Identity Connector Framework Open Source IAM (Un)conference Vienna, 18.02.2020 Jonathan Gietz, David Hübner, DAASI International
Short Intro to ICF ● Provision and Sync from IAM- Systems into target systems (bi-directional) ● Connectors deal with target system and can be developed independently ● Once a Connector is developed (at best) every instance of the target system can be used. ● A Connector can be used in different API implementations Slide 2 of 7
More Connector Properties (SPI) ● Multiple Interfaces ● Each Connector can have different capabilities – Connector ● Stateless by design – CreateOp ● Configuration is provided from – DeleteOp outside via API – SearchOp ● Exceptions to throw errors to API – TestOp – ConnectorException – SchemaOp – AlreadyExistsException – … – ... Slide 3 of 7
Example Connector Code Snipet Slide 4 of 7
Who uses ICF ● DAASI International in didmos2 (using ConnId) ● Evolveum in midPoint (using ConnId) ● Oracle in Oracle Identity Manager (Using Sun ICF?) ● Forgerock (Developing OpenICF) ● Tirasa (Developing ConnId) Slide 5 of 7
ICF in didmos2 Slide 6 of 7
Pros & Cons (DAASI Point of View) Pros: Cons: Open Source Mapping between connector ● ● schema and target can be A lot of different vendors ● difficult when it comes to use it complex data structures Thus a kind of de facto ● Sometimes not enough ● standard in Open Source guidelines (especially in Ecosystem terms of API). Many IdM sync problems ● More a tool set than a ● are solved in a standardized framework way High flexibility ● Lots of connectors already ● developed Slide 7 of 7
Recommend
More recommend