Download as PDF, PPTX
More Related Content
Similar to Integrating Apache Camel with Apache Syncope
Integrating Apache Camel with Apache Syncope
- 1. Integrating Apache Camel withApache Syncope Dr. Colm Ó hÉigeartaigh, Talend.
- 2.
- 3.
- 4. ● Apache Syncope isan Open Source system for managing digital identities in enterprise environments. ● Top Level Project @ Apache since 11/2012. ● Currently 20 committers and 11 PMC members. ● Latest release: 2.0.1 “Jazz”. Apache Syncope basics
- 5.
- 6.
- 7.
- 8.
- 9.
- 10. ● Apache Syncope featuresa rich REST API based on Apache CXF, e.g – List users (JSON): /syncope/rest/users – Get authenticated user: /syncope/rest/users/self – List groups (JSON): /syncope/rest/groups REST API
- 11. ● The REST APIsupports search via FIQL, e.g. – Get the user called “verdi”: syncope/rest/users? fiql=username==verdi – See which users were created since January 01 2016: syncope/rest/users? fiql=creationDate=ge=2016-01- 01 REST API search
- 12. ● A powerful Javaclient library is also available. Java Client Library
- 13. ● Apache Syncope leveragesApache CXF to generate both WADL and SWAGGER documents ● WADL is accessible via the URI "/syncope/rest/?_wadl". ● Swagger documentation is also available via Swagger UI: “/syncope/swagger/” REST API documentation
- 14. ● Multi-tenancy support via “Domains”. ● NewConsole Layout ● Support for “Internet of Things” ● Support for “Realms”. ● End-user UI. ● Improved documentation. ● Apache Camel provisioning engine New Features in Syncope 2.0.0
- 15. The new ApacheCamel Provisioning Engine
- 16. ● What if youwant to perform some action when something changes in Apache Syncope? ● One option is to poll the REST API of Apache Syncope. ● Let’s look at an example using the Java DSL of Apache Camel to get the “total count” of users in Syncope. Polling the REST API
- 17.
- 18. ● However, there areobvious disadvantages to this approach. – Excessive resource consumption – Impossible to perform an action immediately on a change in Syncope – Impossible to make a provisioning change in Syncope dependent on the action that you are performing. ● We need a better approach! Polling the REST API
- 19. ● A new provisioningmanager is available in Apache Syncope 2.0.0 based on Apache Camel. ● Contributed by Giacomo Lamonaco from Tirasa. ● USP of Apache Syncope: We can easily integrate routing rules to any kind of endpoint with identity management! Camel Provisioning Manager
- 20. ● Natural fit: Open-sourceintegration framework at Apache ● XML (Spring) DSL available ● Flexible and easy to use routing/mediation rules ● Supports a huge range of messaging components ● Easy to create custom Camel components. Why Apache Camel?
- 21. ● A set ofCamel routes are available by default which are invoked when the User, Groups and Any Objects in question are changed in some way. ● This allows the administrator to plug in custom logic on any of these state changes. ● The routes can be viewed and edited in the Admin Console. Camel Provisioning Manager
- 22.
- 23. Camel Provisioning Manager ● Anew "propagate" Camel component is available in Syncope 2.0.0. ● Example: <to uri="propagate:<propagateType>? anyTypeKind=<anyTypeKind>&options"/ > ● PropagateType: create, update, delete, provision, deprovision, status, suspend, confirmPasswordReset. ● AnyTypeKind: USER, GROUP, ANY.
- 24.
- 25. Example 1 ● Use Case:Send an email to an administrator when a User is created, with some details about the created User in the email. ● We’ll use mailtrap.io as a test email server. ● Extra Jars needed in Syncope: javax.mail, camel-mail
- 26.
- 27. Example 2 ● Use Case:Audit when a user changes a password. ● Apache Syncope stores users in internal storage in a table called "SyncopeUser". ● Previous passwords associated with the User are stored in another table (note no Timestamp):
- 28. Example 2 ● The administratorwants a stronger audit trail… ● We’ll edit the Camel route to store the password + Timestamp to a file associated with that user. ● For simplicity we won’t salt + hash the password :-) ● No additional jars required
- 29.
- 30. Example 3 ● Use Case:Gather information about new users and process it dynamically ● Example: Age + location of new users. ● Decouple applications from Syncope by using a message solution (Apache ActiveMQ). ● When new users are created, we will modify the default Camel route to send a message to two queues corresponding to the age and location of the user.
- 31. Example 3 ● We needto copy some jars from Apache ActiveMQ into Syncope. ● Also, add the following to the Tomcat lib directory (called "camelRoutesContext.xml"):
- 32.
- 33.