Apache Syncope is a great solution for Identity Management. In this month I analyzed some use cases that led me to reflect about the flexibility of provisioning process to adapt to various (and sometimes very cumbersome) deployment scenarios. The questions is: How well Syncope orchestrates the provisioning? The problem is that Syncope lacks of a provisioning manager: this component could allow an easy and fully customizable definition of provisioning control logic. My proposal consists in a redefinition of the (user and role) controller concept, through the Apache Camel framework. Why this framework? I think that Camel fits the need of easy control logic definition. Moreover Camel supports a wide range of external components: it means that it can be easily integrated with existing frameworks, like Activiti.
Citation preview
1. APACHE SYNCOPE: An Apache Camel Integration Proposal Viale
D'Annunzio, 267 - 65127 Pescara Partita IVA 01974100685 N. REA
143460Tel +39 0859116307 / FAX +39 0859111173http://www.tirasa.net
[email protected]
2. Apache Syncope: UserCreation Use Case When user is created,
Syncope works in this way: 1. Create user internally start
work-flow engine 2. Propagate to external resources This use case
is useful the most of times, but not ever.. 3. Apache Syncope:
Problematic Use Case What if we need to implement this use case ?
1. Create User on Active Directory (Primary Resource) 2. If step 1
is OK create also internally OtherwiseXpropagate to other external
resources throw a general error 4. Apache Syncope: Problematic Use
Case Solution Generally, to solve the previous case, we do this:1.
Override UserController#create() method 2. Embed the desired fixed
logic isn't there a better way to do this? 5. Apache Syncope:
Possible Solution We need a way that allows: 1. Easy configuration
of IDM control strategies 2. Easy integration with existing
component Possible Solution ? CONTROLLER REDEFINITION with 6.
Apache Camel.. What is? Apache Camel is a versatile open-source
integration framework based on known Enterprise Integration
PatternsCamel empowers you to define routing and mediation rules in
a variety of domain-specific languages 7. Apache Camel: Concepts
Camel is Message-oriented Concept of MessageCommunication in Camel
takes places via Message Message is included in Exchange 8. Apache
Camel: Endpoint Endpoint defines the communication port of an
application. ENDPOINTEach component is identified by unique URI 9.
Apache Camel: Route A Route defines strategies for message
manipulation. 10. Apache Camel: Route Definition Apache camel
provides different methods to express routes: these are simply
called DSL.Java DSLSpring XML DSLfrom("direct:a") .choice()
.when(header("foo").isEqualTo("bar")) .to("direct:b")
.when(header("foo").isEqualTo("cheese")) .to("direct:c")
.otherwise() .to("direct:d");Example of two common DSL 11. Apache
Camel.. Why? Camel could represent a valid framework for the
controller orchestration.. why?IDM Control Logic ~ RouteNew
component in Syncope Provisioning Manager Moreover, Camel offers
large set of pluggable Components . Example: the Activiti
Component. 12. Provisioning Manager: Benefits Provisioning Manager
embeds Ruote Definition Routes can be easily added at Runtime.
Complex Behaviour Definition (i.e. rollback). Versioning of Routing
Strategies 13. Apache Camel.. How? The Provisioning Manager aims to
redefine the controller business logic. 14. Syncope Architecture As
Is 15. Syncope Architecture with Provisioning Manager 16. Apache
Camel Integration Proposal Transfer IDM control logic into the
Provisioning ManagerLOGIC 17. Provisioning Manager: Example
Provisioning Manager: how first use case can be modeled
Provisioning Manager UserTo. . from("vm:camel-create") //we can do
some check here .to("activiti:camelProcess:Create); . .
from(activiti:camelProcess:Created). bean(PropagationBean,
propagateToExtResource). //continue with other operationProcess
definition . . . . 18. Provisioning Manager: Example How the
problematic use case can be modelledUserToProvisioning Manager .
from("vm:camel-create") //we can do some check here
.bean(PropagationBean, propagateOnActiveDirectory)
.on(PropagationException.class).to(log:error) //otherwise, if step1
OK activiti .to("activiti:camelProcess:Create); . .
from(activiti:camelProcess:Created). bean(PropagationBean,
propagateToExtResource). //continue with other operationProcess
definition . . . . 19. Provisioning Manager: Interaction ec t e D
irUser Controllerctiv OnA gate ropa P t esul onR gati ropa
PUserToProvisioning ManageroryActiviti : Create Propagate To Other
Resource 20. Apache Camel: Existing Component What about previous
components? We have to adapt them to messages! UserController . .
template.send("vm:camel-create",user_exchange); . . WorkflowResult
created = consumer.receiveBody("vm:controller-port");UserTo 21.
Replace Activiti with Apache Camel ? Camel seems to behave like a
workflow engine: can we replace Activiti?NO! 22. Apache Camel
Integration ProposalWHAT DO YOU THINK ABOUT THIS PROPOSAL ? Join
the discussion on [email protected]
