Skip to main content

Using nevisDataPorter with nevisIDM

In version 2.0.0.0, nevisDataPorter was intensively extended for integration with nevisIDM. As a consequence, three nevisIDM plugins (NevisIDMSource, NevisIDMSink, NevisIDMConnectionPool) and the event system were added. Depending on the used nevisIDM instance, different configuration settings need to be used to connect from nevisDataPorter. This is because JMS is not a standardized protocol, like HTTP, but requires the same implementation on the client and server side.

Configuration of Standalone Instances

To enable provisioning from a nevisIDM instance on standalone to an arbitrary sink, nevisIDM has to be configured for provisioning using a JMS queue.

  1. Add the JMS endpoint configuration to the <config/> section of the nevisDataPorter configuration:
<dp:cfgVal name="idm_event_queue_url" value="tcp://10.0.8.60:10004?soKeepAlive=true" />

To enable TLS, append additional options like *&amp;sslEnabled=true&amp;trustStorePath=...&trustStorePassword=... .* For all options, see the official JMS implementation: Artemis 1.1 documentation.

  1. Add the following JmsEventSource to your nevisDataPorter configuration to read from the nevisIDM JMS queue provided by standalone:
<eventSource name="nevisidmEvents" type="JmsEventSource">
<dp:paraVal name="connectionFactoryName" value="jms/RemoteConnectionFactory" />
<dp:paraVal name="destination" value="Provisioning" />
<dp:paraVal name="username" value="nevisidm" />
<dp:paraVal name="password" value="secret" />
<dp:paraMap name="jndiProperties">
<value name="java.naming.provider.url" value="${cfg.idm_event_queue_url}" />
<value name="java.naming.factory.initial" value="org.apache.activemq.artemis.jndi.ActiveMQInitialContextFactory"/>
<value name="connectionFactory.jms/RemoteConnectionFactory" value="${cfg.idm_event_queue_url}"/>
<value name="queue.Provisioning" value="Provisioning"/>
</dp:paraMap>
</eventSource>
  1. Make nevisDataPorter react to specific nevisIDM events only. nevisIDM generates events for changes in all entities. Generally, only a subset of these events is of relevance. The event dispatchers are configured accordingly to ignore most of the events:
<eventDispatcher name="dispatcher_onUserCreateOrUpdate" type="EventDispatcher">
<dp:paraList name="source"><value>${inst.nevisidmEvents}</value></dp:paraList>
<dp:paraVal name="module" value="onUserCreateOrUpdate"/>
<dp:paraVal name="filter"
value="#{rtCfg['meta.entity'] eq 'user' and (rtCfg['meta.operation'] eq 'i' or rtCfg['meta.operation'] eq 'u')}"/>
</eventDispatcher>
<eventDispatcher name="dispatcher_onUserDelete" type="EventDispatcher">
<dp:paraList name="source"><value>${inst.nevisidmEvents}</value></dp:paraList>
<dp:paraVal name="module" value="onUserDelete"/>
<dp:paraVal name="filter"
value="#{rtCfg['meta.entity'] eq 'user' and rtCfg['meta.operation'] eq 'd'}"/>
</eventDispatcher>

Configuration of adnwildfly Instances

Deprecated

The use of adnwildfy is deprecated. nevisDP after 2.17.1 will drop out-of-the-box support of adnwildfly. Instead, use standalone deployment for nevisidm.

This is confirmed and tested with adnwildfly 10.1.1.0. On other adnwildfly versions, different JARs might be required.

To enable provisioning from a nevisIDM instance on adnjboss to an arbitrary sink, nevisIDM has to be configured for provisioning using a JMS queue.

  1. Create a user that has the "consumer" role on the nevisIDM instance, to enable nevisDataPorter to access the JMS queue in the adnwildfly container:
adnwildfly <nevisidm_instance_name> user add <username> <password> consumer
# for example:
adnwildfly nevisidm user add nevisdp my-passphrase-12345 consumer

The example above creates a user named "nevisdp" with the passphrase "my-passphrase-12345" for the default nevisIDM instance named "nevisidm".

  1. Configure the env.conf file to include all required client libraries to connect to the JMS queue provided by the adnwildfly instance:
nevisdp <instance> config env
# When adnwildfly 10.1.1.0 is installed append the following:
CLASSPATH=/opt/adnwildfly/jboss/modules/system/layers/base/org/apache/activemq/artemis/main/artemis-core-client-1.1.0.wildfly-017.jar:/opt/adnwildfly/jboss/modules/system/layers/base/org/apache/activemq/artemis/main/artemis-jms-client-1.1.0.wildfly-017.jar:/opt/adnwildfly/jboss/modules/system/layers/base/javax/jms/api/main/jboss-jms-api_2.0_spec-1.0.0.Final.jar:/opt/adnwildfly/jboss/modules/system/layers/base/org/apache/activemq/artemis/main/artemis-commons-1.1.0.wildfly-017.jar:/opt/adnwildfly/jboss/modules/system/layers/base/org/apache/commons/beanutils/main/commons-beanutils-1.9.2.jar:/opt/adnwildfly/jboss/modules/system/layers/base/io/netty/main/netty-all-4.0.33.Final.jar:/opt/adnwildfly/jboss/modules/system/layers/base/org/jboss/logging/main/jboss-logging-3.3.0.Final.jar:/opt/adnwildfly/jboss/modules/system/layers/base/org/apache/activemq/artemis/main/artemis-journal-1.1.0.wildfly-017.jar:/opt/adnwildfly/jboss/modules/system/layers/base/org/apache/activemq/artemis/main/artemis-native-1.1.0.wildfly-017.jar:/opt/adnwildfly/jboss/modules/system/layers/base/org/apache/activemq/artemis/main/artemis-selector-1.1.0.wildfly-017.jar

caution

It's important that the following JARs are on the classpath: artemis-core-client, artemis-native, artemis-jms-client, artemis-journal, artemis-selector, JMS 2.0 API spec, jboss-logging.

  1. Add the JMS endpoint configuration to the <config/> section of the nevisDataPorter configuration:
<dp:cfgVal name="idm_event_queue_url" value="tcp://10.0.8.60:10004?soKeepAlive=true" />

To enable TLS, append additional options like &amp;sslEnabled=true&amp;trustStorePath=...&trustStorePassword=.... For all options, see the official JMS implementation included in adnwildfly: Artemis 1.1 documentation.

  1. Add the following JmsEventSource to your nevisDataPorter configuration to read from the nevisIDM JMS queue provided by adnwildfly:
<eventSource name="nevisidmEvents" type="JmsEventSource">
<dp:paraVal name="connectionFactoryName" value="jms/RemoteConnectionFactory" />
<dp:paraVal name="destination" value="Provisioning" />
<dp:paraVal name="username" value="nevisdp" />
<dp:paraVal name="password" value="my-passphrase-12345" />
<dp:paraMap name="jndiProperties">
<value name="java.naming.provider.url" value="${cfg.idm_event_queue_url}" />
<value name="java.naming.factory.initial" value="org.apache.activemq.artemis.jndi.ActiveMQInitialContextFactory"/>
<value name="connectionFactory.jms/RemoteConnectionFactory" value="${cfg.idm_event_queue_url}"/>
<value name="queue.Provisioning" value="Provisioning"/>
</dp:paraMap>
</eventSource>