Overview of the generic Web Service connector

The Web Service connector integrates identities through Web Service operations with Microsoft Identity Manager (MIM) 2016 SP1. The connector requires the Web Service Project file to connect with the correct data source. This project can be downloaded from Microsoft Download Center along with documentation for using the connector with Oracle eBusiness, Oracle PeopleSoft and SAP. You can also create it by using the Web Service Configuration Tool.

When MIM Synchronization Service invokes the Web Service connector, it loads its configured project file (WsConfig file). This file helps it recognize the data source’s Endpoint that should be used to establish a connection. The file also tells it the workflow to execute in order to implement a MIM operation. To execute the configured workflows, the web service connector leverages the .NET 4 Workflow Foundation run time engine.

Configuration of workflow with the web services configuration tool

Prerequisites

Deploying this connector may require changes to the configuration of the target system as well as configuration changes to MIM. For deployments involving integrating MIM with a third-party system in a production environment, we recommend customers work with their directory server vendor, or a deployment partner for help, guidance, and support for this integration.

Web Service layers

Two main layers are used to implement the Web Service management agent (MA) solution:

  • Web Service Configuration Tool
  • Run-time Connector implemented with Workflow .NET 4.0

Supported data sources for Web Service discovery

The Web Service Configuration Tool implements the following functionalities:

  • SOAP Discovery: Allows the administrator to enter WSDL path exposed by the target web service. Discovery will produce a tree structure of its hosted web services with their inner endpoint(s)/operations along with the operation’s Meta data description. There is no limit to the number of discovery operations that can be done (step by step). The discovered operations are used later to configure the flow of operations that implement the connector’s operations against the data-source (as Import/Export/Password).

  • REST Discovery: Allows the administrator to enter Restful service details i.e. Service Endpoint, Resource Path, Method and Parameter details. A user can add unlimited number of Restful services. The rest services information will be stored in discovery.xml file of wsconfig project. They will be used later by the user to configure the Rest Web Service activity in the workflow.

  • Connector Space Schema configuration: Allows the administrator to configure the connector space schema. The schema configuration will include a listing of Object Types and attributes for a specific implementation. The administrator can specify the object types that will be supported by the Web Service MA. The administrator may also choose here the attributes that will be part of the Connector space Schema.

  • Operation Flow configuration: Workflow designer UI for configuring the implementation of FIM operations (Import/Export/Password) per object type through exposed web service operations functions such as:

    • Assignment of parameters from connector space to web service functions.
    • Assignment of parameters from web service functions to the connector space.

Resources generated by the Web Service Configuration Tool

The Web Service Configuration Tool generates the necessary resources needed to configure a fully functional Web Service MA, which includes:

  • Connector Space Schema: A binary file that includes the schema configuration. The file will be imported by MIM through the Get Schema interface when the MA is configured using the FIM Synchronization UI. It is then converted to ECMA2 Schema format object.

  • Workflows: A series of Workflow definitions. They are used by the Web Service MA at run time in order to execute an appropriate operation.

  • WCF config file: A configuration file that's produced by the discovery operation. The file includes the binding and endpoints information required to invoke a web service operation against the data-source.

  • Data contract assembly: Since the Web Service connector now supports both SOAP and REST service the data contracts generated for will be different in the generated.dll file.

  • SOAP assembly: While parsing the WSDL input, the Web Service configuration tool generates data contract types, which are data structures used by the web service operations to communicate with the remote service. These contract types are also used to expose remote data source entities for object type attribute mapping.

  • REST assembly: While parsing sample request-response for REST Web Service, the configuration tool will generate types (classes), which will be used in workflow to communicate with web service via Web Service Call activity. Each Request/Response will be defined in its own namespace. The namespace has a syntax as <ServiceName>.<ResourceName>.<MethodName>.[Request/Response]. Wrapping each request/response in separate namespace will help to reduce issues due to duplicate type(class) name.

Workflow creation of a .wsconfig file by the web services configuration tool for use by the web services management agent

Project file type

The Web Service MA is saved in compressed file (ZIP format) with name specified by user and “WsConfig” file extension. “WsConfig” file extension is registered and associated with Web Service configuration tool by installer. Existing MA projects can be opened, modified and saved. They may be saved to the FIM Synchronization Service extensions folder or any other location. Changes related to object type and attributes require synchronization on FIM side. Configuration tool is a multiple- instance application designed to create and modify MA(s).

Supported security modes

The REST/SOAP web service application can be secured through a Web Server like IIS. The application lets the user select the security mode, as shown in the following figure. The security modes include Basic, Digest, Certificate, Windows, or None.

Security modes

Supported data types

The following data types are supported:

  • SOAP (legacy): The SOAP data type is supported as described in this MSDN article. Support is provided for the Business Application Programming Interface (BAPI) stack only. Sample SOAP templates are available at the Microsoft Download Center.
  • REST (not ODATA): An HTTP protocol-based connector/web.

Next steps