Skip to main content
Version: 2.17.x.x LTS

NevisIDMSink

The NevisIDMSink is used to insert, update or delete data in the nevisIDM software. It makes use of the nevisIDM administration web service which has to be provided in form of a NevisIDMConnectionPool.

The NevisIDMSink can be used for user data and role assignment, credential, profile and unit data. Modification of all other nevisIDM entities is not available.

For every data object a query is issued to identify the object in nevisIDM. This identification is based on a list of search fields described in NevisIDMSource.

All string fields of the nevisIDM data objects can be used as data attributes. In addition, a few non- standard data attributes can be used for data manipulation. Those are summarized in the lists below.

Users are created with a default profile based on the policy of the client the user belongs to.

Configuration

NameType, usage constraints, defaultsDescription
servicerequired: paraVal
default: none
type: NevisIDMConnectionPool
The NevisIDMConnection pool providing access to the nevisIDM administration web service.
operationrequired: paraVal
default: none
type: operation type string
Determines the operation and the nevisIDM entity:
createUser: Create a user, ignore if it exists.
updateUser: Update a user, ignore if it does not exist.
createOrUpdateUser: Create a user, update if it exists.
deleteUser: Delete a user, ignore if it does not exist.
createCredential: Create a credential, ignore if it exists.
updateCredential: Update a credential, ignore if it does not exist.
createOrUpdateCredential: Create a credential, update if it exists.
deleteCredential: Delete a credential, ignore if it does not exist.
createUnit: Create a unit, ignore if it exists.
updateUnit: Update a unit, ignore if it does not exist.
createOrUpdateUnit: Create a unit, update if it exists.
deleteUnit: Delete a unit, ignore if it does not exist.
createProfile: Create a profile, ignore if it exists.
updateProfile: Update a profile, ignore if it does not exist.
createOrUpdateProfile: Create a profile, update if it exists.
deleteProfile: Delete a profile, ignore if it does not exist.
searchFieldsoptional: paraList
default: empty list
type: string list
Defines which data attributes are used to identify an object in nevisIDM.
detailLevelsoptional: paraMap
default: depends on the query
type: string/string map
The detail levels can be used to override the defaults of the source to include or exclude information in the query.This information is only used when NevisIDMSink checks whether the current object has to be updated.The detail levels are described in detail in the nevisIDM reference guide.
flagsoptional: paraList
default: empty list
type: string list
A list of flags used to fine-tune the sink's behavior.
DATAROOM_STRICT: If set, all authorizations are removed and recreated on update. This flag has to be used if data room modifications on authorizations are required. In version 2.6.0.1 and higher, this flag is no longer required, but still included to ensure backward compatibility.
AUTH_VIA_ROLES: If set, all authorizations are updates based on role entries of the profiles instead of authorizations. It can be used for older versions of nevisIDM which did not include authorization

Query types

user

Normal data attributes
addressLine1extIdremarks
addressLine2firstNamestateChangeDetail
birthDatehouseNumberstateChangeReasonCd
birthDateFromisTechnicalUserstateChangedDate
birthDateTolanguagestreet
cityloginIdtelefax
clientExtIdmobiletelephone
clientIndependentmodificationCommenttemplateCollection
clientNamenametitle
countrypostOfficeBoxNumbervalidFrom
dwellingNumberpostOfficeBoxTextvalidTo
emailpostalCode

Special data attributes

  • prop_PropName: Property named "PropName".
  • credential: The value of the first credential.
  • credentialType: The type of the first credential.
  • credentialState: The state of the first credential.
  • profileName: The name of the first profile.
  • profileState: The state of the first profile.
  • unitExtId: The extId of the unit of the first profile.
  • authorizations: List of nevisIDM authorization objects.

profile

Normal data attributes

  • defaultProfile
  • deputedExtId
  • extId
  • modificationComment
  • name
  • userExtId

Special data attributes

  • prop_PropName: Property named "PropName".

