What's on my mind?
Manish Kapur's Weblog
Archives
« November 2009
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
     
       
Today
Click me to subscribe
Search

Links
 


 

Today's Page Hits: 38

« Web Server 7 unleash... | Main | Logging Client IP... »
Monday Aug 03, 2009
Integrating Sun Role Manager and IdM using SPML

I have come across many customers trying to integrate Sun Identity Manager (IdM) and Sun Role Manager (SRM) products and I thought this will be a good topic to write about. In an environment where Sun IdM is already deployed, Sun Role Manager (SRM) can connect to IdM using SPML interface and then it can be used to import user data. In such integration, Sun IdM and SRM need to be configured to allow using SPML as the way of exchanging provisioning information.

Here are the high level steps to configure this integration between SRM and IdM:
  1. Log in to SRM and navigate to Administration->Configuration->Provisioning Servers. Click on the New Provisioning Server Connection button and select Sun from the list.

  2. Enter the following information on "New Provisioning Server Connection" screen -
    3.  Connection Name - Enter a name for the new connection being created with the Sun IdM. This connection name is used during import process instead of the Host Name and Port, which is difficult to remember. e.g. "Sun IDM Connection"
     SPML URL - Here, SPML URL pattern is - http://host:port/idm/servlet/rpcrouter2
     e.g. http://localhost:8080/idm/servlet/rpcrouter2
        * User Name - “configurator”
        * Password - “**********”
        * Check Role Consumer if you want to enable ad-hoc roles transfer and update between SRM and Sun IdM

  3. Log in to Sun IdM as "configurator" and navigate to Configure->Import Exchange File and import "rm_idm_init.xml" and "spml.xml" files. The "rm_idm_init.xml" file can be obtained from SRM installation(look under $SRM_HOME/conf/spml directory). This completes the SRM-IdM integration configuration.

  4. To import users or accounts from Sun IDM, log in to SRM and navigate to Administration->Configuration->Import/Export Click on Schedule Job and Select the Sun IDM connection that was set up in step 2 and click on Next. You can check the "Run Job Now?" check box to trigger the user import job immediately. Or you can schedule the user import job on a future date. Similarly, you can import accounts by clicking on the Import Accounts link in the schedule job window.
Posted at 07:31PM Aug 03, 2009 by Manish Kapur in Sun  | 

Comments:

Post a Comment:
Comments are closed for this entry.