Fact

• PhenixID Identity Manager (PIM)
• PhenixID Identity Provisioning (PIP)
• NOTE: If you run PIM 5.4.3 and PIP 5.1.3 or later we have added a new REST Web Service functionality. We strongly recommend to use that instead. However we still support this version of communicating.
  For more information using PIM/PIP REST Web Service, please read PSD1162.

Overview

If you like to collect data in an edit or a create form and send that data to PIP to manage, this PSD will explain how. PIM sends Add or Modify operations to PIP as a web service request. Error codes from PIP will be displayed as a mapped error from a mapping table in PIM.

If these filters are used for multiedit in PIM, AamEditFilter will send one request per object. AamCreateFilter will send all objects in one request.

The attributes ‘userPassword’ and ‘unicodepwd’ will be encrypted with AES256 before being sent to the PIP Web Service. The PIP policy decrypts it using the encryption key before writing the change to the data source.

Using this solution, PIM forms will NOT write directly to the LDAP or JDBC datasource. All modifications will be sent to PIP.

Solution

PIM 6.0.2 or later versions

Note 1. Go to next section if you PIM 5.7.1 or later.
Note 2.PIM 6.0.0 and PIM 6.0.1 are not supported.

Configuration for PIM WEB

1. Download and unzip PIM_602_or_later.zip
2. Go to file system where PIM WEB is installed
   1. If you have changed the default error.xml or its location you need to make sure you take a copy of this file before moving on.
      drive:\..\PhenixID\IM\customer\config\errors
3. Click on folder drive:\..\PhenixID\IM\customer
4. In zip-file, copy content of \PIM_WEB to folder above
   1. Restore your error.xml file
5. Restart PIM WEB service
6. NOTE: If you have upgraded PIM from an earlier version than PIM 6.0.0 and this solution already was in place then you can remove the following file that is not used any more:
   drive:\..\PhenixID\IM\customer\extension\lib\AAMWSClient.jar

Configuration for PIM Configurator

1. Download and unzip PIM_602_or_later.zip
2. Go to file system where PIM Configurator is installed
3. Click on folder drive:\..\PhenixID\IMConfigurator
4. In zip-file, copy content of \PIM_CONFIG to folder above
5. Restart PIM Configurator

PIM 5.7.1 or earlier version

Note. Go to previous section if you use PIM 6.0.2 or later.

Configuration for PIM WEB

1. Download and unzip PIM_571_or_earlier.zip
2. Go to file system where PIM WEB is installed
3. Click on folder drive:\..\PhenixID\IM\customer
4. In zip-file, copy content of \PIM_WEB to folder above
5. Restart PIM WEB service

Configuration for PIM Configurator

1. Download and unzip PIM_571_or_earlier.zip
2. Go to file system where PIM Configurator is installed
3. Click on folder drive:\..\PhenixID\IMConfigurator
4. In zip-file, copy content of \PIM_CONFIG to folder above
5. Restart PIM Configurator

PIM polices for the PIP filter

1. Open DSEditor.properties for PIM
2. Add the following configuration parameters below
3. Restart the PIM service

#### Start PIM to PIP ####
# This is the where the PIP Web Service is located, edit the URL as needed.
AAM_WSDL_LOCATION=http://127.0.0.1:8080/services/HandleObjectPort?wsdl
#
# These are the username and password settings IM will use when communicating with PIP/AAM
AAM_UID=<Username configured in PIP/AAM>
AAM_PWD=<Password configured in PIP/AAM>
#
# This is the encryption key that will be used if the attribute is named userPassword or unicodepwd.
AAM_ENC_KEY=nordicedgeanintelcompany20110101
#
# This option tells IM to send all attributes from modified forms to PIP/AAM.
AAM_EDIT_CHECK_IF_ANY_IS_TOUCHED=true
#
# These option tells IM to send all attributes to PIP/AAM.
AAM_EDIT_SEND_UNTOUCHED=true
AAM_CREATE_SEND_UNTOUCHED=true
#
# This option tells IM to check if all mandatory attributes have a value. If any mandatory attribute is missing value the request will not be sent.
AAM_CREATE_CHECK_MANDATORY=true
#
# This option tells IM where to find the mapping table for errorcodes from PIP/AAM
CODE_TO_MESSAGE_XML_PATH=[path to folder]/PhenixID/IM/customer/config/errors/errors.xml
#
# This option tells IM the name of the returned object from PIP/AAM will be the created objects DN.
AAM_CREATE_NAMEISDN=true
#
# When this policy is set to true the DN of the logged in user will be sent as LoggedInUserDN to PIP/AAM
AAM_CREATE_ADD_LOGGED_IN_USER_DN=true
AAM_EDIT_ADD_LOGGED_IN_USER_DN=true
#
# When this policy is set to true the tab description will be sent as TabDescription to PIP/AAM
AAM_CREATE_ADD_TAB_DESCRIPTION=true
AAM_EDIT_ADD_TAB_DESCRIPTION=true
#
# When this policy is set to true the unique name of the tab will be sent as TabUniqueName to PIP/AAM
AAM_CREATE_ADD_TAB_UNIQUE_NAME=true
AAM_EDIT_ADD_TAB_UNIQUE_NAME=true
#
# When this policy is set to true all controls will be touched before sending the data to PIP/AAM. 
# This option will add support for logic executed in init, pre, key, post and pre-save to be able to execute.
AAM_EDIT_TOUCH_ALL=false
#### End IM 2 Provisioning ####

• Edit errors.xml to contain the correct error codes and corresponding message.
• Add the tabfilter nsd.AamEditFilter in edit tabs.
• Add the tabfilter nsd.AamCreateFilter in create tabs.
• Restart the Identity Manager web application.

PIP / AAM

• Import WS Listner.aax into PIP. (in the previous mentioned ZIP-file that you downloaded there is an \PIP folder containing the file.)
• Configure the policy WS Listner with username and password.
• Configure the PIP policy to contain the necessary actions.
• Make sure to return the DN for newly created objects as session object name when using nsd.AamCreateFilter on create tabs.
• If errorcode=0, no errors will be returned in IM. All other error codes will result as an IM error.
• Restart the PIP/AAM.