credential

Normal data attributes
autoTransitionDatename
autoTransitionDateHinewValue
autoTransitionDateLowpolicyName
ctlCreDatstateChangeDetail
ctlCreUidstateChangeReasonCd
ctlModDaturlPrefix
ctlModUidvalidFrom
extIdvalidTo
modificationCommentvalue

Special data attributes

  • prop_PropName: Property named "PropName".
  • saml_Prop: SAML Federation credential property named "Prop".
    • saml_subjectNameId
    • saml_issuerNameId
    • saml_userExtId
    • saml_subjectNameIdFormat
    • saml_issuerNameIdFormat

unit

Normal data attributes

  • description
  • displayAbbreviation
  • displayName
  • extId
  • location
  • modificationComment
  • name
  • parentExtId
  • policyName
  • profileless

Special data attributes

  • prop_PropName: Property named "PropName".

Example

Create a user:

<dataFilter type="ELMappingFilter">
<dp:attrVal name="loginId" value="#{in.user.uid}"/>
<dp:attrVal name="firstName" value="#{in.user.givenName}"/>
<dp:attrVal name="name" value="#{in.user.sn}"/>
<dp:attrVal name="email" value="#{in.user.mail}"/>
</dataFilter>
<dataSink type="NevisIDMSink">
<dp:paraVal name="service" value="${inst.nevisIDMService}"/>
<dp:paraVal name="operation" value="createUser"/>
</dataSink>

Create or update a user with a credential:

<dataFilter type="ELMappingFilter">
<!-- standard attributes omitted -->
<dp:attrVal name="credential" value="#{in.user.uid}"/>
<dp:attrVal name="credentialType" value="kerberos"/>
<dp:attrVal name="credentialState" value="active"/>
</dataFilter>
<dataSink type="NevisIDMSink">
<dp:paraVal name="service" value="${inst.nevisIDMService}"/>
<dp:paraVal name="operation" value="createOrUpdateUser"/>
<dp:paraList name="searchFields>
<value>clientExtId</value>
<value>extId</value>
</dp:paraList>
</dataSink>

Create or update a user in a unit:

<dataFilter type="ELMappingFilter">
<!-- standard attributes omitted -->
<dp:attrVal name="unitExtId" value="${cfg.unitExtId}"/>
</dataFilter>
<dataSink type="NevisIDMSink">
<dp:paraVal name="service" value="${inst.nevisIDMService}"/>
<dp:paraVal name="operation" value="createOrUpdateUser"/>
<dp:paraList name="searchFields>
<value>clientExtId</value>
<value>extId</value>
</dp:paraList>
</dataSink>

Create or update a user and sync roles:

<dataFilter type="ELMappingFilter">
<!-- standard attributes omitted -->
<!-- use a nevisIDMSource with queryType role to obtain roles-->
<dp:attrVal name="roles" value="${cfg.roles}"/>
</dataFilter>
<dataSink type="NevisIDMSink">
<dp:paraVal name="service" value="${inst.nevisIDMService}"/>
<dp:paraVal name="operation" value="createOrUpdateUser"/>
</dataSink>

Create a unit:

<dataFilter type="ELMappingFilter">
<dp:attrVal name="name" value="#{in.unit.name}"/>
<dp:attrVal name="location" value="#{in.unit.address}"/>
</dataFilter>
<dataSink type="NevisIDMSink">
<dp:paraVal name="service" value="${inst.nevisIDMService}"/>
<dp:paraVal name="operation" value="createUnit"/>
</dataSink>

Update a profile:

<dataFilter type="ELMappingFilter">
<dp:attrVal name="name" value="#{in.unit.name}"/>
<dp:attrVal name="prop_profileProperty" value="test"/>
</dataFilter>
<dataSink type="NevisIDMSink">
<dp:paraVal name="service" value="${inst.nevisIDMService}"/>
<dp:paraVal name="operation" value="updateProfile"/>
<dp:paraList name="searchFields">
<value>name</value>
</dp:paraList>
</dataSink>