WS examples for FIM Programmatic Access
Technorati Tags: .NET,FIM,XPath
Hi there,
I am Syam Pinnaka, developer in Identity and Access Management (IAM) team at Microsoft.
Forefront Identity Manager (FIM) 2010 provides WCF endpoints for its users to query and work with FIM objects like persons, groups etc. However its not all that intuitive to programmatically start working with FIM objects using FIM WCF endpoints as current endpoints work with XML data and there is no supported client available today to convert this XML data into managed objects which can be consumed by advanced programming languages like .Net. However there is an unsupported client which works well (so far). This unsupported client is originally written by FIM PG and is now open source and available on codeplex at https://fim2010client.codeplex.com/.
In this blog post, lets see the steps required to start using rmClient for consuming the FIM objects in .Net.
- Download rmClient from https://fim2010client.codeplex.com/.
- Create a new .Net project using Visual Studio 2010.
- Add reference(s) to the following downloaded/installed assemblies.
- Microsoft.ResourceManagement.dll.
- Microsoft.ResourceManagement.Client.dll.
- Microsoft.ResourceManagement.ObjectModel.dll
- Create an instance of defaultClient.
private static DefaultClient rmClient = null;
public static DefaultClient RmClient
{
get
{
if (rmClient == null)
{
rmClient = new DefaultClient();
rmClient.RefreshSchema();
}
return rmClient;
}
}
Build the XPath query. Examples XPath queries below.
- Read all groups: /Group
- Read a group with a display name: /Group[DiaplayName = ‘XXXX’]
- Read a group with an object id/guid: /Group[ObjectID = ‘XXXX’]
Query FIM using the built xpath query.
foreach (RmResource groupResource in RmClient.Enumerate(filter, selectList.ToArray())) { RmGroup group = groupResource as RmGroup; … }
After getting the required group, individual members can be added/removed like below.
Add one or more members to a group:
public void AddNew(Guid group, List<Guid> persons)
{
bool newMembersAdded = false;
List<RmPerson> Persons = new List<RmPerson>();
RmGroup rmGroup = GetGroupFromGuid(group);
RmPerson person = null;
foreach (Guid p in persons)
{
person = GetPersonFromGuid(p);
Persons.Add(person);
}
using (RmResourceChanges RmTransaction = new RmResourceChanges(rmGroup))
{
RmTransaction.BeginChanges();
foreach (RmPerson p in Persons)
{
if (!rmGroup.ExplicitMember.Contains(new RmReference(p.ObjectID.ToString())))
{
if (newMembersAdded == false) newMembersAdded = true;
rmGroup.ExplicitMember.Add(p.ObjectID);
}
}
if (newMembersAdded == true)
{
RmClient.Put(RmTransaction);
RmTransaction.AcceptChanges();
}
}
}
- Remove one or more members from a group:
public void RemoveExisting(Guid group, List<Guid> persons)
{
bool changesMadeToGroup = false;
List<RmPerson> Persons = new List<RmPerson>();
RmGroup rmGroup = GetGroupFromGuid(group);
RmPerson person = null;
foreach (Guid p in persons)
{
person = GetPersonFromGuid(p);
if(person != null)
Persons.Add(person);
}
using (RmResourceChanges RmTransaction = new RmResourceChanges(rmGroup))
{
RmTransaction.BeginChanges();
foreach (RmPerson p in Persons)
{
if (rmGroup.ExplicitMember.Contains(new RmReference(p.ObjectID.ToString())))
{
if (changesMadeToGroup == false) changesMadeToGroup = true;
rmGroup.ExplicitMember.Remove(p.ObjectID);
}
}
if (changesMadeToGroup == true)
{
RmClient.Put(RmTransaction);
RmTransaction.AcceptChanges();
}
}
}
- Build and run the project.
- Make sure the account used to run the project has enough permissions to make the required updates to FIM Objects.
That’s it. Happy coding and have fun!