Managing a Data Source

You can create, edit, or delete a data source.

NOTE:You cannot delete a data source that is being used by an attribute source.

Creating a Data Source

To create a data source, perform the following steps:

  1. Click Devices > Identity Server > Shared Settings > Data Sources.

  2. Click + to add a data source.

  3. Select one of the following data sources:

    • Rest Web Service: Continue with Step 4.

      The data source of REST web service contains only the common information that is required by the endpoints, such as base URL, setting trusted root, and authentication. If you require to retrieve attributes by using REST API calls from an external REST web service, you must add the REST web service data source.

    • Database: Continue with Step 5.

      Supported databases include Oracle and Microsoft SQL.

    • LDAP: Continue with Step 6.

      eDirectory and Active Directory are supported. You can create multiple search context and LDAP replicas.

  4. (For Database) Specify the following details:

    Field

    Description

    Database Name

    Specify the name of the database.

    Database Driver

    Select a driver from the list. The associated driver name is auto-populated. If you select Others (Unsupported), specify the driver name.

    Max Connections

    Specify the maximum number of connections. The default value 20.

    Idle TimeOut

    Specify the idle timeout. The default value is 600000 milliseconds. Set this value based on the server setting. For example, if the server timeout value is 600000, then the timeout value must not exceed 600000.

    Connection TimeOut

    Specify the connection timeout. The default value is 10000 milliseconds. Set this value based on the server setting.

    Username

    Specify the username used to read from the database.

    Password

    Specify the password used to read from the database.

    Confirm Password

    Specify the password again.

    URL

    Specify the database URL based on the database driver selected.

    Based on the database type, you need to add the corresponding jars.

    For Oracle:

    1. Download the JDBC connector for the Oracle database from Oracle.com.

    2. Copy the JDBC connector jar to the following folder:

      • Administration Console: /opt/novell/nam/adminconsole/webapps/nps/WEB-INF/lib

      • Identity Server: /opt/novell/nam/idp/webapps/nidp/WEB-INF/lib

    3. Restart Administration Console and Identity Server.

    For Microsoft SQL Server:

    1. Download the JDBC connector for the SQL Server database from Microsoft.

    2. Copy the JDBC connector jar file to the following folder:

      • Administration Console: /opt/novell/nam/adminconsole/webapps/nps/WEB-INF/lib

      • Identity Provider: /opt/novell/nam/idp/webapps/nidp/WEB-INF/lib

    3. Restart Administration Console and Identity Server.

  5. (For LDAP) Specify the following details:

    1. Specify LDAP Properties:

      Field

      Description

      LDAP Name

      Specify a display name for the LDAP database.

      Directory Type

      Select the type of directory. If you select Others (Unsupported), specify a directory name in the adjacent field: sunonedir, custom1, custom2, custom3, custom4, others.

      Username

      Specify the username used to read from the database.

      Password

      Specify the password used to read from the database.

      Confirm Password

      Specify the password again.

      LDAP Operation TimeOut

      Specify the LDAP operation timeout. The default value is 15000 milliseconds. You can set this value based on the server setting.

      Idle Connection TimeOut

      Specify the connection timeout. The default value is 10000 milliseconds. Set this value based on the server setting. For example, if the server timeout is 15000 milliseconds, then the LDAP timeout value must not exceed 15000.

    2. Specify required number of contexts under Search Contexts.

      1. Click Actions > Add Search Context.

      2. Specify Search context to locate users in the directory.

      3. Select the scope such as One level, Object, or Subtree in Scope.

        If a user exists outside of the specified search context and its scope (One level, Object or Subtree), Identity Server cannot find the user and the search fails.

      4. Click Save.

    3. Specify required number of LDAP replicas under LDAP Replicas.

      1. Click Actions > Add LDAP Replica.

      2. Specify the following details to add a LDAP replica:

        Field

        Description

        Name

        Specify a name to represent the LDAP replica.

        IP Address

        Specify the IP address of the LDAP directory.

        Port

        Specify the port number. By default, it is 389.

        For a secure connection, select Use Secure LDAP Connection. The port number changes to 636.

        You must import the trusted root if you select a secure connection. To import the trusted root, click Auto Import Trusted Root. The trusted certificate of the server will be imported to the Identity provider trust store. Update the Identity provider each time.

        Max Connections

        Specify the maximum number of connections. By default, it is set to 20.

      3. Click Save.

  6. (For REST Web Services) Specify the following details:

    Field

    Description

    Web Service Name

    Specify a display name for the web service.

    This can be any alpha-numeric name.

    Description

    (Optional) Specify the description for the web service.

    Base URL

    Specify the base URL in the <protocol>://<host>:<port> format. For example: http://172.16.0.0:80

    Here, protocol can be HTTP or HTTPS.

    This is a common URL that can be used for the endpoints that use the same host and port. A common URL is used because the authentication and data connection properties will be common for all endpoints.

    For example, you can use the base URL as www.abc.com/rest if you want to retrieve user attributes from the following REST endpoints:

    • www.abc.com/rest/getUserDepartmentInfo

    • www.abc.com/rest/getUserInfo

    You can add getUserDepartmentInfo and getUserInfo in Resource/API Path in the attribute source page. The attribute source page is used for retrieving attributes that are specific to each web service endpoint.

    Trusted Root

    Select one of the following options:

    • Verify from IDP trust store: Select this option if Identity Server must verify the SSL certificate of the web service.

      To import the trusted root from a specific web service, click Manage Web Service Trust Store.

      The trusted certificate of the server will be imported to the Identity Server trust store. Update the Identity Server each time.

    • Do not verify: Select this option if you do not require Identity Server to verify the SSL certificate of the web server.

    Connection Timeout

    Specify the duration until which Access Manager must try connecting to the REST web server in milliseconds. The default value is 15000 milliseconds. If the host is not reachable, clicking Test will give the timeout error after the specified duration.

    Authentication Type

    Select the type of authentication that will be required for connecting to the required web service.

    If you select Basic Auth, the Authorization header with the specified username and password gets added automatically to the request header, which is used for retrieving data from a REST endpoint.

    This ensures that the Authorization header gets added under the request header in the attribute source page.

    Credentials

    This field is displayed only when you select Authentication Type as Basic Auth.

    You can select any one of the following options:

    Admin: Specify the username and password for accessing the REST endpoints. Select this option if the REST web server requires a common credential to access all endpoints.

    Custom: Specify required LDAP attribute of users for accessing the REST endpoints. Use this option if the access to REST web server endpoints require specific user credentials.

    You must specify the credentials that authorizes a user to retrieve the information from the REST web server.

  7. To test the data source connection after specifying the details, click Test under Test Connectivity.

    You can also view the error logs at the following location:

    /opt/novell/nam/adminconsole/logs/catalina.out

    NOTE:For a REST web service, clicking Test checks the connection to the web service irrespective of the endpoint's resource path and credentials. It checks the connection based on the IP address and port.

Editing a Data Source

  1. Click Devices > Identity Server > Shared Settings > Data Sources.

  2. Click the data source you want to modify.

  3. On the Edit Data Source page, modify the details as required.

    NOTE:If you change the IP address of the LDAP or REST web service data source, then, you must import the trusted root of the updated server to the Identity Server trust store.

    For more information about the fields on this page, see Creating a Data Source.

  4. Click OK.

  5. Update Identity Server.

IMPORTANT:You must update Identity Server when you edit properties of a data source that is in use by an attribute source and the attribute source in turn, being used by the virtual attribute.