceFactory.getWSAccountService();
String serviceDN=”erglobalid=3685365980767361353,ou=services,erglobalid=00000000000000000000,ou=Synetis,DC=COM”;
Collection attrList = new ArrayList();
WSAttribute wsAttr = new WSAttribute(“eruid”, new String[] {“abcd2”});
attrList.add(wsAttr);
// Populate the mandatory cn and sn attributes
wsAttr = new WSAttribute(“cn”, new String[] {“Test Acct”});
attrList.add(wsAttr);
wsAttr = new WSAttribute(“sn”, new String[] {“Acct”});
attrList.add(wsAttr);
wsAttr = new WSAttribute(“owner”, new String[] {“erglobalid=171286038059213820,ou=0,ou=people,erglobalid=00000000000000000000,ou=Synetis,dc=com”});
attrList.add(wsAttr);
WSAttribute[] wsAttrs = (WSAttribute[])attrList.toArray(new WSAttribute[attrList.size()]);
Calendar calendar = Calendar.getInstance();
calendar.setTime(new Date(0)); // Set submit date to current time
WSRequest request = accountService.createAccount(session, serviceDN,wsAttrs, calendar);
System.out.println(“Account created with the request id : ” + request.getRequestId());
wsAttr =
new WSAttribute(“owner”, new String[] {“erglobalid=171286038059213820,ou=0,ou=people,erglobalid=00000000000000000000,ou=Synetis,dc=com”});
attrList.add(wsAttr);
WSAttribute[] wsAttrs = (WSAttribute[])attrList.toArray(new WSAttribute[attrList.size()]);
Calendar calendar = Calendar.getInstance();
calendar.setTime(new Date(0)); // Set submit date to current time
WSRequest request = accountService.createAccount(session, serviceDN,wsAttrs, calendar);
System.out.println(“Account created with the request id : ” + request.getRequestId());
Screen shots for displaying creation of an account by a java class using webservice ITIM
The request id matches , hense indicating the request launched from a webservice client in ITIM.
Deployment of ITIM WebService
- Websphere version should be 6.x or 7.x fro ITIM 5.0 or ITIM 5.1
- Download the ITIM Web Service wrapper from the link given below:
- The wrapper is an exe file. This can be executed in windows environment.
