Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
cancel
Showing results for 
Search instead for 
Did you mean: 
former_member192665
Participant

Yesterday I started configuring Identity Services on my notebook. I ran into a couple of issues and wanted to share my experience with the reader.

Let's start with a short summary of SPML and how it works and what it does. SPML is an http and XML based standard that is designed to implement identity

and provisioning services. Details can be found at the Oasis site or on

OpenSPML . The official documentation to configure SPML based Identity Services is available on SDN. So once you've

implemented SAP NetWeaver Identity Services you can access and modify Identity Center data over the network with http. Pretty nice, isn't it?


So I started to install Virtual Directory Server and then I followed the instructions from the above link. Funny little detail worth mentioning is that you
need Virtual Directory Server in order to generate an ear file but once you've installed the ear file on a NetWeaver Java Server the services will run on
that WebAS Java and not on the Virtual Directory Server. This is certainly rather a pro than a con since it helps avoiding unnecessary complexity in your
system landscape. What I don't like is that the Identity Services are not preinstalled with the Identity Center UI components, for instance.


So a caller accesses the NetWeaver Java Stack via SPML and the SPML servlet deployed there forwards the call to the Identity Center database. So far so good.
When you run through the documentation please keep in mind in the end the service will run on WebAS Java. I don't know why you need the connection string
to the database on the VDS for creation of the ear file (the WebAS will connect to the IC DB through the DataSource IDM_DataSource you create when you
install the IdM UI) but let's not focus on minor details like this.


So next step for me was to build a simple SPML client in Java to test everything. A simple standalone Java program would do fine for the moment. I wanted to
do this with Jdk 1.4.2 since my intention was to finally run this on a NetWeaver 7.0 which doesn't support higher Java versions. So the next challenge was
to find a library that supports Jdk1.4.2 and get all dependant libraries. I also tried OpenSPML version 2 but here I found that NetWeaver Identity Services
only support v1. Ok, here is the the list of jar files I ended up with:

mxopenspml.jar

activation.jar

mail.jar


For some reason, the javax.mail package is needed and this needs in turn activation.jar.


So if you provide these jar files in the classpath then the following Java source file will compile:

import java.net.MalformedURLException;
import java.security.SecureRandom;
import java.util.Iterator;

import org.openspml.client.SpmlClient;
import org.openspml.message.AddRequest;
import org.openspml.message.FilterTerm;
import org.openspml.message.ModifyRequest;
import org.openspml.message.SearchRequest;
import org.openspml.message.SearchResponse;
import org.openspml.message.SpmlResponse;
import org.openspml.util.SpmlException;

public class SpmlTest
{
private SpmlClient client;
private SecureRandom sr = new SecureRandom ();

public SpmlTest (String url, String username, String password)
throws Exception
{

String urlWithPwd = "";

          urlWithPwd = "http://"url;<br />          client = new SpmlClient();<br />          client.setUsername(username);<br />          client.setPassword(password);<br />          client.setUrl(urlWithPwd);<br />          client.setTrace(true);<br />               <br />     }<br />     <br />     public void createAddRequest (String asyncMskeyvalue)<br />          throws SpmlException<br />     {     // the VDS needs an identitfier in a LDAP syntax<br />          String identifier = "cn="asyncMskeyvalue+",ou=nwidm1,o=ids";

// create the open spml request
AddRequest request = new AddRequest();

// identify identifier
request.setIdentifier(identifier);

// set special attributes to announce modification of a MX_PERSON
request.setAttribute("MX-ASYNC-OBJECTCLASS", "MX_PERSON");
// In this example we set the DISPLAYNAME attribute of the person
request.setAttribute ("DISPLAYNAME", "A new display name");

SpmlResponse response;
// send the request and handle the response
response = client.request(request);
if ((response.getError()==null) &&
(response.getErrorMessage()==null)) {
}
else {
System.out.println (response.getErrorMessage());
}
}

public void createModifyRequest (String asyncMskeyvalue)
throws SpmlException
{
String identifier = "cn=" + asyncMskeyvalue + ",ou=nwidm1,o=ids";

ModifyRequest mr = new ModifyRequest ();
mr.setIdentifier(identifier);

mr.addModification ("DISPLAYNAME", "Yet another new display name");

SpmlResponse response;
// send the request and handle the response
response = client.request (mr);
if ((response.getError()==null) &&
(response.getErrorMessage()==null)) {
}
else {
System.out.println (response.getErrorMessage());
}
}

public static void main (String [] args)
throws Exception
{
          SpmlTest st = new SpmlTest (args , args , args );
          if ("add".equals (args )) {
               st.createAddRequest (args );
}
          else if ("modify".equals (args )){
               st.createModifyRequest (args );
}
else System.out.println("use \'add\' or \'modify\'");
}
}



When you call this program provide the user id and password that you provided during generation of the ear file in VDS (don't use the WebAS user
id / password!).

 


When the SPML client submits the request the WebAS will create an instance of MX_ASYNC_REQUEST in the IC database. If you configured your system correctly then this object will be picked up by the request handler which processes the request:
!https://weblogs.sdn.sap.com/weblogs/images/16628/Bild08-02.jpg|height=421|alt=image|width=645|src=ht...!

I will deal with these questions in the next parts of this series.

6 Comments
Labels in this area